Report - paste.fo/582d5881e389

Report Overview

Submitted URL
paste.fo/582d5881e389
IP
104.21.28.76
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 01:13:20
Access
public
Website Title
Untitled Paste | paste.fo
Final URL
paste.fo/582d5881e389
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
76

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-06	1.9 kB	226 kB	104.17.24.14
paste.fo	unknown	2022-08-23	2022-09-02	2024-04-18	17 kB	18 MB	104.21.28.76
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	530 B	22 kB	216.58.207.227
api.hcaptcha.com	63834	2018-01-12	2021-07-31	2024-05-07	608 B	8.3 kB	104.18.124.91
u.paste.fo	unknown	2022-08-23	2023-05-13	2023-12-04	1.3 kB	5.8 kB	104.21.28.76
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	550 B	41 kB	142.250.74.106
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-07	415 B	95 kB	216.58.211.8
newassets.hcaptcha.com	11055	2018-01-12	2021-03-22	2024-05-07	3.1 kB	1.5 MB	104.18.124.91
js.hcaptcha.com	23463	2018-01-12	2021-07-30	2024-05-06	393 B	388 kB	104.18.124.91
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-05-07	482 B	20 kB	104.16.79.73
api2.hcaptcha.com	unknown	2018-01-12	2023-05-02	2024-05-06	597 B	1.5 kB	104.18.124.91

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed
2024-05-07	medium	paste.fo	Sinkholed

ThreatFox

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js	43 kB	2023-03-08	2024-05-19
Pretty URL paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-19 21:13:38 Times Seen1829 Hash f15be88a3c9bf40debcc080b125c7e91 4a636976285768dd43278f43d63ba5779f3f493d 8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910 Loading...

	paste.fo/582d5881e389	153 B	2023-03-08	2024-05-19
Pretty URL paste.fo/582d5881e389 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-19 21:13:37 Times Seen907 Hash 2bc0082aba5a35e515758023fa651be0 a8db1112fc735be0d64a64e864a52131f7eaf878 75367336210d6cc8328fad7ddbdcf9afaceae3dae97c2a2e6b95a6ae82d8bc1f Loading...

	paste.fo/582d5881e389	220 B	2023-03-08	2024-05-19
Pretty URL paste.fo/582d5881e389 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-19 21:13:37 Times Seen722 Hash 3db1e9a5b3900e6e537c9a3c37c3a710 ad5a93d1d63c4147ccea4e92c31e76ac33e48fa2 009775e1b19c7979e577f9eacfb2da159c57074b82eb7985b4fb0e31c28133f2 Loading...

	u.paste.fo/script.js	2.4 kB	2024-02-20	2024-05-19
Pretty URL u.paste.fo/script.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 04:21:10 Last Seen2024-05-19 21:13:37 Times Seen901 Hash 8285978df55a18d7ba03a3106d4b28d2 3c69c6b6715afaca3b655fa3ea18e6c447a0956e 56e70678cbf7e8c157c423bac4d2872f3b384a1784f43b1126ae5e59fd45d144 Loading...

	unknown	247 B	2024-05-08	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 03:13:22 Last Seen2024-05-08 03:13:22 Times Seen1 Hash 3eca4a4231fab674bc19ed7f3ad1b171 16a8fe16caf848fb13194c01243e91bb6880be52 0af10c5c709d7ba81ba6c53e47cafcecf9838b4e6d4ca6caf80568d6eb5326e4 Loading...

	paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-05-08	2024-05-08
Pretty URL paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 03:13:22 Last Seen2024-05-08 03:13:22 Times Seen2 Hash 559a1caf7c0e6deb83455a786debe00f b67a85d25d221ff83bb6fbed929c7162524abf16 1d3aa36d3bf16ac6046fe30a58c7abbe92bf9aa7ef889939c54dd26b480034f6 Loading...

	paste.fo/codemirror/mode/xml/xml.js	13 kB	2023-06-07	2024-05-19
Pretty URL paste.fo/codemirror/mode/xml/xml.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-07 17:23:47 Last Seen2024-05-19 02:32:30 Times Seen202 Hash c93fe254ef100aeb5c9dfcda4c91d27f 510c71566cf81560cb5bd1bb25287ed6502dde75 dc7e44d410399326f802e2924573cbf6f942a79f647fd0b97f0b607973bc9a09 Loading...

	paste.fo/codemirror/mode/htmlmixed/htmlmixed.js	5.7 kB	2023-03-26	2024-05-19
Pretty URL paste.fo/codemirror/mode/htmlmixed/htmlmixed.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-05-19 02:32:30 Times Seen136 Hash 4c5a6f44d738b718d1f6164c1c8d6904 a4f9c3552740fb908e14fb0f47832d10a3f535d6 fe5912e1d10f8fecb98bd31e2f957c0bbc9abf6b505d11b6dbcd27542d0fdcad Loading...

	paste.fo/582d5881e389	733 B	2024-05-08	2024-05-08
Pretty URL paste.fo/582d5881e389 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 03:13:22 Last Seen2024-05-08 03:13:22 Times Seen1 Hash 2fb62f455047f7ba7a2966e4b8ae46d9 caab8d27e8bc63a3c8cf34c27479c890e8a2c2ec f49a3025531f3d40b2f39afdcb6f2f1c60a62d4d89db4567674939af44911c3a Loading...

	paste.fo/582d5881e389	44 B	2023-05-10	2024-05-19
Pretty URL paste.fo/582d5881e389 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-10 02:44:53 Last Seen2024-05-19 19:23:04 Times Seen297 Hash fe7e763127fd45f6d95c1812bc8724cc 3b1e32da737745df4d46823f5302cbab98d72fba 68f850252e6966adddb5d1193396fad719a2876e4f1c363159214317ac91a91d Loading...

	newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js	387 kB	2024-05-07	2024-05-13
Pretty URL newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js IP 104.18.124.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:01:15 Last Seen2024-05-13 11:03:32 Times Seen269 Hash 4d80931f436a73b647471384c48e1604 ae59d307aa2d23a6bf38ba532bae9cbd67c5a3e9 d196d722737dff0be8bdbf3dbd35e00b8af3437be8424e83abc1cfb5b5983e64 Loading...

	paste.fo/codemirror/mode/sql/sql.js	60 kB	2023-03-26	2024-05-19
Pretty URL paste.fo/codemirror/mode/sql/sql.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-05-19 02:32:30 Times Seen171 Hash b48a3934b20b392ae812b17df05355f4 40d1a558afba1f5043b23131e496de37d8e2dfb4 ac23d3f196deb9be25cfcecb966bdc1789b9e177aac683ddccde1420670c4d8a Loading...

	paste.fo/codemirror/mode/python/python.js	15 kB	2023-03-26	2024-05-19
Pretty URL paste.fo/codemirror/mode/python/python.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-05-19 02:32:30 Times Seen172 Hash 9b50648e6f546e4f63f1a8eb25adb039 b178c4d31cc4eeefe58e97a60723d47af96b79ed ec56443dfebe73f332cc639289ad2de6921560c8952a3e2127397a0849882657 Loading...

	paste.fo/assets/js/hyperlink.js	1.0 kB	2023-03-08	2024-05-19
Pretty URL paste.fo/assets/js/hyperlink.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-19 21:13:38 Times Seen877 Hash 754527075e7f43e5b376a6879d591ad3 019edc8ec844b25f28c0049c56aa09c5cc0a5121 d5ff35dd76c5fa9ebfe3b89012a8dd40e85a89ee50f4f85623d338f0514e15d4 Loading...

	paste.fo/codemirror/mode/javascript/javascript.js	39 kB	2023-03-26	2024-05-19
Pretty URL paste.fo/codemirror/mode/javascript/javascript.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-05-19 02:32:30 Times Seen169 Hash 178dfcd5f64c97da22a3d3a62713b7a9 969b4a80be53b334612b44a0cc6ef57cfe171a26 21fa74c1638c7a4eb3e8cd04b5c8c997181394568330b341c83716da18ffad8e Loading...

	paste.fo/codemirror/mode/shell/shell.js	5.4 kB	2023-03-26	2024-05-19
Pretty URL paste.fo/codemirror/mode/shell/shell.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-05-19 02:32:30 Times Seen125 Hash ab0fc779b5fb9bdc1310a28d7dccd379 ece7e7661886871cc46ef71248c67ea53a61ac7d 24f77cb162ea9d9e9fc79b95ba547a7cc10a0767e3a5a52c786d4c24253736fe Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-05-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-19 22:22:38 Times Seen275203 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-05-19
Pretty URL paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-19 22:16:15 Times Seen57722 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	19 kB	2024-04-24	2024-05-19
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56:41 Last Seen2024-05-19 22:22:37 Times Seen2568 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

	paste.fo/codemirror/mode/css/css.js	40 kB	2023-03-26	2024-05-19
Pretty URL paste.fo/codemirror/mode/css/css.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-05-19 02:32:30 Times Seen182 Hash 3675078ada8a185a353a6560bda2d5ac 1045cdc88a58fb002511eb21db184ed242730f05 60f0689e5c6af7f36c341e8e1341a4f10b4f0a04cebfb7341bcbedba9b572b32 Loading...

	paste.fo/codemirror/mode/php/php.js	18 kB	2023-03-26	2024-05-19
Pretty URL paste.fo/codemirror/mode/php/php.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-05-19 02:32:30 Times Seen182 Hash f2f1668dbc8a4b0fd9f031dceda0e4ab 31d6961d6d4cbe7bf5deb2f0b5ba099c49e5c962 07819ae34d5830a3cf040e1904d4b641cb70142845394211f7fb63c891d80945 Loading...

	paste.fo/582d5881e389	745 B	2024-05-08	2024-05-08
Pretty URL paste.fo/582d5881e389 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 03:13:22 Last Seen2024-05-08 03:13:22 Times Seen1 Hash 3634949820feab486a63e11f6becd600 a0146461818bd541b18364cc7025db328f4b68f3 5319c598363477370a6ad594bde9a780b5c19693adc70c8775092cb989688de4 Loading...

	www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3	274 kB	2024-05-08	2024-05-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 IP 216.58.211.8 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 03:13:22 Last Seen2024-05-08 03:13:22 Times Seen2 Hash 4c13206f013c60a58caa26aa71db173f 29f11c9a890abb709540af042c5c927d684a89dd 9224f7bd3d42d39b57667ebb75b49f68117fd124bdd3c4c62164e1bd84eb1ba7 Loading...

	paste.fo/582d5881e389	702 B	2024-05-08	2024-05-08
Pretty URL paste.fo/582d5881e389 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 03:13:22 Last Seen2024-05-08 03:13:22 Times Seen1 Hash 1efdd87ad611782b3d3984c13f481d2e 1bf9a093b4afe0e13521ebfd43e8e7c1cf7adf71 d56c769db0a112532423156036db32469c42928271f7b8b8063475a1ddc403d2 Loading...

	unknown	48 B	2023-04-11	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:45:29 Last Seen2024-05-19 21:13:38 Times Seen19455 Hash 43d643e449b4ea13394fe737b1d6a447 1c03d56d955fd266d7659379e63d5711bd5382db 4817661f6ac7d2e1691bc3aeb9966e66012891ccda569ff872dc0932010c540d Loading...

	paste.fo/582d5881e389	579 B	2024-05-08	2024-05-08
Pretty URL paste.fo/582d5881e389 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 03:13:22 Last Seen2024-05-08 03:13:22 Times Seen1 Hash 7e808b8ed4ba96f9a0e3b61df6c2a308 11eddbc4d617375221a594aafe614106cef7a3bd b36e152b96fb2c00e383350f5108364c31fcabe50998e2691098333f0257d697 Loading...

	paste.fo/codemirror/lib/codemirror.js	401 kB	2023-03-26	2024-05-19
Pretty URL paste.fo/codemirror/lib/codemirror.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-05-19 02:32:29 Times Seen101 Hash 819ea032bd1e81457ff348bee2a86533 095dfcbeebb24f9a38d6558291fd0af8925321b0 8beb242c41927656e634cda1db88a72aac40b18bc887e831efd2e842db123453 Loading...

	paste.fo/codemirror/mode/clike/clike.js	37 kB	2023-03-26	2024-05-19
Pretty URL paste.fo/codemirror/mode/clike/clike.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-05-19 02:32:30 Times Seen170 Hash 145b41ea6cde47e8889ef8b2214eecde d0ae7cc4040a57a76b86265f492f87e251d1cc9d a1ff458a030f8b1db2d901811344f3e178eaceb19b598277d054bf83dacfecd2 Loading...

	newassets.hcaptcha.com/c/f922a41/hsw.js	470 kB	2024-05-03	2024-05-14
Pretty URL newassets.hcaptcha.com/c/f922a41/hsw.js IP 104.18.124.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 01:29:42 Last Seen2024-05-14 03:33:19 Times Seen288 Hash a015c3f04def6c02f6d3a815ff97f100 2322366db22def41a31f2dae0a2133ad75e6d1ac 42d9a4011ac36ae483e8e3cb4bb2b3829b96bf366bbc1c0e2ab40d4d7deb9240 Loading...

	paste.fo/582d5881e389	362 B	2023-03-08	2024-05-19
Pretty URL paste.fo/582d5881e389 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-19 21:13:38 Times Seen698 Hash cc410e71e4e11ef150fc0b841e53a779 40fe8f68130bf0d500f779f7be6504a90d0b670e b2eeea9c303e9ed86aad00cf3f5224a2bcb03dbec9db3139d1b1c267b27457cf Loading...

	paste.fo/582d5881e389	1.1 kB	2024-05-08	2024-05-08
Pretty URL paste.fo/582d5881e389 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 03:13:22 Last Seen2024-05-08 03:13:22 Times Seen1 Hash cdeb318ccebdaa6dbd261bc32a829087 8966785b24749e8e7ec1037b470c0fedac739c9f 354ab935a000f6e5e2b707653cd0fd59221147fbd93b4b49deea7a0adacf1ee6 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-05-19
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 22:27:36 Times Seen37845558 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (55)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

104.17.24.14

200 OK

19 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (52276)
Size
19 kB (18752 bytes)
Hash
ded1c367363e8b20bdc6a19b8350a737
8c06d82739d14b094ff6d9036021a252bd1d985d
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/css; charset=utf-8
content-length: 18752
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2734
expires: Mon, 28 Apr 2025 01:12:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HGliMLT5%2F%2Bzc%2Bb6Czvoq3SHqDsoiuDx8QPQjBVHWxNmRiJ%2BSKNOgB0MassHo9HU5F6TMfneRcTlP%2FFKV%2F%2BIBbBe6r5sqjhsm0WFYNUVArXGZII4QIyCxp8TwzcGl2zJcw8zlPqfQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880595796f1cb515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 628471
expires: Mon, 28 Apr 2025 01:12:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pKrzeP6SvmukWqiuJ8qR3mt2sSNmMgbRadSHWTNKrPkiVxxw0TCuLYBSVdtUFo20k%2F%2BWO6sm57UeDxrnMPhrls84zsL7UX8lmH5BBpK9HKy35CKyznbrMKGvJmylwMW%2FZDzRqW7Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880595799f25b515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3

216.58.211.8

200 OK

95 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3
IP
216.58.211.8:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (3034)
Size
95 kB (94659 bytes)
Hash
4c13206f013c60a58caa26aa71db173f
29f11c9a890abb709540af042c5c927d684a89dd
9224f7bd3d42d39b57667ebb75b49f68117fd124bdd3c4c62164e1bd84eb1ba7

HTTP Headers

GET /gtag/js?id=G-HKXR34F8P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 01:12:51 GMT
expires: Wed, 08 May 2024 01:12:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 94659
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/codemirror/mode/css/css.js

104.21.28.76

200 OK

11 kB

URL GET HTTP/3
paste.fo/codemirror/mode/css/css.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
11 kB (10646 bytes)
Hash
3675078ada8a185a353a6560bda2d5ac
1045cdc88a58fb002511eb21db184ed242730f05
60f0689e5c6af7f36c341e8e1341a4f10b4f0a04cebfb7341bcbedba9b572b32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/css/css.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"9e2c-614ce4aba67d0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2BbEODV5L2E4lauAgI90AIwJ6pLCCrjIwJAFXrhrlwf5Pz5PoMjA9zkKSSwsnU6%2Ba%2BFA8htrjG2lgqZMXGCBTUKB%2FPGs8Xwf15B92NAO9kB20HFX0dWPvHVFsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805957979995687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/javascript/javascript.js

104.21.28.76

200 OK

9.8 kB

URL GET HTTP/3
paste.fo/codemirror/mode/javascript/javascript.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
9.8 kB (9768 bytes)
Hash
178dfcd5f64c97da22a3d3a62713b7a9
969b4a80be53b334612b44a0cc6ef57cfe171a26
21fa74c1638c7a4eb3e8cd04b5c8c997181394568330b341c83716da18ffad8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/javascript/javascript.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"97ec-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UwfbhWu5T0DheNMayG6kCW%2FIpNZUL4VlJjB3F0iJ%2Fk1Mvew8tv8N00YmsVinAMwUGS9o%2FMYjCebohHQTHOyncBjIC3JbB8QTlTdJ0PNuIB724NPO89HhQdIDCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805957969975687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/lib/codemirror.js

104.21.28.76

200 OK

111 kB

URL GET HTTP/3
paste.fo/codemirror/lib/codemirror.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1956)
Size
111 kB (111052 bytes)
Hash
819ea032bd1e81457ff348bee2a86533
095dfcbeebb24f9a38d6558291fd0af8925321b0
8beb242c41927656e634cda1db88a72aac40b18bc887e831efd2e842db123453

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/lib/codemirror.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"61fc3-614ce4aba67d0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qetRypRCkXyoGdrelzjqdalc%2Fzu%2FmiW%2BkBPpz44VpZY4hUsVI14Ori86oc6x4NyVLeZ3vorjSIP9wri87yIVlph5l5%2F62cjL6ZsyVpKPl00kXHXFUEIMd7HACA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579598d5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/clike/clike.js

104.21.28.76

200 OK

35 kB

URL GET HTTP/3
paste.fo/codemirror/mode/clike/clike.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
35 kB (35140 bytes)
Hash
145b41ea6cde47e8889ef8b2214eecde
d0ae7cc4040a57a76b86265f492f87e251d1cc9d
a1ff458a030f8b1db2d901811344f3e178eaceb19b598277d054bf83dacfecd2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/clike/clike.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"916f-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0BnEO7hE%2BoWbr05RP3SW0VuPzZjzbPPKXp5Le8L4wCvesQjI4uTFHPpBTBSRPDVciY4KeuBbhnJoAeNS%2B3rNgQxWAcCsVDKejweSiyb%2FeMfT6fQOljYOMLk1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805957999a45687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/shell/shell.js

104.21.28.76

200 OK

152 kB

URL GET HTTP/3
paste.fo/codemirror/mode/shell/shell.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
152 kB (152049 bytes)
Hash
ab0fc779b5fb9bdc1310a28d7dccd379
ece7e7661886871cc46ef71248c67ea53a61ac7d
24f77cb162ea9d9e9fc79b95ba547a7cc10a0767e3a5a52c786d4c24253736fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/shell/shell.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"1507-614ce4aba2950-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rnH82y0CUZGd%2BqDBGlRQb0PKZo5Tb6PPx5s3fNMEkIMq1GnBopnav0J8GApyFpS0z7jd6EYqDZYSr4mwmq78%2FrpWAPAS%2Bc7pr37OP%2BYsw5a%2FoAOnniHoQNWP4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805957999a35687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/xml/xml.js

104.21.28.76

200 OK

28 kB

URL GET HTTP/3
paste.fo/codemirror/mode/xml/xml.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
28 kB (28408 bytes)
Hash
c93fe254ef100aeb5c9dfcda4c91d27f
510c71566cf81560cb5bd1bb25287ed6502dde75
dc7e44d410399326f802e2924573cbf6f942a79f647fd0b97f0b607973bc9a09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/xml/xml.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3429-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1V0RnCSycRaFCsmJ%2BVk%2FFkx%2BN3pfeBCEI7fySvjV5gGFhueDD59fphe%2FKPK0de70lqYOYA0W57uiM8ILg59MBv69sXZs%2F3eqWqednKjPASKnWBKQQRxV6UNDuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579598e5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 376874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/assets/svg/discord.php

104.21.28.76

200 OK

1.2 kB

URL GET HTTP/3
paste.fo/assets/svg/discord.php
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (1557)
Size
1.2 kB (1239 bytes)
Hash
9e11d725232644a01452b56fe0fa8bcc
72bd4257388bceb963492b4e6c4a72cad7d3be96
99d543831ee87e57ca87d24cc16028b0e7784a41754b95ade07e069ef56ff8a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/discord.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AxrDTIBqEDstJza8wtjgHwawLalbOeTp%2BKIlIjZg4kT8lekcnsDwLycr0ZE8qjY3SlAktMvXfxbRWryiWVMaIcZHxemRtEivsNRPuZs2Gcz5IJINFfqrYN%2FWYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579c9c05687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/python/python.js

104.21.28.76

200 OK

26 kB

URL GET HTTP/3
paste.fo/codemirror/mode/python/python.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
26 kB (25795 bytes)
Hash
9b50648e6f546e4f63f1a8eb25adb039
b178c4d31cc4eeefe58e97a60723d47af96b79ed
ec56443dfebe73f332cc639289ad2de6921560c8952a3e2127397a0849882657

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/python/python.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3a4e-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tUVZjI69AnJ11eUSXBtKz3ko3r0rHWxI4lOyzgJAscKxvhc8JxEprhvTl3FymEPd7K%2BKKxrYO35aBMbie2MtCyUiWY6NAdK7t2deW78XQEU3zbxe3YzSCTCcPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8805957999a25687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/htmlmixed/htmlmixed.js

104.21.28.76

200 OK

23 kB

URL GET HTTP/3
paste.fo/codemirror/mode/htmlmixed/htmlmixed.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
23 kB (23449 bytes)
Hash
4c5a6f44d738b718d1f6164c1c8d6904
a4f9c3552740fb908e14fb0f47832d10a3f535d6
fe5912e1d10f8fecb98bd31e2f957c0bbc9abf6b505d11b6dbcd27542d0fdcad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/htmlmixed/htmlmixed.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"1638-614ce4aba4890-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l8qBaYoIruc01%2FOOL31viW4v3PW%2FGoI0bPV6AyaYhiNqZQpyUVPOiI9I%2BNdtfg70cnFBWZprWQBcx9ClHyCu4D900mW%2BitGPhm8QhD%2BdNgkcFwJ2eM2JN7c91A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579a9b15687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/lib/codemirror.css

104.21.28.76

200 OK

3.0 kB

URL GET HTTP/3
paste.fo/codemirror/lib/codemirror.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
3.0 kB (2962 bytes)
Hash
ce804ae97aeaad9428a30a79b5990e94
97f897fa26502521f0d3348fb69e222346567046
eb494ea972d2661ef86f7f6ac656dd6786d721e49c9c1b46e1eb967e4b6f9bf3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/lib/codemirror.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"2210-614ce4aba67d0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xXg2sreyt4W%2FCW6ajnkAK4WzMcg120wSfS8g1AgZKH6Xc1czeCaUeUFzu%2BhRLUZ0exKWw9r%2BEHMA52E2FvFfH%2FMYo5TI%2BOUIGAt5mrLUx%2Fi8YWEG75WrE3OOhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579498a5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.28.76

302 Found

0 B

URL GET HTTP/3
paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 08 May 2024 01:12:52 GMT
content-length: 0
cache-control: max-age=300, public
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4zD5qgbSzCwg13KF9wlHK%2BQc0eRvUuI5cC9IxbxIBzB5WOPLX8w5qVzZh7uATaDytLwg3KfgQJquNTuYiQy5dbtnn96N%2BiZHI9dnXlfDpmsESPsS071mypjwZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880595811d6b5687-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/88059574ec8cb4f4

104.21.28.76

200 OK

0 B

URL POST HTTP/3
paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/88059574ec8cb4f4
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/88059574ec8cb4f4 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12143
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=yQKfcYL.HdLMnBqixcU_81L7f19ZAVcESuqCmbwfKrI-1715130772-1.0.1.1-fqvBDUFfEp48DP7LfKQV7OfpeUuO36kDildv0tQ.w3ShzYjqnxqWtFP3m_dcLaAygs_gZAeCMeKjAScO0cMyzA; path=/; expires=Thu, 08-May-25 01:12:52 GMT; domain=.paste.fo; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gw2ZQTuRQRX%2B6zEiEJWp4Q8xCv6PDVr5sCAV%2BN2XQX7l%2FfFQ%2BUCTiHy4Zm9Wy9Rsrgwo3QoJ6JwmYrABkB7eF2hlkc%2BPtYN1feFTK7RQlNvdT16IwnVLatbQ4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059582be025687-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js

104.21.28.76

200 OK

4.2 kB

URL GET HTTP/3
paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7853), with no line terminators
Size
4.2 kB (4150 bytes)
Hash
559a1caf7c0e6deb83455a786debe00f
b67a85d25d221ff83bb6fbed929c7162524abf16
1d3aa36d3bf16ac6046fe30a58c7abbe92bf9aa7ef889939c54dd26b480034f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hcPuBpRuRsrdw81cKQVYisnXcc%2FZFcLAVBHdRtawbTZFmGKw%2Bn1jIpJQf5RB3JK1DxHhUCI9R5DFz%2F2RyDhK1auOaAA%2F49TRxSAyXfTs8csBNGB%2BW4UfeqkGOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880595816d8b5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/css/user.css

104.21.28.76

200 OK

1.4 kB

URL GET HTTP/3
paste.fo/assets/css/user.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
1.4 kB (1425 bytes)
Hash
c420f8c0d2fbc3010e041f515c1ef59e
44190da29eef1a77bb22e1dbe82fc3876bd82bf3
eb3cd892b3a87282ebe62659665d01374bdec118322689b8f60f5c6e3994473c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/user.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"1b8d-614ce4abcf80d-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=efdA96uSYC1NWMOMVA7GJNpsJvjtIDR7mSOieBnXkQVgWfUB3qvB%2FftwSQW2U5kxQYodYHI2kpiGLxtEbVq%2F1lgmBjGhn6P01gLqZskyMHP0%2BOh08et5Fc4xJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059578e95d5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/css/responsive.css

104.21.28.76

200 OK

1.6 kB

URL GET HTTP/3
paste.fo/assets/css/responsive.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
1.6 kB (1575 bytes)
Hash
22fc29bb5c27ad0db110e5543e6b7232
7663bc5332499a406f6ccc8313e47a5b83bc4f9c
c07c4e9ba0066790dd16a586736367d28d7f7100ff51e65d2f116b221e292931

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/responsive.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"1d58-614ce4abcf80d-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qf68Zl3g6cV26fu6ABAMUfSPVodb2HfrVnWM0xChqsYHvxcUjovihn9MlrFmu6u7WF873neatY8zn%2BYP46usXZ%2BZOvYrM8IYIVR2HAS%2BgJrmZ3k6sLZGKwrNXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059578e95f5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html

104.18.124.91

224 kB

URL
newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
IP
104.18.124.91:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (1165)
Size
224 kB (223541 bytes)
Hash
185bfe305e7445182c3c87515131d77e
6fe7dfd7ebf098a35a78ac8e65ebefd1467f0544
40f0ef3b1cf69f80d304e27bcba6f68fce7c64612107561fbbb6b00bf9e8c02e

HTTP Headers

GET /captcha/v1/18fa736/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 22 May 2024 01:12:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88059581190f5693-OSL
content-encoding: br

newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js

104.18.124.91

200 OK

318 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=1fx6w1yvnveh&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41625)
Size
318 kB (318057 bytes)
Hash
4d80931f436a73b647471384c48e1604
ae59d307aa2d23a6bf38ba532bae9cbd67c5a3e9
d196d722737dff0be8bdbf3dbd35e00b8af3437be8424e83abc1cfb5b5983e64

HTTP Headers

GET /captcha/v1/18fa736/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: application/javascript
etag: W/"53dd4c97b84fc9233d1e06e83a19de29"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 22 May 2024 01:12:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8805958249af5693-OSL
content-encoding: br

paste.fo/cdn-cgi/rum?

104.21.28.76

204 No Content

0 B

URL POST HTTP/3
paste.fo/cdn-cgi/rum?
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1051
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik; cf_clearance=yQKfcYL.HdLMnBqixcU_81L7f19ZAVcESuqCmbwfKrI-1715130772-1.0.1.1-fqvBDUFfEp48DP7LfKQV7OfpeUuO36kDildv0tQ.w3ShzYjqnxqWtFP3m_dcLaAygs_gZAeCMeKjAScO0cMyzA; _ga_HKXR34F8P3=GS1.1.1715130772.1.0.1715130772.0.0.0; _ga=GA1.1.1855200677.1715130773
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 08 May 2024 01:12:58 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 880595a35b545687-OSL
x-frame-options: DENY
x-content-type-options: nosniff

paste.fo/337612DAMC0D431716150F171F081D0853574850561A477E070242705AME16544F545953485748065705545008535506511F520F55.jpg

104.21.28.76

200 OK

4.5 MB

URL GET HTTP/3
paste.fo/337612DAMC0D431716150F171F081D0853574850561A477E070242705AME16544F545953485748065705545008535506511F520F55.jpg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 600 x 150
Size
4.5 MB (4465133 bytes)
Hash
59a4bd1b48a137e960183f7121dbb00d
636affcb2fd07e6891cadd7744ade4a61749c3b1
47af234647ddc12ecef4aea034049260bf60174f89cdc051b07f10789b52de63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /337612DAMC0D431716150F171F081D0853574850561A477E070242705AME16544F545953485748065705545008535506511F520F55.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:53 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: MISS
last-modified: Wed, 08 May 2024 01:12:53 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BCzs%2BGQ77en0k5PkWtriiK7qN2t8RIOsu5Ewfl1OL597uuaAEvJPVvmDQfCovYzqUf%2Fm0rN95i5Sg2IG6lc3YurROz1CGKdM5niGyPodujttBVK61R3aFIkisw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805957f4c555687-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/sql/sql.js

104.21.28.76

200 OK

22 kB

URL GET HTTP/3
paste.fo/codemirror/mode/sql/sql.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7061)
Size
22 kB (22456 bytes)
Hash
b48a3934b20b392ae812b17df05355f4
40d1a558afba1f5043b23131e496de37d8e2dfb4
ac23d3f196deb9be25cfcecb966bdc1789b9e177aac683ddccde1420670c4d8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/sql/sql.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"e892-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qnq0E%2BPzhCRxUkpwNlmRLpjL7LPZ%2F0DMGxsSQ4KBDqwM29giXZKwTj7a3Dh%2FwilQECyCVelQO3gTz9YZ6enzBhIfEjXlgsxkdkksUiVi6fDm5kgvtKvVFgVOYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579799a5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

api.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0

104.18.124.91

200 OK

7.7 kB

URL POST HTTP/3
api.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=1fx6w1yvnveh&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
JSON text data
Size
7.7 kB (7740 bytes)
Hash
d8af628b4c2268e69b4dfcc60c122e10
e4845ba0848cae6f56ee5cb4235ea4509f48dcd7
f8c31221bcdc6e865dbb9ff1dd6fd9ca7b36ba7011e62c5149284bc1e026d5fa

HTTP Headers

POST /checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:53 GMT
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880595855b295693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/js/hyperlink.js

104.21.28.76

200 OK

5.5 kB

URL GET HTTP/3
paste.fo/assets/js/hyperlink.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (630)
Size
5.5 kB (5549 bytes)
Hash
754527075e7f43e5b376a6879d591ad3
019edc8ec844b25f28c0049c56aa09c5cc0a5121
d5ff35dd76c5fa9ebfe3b89012a8dd40e85a89ee50f4f85623d338f0514e15d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/hyperlink.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2060
etag: W/"80c-614ce4abce86d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4287
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pjoIpQW4BNRntUPQtZ7H6ub6eZ%2B6QtEe53JbwwPUKynoeXCpbycsKhXosNr0OmCl36zf%2BcOf6j6T4jFg3VvO%2B00JQPZw3iH3cH1nH7gMfDys9VKVwBQuWakJYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579a9b25687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/6E4888CAMC5140104541591C185A185E54004F5459496A155D52076D53166B3473AM777E7F7D14772718610A545952424244074C73531551045E1A505005.jpg

104.21.28.76

200 OK

13 MB

URL GET HTTP/3
paste.fo/6E4888CAMC5140104541591C185A185E54004F5459496A155D52076D53166B3473AM777E7F7D14772718610A545952424244074C73531551045E1A505005.jpg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 900 x 300
Size
13 MB (13434744 bytes)
Hash
ff63234581dad87257709afd1a3331df
65d1cacaa13e6c87652a3ee4e2e89b2da2e4e44f
9bd1b0b3e3f9bc86daf0cd8ebdc2dc26e837c3f7cecbc5b433033fcd9b6da9fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /6E4888CAMC5140104541591C185A185E54004F5459496A155D52076D53166B3473AM777E7F7D14772718610A545952424244074C73531551045E1A505005.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: MISS
last-modified: Wed, 08 May 2024 01:12:52 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HtM5NumhvdRVR88RPTkgb1ebSGr6WvAilOfNMgTmkzeQmZjFqGprxBBm1Zf4uatRivniAHpzgFRYgLZTq2ynztE%2F4lxVm%2FvHLoyX5%2FLleA3kQ8yyQBIqAFdyjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805957f3c4f5687-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/favicon.ico

104.21.28.76

200 OK

15 kB

URL GET HTTP/3
paste.fo/favicon.ico
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Size
15 kB (15340 bytes)
Hash
cf593ad6a070c546ba238d5172b52aa1
9bed079538917ab59999ea26e8becca1cec74af8
d19e9b6b10d3890ef6cffdc76821fca266f2c0db6c653ffe16b5984a200a4015

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:53 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3bec-614ce4abd368d"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oi30lKtuACZA%2FOwXDeckjkRk1ZsLLiL00KD1sR7fxSgbLCD0Pe9UZUFqXWWb68hvJXCSyuA6ZIYnNUXvOrhD%2BUcHpIElABRB9vSzcPoy7BAEWtkb2geu4L6cUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880595820dc15687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/CSSz1d99e4d985f.css

104.21.28.76

200 OK

174 B

URL GET HTTP/3
paste.fo/CSSz1d99e4d985f.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
174 B (174 bytes)
Hash
f3238477659dcbf13afe1be17a153ede
7cfaf6d8b7aaa31fb49dae2d4e4ce5fe40c4ac28
4fa52b977d4911d99d82d37b4a8fe50aaa584bba4a10003620bbae67709f0ae5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CSSz1d99e4d985f.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Wed, 08 May 2024 01:12:51 GMT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B4CA0MpvHY65UDTcasXmlRTFKcHTa3EtJm5ktlJ7pLRdDps5pnqAz1forZhr4KdY9%2F6WbcNETk00zFzmEoQQtqnQeiL3xcl3y9wXFpQRNBzdiUHI4mSj%2Bq3Edg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579a9b45687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html

104.18.124.91

200 OK

1.8 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
HTML document, ASCII text, with very long lines (1803), with no line terminators
Size
1.8 kB (1758 bytes)
Hash
a4b0cd73823c04eac73b745bac712a18
52a8be2d8367580c2aff2f27db4e4252489e1ad6
57d905cf66dbb89494f60aebd3925345e5458f77ac172f2e78fdd15480060eb6

HTTP Headers

GET /captcha/v1/18fa736/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 22 May 2024 01:12:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88059581190f5693-OSL
content-encoding: br

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2

104.17.24.14

200 OK

150 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 150124, version 772.256
Size
150 kB (150124 bytes)
Hash
c64278386c2bbb5e293e11b94ca2f6d1
6b99aa650bd12a36caa14e0127435d8f4cd3ba73
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150124
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-24a6c"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 632512
expires: Mon, 28 Apr 2025 01:12:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gIC3FssS8Y1cnYEqfx2LM2KcgNpfn7ivQ%2BchamtrRFurw6QxSqLDSPO65%2Bv2x13WoCBP03OlcIA0jDwTwVY8Px0yrL7YdDUuY3kvVQ15JGfg9msHDR%2BsW6XG6t9BHSIY4lTuiaW4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8805957f68ccb515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js.hcaptcha.com/1/api.js

104.18.124.91

200 OK

387 kB

URL GET HTTP/2
js.hcaptcha.com/1/api.js
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
387 kB (387161 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/api.js HTTP/1.1
Host: js.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
etag: W/"53dd4c97b84fc9233d1e06e83a19de29"
cache-control: max-age=300
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 22 May 2024 01:12:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
server: cloudflare
cf-ray: 88059579ea3f5697-OSL
content-encoding: br
X-Firefox-Spdy: h2

newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html

104.18.124.91

200 OK

1.8 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
HTML document, ASCII text, with very long lines (1803), with no line terminators
Size
1.8 kB (1758 bytes)
Hash
a4b0cd73823c04eac73b745bac712a18
52a8be2d8367580c2aff2f27db4e4252489e1ad6
57d905cf66dbb89494f60aebd3925345e5458f77ac172f2e78fdd15480060eb6

HTTP Headers

GET /captcha/v1/18fa736/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 22 May 2024 01:12:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88059581190e5693-OSL
content-encoding: br

paste.fo/assets/css/style.css

104.21.28.76

200 OK

16 kB

URL GET HTTP/3
paste.fo/assets/css/style.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (608)
Size
16 kB (15702 bytes)
Hash
5bda15770898ea87eac893ece623fe83
a1c6f0ef8c7fb26f5684c65c34991ce0ed9bcc9e
ac1f84e3b1d61d9a2599e9db20014bce4788930bf643ce8442ac322304e31b9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/style.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3d56-614ce4abcf80d-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GfJJ3RzTwPzzf24gjZj8tPHPuIPlV2W1XECdagX%2Fqjt4YydyfSY9beWvS1EXAKB5tpxWjLWgXplcY8ZzUpKbSqFKSc4Qoc5q%2BtGB%2Fv5HQi0vEc2PvxOtGu4sFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059578d95c5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

u.paste.fo/api/send

104.21.28.76

204 No Content

0 B

URL OPTIONS HTTP/3
u.paste.fo/api/send
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://paste.fo/
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
date: Wed, 08 May 2024 01:12:58 GMT
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
access-control-max-age: 86400
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yt7Dn0n4dkILBxdVkjTV1qvpzodCy69qNUlL%2F9ImtAiIxkeDBxHV2NNIjqBaZJcl3YQ34IfZJraj%2FNMtc%2FX2gAiAm8iZdGiKPuMXi3LwnlTT0AJVXt5QCnzgJGeF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880595a35b515687-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/thumbs-up-regular.svg

104.21.28.76

200 OK

1.5 kB

URL GET HTTP/3
paste.fo/assets/svg/thumbs-up-regular.svg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1497 bytes)
Hash
8316f24250b74fb4d08b7d0d8d7d1a66
e241a00103a7a81d5678741010703fddd7de83dd
7a4a04f8e984441f7a9fd9d4a796726e1d9b2124095688d9ecd0b891ab2f84e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/thumbs-up-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5d9-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4287
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OGPuCePt0rTiP%2BKzEiyFD4LzUs2J69C8lvt94dhaVmchviMAj48jYiOabXvXbIHieKjC6Rfgz49BVYlX0nAtLXmuWD9C3OZ6NG6jAajpsv9BkWHFeBWJkltgpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88059579a9b55687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.28.76

200 OK

1.2 kB

URL GET HTTP/3
paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 03 May 2024 17:58:00 GMT
etag: W/"663525a8-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kgDlsHMEBh%2BdR2Qorc9K95XI0%2BzVK99qznYCgIoG%2BWO71FBDpJzL4FhN3dx%2BJLiB6nf61g0OTc8Su2Cdps%2FPW63Dg632UDWZomCdFv0Ly5KvxBIo%2B8oBhxpCpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88059579c9c65687-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 10 May 2024 01:12:51 GMT
cache-control: max-age=172800, public
content-encoding: gzip

paste.fo/assets/img/bg1.gif

104.21.28.76

200 OK

25 kB

URL GET HTTP/3
paste.fo/assets/img/bg1.gif
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (24898 bytes)
Hash
dcab8f9443952c7589be3e4db6072853
824ca8c921eeca604844d3f00d08691631199201
a1a2a8e83029575fa6afde2c7b946fd3d98407fccf673c587aac398cd2fc8cef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/bg1.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: image/gif
content-length: 24898
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "6142-614ce4abce86d"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=91aUzzSNege1K8M0rVHmheflAcBXQkRX58FJyXFdpsiN5OyLLDlxTCcPBRd8b7mPOBNhb1R8aTbdpxY%2BquT9zZIopi%2Fub3TrbIscZeyz3XVaDGTyrLZFPERP9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805957f4c5c5687-OSL
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/c/f922a41/hsw.js

104.18.124.91

200 OK

470 kB

URL GET HTTP/3
newassets.hcaptcha.com/c/f922a41/hsw.js
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=1fx6w1yvnveh&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
470 kB (469642 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/f922a41/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:53 GMT
content-type: application/javascript
etag: W/"a015c3f04def6c02f6d3a815ff97f100"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 12 Jun 2024 01:12:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88059586cbcb5693-OSL
content-encoding: br

paste.fo/582d5881e389

104.21.28.76

200 OK

20 kB

URL User Request GET HTTP/2
paste.fo/582d5881e389
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
20 kB (19463 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /582d5881e389 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 01:12:50 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik; path=/
token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
sscore: 0.19143576826196
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j5YaISsNtj%2BQ91WlqbI59%2FiqcwC4K0A7hzKK5B%2BWSHXTYneBzKXyMrS7XppaRPnoBbLhtQi%2F9zzQgqbUx3p6wi7Cxos9gflQhT5LwkuVS0IcbhKeNZYJCuss1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059574ec8cb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/assets/svg/twitter.php

104.21.28.76

200 OK

1.1 kB

URL GET HTTP/3
paste.fo/assets/svg/twitter.php
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (1064), with no line terminators
Size
1.1 kB (1055 bytes)
Hash
52ada42cb5438b7b0421018fd75f361e
d5e00f0d91ac0e644fa97b585fa704764276830b
5814970c931c847c4acc7c25ce39b1f9abbed82f7642c2da34a93f895d875746

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/twitter.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uBumxsnSE4K2lSQHxM8NqbzgaY2XPUVlzFFK66OpWZg1RsRJ6XkF3Fo2gDQ%2FOhHNoi0cMQhgACd1RmDSTAcG4t4GBp0b7XBWSbuLE5PF0yloT9r5vwRDXiYn2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579c9c15687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/email.php

104.21.28.76

200 OK

577 B

URL GET HTTP/3
paste.fo/assets/svg/email.php
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (586), with no line terminators
Size
577 B (577 bytes)
Hash
3f774fd678c6e100c4d914d9afc0dc8b
bab6ac432d913ee0d99dae0a7caafcea559222bd
e7f5c890c6acb9078887bbeab309ff5771782edac2444c647126072427cdc336

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/email.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BvXEjLdUT8LfF4EI0qnRg4BjYD8q%2F431fJO1YtI8ohKwq61rMlAzXnT4mjc3PBMgCaZiRJOy5hTNYy9deTCpfwMEzNB6sCk1q9NT9g%2FPzVzQI56QhYqG6M9wPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579c9c55687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

u.paste.fo/api/send

104.21.28.76

200 OK

589 B

URL POST HTTP/3
u.paste.fo/api/send
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (589), with no line terminators
Size
589 B (589 bytes)
Hash
9367aff2f0352c43a841e9338d07752d
b792be3b902b50ae679150c2716c0bd07c4ce8af
1d18ac2fdb31c8ffab43981fbc9a7a544634d0bc65fa3e5011ea2cdcabd9bdfd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://paste.fo/
Content-Type: application/json
Content-Length: 219
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:58 GMT
content-type: text/plain
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
etag: W/"vmxoe7rm0ygd-gzip"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Ffbm2e%2BhioAlO8EJaZqGP8Amfpmvmr6ZKEFSJXRRL9yZwy9anH5CPqgc%2F4n1vSBF6rjx9aqDohPqfIAgNhDzaTiSsfShPX72M60r9oZj%2BTcj8uWnkxNk57w7uCu%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880595a52c015687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/php/php.js

104.21.28.76

200 OK

18 kB

URL GET HTTP/3
paste.fo/codemirror/mode/php/php.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (9306)
Size
18 kB (18339 bytes)
Hash
f2f1668dbc8a4b0fd9f031dceda0e4ab
31d6961d6d4cbe7bf5deb2f0b5ba099c49e5c962
07819ae34d5830a3cf040e1904d4b641cb70142845394211f7fb63c891d80945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/php/php.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"47a3-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ij0gr5sEx7z5wIDndlVKM8%2BQgv9tGpp8mTXFFt%2BEO5pCkvDMyA7fxWfIOriS5AgFNJVJ37t6YJUwT1TarioJdkM4U7rfgj%2BwRlAWjdikw8Tg9lnLYagz92Itkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579799c5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/theme/material-palenight.css

104.21.28.76

200 OK

3.0 kB

URL GET HTTP/3
paste.fo/codemirror/theme/material-palenight.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3111), with no line terminators
Size
3.0 kB (2969 bytes)
Hash
1aa44862c3f13344efde99ae23ffa2dd
379767bab90d36575f7306b893be0d9d5f1708da
8c90c317211cba8f920341757d2b31c03f80b965abc07b300d2ad8e47c99ae58

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/theme/material-palenight.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"b99-614ce4aba19b0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9E90AWcE9DQYmPrwYFMvFsujJQpetYaozBksDjInpn8DE1G7Y1ujIKip2dICuvmw2yGOwkTRCqqjam20yuHest5lV0bx9fdaoIRhqf0Z%2B7W4dRaLhl8jiJxbZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579498b5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/c/f922a41/hsw.js

104.18.124.91

200 OK

470 kB

URL GET HTTP/3
newassets.hcaptcha.com/c/f922a41/hsw.js
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=0f2lvv5mlq4j&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
470 kB (469642 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/f922a41/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:53 GMT
content-type: application/javascript
etag: W/"a015c3f04def6c02f6d3a815ff97f100"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 12 Jun 2024 01:12:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880595874c015693-OSL
content-encoding: br

paste.fo/assets/svg/thumbs-down-regular.svg

104.21.28.76

200 OK

1.5 kB

URL GET HTTP/3
paste.fo/assets/svg/thumbs-down-regular.svg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1521 bytes)
Hash
389c8e85f6e31500977c27d913ef8802
1aadcd3b53c6e86b001ff153294a33260913fc82
e9be5fe625221dc40c32eb0f1faf336dd592141b6496b8f3be76a772e13dd591

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/thumbs-down-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5f1-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4287
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KL8ofe%2BPGup7WGcqwUpiBrSR7w6NuPFX6YT2WyIfEis1W%2Bqb52Nq7gT5eCtAOsp1JL6Nf7jaykYqr0n5HybMp1ExmdPspOzD9eBETANOXRTOHf8aPkfrGX8r6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88059579a9b65687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

104.16.79.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19189), with no line terminators
Size
19 kB (19189 bytes)
Hash
4c980ee97cb5c001b4d19e2895fa5603
2c6fe998aa7486c4becd74cf253bdd82666a64c3
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

HTTP Headers

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 88059579fc340b3d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

paste.fo/assets/css/cio.css

104.21.28.76

200 OK

1.7 kB

URL GET HTTP/3
paste.fo/assets/css/cio.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1749), with no line terminators
Size
1.7 kB (1653 bytes)
Hash
8cb61708ef96390cbf269935cedab719
0ef866dbef860995c47d34826e9d97a430869615
3294721281352d5d6184ef80025298e2174920b837995c3930b16783b0062be9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/cio.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"675-614ce4abcf80d-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C0WQj8ren8LjFAXCT9kCvTdRtiwraqIB5mDG4D9cHNa%2FeF2NSRKxfhT%2F6zoUPqghSanP4oanDeaQSviHoTp4kD4eAR087%2BYeo6xmwQR9mOlaa1pUvd9DDn19OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059578e9615687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/node_modules/@sweetalert2/theme-dark/dark.css

104.21.28.76

200 OK

30 kB

URL GET HTTP/3
paste.fo/node_modules/@sweetalert2/theme-dark/dark.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
30 kB (30018 bytes)
Hash
00008b67e39ee270e57f03f4fcad4dac
04f3bb1e6464faf302f91ee5e42a94447ad916b9
c6842d1ae92847b8e8cf3283cab162e737127a8fda2e35e628c8994654266d8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/@sweetalert2/theme-dark/dark.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"7542-614ce4ab9ead1-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FoFdBQJUM8ciXRkyJbmjK%2B3AuWThPdo1Zt0atD%2B9FguSHcCqRn5W7Kaiw9tB%2FfkkrAoGw9Ve0WmwuD56%2BeJjhkUryQThEoCxPc%2B%2BneF6Wp7BzbRLJzKJSQm7PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059578e9625687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

142.250.74.106

200 OK

40 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
40 kB (40360 bytes)
Hash
fb9a01c247c59daca77d5e373217b0b1
df072c2f05f7e6884df927cf8b4d2144937b8cbe
f6ce0c3fb43d72007637cf61a13dc4c6a0cb1111d2f457dc1386008f83fe13c3

HTTP Headers

GET /css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 01:12:52 GMT
date: Wed, 08 May 2024 01:12:52 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2

104.17.24.14

200 OK

25 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24948, version 772.256
Size
25 kB (24948 bytes)
Hash
61f30b79daf5b31f0d254a31fba66158
fb363d27cfdfe71a243fa2ac3dab2815232b9b7e
8e7e5ea1b15f62ab14dbd41768e8fbcd21cc859a4ea5da812457ee714299fb35

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 01:12:52 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 24948
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-6174"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 632340
expires: Mon, 28 Apr 2025 01:12:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VrsDCtTd3D%2FlfbVRm7gstsFbs18EmIuUzQBXLgpK8II3bFiFku3KtnKkLLJb2LsJ6avL1as7vgSYxcvSqMgm86UYFmi6IgqiD6VYqj7eZisWLJWVprkHgiJI83jpQbgna9lyY5oC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8805957f68d1b515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

api2.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0

104.18.124.91

200 OK

718 B

URL POST HTTP/3
api2.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=0f2lvv5mlq4j&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (734), with no line terminators
Size
718 B (718 bytes)
Hash
7327e8a8ac8dec4d9dfed3e1e6d678c7
2b224a69a4a6758c1d2360cd1b920d0cc80774f5
06e8b4ef5546ae0e43adfd5b386111b578da7f54932424b2a4fc0588946d0638

HTTP Headers

POST /checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api2.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:53 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vk2VKwPbLoawFj9mU2fhedYxxWRCpJT2Jw8PDED; SameSite=None; Secure; path=/; expires=Wed, 08-May-24 01:42:53 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880595855b285693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js

104.21.28.76

200 OK

43 kB

URL GET HTTP/3
paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42951), with no line terminators
Size
43 kB (42951 bytes)
Hash
f15be88a3c9bf40debcc080b125c7e91
4a636976285768dd43278f43d63ba5779f3f493d
8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/sweetalert2/dist/sweetalert2.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/582d5881e389
Cookie: PHPSESSID=r3tg1nrhhk60qmgt5rjc9ts6ik
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"a7c7-614ce4ab9fa71-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jNyvpBWdwIebCTXHXf7Wqh9%2BfidUNpMN7LYX3t2qVBMpjJf2XziLMA%2FKPR%2BnBMXEpvIquv3ovII7Xq4WaHirdiZWxrEZx0yZDCMqh8iUhWy1uzneZc6w3818Lg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579397f5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

u.paste.fo/script.js

104.21.28.76

200 OK

2.4 kB

URL GET HTTP/3
u.paste.fo/script.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/582d5881e389
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2496), with no line terminators
Size
2.4 kB (2423 bytes)
Hash
c7b7184df64285d4548b9eaa32a19509
ef7da84b4e6bd419d7afb62e99ab6461bdc3c8fb
bb0c244f2792bc3cb178f2e98d239be893d11443e142aafcb5c0c059b8483440

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script.js HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 01:12:51 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
cache-control: public, max-age=14400
last-modified: Fri, 29 Mar 2024 16:49:26 GMT
etag: W/"977-18e8b1dc16f"
vary: Accept-Encoding
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NNI0RpdPatV1CV5ETCRuPEt19Sf5FaB69Fe11ZLYxj3eJ0q3SzacEBbjmQ29cjBqKHHfzalcICCSSMPOK%2BPqE%2FAc3KZtjzXO%2F0Nz%2FqIdlywRp5AKBcZ4NXfDHQvn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88059579c9c75687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL