| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css | 104.17.25.14 | 200 OK | 19 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css IP104.17.25.14:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (52276) Hashded1c367363e8b20bdc6a19b8350a737 8c06d82739d14b094ff6d9036021a252bd1d985d 1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf
GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/css; charset=utf-8
content-length: 18752
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 95967
expires: Wed, 16 Apr 2025 00:59:43 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E3m6oPX0TzQrJYiU0Utskom8%2FKYHB%2B%2FhRalM6HyukFJEKq%2F7Cyps7FEcUtA7%2Baas1xyZ48IUmY0JQYOBzwbrGyyFQ2R7qzmSa1lwJU%2BbGfBfBJ6DLFZpyX3f6OIzbBBmvYG7Nzbn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a2a1bbfbf556af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js | 104.17.25.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP104.17.25.14:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 100881
expires: Wed, 16 Apr 2025 00:59:43 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MwkelDKgEssS32C%2BSrYS7RFszdAJSrVK25QgQyQVH8ihN7WmYFGhyvN%2FzvEH4jGgrcdOc0uBVQzdgT8rH%2FRoSpWE0cFvIlfJnGUZevgEbQBeqWw4cLk9gaBOnRkIVmxwH5HqSPRt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a2a1bbfbf856af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 | 142.250.74.72 | 200 OK | 94 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 IP142.250.74.72:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (3034) Hash4c8be5d063fe0d23f0ee8b05f03cc537 ff2409b8083392966a7b8c40a4912e3c5f67805e bdccea9cf18ea5b114fcb72a5fa35a735f9b06266de6b200fab4429774b12a90
GET /gtag/js?id=G-HKXR34F8P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 00:59:43 GMT
expires: Fri, 26 Apr 2024 00:59:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93612
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| paste.fo/CSShb7c9f171ab4f.css | 104.21.28.76 | 200 OK | 150 kB |
URL GET HTTP/3paste.fo/CSShb7c9f171ab4f.css IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Size150 kB (150242 bytes) Hash77b269eb8136715930579e50b026f7e3 7997e34a00dd125c6ccd9a64c0f79899225ecf1f 5ed80460506fc1a81cf5bf395666924973e791ef74efe2c5d9205da1664ab7e5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /CSShb7c9f171ab4f.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 26 Apr 2024 00:59:43 GMT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r1U%2FE3xs8ArAc2Dk41T1OkI3mQfsxMFwJA34Z1UTh2mRacbYIZxkl81hxdUJfKcGIJHGOJUpBws5FK5%2BzTDBr3oAMlvKjesQNtD%2B4rNLSt%2FvNvqB6U9gy2nqNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb5eb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/sql/sql.js | 104.21.28.76 | 200 OK | 39 kB |
URL GET HTTP/3paste.fo/codemirror/mode/sql/sql.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (43375) Hash3cdc1020173551b4420eaf86ba005542 b8d24d2ff67841845091e27077fb018dfd90dfcb 319f94b54817677bb7cb4b39e3c1188b7036b60f6e83d7fe4dffcedda4244713
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/sql/sql.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=59538
etag: W/"e892-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3120
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iC7XOu79CgcAcZbZOgALZ416D0VSU4NXmnUWgHl53uOHWkUDnzDuDm7gzPUia8f6ANhlYQc2QWsIiRDgLf442lByV%2FYPDJxIcHjuRPa7ww4XTGpg2IfvYPGXdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb57b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/thumbs-up-regular.svg | 104.21.28.76 | 200 OK | 1.3 kB |
URL GET HTTP/3paste.fo/assets/svg/thumbs-up-regular.svg IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash16edbe83aaa9c8b1f0dae88e622e97cb 49c1e9c26f6db1c4c768e72dfbbf231a0e6fd237 3c1e8bd2dd9e8b3935c601e8bb4fc3f90ee85359acabded24b7f943b9fd1c65b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/thumbs-up-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5d9-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3120
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3xTAZT%2FAp0TJttu7Rzs2v9ciLgRBGT1cSwz%2BvmPx6AcwY0EuKlyiwGsAzcyb6fC1SAo1YDCKd6LnxNLOmcFNDRdnkifpqFZzm4m%2BWwsuJU02q2T7%2BjamfbfFLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1bbdb61b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/javascript/javascript.js | 104.21.28.76 | 200 OK | 33 kB |
URL GET HTTP/3paste.fo/codemirror/mode/javascript/javascript.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1412) Hashb5bf8a874f93ad7109c420727888ad47 8d08219bc1257d5537a649cac713ef426158b9a8 4a0ab339997f3729a8eb6a08fca6574408918d1684eaee21760a438bbea82189
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/javascript/javascript.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38892
etag: W/"97ec-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3120
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fd9kv6%2FniSugktlO7bzCdKqz%2F6Prdx91jmu9RqjPOzorep1tFqoSInwWs6Qu4awJkifjVGTwZDX26vEmBeO5bvn6u14pCpsF0ALMM7Kj8oqikjkoPXImFmV2tg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbcb53b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/cracked.php | 104.21.28.76 | 200 OK | 14 kB |
URL GET HTTP/3paste.fo/assets/svg/cracked.php IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hash9f0e4b3faf291bc6c0129af7a629ebd5 6b79acb6c1a3a6d2448a4ac1da49428fa4bda177 009671a4e8b1ef30e109a3fcc7d27de96348c8e63289403e49c33fe96c371dcd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/cracked.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rMXFOdu77qdr2uq92md5xw%2B3wJV0ESycfOsxmcUfkkv99l7ET7XP5oifgci4eGL5nTVQ6vRhnUArTMIvkEz04Xkt00Y%2F3mq3wACL4EDhc4fyQYkSqQgbqehNyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb5fb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/htmlmixed/htmlmixed.js | 104.21.28.76 | 200 OK | 2.1 kB |
URL GET HTTP/3paste.fo/codemirror/mode/htmlmixed/htmlmixed.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (623) Hash5b166a8ebd19d3f44d17bffea8cea4bc 2d24ccc2d3644c33c7cd3a665258cef67619084a 1a4d93f8e0244d90d6f22ce15075e1aac1186593de3ca438649b4df6f8ae3397
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/htmlmixed/htmlmixed.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5688
etag: W/"1638-614ce4aba4890-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3119
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uMeeQR2lUnvPJXU0%2F1rVaFTHl%2BRn4bS60V7%2FiuSE1iX9uhAs%2FOvWsyvECOJQjuIag01xxuTxYNtYRmSKVovXNdt7kYLTYQ%2Bg%2FYW44P6wp0nTXYS2ytgmSOJa1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb5cb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 | 142.250.74.131 | 200 OK | 22 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 IP142.250.74.131:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21528, version 1.0 Hash6113a25a586aeb6d0d3af5b5b652b973 25619eeae1fe17389310e4d392c427b7711dba44 539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f
GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 10:46:55 GMT
expires: Wed, 23 Apr 2025 10:46:55 GMT
cache-control: public, max-age=31536000
age: 223969
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| paste.fo/codemirror/mode/php/php.js | 104.21.28.76 | 200 OK | 27 kB |
URL GET HTTP/3paste.fo/codemirror/mode/php/php.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10405) Hash435c5cc4f876bcb6369acfccba865995 a65908ec04cd4f6907098d22702320c7f88e725e 1ece120c4b6f866fc0f6a32b7a031709a76d3a192025fdef0931a52953f489cd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/php/php.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=18339
etag: W/"47a3-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3120
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NkBdecPqrecZgu2tNHfVpxgqs7yQi5QvqDLYqU9gJePgAtSe59VladXy%2Blh4XG6gHk%2B0ao6JhHuRDAL%2BgFNrYicanD3t4HPx7y87aB2GedkaRLQ%2FJw%2B28VE2Og%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb58b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 | 142.250.74.131 | 200 OK | 22 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 IP142.250.74.131:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21528, version 1.0 Hash6113a25a586aeb6d0d3af5b5b652b973 25619eeae1fe17389310e4d392c427b7711dba44 539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f
GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 10:46:55 GMT
expires: Wed, 23 Apr 2025 10:46:55 GMT
cache-control: public, max-age=31536000
age: 223969
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| paste.fo/codemirror/lib/codemirror.css | 104.21.28.76 | 200 OK | 13 kB |
URL GET HTTP/3paste.fo/codemirror/lib/codemirror.css IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (6275), with no line terminators Hash2562bc2e52c5852b18e87ec08978ba49 54c7e49460f3235492050057453609fedcc01e09 73d08a4fac48937ec5ce812b154c088351783009eba0c22644ec91ef9a0c0ff2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/lib/codemirror.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=8720
etag: W/"2210-614ce4aba67d0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3121
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mUivym%2FPSez%2BSlqEZPp9R45ttUQQMp6dEI2DwPRK%2BFdxTyvL67OVYFPFUjoYVJp2FWjtHSeBloZJ092260UifW6ww4373WZrfY1IBncfNWOQKJP7wnRswyMrLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbcb4fb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 | 104.16.80.73 | 200 OK | 19 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 IP104.16.80.73:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerGoogle Trust Services LLC Subjectcloudflareinsights.com Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00 ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT
File typegzip compressed data, from Unix Hashd8a69fa2f72eb4906e61b14135643565 3e86289b8068ce36ce24621042fc5ac2e025c94d 8850d5199a6c5c7b0e65d6deaf4321365487eaf3bce92f9ca23e67e47e87023e
GET /beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.0"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1bc19aeb4f1-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| paste.fo/codemirror/mode/clike/clike.js | 104.21.28.76 | 200 OK | 15 kB |
URL GET HTTP/3paste.fo/codemirror/mode/clike/clike.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1704) Hash2b5341f353f5cb58026ebb1b6f047842 1bdda948cdf3b6c9644d8d07cc74c8aaef330f64 c0e7c4989a015e232a497a9b28e5c0fbb2558066ac52a6339ad59d3d924a0d3e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/clike/clike.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=37231
etag: W/"916f-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3119
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZlwkAsQ%2FTCHmWhMNp7OpiSge6sAqY%2BmNn9MJh8UCqSnP9lz1VXuNHck2B4xlH0%2FF6TdKTkYGx%2B2DRE6OSJipH6FUPwB15nwNAOpnHfIShS4OVbOlvtsLGIFH8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb5bb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/shell/shell.js | 104.21.28.76 | 200 OK | 6.5 kB |
URL GET HTTP/3paste.fo/codemirror/mode/shell/shell.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1184) Hashef6669a00f0ae004bf997e217fb0a09f 7fba87e2f140eea0bfb39b10eb34ffb2471a1e2b a76146be8ce9aee15409c7f15625f1922d554e43cbcd5c9503aa544d9eb598eb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/shell/shell.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5383
etag: W/"1507-614ce4aba2950-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3120
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PytEJymn8voBO3cDUV6E4nSg84QcenrSUnH7yOi%2BiNRFudNtzKldjVXDzgTFNaZggzQUVGueAAm4Jq8vXINeITP9qS9VhumwolQ9tIy9E4RJp6MmHWmh9ubwKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb5ab523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/theme/material-palenight.css | 104.21.28.76 | 200 OK | 9.6 kB |
URL GET HTTP/3paste.fo/codemirror/theme/material-palenight.css IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (2481), with no line terminators Hash3478d0a15c06b2059f72536e171912ee 774e48edd31323ea84723f8ef3eca1791f10d69e 0500595d586e40f69d933d1835fc02b7e4df3ead14a02cabadf13cec0370ab61
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/theme/material-palenight.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2969
etag: W/"b99-614ce4aba19b0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3121
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kn%2BQu0SshFdxEnXdNcEVR9nnLtBXemfM7Bdi42wgkRi5%2FQ3zBJRVj6noUA9wuQZJuUpSDU2L19lyVqvvES%2BSwcq94TiyafGolTuI5wBszsOCaM8lFc7xmSb4fA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbcb50b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.28.76 | 302 Found | 0 B |
URL GET HTTP/3paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Fri, 26 Apr 2024 00:59:45 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NRToS2ygFiwk%2BkaSOU2DuWraNdiIxpxQDheyCkH9DmzTkpYMS0HcEJEZLcmqmiKcK0W9iKxejReSLDjhleBmb%2Fc%2FD8h4l0oVDgqoVFXMP4t%2FaLdmBoVaD1lscg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1cc09a3b523-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/challenge-platform/h/g/jsd/r/87a2a1b81dee56c9 | 104.21.28.76 | 200 OK | 0 B |
URL POST HTTP/3paste.fo/cdn-cgi/challenge-platform/h/g/jsd/r/87a2a1b81dee56c9 IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/jsd/r/87a2a1b81dee56c9 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12144
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp; _ga_HKXR34F8P3=GS1.1.1714093185.1.0.1714093185.0.0.0; _ga=GA1.1.304274786.1714093186
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:46 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=X7pNK4ISuWM3wPsa1sxHM4vZp04D20smc7.tpX8e6CE-1714093186-1.0.1.1-Gi_nnzIk2ptAenHFjfzz3PjGW_YYHlYJOx.zvOg7swrsjW29JARVsPdYsXs.oPy_GXh2_TyJKwtnl_tnJO4bnA; path=/; expires=Sat, 26-Apr-25 00:59:46 GMT; domain=.paste.fo; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rlt%2FEOYSg%2BVDPquN37rnDSkC9G5359977VF%2F0RaohAUx3C8y76I4vfz7236PwS0yLFoeNhpzDoyWa4%2F52vljUnbTDvmtYuh4qtWf2Zv72sFTOpBZFTc5C%2FLrtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1cd3a0cb523-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/rum? | 104.21.28.76 | 204 No Content | 0 B |
IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1049
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp; _ga_HKXR34F8P3=GS1.1.1714093185.1.0.1714093186.0.0.0; _ga=GA1.1.304274786.1714093186; cf_clearance=X7pNK4ISuWM3wPsa1sxHM4vZp04D20smc7.tpX8e6CE-1714093186-1.0.1.1-Gi_nnzIk2ptAenHFjfzz3PjGW_YYHlYJOx.zvOg7swrsjW29JARVsPdYsXs.oPy_GXh2_TyJKwtnl_tnJO4bnA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 26 Apr 2024 00:59:46 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87a2a1ceba7eb523-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| u.paste.fo/api/send | 104.21.28.76 | 204 No Content | 0 B |
IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://paste.fo/
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 26 Apr 2024 00:59:46 GMT
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
access-control-max-age: 86400
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2FNrsC5FvSpZN8hyMPvS2DPHDfbu34hqz2karr1NL7Zdw4WFR5e5oahFq7XhDvEjyvTh%2FaGMd1sxpiW8kc1PABovqy%2B1qsaBiWTK0jQ2vGcNyVMKnBwcKn9vSkxH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1ceba7db523-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/rum? | 104.21.28.76 | 204 No Content | 0 B |
IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 496
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 204 No Content
date: Fri, 26 Apr 2024 01:00:08 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87a2a25879a1b523-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js | 104.21.28.76 | 200 OK | 1.2 kB |
URL GET HTTP/3paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (1271), with no line terminators Hash40d981045a7516cdadd00e8dccc9c58d 8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3 71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
last-modified: Fri, 19 Apr 2024 20:54:07 GMT
etag: W/"6622d9ef-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VwPxifCnPf%2FUyaww5WPgzQ0jcC1fRYgQgUZnHJq5Bon%2BoYgVUxQqFF0%2B6ZzhpM7QjlWo%2Fq4H5TlA%2FZZUxwqaOlOyV%2FpnKyBW36MxeB5sHDnFS4WfG3XYlQCr4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1bbfb70b523-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 28 Apr 2024 00:59:43 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| paste.fo/favicon.ico | 104.21.28.76 | 200 OK | 15 kB |
IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel Hashcf593ad6a070c546ba238d5172b52aa1 9bed079538917ab59999ea26e8becca1cec74af8 d19e9b6b10d3890ef6cffdc76821fca266f2c0db6c653ffe16b5984a200a4015
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:44 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3bec-614ce4abd368d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1745
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z06TzmUa8PXe%2FXW17feIzxfTh6ym%2BnLRPucfI8IyI66aLR5Z5H9vK2Fwxhb1BuuBt0W0w2NYoAi397CMazLMsuDCGoupKXe%2B0Nl%2Blh2qZqw13eggqg4MlkGwXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1c53e8fb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html | 104.18.124.91 | 200 OK | 1.7 kB |
URL GET HTTP/3newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html IP104.18.124.91:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
File typeHTML document, ASCII text, with very long lines (1768), with no line terminators Hash825c2f21a9a22bd9911e6686ced37ded 74f703bdafeabb1aad6a04b073d1745298c111dc 0624e04628b8b0d5f77b594b9ef1408296a1774109a47d7c1ac402e1d2636350
GET /captcha/v1/b1c589a/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:45 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Fri, 10 May 2024 00:59:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a2a1cc2b8b56b7-OSL
content-encoding: br
|
|
| newassets.hcaptcha.com/c/e78a38c/hsw.js | 104.18.124.91 | 200 OK | 528 kB |
URL GET HTTP/3newassets.hcaptcha.com/c/e78a38c/hsw.js IP104.18.124.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0iotmz5c5s4&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size528 kB (528392 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/e78a38c/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:46 GMT
content-type: application/javascript
etag: W/"4342b00f906eea1d05b94293d52aa8b3"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Fri, 31 May 2024 00:59:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a2a1cf3d0056b7-OSL
content-encoding: br
|
|
| paste.fo/assets/js/hyperlink.js | 104.21.28.76 | 200 OK | 1.0 kB |
URL GET HTTP/3paste.fo/assets/js/hyperlink.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1107), with no line terminators Hash57f9dc10b415891524d8668c91b97120 8c5e819d656b25748485e8380bb50b24bd2a159d 4904079029f843d33043406564cfb3ccae3570f8a1d97f303ef0fa7e07001e5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/hyperlink.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2060
etag: W/"80c-614ce4abce86d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3119
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VqT5Rlmy%2BjQquCE%2BZlLbcaGQ357eoLnnm7csMdZ0Zts3zC31JSOEWLZBc8l3IW9sfxpTNKbvbkhz1%2B6E9dBEm65vL7mndYqjoxNWBFe9iowaPI%2FhkfLoSykF0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb5db523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 104.21.28.76 | 200 OK | 740 kB |
URL User Request GET HTTP/2IP104.21.28.76:443
CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Size740 kB (739866 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /40be7b4c9e43 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 00:59:42 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp; path=/
token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
sscore: 0.00055617584611727
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9br%2BCw2qTFVTbPXcDIe0nVfy4uanMp%2F8uStUW8EF4xqWboZGFdIsoD5iAK6XrzszdMdfTQgI%2Bz28t2wqNNTg%2FRPPQJTnO2%2FSax6tc6kMGhvsnk1BXSR4wHur9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1b81dee56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| paste.fo/codemirror/lib/codemirror.js | 104.21.28.76 | 200 OK | 262 kB |
URL GET HTTP/3paste.fo/codemirror/lib/codemirror.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2035) Size262 kB (262407 bytes) Hash9775b8d7cc0bda6b762fcef0f617a5dc 42c642c7a6c070207773fd5ef00310ed4ef8380f c6f3c3f85b438110a153601b764ec02d90a4899c37e7699e9187c01fe5b96c45
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/lib/codemirror.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=401347
etag: W/"61fc3-614ce4aba67d0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3119
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pkaz7jyVArVhWA%2FO%2FaMtl9hfPQvmMsy9AO3q77EfmPLjuuORW1J6PFaxDL5OvkIqGJr1pcAJzgHGnSAFUqS8rSuhDOGfIhqDwQP8temktYOPda0q%2F8SToSsU5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbcb51b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/xml/xml.js | 104.21.28.76 | 200 OK | 9.6 kB |
URL GET HTTP/3paste.fo/codemirror/mode/xml/xml.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (9904), with no line terminators Hash3ec07361d74afef5a6157560b789479f 34b9c1956f2ad4cd02ff2155615cda04f17bccfc 05c1e29bd73a327db390a83066b86acc99162f86e2ded090cbb70fd84d94e575
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/xml/xml.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=13353
etag: W/"3429-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3121
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ClPXlRDFkrtX%2BCmbNxccQWVrM7OVGIsZic1GqBgdm7qFw%2F6ZkLk8%2ByiltLTWkBTXiyk9nkcadCfMLeD4M7nV%2B1NCECQ3qVkBWbczEZ6%2BQVrInOWU6CkIAZfDFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbcb52b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/email.php | 104.21.28.76 | 200 OK | 577 B |
URL GET HTTP/3paste.fo/assets/svg/email.php IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeexported SGML document, ASCII text, with very long lines (586), with no line terminators Hash3f774fd678c6e100c4d914d9afc0dc8b bab6ac432d913ee0d99dae0a7caafcea559222bd e7f5c890c6acb9078887bbeab309ff5771782edac2444c647126072427cdc336
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/email.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6fdfV83S6ni%2F0XH5dCnF4A6O7YFmfrGUD3YKS0txlWO7nED48ATOa7lUdljhLbfeiJvV5KhvIjB3nA8JM2M1vCOtx%2B5twFrTTOXncCEJRj%2Bt%2BeHKtxB0jvUyQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbeb6cb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/B674895EMC50101212170D4A1F0F1F0A55034B570B197AM4576D4F09576A1A220D0F47190B1F5F0D00.jpg | 104.21.28.76 | 200 OK | 2.7 MB |
URL GET HTTP/3paste.fo/B674895EMC50101212170D4A1F0F1F0A55034B570B197AM4576D4F09576A1A220D0F47190B1F5F0D00.jpg IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Size2.7 MB (2706563 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /B674895EMC50101212170D4A1F0F1F0A55034B570B197AM4576D4F09576A1A220D0F47190B1F5F0D00.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: HIT
age: 1745
last-modified: Fri, 26 Apr 2024 00:30:38 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l7szsKmPPNRRDsX3CyDcUT1bTSp%2B4y71iw0QeMI%2BA966VDlAn%2B%2FJw19UzGBKokBRWYugvLxWK%2FhmedvigNc3l9jAqudPMa7mn6r6XYRP1bXN7KF0N9K0nPiQ4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1bfbcd9b523-OSL
alt-svc: h3=":443"; ma=86400
|
|
| api2.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 | 104.18.124.91 | 200 OK | 718 B |
URL POST HTTP/3api2.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 IP104.18.124.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0iotmz5c5s4&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (734), with no line terminators Hash644055cb243370bddf3784e07eff2388 f3ed3e20982fb7f6790957995687716e2349e6b2 2d46dac24a4c909e22f8a8c5f782c3336e2e1749503e2d2f55642b0a00d1728c
POST /checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api2.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:46 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vk2VKwPbLoawFj9mU2fhedYxxWRCm6XPVTUSBSd; SameSite=None; Secure; path=/; expires=Fri, 26-Apr-24 01:29:46 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a2a1cecc8656b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/thumbs-down-regular.svg | 104.21.28.76 | 200 OK | 1.5 kB |
URL GET HTTP/3paste.fo/assets/svg/thumbs-down-regular.svg IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash389c8e85f6e31500977c27d913ef8802 1aadcd3b53c6e86b001ff153294a33260913fc82 e9be5fe625221dc40c32eb0f1faf336dd592141b6496b8f3be76a772e13dd591
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/thumbs-down-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5f1-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3119
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qky2kUSLFJFGmg2IAEBnChfmgaHGiPo03E1KYu%2Fd6mVj4Pz3NrvwPOHKZ8atBcLAakCPgzptfABNOi41s7fqalCb2vBK9wI4K0PXfDXTHmHyfLulXn%2BApZxqGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1bbdb63b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/discord.php | 104.21.28.76 | 200 OK | 1.6 kB |
URL GET HTTP/3paste.fo/assets/svg/discord.php IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeexported SGML document, ASCII text, with very long lines (1567), with no line terminators Hashf25e187801ad4549ff6d1f7923827d9e 682ad175492f0c7ca063eb8b29df8e5fb92ab3ce c4c482f2711284ca3fb68e15af960645b841af8880e7e86ea031ca86470c5e22
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/discord.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I6i8GMcQ4BMG0DsQ%2BF5QwLLhT3fjPA4j3D%2FLhruw7r3YjhEFxHsL9AsZcsZ0%2F9YHJ1uBs8aX5WwxCtfoMevgnUaMXAL%2FU9diKBaMeCMhuikxe2NeiORZ7EcRgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbeb6ab523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/img/bg1.gif | 104.21.28.76 | 200 OK | 25 kB |
URL GET HTTP/3paste.fo/assets/img/bg1.gif IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashdcab8f9443952c7589be3e4db6072853 824ca8c921eeca604844d3f00d08691631199201 a1a2a8e83029575fa6afde2c7b946fd3d98407fccf673c587aac398cd2fc8cef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/bg1.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/gif
content-length: 24898
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "6142-614ce4abce86d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1746
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nkWaX2pCnZatCj09K4JZcWM3MVhg74K1D54ryAqmCoh6mqbaZVS6Qq0S9S0mDkZNlR%2FEx6R3CvmHu%2FTPo6jG%2FES0VK4BkEJ0oq%2B1iBZAtJF9sZlh0oDFOLTp8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1bfbcdab523-OSL
alt-svc: h3=":443"; ma=86400
|
|
| newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js | 104.18.124.91 | 200 OK | 387 kB |
URL GET HTTP/3newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js IP104.18.124.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0iotmz5c5s4&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size387 kB (387091 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /captcha/v1/b1c589a/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:46 GMT
content-type: application/javascript
etag: W/"5a68efa2b964d5c167fde3b130af8e94"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Fri, 10 May 2024 00:59:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a2a1ccebd556b7-OSL
content-encoding: br
|
|
| js.hcaptcha.com/1/api.js | 104.18.124.91 | 200 OK | 387 kB |
IP104.18.124.91:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size387 kB (387091 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/api.js HTTP/1.1
Host: js.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
etag: W/"5a68efa2b964d5c167fde3b130af8e94"
cache-control: max-age=300
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Fri, 10 May 2024 00:59:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
server: cloudflare
cf-ray: 87a2a1bc09641c0e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html | 104.18.124.91 | 200 OK | 1.7 kB |
URL GET HTTP/3newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html IP104.18.124.91:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
File typeHTML document, ASCII text, with very long lines (1768), with no line terminators Hash825c2f21a9a22bd9911e6686ced37ded 74f703bdafeabb1aad6a04b073d1745298c111dc 0624e04628b8b0d5f77b594b9ef1408296a1774109a47d7c1ac402e1d2636350
GET /captcha/v1/b1c589a/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:45 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Fri, 10 May 2024 00:59:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a2a1cc2b8a56b7-OSL
content-encoding: br
|
|
| newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js | 104.18.124.91 | 200 OK | 387 kB |
URL GET HTTP/3newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js IP104.18.124.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=10y7zxbrs7e4&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size387 kB (387091 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /captcha/v1/b1c589a/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:46 GMT
content-type: application/javascript
etag: W/"5a68efa2b964d5c167fde3b130af8e94"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Fri, 10 May 2024 00:59:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a2a1ccfbda56b7-OSL
content-encoding: br
|
|
| paste.fo/assets/css/style.css | 104.21.28.76 | 200 OK | 11 kB |
URL GET HTTP/3paste.fo/assets/css/style.css IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (10693), with no line terminators Hasha9579467f8b95bbcdbd6232105e6a253 df9b19ccebf1eca5fe14169881b132813919345d 22877d598e09dd9f8452f52a500181eae909e3f4aaa4d4c49e0b0b18cfbd60da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/style.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=15702
etag: W/"3d56-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3121
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FVUWMh8O%2B3RmF0B0qj20WVumRIc6f9Fkmemr6WqjC5quASLU5Nmzz9KuI3NMKZkkT37itP33FOpblOM0iayJ72gcnhoX%2Bezwz%2BL6KK%2BECyme%2F0z0BBKzaEOuHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbbb43b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/css/cio.css | 104.21.28.76 | 200 OK | 1.2 kB |
URL GET HTTP/3paste.fo/assets/css/cio.css IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1152), with no line terminators Hash6a91b9352b213689c0432bb87eddb2ae 4a9beb1f3a827dee5a03a246a296fac2f3677165 5721962451086a4c469a6d1b1e4cc133f03c3ea0377916a91b45373463855620
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/cio.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1653
etag: W/"675-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3123
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9904hXn9iBZcElxt3c8ji3AWiDr1POg7%2BfH0lilRg%2BnKcwB5oexFX5M2%2FA70gDAJIV9ct%2FBfmDqyT7fnXdUwSIGrrCO2jwtFmwUbuU6AWd3b%2Fn6DjC09FltXcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbbb48b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/node_modules/@sweetalert2/theme-dark/dark.css | 104.21.28.76 | 200 OK | 24 kB |
URL GET HTTP/3paste.fo/node_modules/@sweetalert2/theme-dark/dark.css IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (24342), with no line terminators Hash80b002261f8a746e3756d6883342252a c8282deb8dfdcdf89ca54c6d6e34b23bc2beeb22 6b7dfdcc77e85a9db663a990f749d892c774f63254404cf2a72b312a8136bfd1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /node_modules/@sweetalert2/theme-dark/dark.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=30018
etag: W/"7542-614ce4ab9ead1-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3122
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jXK10%2FdjweBCF797JozS53f%2F9YNFGB3Lv32CzvTnBnsrV%2BtWH%2FJeZh3Q05BbV50j6oVLldp2oHN4zUqLLqkNmovaSdaRHT2%2FSNVnGNZfZ3syhXvxEIEydY3bBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbbb49b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js | 104.21.28.76 | 200 OK | 43 kB |
URL GET HTTP/3paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42951), with no line terminators Hashf15be88a3c9bf40debcc080b125c7e91 4a636976285768dd43278f43d63ba5779f3f493d 8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /node_modules/sweetalert2/dist/sweetalert2.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"a7c7-614ce4ab9fa71-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3122
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fH%2BYi%2BdwRe6zSOqAzIUVntGYrQMjD%2FNzpXMi%2BHq3Qz6FuFr%2B1anOv%2BftqiepsfdWEFgtpxB%2Bgo23OoF7tXtqTQLOqkk68egE24FHuS0cWwN%2FRnHrunt0HI8jKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbbb4cb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/twitter.php | 104.21.28.76 | 200 OK | 1.1 kB |
URL GET HTTP/3paste.fo/assets/svg/twitter.php IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeexported SGML document, ASCII text, with very long lines (1064), with no line terminators Hash52ada42cb5438b7b0421018fd75f361e d5e00f0d91ac0e644fa97b585fa704764276830b 5814970c931c847c4acc7c25ce39b1f9abbed82f7642c2da34a93f895d875746
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/twitter.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8REhi8%2BjZ5ylyqCF2Y4w8rJw9jr8xy5yhHFCv8atUMIDW0oOiRvIe97a8awib0KzkBnkVA%2BnnQYdPS5NZaGtcpceyKCLNDhFXytnu5iejjUnlyR79IDlbgb6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbeb6bb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| api2.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 | 104.18.124.91 | 200 OK | 718 B |
URL POST HTTP/3api2.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 IP104.18.124.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=10y7zxbrs7e4&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (734), with no line terminators Hashb1cc87cfb1354604c392225d2a29a02b b75b2536b37c60e3a52033d2157e919a612dac8f 44e77dc8b1221bc65d7f1e5e6ac2ea0ec66958952ad18a93188c7613cf9f58f5
POST /checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api2.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:46 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vk2VKwPbLoawFj9mU2fhedYxxWRCm6XPVTUSBSd; SameSite=None; Secure; path=/; expires=Fri, 26-Apr-24 01:29:46 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a2a1cecc8556b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/css/user.css | 104.21.28.76 | 200 OK | 5.2 kB |
URL GET HTTP/3paste.fo/assets/css/user.css IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (5248), with no line terminators Hash7690e1f323bfc9cd0658b8355ec967ae f6556ee7ace5044dcc0a5a8db6a4cc2b76dfcec2 2b878eddd32ef75f04d6923d6bc597d06e0f41d6988ef952edd17dfbacc6b849
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/user.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7053
etag: W/"1b8d-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3123
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=65OG2wqyF0y0WiRRjKEYZTyowrVu89KyuONOHNEvS5uRub2WZaDaKvX1HV96tTFMnQPAvzL7gAMvEmnUukmz8tmwC5xCVbhykDJ%2BCTaJgPhXJ4j%2BsVL2OcWmAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbbb45b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/12D7E4B3MC5D461213400A1E175B175B00501C070B19167F06034E7E5AM018534A5F50571504180352000155015B060C024C555B02.jpg | 104.21.28.76 | 200 OK | 4.5 MB |
URL GET HTTP/3paste.fo/12D7E4B3MC5D461213400A1E175B175B00501C070B19167F06034E7E5AM018534A5F50571504180352000155015B060C024C555B02.jpg IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Size4.5 MB (4465133 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /12D7E4B3MC5D461213400A1E175B175B00501C070B19167F06034E7E5AM018534A5F50571504180352000155015B060C024C555B02.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: HIT
age: 1089
last-modified: Fri, 26 Apr 2024 00:41:34 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1uTDph%2FDCDefEDVth7f7mmowtunf%2BDDNh%2B41kZWhc86hYaoQvqjvf5TWhSYeT0WrdLj7CdR1ekB4c%2FmJ%2FmpYcJDs5YnmnObKBO23ZfZwDxfsx1Gm%2B3iAV271DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1bfacd6b523-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/python/python.js | 104.21.28.76 | 200 OK | 10 kB |
URL GET HTTP/3paste.fo/codemirror/mode/python/python.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1008) Hash0f85fa739faa6c58233a3576fa0bd324 d9abf35ff26170be2399e4432785ac152ddd711d 08c699cbbadb7aafb466ebb10da8b506cd3af41f400279eafcb7ef95b8d02839
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/python/python.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=14926
etag: W/"3a4e-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3119
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h0L4rOOLXx5voyeDCxJwpClkn0wWr3EXnI3efmezV5eWvzDpDMnlIJ%2FfXp1fmkC%2FDVBbQVPkBKpn%2FyD65koVGJm2%2BKl%2BYySTmygcW3A3fifk6FoJLgB%2BenaQiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb59b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js | 104.21.28.76 | 200 OK | 7.8 kB |
URL GET HTTP/3paste.fo/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7834), with no line terminators Hash87c514186072201a3ddd4e8ec1fe2e42 38e5ca0072a1bbec63be6ef54ff6d2607cce432e 4cf964eaa605acd90e263e262cc3a688f1d527279aff8dc3aea2b2abb00ef8e6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:45 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
vary: accept-encoding
content-encoding: br
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0WnFgino1fU%2BQFyR3%2Bg602iw64Xfw6DJXdfln117us1blCU61OH3iIsB99QaSD97auqinYSZQ6HgYLxK7S6MMrNCTLCuNcaOhiY8SUHn2w1YnutsMBOQf%2FQJwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1cc59bcb523-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/css/css.js | 104.21.28.76 | 200 OK | 33 kB |
URL GET HTTP/3paste.fo/codemirror/mode/css/css.js IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (19025) Hashcbeb7b6de8ada022149bfa4792e625ce 4f4f5c1bc7dfa002df676fa44ecd6d7294ba4c12 dea0ae84464fd019f70399964e19a94d9c27086aadb937e522e7a7862080132f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/css/css.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40492
etag: W/"9e2c-614ce4aba67d0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3120
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fieLa3d144HqD3kHkvkUiqcFmVC7qyWgU3o8t27re4IGmMsjnyz%2FmtYeax3iVnpw81heL0%2FjrMka3X07ccq4GJMx8NzwRf3ntH2MvzGexgLLffKlIt%2FB1UVLCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbcb55b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap | 142.250.74.106 | 200 OK | 40 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap IP142.250.74.106:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
Hashfb9a01c247c59daca77d5e373217b0b1 df072c2f05f7e6884df927cf8b4d2144937b8cbe f6ce0c3fb43d72007637cf61a13dc4c6a0cb1111d2f457dc1386008f83fe13c3
GET /css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 00:59:43 GMT
date: Fri, 26 Apr 2024 00:59:43 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| paste.fo/assets/img/pepelove3.gif | 104.21.28.76 | 200 OK | 13 kB |
URL GET HTTP/3paste.fo/assets/img/pepelove3.gif IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeGIF image data, version 89a, 32 x 32 Hashf1a434c811d30b8b6788e405852e4c4e 6b2bbfb235c402d3e639153d01e81ab853cc98ee 82c1399efadd5cf21a02fa0aff28d46651d00b847f1244ae2cee34b07a836243
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/pepelove3.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/assets/css/user.css
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: image/gif
content-length: 13284
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "33e4-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 512
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jhTUK41yFQjWW%2BhRRsZ7iafdrNwI6ENUUqClUSgQWgYSMonWdpKj5EJntq1ttPnCnZvV4jENWwu6I2DLFUvvqIK0yO6XHthcQnCynSFO7l6aiuMEA5XWmhD5Pg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a2a1bfbcddb523-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u.paste.fo/script.js | 104.21.28.76 | 200 OK | 2.4 kB |
IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2496), with no line terminators Hashc7b7184df64285d4548b9eaa32a19509 ef7da84b4e6bd419d7afb62e99ab6461bdc3c8fb bb0c244f2792bc3cb178f2e98d239be893d11443e142aafcb5c0c059b8483440
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /script.js HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
cache-control: public, max-age=14400
last-modified: Fri, 29 Mar 2024 16:49:26 GMT
etag: W/"977-18e8b1dc16f"
vary: Accept-Encoding
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHcHMWYlWDV69Iu%2Bn%2FgZ5tw%2FnwVUQJleHE5fpPyjH9zy0K86AdpIcg%2BoiRbPrNjDp7FjTvLFaXgv8EmiqpWMcoVM3UPr%2FsoGQAqcXYzZSmyOYacsQrQgFUqUVNCl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbdb60b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 | 104.17.25.14 | 200 OK | 25 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 IP104.17.25.14:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 24948, version 772.256 Hash61f30b79daf5b31f0d254a31fba66158 fb363d27cfdfe71a243fa2ac3dab2815232b9b7e 8e7e5ea1b15f62ab14dbd41768e8fbcd21cc859a4ea5da812457ee714299fb35
GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 00:59:44 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 24948
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-6174"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 98858
expires: Wed, 16 Apr 2025 00:59:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HO07aCq12kK8dfZG1o0trMc04NfRCXi901mpd84viedodopBOHzYzAwMjHtwzeiHlLmSHWNYawvC23Vt%2Fc%2BW9u0LnvSsJFK7DcreDcG6pm8%2FcaAVxlLadzRK3kuoSeSqnU1nABrp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a2a1c03d9656af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| paste.fo/assets/css/responsive.css | 104.21.28.76 | 200 OK | 4.6 kB |
URL GET HTTP/3paste.fo/assets/css/responsive.css IP104.21.28.76:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (4570), with no line terminators Hash85e024d58588895496ff6e65f47a0484 ff6cb78df5ee61dffa425ace5283407ee562e4af fd51897bd68e6bdf326bfb11b3580be32da026ab50c5e494677b202f93822877
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/responsive.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/40be7b4c9e43
Cookie: PHPSESSID=sq0jto8k3n69j1b8b2pkoqnuqp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7512
etag: W/"1d58-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3123
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fiXfmBhDKQpNEOvwEyZyWyzv69AAi8TnaGo17wPRnh2nGHj9BKp9TfJiu2VI3ZBF64IrZw4HrstNLTod%2BhwYylKI%2BWYqGVyGMuziMKUgEFV2feeDs5OjNW0gCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a2a1bbbb46b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 | 104.17.25.14 | 200 OK | 150 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 IP104.17.25.14:443
Requested byhttps://paste.fo/40be7b4c9e43 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 150124, version 772.256 Size150 kB (150124 bytes) Hashc64278386c2bbb5e293e11b94ca2f6d1 6b99aa650bd12a36caa14e0127435d8f4cd3ba73 7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 00:59:44 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150124
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-24a6c"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 128181
expires: Wed, 16 Apr 2025 00:59:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ykpqtrYtA3NooBJRy1AjsiqUZPcNHzhiG%2BQSTTE0beMKbxd4yaWJFxZj13dgyEZlOQM3PrTSwOIyXtzOwedxQX2t4e5PeAfKHSB5b7ZTPUBAtzHg8p2ky3ewdpOnvMY1sndQzYpD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a2a1bffd6556af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| newassets.hcaptcha.com/c/e78a38c/hsw.js | 104.18.124.91 | 200 OK | 528 kB |
URL GET HTTP/3newassets.hcaptcha.com/c/e78a38c/hsw.js IP104.18.124.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=10y7zxbrs7e4&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size528 kB (528392 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/e78a38c/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 00:59:46 GMT
content-type: application/javascript
etag: W/"4342b00f906eea1d05b94293d52aa8b3"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Fri, 31 May 2024 00:59:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a2a1cf2cfb56b7-OSL
content-encoding: br
|
|