| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css | 104.17.24.14 | 200 OK | 19 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css IP104.17.24.14:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (52276) Hashded1c367363e8b20bdc6a19b8350a737 8c06d82739d14b094ff6d9036021a252bd1d985d 1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf
GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/css; charset=utf-8
content-length: 18752
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 90573
expires: Tue, 29 Apr 2025 01:36:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HRxMFPuPBrmu%2F90F7TBaLIW7J%2FKptKJM7emtAXr9TZdBPm2i8CfVqm59p%2FmNGa5G5CnqCPtkLQ4Pj1Az75NrWKXCvIeI%2Fhei85SwNK6%2FkdqMMAsHBcgjQ0yBINaEDHoMJ%2F9pRc7a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880df5f92cea56cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js | 104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP104.17.24.14:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 26252
expires: Tue, 29 Apr 2025 01:36:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PSGdS6iX%2B5lVf3B5LogftaLIEtoKsEFznch10yKC8O3NTC7C7eW8M61BmAjoLIcywoEMQjRRlWIQ3v6rQUE8IQTNl8NbTqHCovxhE1CxAXxQexB0DgAkU%2Ff5Y74e23ySXVKdwAzB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880df5f92cec56cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| paste.fo/codemirror/mode/javascript/javascript.js | 172.67.144.225 | 200 OK | 8.2 kB |
URL GET HTTP/3paste.fo/codemirror/mode/javascript/javascript.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1412) Hashb5bf8a874f93ad7109c420727888ad47 8d08219bc1257d5537a649cac713ef426158b9a8 4a0ab339997f3729a8eb6a08fca6574408918d1684eaee21760a438bbea82189
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/javascript/javascript.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38892
etag: W/"97ec-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sbx84U1gOpOZJTlt3QMwCU%2FkwKnOA0oLxsUuwTYi4ps8i%2FH78yyEy8V%2FBCEUUuQrsBAfF24BEj%2BNwWooZdR7BT%2Bw1ZbfSTsxijV%2BPo%2F8XKsB0FtQZwQ1G%2Bk4zA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe800b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 | 142.250.74.40 | 200 OK | 95 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 IP142.250.74.40:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (3034) Hashfd1d4b18ca4f991e85db0a99fa7d8693 f2af182caa099ef03cc5566ec8ca92fefda15fce 238dcf63d9a23374e5c02b51c7d8db473752ce11eaef7ea6206b7c18b1e7a2aa
GET /gtag/js?id=G-HKXR34F8P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 May 2024 01:36:50 GMT
expires: Thu, 09 May 2024 01:36:50 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 94706
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| paste.fo/assets/svg/thumbs-down-regular.svg | 172.67.144.225 | 200 OK | 1.3 kB |
URL GET HTTP/3paste.fo/assets/svg/thumbs-down-regular.svg IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash474a2e020269034a296989b87f4c7833 5a4f05d10c284d86bd395bd1ee9ea783ce7aeea2 d978602a2ebecea81d86f2664b8919dbeaa3c3904513eec9e940b0e08b8f9c73
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/thumbs-down-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5f1-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4541
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ehise9%2F6j5ual4rpmHaLOjQZ0R0BIE8cvjAJ15ssJnpZL3%2FDztUDPVzdH6GPJM7inBpPV4xqUreBe6NSjycPmhAh6ipoLDbfX9FiIN8lLGXaleKeVR8yY2XAtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5f91e8f0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap | 142.250.74.106 | 200 OK | 1.7 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap IP142.250.74.106:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash886bb8dbe2522fa1db07192395abe9d6 97a53446ea164897c34baa6138e3fc1235e9281b 46f051b435a09853d4671ba852c500341fc0dfdea36f02c188e4e88972ab9834
GET /css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:36:50 GMT
date: Thu, 09 May 2024 01:36:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 | 104.17.24.14 | 200 OK | 150 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 IP104.17.24.14:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 150124, version 772.256 Size150 kB (150124 bytes) Hashc64278386c2bbb5e293e11b94ca2f6d1 6b99aa650bd12a36caa14e0127435d8f4cd3ba73 7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150124
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-24a6c"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 24862
expires: Tue, 29 Apr 2025 01:36:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bK74IDC%2FF4ponaAUz3MOP8mFOQcvWDFRZzqgw2tidRY46471q2ccqKTprQsy9QgIpV1lKnt5tOqi5ct0R0FVYhx7ngi2nnVpOA7TO4T%2FnmbfpEgO%2F1hVk13Aav4Lx6h8cgoxWz4T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880df5fd5f7b56cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| paste.fo/assets/svg/twitter.php | 172.67.144.225 | 200 OK | 26 kB |
URL GET HTTP/3paste.fo/assets/svg/twitter.php IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeexported SGML document, ASCII text, with very long lines (1054) Hashcc846134fcb44b9037eedbe94d351335 02ee7a8c7cfb91ddb05a2d08e9335d408384ea49 b69cdc4a1472bc829f824efa2102ee740c0be093c77e6c935d08bf2347bc04a9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/twitter.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OjHHyzWox4tuILiBGn%2FOOaPPb4CvhIIG%2BhUyKfEvEIbdOCSJYgkAa05LxtxTL5N38ENuSd74rsMHay2EQwDP3rRLRdHNCSOTFzzac%2BW91GpJwEa%2FqQ%2FkTKPMxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f91e920b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| js.hcaptcha.com/1/api.js | 104.18.125.91 | 200 OK | 110 kB |
IP104.18.125.91:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (41625) Size110 kB (109653 bytes) Hash4d80931f436a73b647471384c48e1604 ae59d307aa2d23a6bf38ba532bae9cbd67c5a3e9 d196d722737dff0be8bdbf3dbd35e00b8af3437be8424e83abc1cfb5b5983e64
GET /1/api.js HTTP/1.1
Host: js.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
etag: W/"53dd4c97b84fc9233d1e06e83a19de29"
cache-control: max-age=300
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 23 May 2024 01:36:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
server: cloudflare
cf-ray: 880df5f94855b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| paste.fo/487518E9MC0D4D4C484B5C174A5F4D0F5B544B535B1F7AMF5A6C16055E631E75580F461F071802505E.jpg | 172.67.144.225 | 200 OK | 2.7 MB |
URL GET HTTP/3paste.fo/487518E9MC0D4D4C484B5C174A5F4D0F5B544B535B1F7AMF5A6C16055E631E75580F461F071802505E.jpg IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeGIF image data, version 89a, 550 x 138 Size2.7 MB (2707035 bytes) Hash4150a8b3fe07d529e95b628d5be1b066 1fb0c1c2bdba7bf5bf2e1eb9001b7c76a2d2096f 09b8bb6af716002b3d9b1beacdcdd9b3ad4831015a0ec7520516a3fd60c84895
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /487518E9MC0D4D4C484B5C174A5F4D0F5B544B535B1F7AMF5A6C16055E631E75580F461F071802505E.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: HIT
age: 560
last-modified: Thu, 09 May 2024 01:27:30 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vYW4d%2Fo8tWRt%2F76JFODBZlBViZOrGFKCev%2FXT4zif%2FxwRJckeLzhg1G%2F2b7ds7JOn6ZoxqexGaDfC7sxLhFesNZd7v9%2FxpE4icgQU5%2BNFJJsrQpa%2Bkzj%2FwgbIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5fd2f030b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 | 216.58.207.227 | 200 OK | 22 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 IP216.58.207.227:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21528, version 1.0 Hash6113a25a586aeb6d0d3af5b5b652b973 25619eeae1fe17389310e4d392c427b7711dba44 539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f
GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 464713
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 | 216.58.207.227 | 200 OK | 22 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 IP216.58.207.227:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21528, version 1.0 Hash6113a25a586aeb6d0d3af5b5b652b973 25619eeae1fe17389310e4d392c427b7711dba44 539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f
GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 464713
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 | 216.58.207.227 | 200 OK | 22 kB |
URL GET HTTP/2fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 IP216.58.207.227:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21528, version 1.0 Hash6113a25a586aeb6d0d3af5b5b652b973 25619eeae1fe17389310e4d392c427b7711dba44 539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f
GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 464713
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js | 172.67.144.225 | 302 Found | 0 B |
URL GET HTTP/3paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su; _ga_HKXR34F8P3=GS1.1.1715218611.1.0.1715218611.0.0.0; _ga=GA1.1.1795518426.1715218611
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Thu, 09 May 2024 01:36:51 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GilwGcdr0b2B8nHRCaYwfKYlkxJfc%2B1VRXK9BUjrWYXPfGdFO830Dr1TdQfr%2B6TJVTXM%2BHyx8PUHQ1UUhUjtEjGm%2FZk9nwD2pUW6rBnwsc12bCDwm2hc75%2FGnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df6024feb0b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html | 104.18.125.91 | | 1.2 kB |
URL newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html IP104.18.125.91:0
File typeHTML document, ASCII text, with very long lines (1165) Hash185bfe305e7445182c3c87515131d77e 6fe7dfd7ebf098a35a78ac8e65ebefd1467f0544 40f0ef3b1cf69f80d304e27bcba6f68fce7c64612107561fbbb6b00bf9e8c02e
GET /captcha/v1/18fa736/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:51 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 23 May 2024 01:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df5ff2ec40b31-OSL
content-encoding: br
|
|
| paste.fo/assets/img/bg1.gif | 172.67.144.225 | 200 OK | 25 kB |
URL GET HTTP/3paste.fo/assets/img/bg1.gif IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashdcab8f9443952c7589be3e4db6072853 824ca8c921eeca604844d3f00d08691631199201 a1a2a8e83029575fa6afde2c7b946fd3d98407fccf673c587aac398cd2fc8cef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/bg1.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: image/gif
content-length: 24898
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "6142-614ce4abce86d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4538
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RN%2F5YOo95Rs5qJyDYACa0buu%2FThqTfZlKKhu1BU0OEnWx28WnGZPnkpTdLdkUymCucGAXgx6HfK0x7s12dkkbAMhD44daz%2FwO6sWCbdpXF5GFABebYcH9OADrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5fd2f050b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html | 104.18.125.91 | | 110 kB |
URL newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html IP104.18.125.91:0
File typeHTML document, ASCII text, with very long lines (1165) Size110 kB (109887 bytes) Hash185bfe305e7445182c3c87515131d77e 6fe7dfd7ebf098a35a78ac8e65ebefd1467f0544 40f0ef3b1cf69f80d304e27bcba6f68fce7c64612107561fbbb6b00bf9e8c02e
GET /captcha/v1/18fa736/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:51 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 23 May 2024 01:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df5ff2ec30b31-OSL
content-encoding: br
|
|
| paste.fo/node_modules/@sweetalert2/theme-dark/dark.css | 172.67.144.225 | 200 OK | 4.4 kB |
URL GET HTTP/3paste.fo/node_modules/@sweetalert2/theme-dark/dark.css IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (24342), with no line terminators Hash80b002261f8a746e3756d6883342252a c8282deb8dfdcdf89ca54c6d6e34b23bc2beeb22 6b7dfdcc77e85a9db663a990f749d892c774f63254404cf2a72b312a8136bfd1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /node_modules/@sweetalert2/theme-dark/dark.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=30018
etag: W/"7542-614ce4ab9ead1-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cHbcBu%2B6ZmwWcIifvPVkO8JmvcnyLMy%2BCtl%2B8zRoLVKTXe0kC33haHRMnmJ2V3x%2FgNIkRgwZS9ozVCB4IL8kseH4pqxY68NnI6%2FN3BoxNyBw%2BSB7Z0ONnfS79g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8de770b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/css/responsive.css | 172.67.144.225 | 200 OK | 870 B |
URL GET HTTP/3paste.fo/assets/css/responsive.css IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (4570), with no line terminators Hash85e024d58588895496ff6e65f47a0484 ff6cb78df5ee61dffa425ace5283407ee562e4af fd51897bd68e6bdf326bfb11b3580be32da026ab50c5e494677b202f93822877
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/responsive.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7512
etag: W/"1d58-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pf5zhODVLvOBhQbc%2B4ybtKSsvVw6IGvfUVr9J7qhMmSprlEhdvh84v0SoOExR895byt5XhQsnQkgQwu5hcO1GzvH7fn14cMwv7N2QjFARTL%2FqHGyuwKF6cgdjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8de750b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/lib/codemirror.css | 172.67.144.225 | 200 OK | 2.1 kB |
URL GET HTTP/3paste.fo/codemirror/lib/codemirror.css IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (6275), with no line terminators Hash2562bc2e52c5852b18e87ec08978ba49 54c7e49460f3235492050057453609fedcc01e09 73d08a4fac48937ec5ce812b154c088351783009eba0c22644ec91ef9a0c0ff2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/lib/codemirror.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=8720
etag: W/"2210-614ce4aba67d0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtiWGI%2B4ii96He879tx8jxY7dx9%2FZQO5E5NR3d4y9IsbRAoa9GDSwLKeQ5Nb%2FdfHJg3XwjKrAzsYs9xwTmO6RBzDPuNzlD2SIAXZ33s%2Fj2TDWtIzsMyHXthLrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe7c0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/discord.php | 172.67.144.225 | 200 OK | 1.3 kB |
URL GET HTTP/3paste.fo/assets/svg/discord.php IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeexported SGML document, ASCII text, with very long lines (1557) Hash9e11d725232644a01452b56fe0fa8bcc 72bd4257388bceb963492b4e6c4a72cad7d3be96 99d543831ee87e57ca87d24cc16028b0e7784a41754b95ade07e069ef56ff8a3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/discord.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U3AEhCE6PuzHF2ccWatQ02yWEDXCQt2NE9n%2B1waUBae3hyJVbJA0F2Eepv1Xm0bM%2FTH1igLes2iQisug6A%2F49VfATrgjYhFoJpoKY8DsIR0MRllKNzDovLRJPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f91e900b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js | 172.67.144.225 | 200 OK | 18 kB |
URL GET HTTP/3paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42951), with no line terminators Hashf15be88a3c9bf40debcc080b125c7e91 4a636976285768dd43278f43d63ba5779f3f493d 8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /node_modules/sweetalert2/dist/sweetalert2.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"a7c7-614ce4ab9fa71-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 562
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GilakEiuxgHseZNPJJotDIzKqyDWWSTKsFLmRgnYrNtRjLCuHThmO3Z1LCeWsns1pBzYvSFSi6yEma36sIoYWZWtaVuiEMqgIQtQXfj49yySjLooYj%2FE1sxRSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8de780b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/theme/material-palenight.css | 172.67.144.225 | 200 OK | 10 kB |
URL GET HTTP/3paste.fo/codemirror/theme/material-palenight.css IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (2481), with no line terminators Hash3478d0a15c06b2059f72536e171912ee 774e48edd31323ea84723f8ef3eca1791f10d69e 0500595d586e40f69d933d1835fc02b7e4df3ead14a02cabadf13cec0370ab61
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/theme/material-palenight.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2969
etag: W/"b99-614ce4aba19b0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TDQECxy%2FU6H8qI%2ByhcI3u2lFdRE2w5X1t%2FZEWQ8NUhIm4m0WapYT0fsgLunJ2dWePL4cqDm1z%2Bswp3M45PwKmTC4NF6jrBkT%2FZXYt%2BaQJUXPtLs8um3eqT3yww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe7d0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/favicon.ico | 172.67.144.225 | 200 OK | 225 kB |
IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel Size225 kB (224784 bytes) Hashcf593ad6a070c546ba238d5172b52aa1 9bed079538917ab59999ea26e8becca1cec74af8 d19e9b6b10d3890ef6cffdc76821fca266f2c0db6c653ffe16b5984a200a4015
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su; _ga_HKXR34F8P3=GS1.1.1715218611.1.0.1715218611.0.0.0; _ga=GA1.1.1795518426.1715218611
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:51 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3bec-614ce4abd368d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 561
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CZmKfT%2FcQv3MamtaSgUiEl28fUEjFGb0AgfXaEOlOrZ%2BlnTBYEHRawX42O418CFypOQEqkE3J2vNBI2ykZThhVPculgi0ZcXv5KYbEqoRbjNA5iA8FB3F5jCdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df60378350b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/php/php.js | 172.67.144.225 | 200 OK | 12 kB |
URL GET HTTP/3paste.fo/codemirror/mode/php/php.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10405) Hash435c5cc4f876bcb6369acfccba865995 a65908ec04cd4f6907098d22702320c7f88e725e 1ece120c4b6f866fc0f6a32b7a031709a76d3a192025fdef0931a52953f489cd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/php/php.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=18339
etag: W/"47a3-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aW8nlYI%2BlK361yA94ENbf8s1v%2FPTEqgAklCo%2BoApDMbBx09wgwwj2wp6nmaHkyc1fehxekVDF6Vnnn03SDJ0%2FY529jU6es66ofYSgP9pQeZ1lcPsqXM09%2BsobQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe830b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/clike/clike.js | 172.67.144.225 | 200 OK | 17 kB |
URL GET HTTP/3paste.fo/codemirror/mode/clike/clike.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1704) Hash2b5341f353f5cb58026ebb1b6f047842 1bdda948cdf3b6c9644d8d07cc74c8aaef330f64 c0e7c4989a015e232a497a9b28e5c0fbb2558066ac52a6339ad59d3d924a0d3e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/clike/clike.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=37231
etag: W/"916f-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4541
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=suvqPtvsuS7QvnUad1KprjQonzxNvaGqi%2FA3K7C8Q%2FANzL%2B1%2BaXI%2FLLrzYooz1DjuJoVbry0ZelFwa1Z014VNYUiKkWRFC1NP7LVnMt4Mz%2F%2BhNYqsx4VzQznYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f90e890b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/rum? | 172.67.144.225 | 204 No Content | 0 B |
IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 496
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su; _ga_HKXR34F8P3=GS1.1.1715218611.1.0.1715218611.0.0.0; _ga=GA1.1.1795518426.1715218611; cf_clearance=.Zw2kv1pmC4XEvljSPZH3REEgs9H5lawihAaeS_5zCQ-1715218611-1.0.1.1-32fbw_hErTa35kiOM7CTVZDwHfJ9E2hKoRuRoCSDsPkdr86u7MmP6PjDLqCKKMRCg_bi9dCReQ3FE56zHoJjAA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 204 No Content
date: Thu, 09 May 2024 01:37:14 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 880df6923a8e0b4d-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| u.paste.fo/script.js | 172.67.144.225 | 200 OK | 2.4 kB |
IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2496), with no line terminators Hashc7b7184df64285d4548b9eaa32a19509 ef7da84b4e6bd419d7afb62e99ab6461bdc3c8fb bb0c244f2792bc3cb178f2e98d239be893d11443e142aafcb5c0c059b8483440
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /script.js HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
cache-control: public, max-age=14400
last-modified: Fri, 29 Mar 2024 16:49:26 GMT
etag: W/"977-18e8b1dc16f"
vary: Accept-Encoding
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hCNAWHSCqYLYd%2BpAmjWDwYTImNrmY8ckGpXhYIXXQYIKlywYR6A6%2BvcuTwrlhs4Kf3WPaMlgDQXCpjpXgT7oRD7ai75cxDmt2qREutG1UDqqis4QgPe4IiBBaFaf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe850b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| api2.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 | 104.18.125.91 | 200 OK | 718 B |
URL POST HTTP/3api2.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 IP104.18.125.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=1tm74e7j046&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (734), with no line terminators Hash96d7c905f102ee8432b434f45d203946 d32bd683dfa5e4cc18540e4a0697e8ec5baceaca dc0f4b340aa49c41eea4cd580e5eb34e45d93f068cc1a48c442ce95fdf84c846
POST /checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api2.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:52 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vk2VKwPbLoawFj9mU2fhedYxxWRCuWw2LQT4gDb; SameSite=None; Secure; path=/; expires=Thu, 09-May-24 02:06:52 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df605586e0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 | 104.17.24.14 | 200 OK | 25 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 IP104.17.24.14:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 24948, version 772.256 Hash61f30b79daf5b31f0d254a31fba66158 fb363d27cfdfe71a243fa2ac3dab2815232b9b7e 8e7e5ea1b15f62ab14dbd41768e8fbcd21cc859a4ea5da812457ee714299fb35
GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 24948
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-6174"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 720178
expires: Tue, 29 Apr 2025 01:36:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5gXOWnpNZOw3a%2F6f%2FNTeRKVt6IMJOUI8%2BMfrL4aU1IEtEfoK3nkTzjjTEZqcpyWgX5wBcg%2F9adXJN2Y3Wq9EdR9TSAfXSWEhYx1jYi%2Fsboixxkei2TpPap7pEKpoMQlTg0U%2BWfS6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880df5fd6f8156cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js | 172.67.144.225 | 200 OK | 1.2 kB |
URL GET HTTP/3paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (1271), with no line terminators Hash40d981045a7516cdadd00e8dccc9c58d 8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3 71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
last-modified: Fri, 03 May 2024 18:04:18 GMT
etag: W/"66352722-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQjBJIiXXqXSH2hrJk33qm7OAYUtv%2F9QD8vQNmPgD7iCZuGf9FgqcP4HiQByKzOCaqaYqFjZOAj7gNN3fGl8uBR4X7Eg0yuWpIEKlmtJxCMtt%2Fdw7BbNMCJx%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5f92e940b4d-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 11 May 2024 01:36:50 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| api.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 | 104.18.125.91 | 200 OK | 718 B |
URL POST HTTP/3api.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 IP104.18.125.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=0p7dbd0dr8o&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (734), with no line terminators Hashd0514d883facc0c29aa16243c1c1aa06 4c112d38b148f85e775e7d38f32cec20cfdb87f9 3216baf46c7014d17463ef85e1f6aedf935af1405c8eb4207263c02ab62b3e41
POST /checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:52 GMT
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df605486a0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u.paste.fo/api/send | 172.67.144.225 | 200 OK | 589 B |
IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (589), with no line terminators Hash90d9b5fb1aafb0791fcb79e88eca928c a528ab1d64dc0eb12b59c1a3b22d2efbef9b5d92 0f7cb955036a1a3f9c3857169ab094a55590afe197d64ad9e3bfa74caca4ec44
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://paste.fo/
Content-Type: application/json
Content-Length: 226
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:52 GMT
content-type: text/plain
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
etag: W/"306bh5un4mgd-gzip"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NE%2FmLavmOlr6imBDOeC3l1zkJV7%2FGL8cMVFh%2FvPrO9SO9f%2FXn74GpZYoN9O%2BGA7q01E9%2BdHIydV2csS6XXNDsvXhX%2FVGy43t67ny5DBZ2Y5dOl%2BuRazBjvPdN%2Bx9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df60628c60b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/email.php | 172.67.144.225 | 200 OK | 577 B |
URL GET HTTP/3paste.fo/assets/svg/email.php IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeexported SGML document, ASCII text, with very long lines (586), with no line terminators Hash3f774fd678c6e100c4d914d9afc0dc8b bab6ac432d913ee0d99dae0a7caafcea559222bd e7f5c890c6acb9078887bbeab309ff5771782edac2444c647126072427cdc336
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/email.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zcwt%2FYOT0C4YlcoNbV%2B9EkNgmf9aFkPvVBSs0qJhGhnTf3t9qe3iQm2sremCLxegjXKrPLHDFisUet4b2pcdt7PlHsFF5eGZ7I9AjJ4vgWPv7gFRd%2BPdC7UHvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f91e930b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/lib/codemirror.js | 172.67.144.225 | 200 OK | 262 kB |
URL GET HTTP/3paste.fo/codemirror/lib/codemirror.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2035) Size262 kB (262407 bytes) Hash9775b8d7cc0bda6b762fcef0f617a5dc 42c642c7a6c070207773fd5ef00310ed4ef8380f c6f3c3f85b438110a153601b764ec02d90a4899c37e7699e9187c01fe5b96c45
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/lib/codemirror.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=401347
etag: W/"61fc3-614ce4aba67d0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4540
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fhbsPqDD1QsOITAjw97O1d9t%2Ft5%2FCYkc7crgmDeBXTdnJbgqxl46gotE6KSqLdX0KqzYHhp3MsdOVlicK9aGpyqwN0IyT2Nx9FWsdB2G4nngWHoAnjzueGtpDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe7e0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/css/css.js | 172.67.144.225 | 200 OK | 33 kB |
URL GET HTTP/3paste.fo/codemirror/mode/css/css.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (19025) Hashcbeb7b6de8ada022149bfa4792e625ce 4f4f5c1bc7dfa002df676fa44ecd6d7294ba4c12 dea0ae84464fd019f70399964e19a94d9c27086aadb937e522e7a7862080132f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/css/css.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40492
etag: W/"9e2c-614ce4aba67d0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 562
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Bm9LSdEtRzAxow%2FPbduvMft4Vr%2FaGAFBXUCqChPq41unkKAETOcF%2BBO4l4XBIG%2BuQcX0Kh1y8fAa%2B2iLhjyid8%2BZcm0KCWNSd2NWodkLKCO8l%2B2ehKf3DdkYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe810b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html | 104.18.125.91 | 200 OK | 1.8 kB |
URL GET HTTP/3newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html IP104.18.125.91:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
File typeHTML document, ASCII text, with very long lines (1803), with no line terminators Hasha4b0cd73823c04eac73b745bac712a18 52a8be2d8367580c2aff2f27db4e4252489e1ad6 57d905cf66dbb89494f60aebd3925345e5458f77ac172f2e78fdd15480060eb6
GET /captcha/v1/18fa736/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:51 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 23 May 2024 01:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df5ff2ec30b31-OSL
content-encoding: br
|
|
| paste.fo/assets/css/style.css | 172.67.144.225 | 200 OK | 11 kB |
URL GET HTTP/3paste.fo/assets/css/style.css IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (10693), with no line terminators Hasha9579467f8b95bbcdbd6232105e6a253 df9b19ccebf1eca5fe14169881b132813919345d 22877d598e09dd9f8452f52a500181eae909e3f4aaa4d4c49e0b0b18cfbd60da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/style.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=15702
etag: W/"3d56-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jy5WabZ%2FHV2Db5bGoyv4aKlLfBSAfWXbofxsKrCy%2Fx68ta7CZALX29JgRArOASgYL89SakzH%2Fbr%2FI871g%2BxLVt3qsBww1mfqC0rmCpOkGsoCGp7ciuHsY44D1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8de720b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/shell/shell.js | 172.67.144.225 | 200 OK | 3.9 kB |
URL GET HTTP/3paste.fo/codemirror/mode/shell/shell.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (4178), with no line terminators Hash1fb1a5f0a5a0f7f83eb82387db65fc74 a5353d03502f139dfa6d0436d3d904fd4a9c8100 afdac0b80c01d7befa0215123909a24ddec78f9148282e962894284f1a5762a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/shell/shell.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5383
etag: W/"1507-614ce4aba2950-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 562
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4cnZupTxuRYE8L4vy1o3J%2FkONBuQQGwrLI8htYhQ%2BLXnNP%2FY13gH36vYpdz3RCtf%2FuyDDSBq8L8lQ7cIWaLAxn79NCneu3h%2FoHqWzF%2FxwVdTNKld%2FZKXBqMHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f90e880b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/htmlmixed/htmlmixed.js | 172.67.144.225 | 200 OK | 4.3 kB |
URL GET HTTP/3paste.fo/codemirror/mode/htmlmixed/htmlmixed.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (4466), with no line terminators Hash73c369bccf3c673d012a47bedd8b20f9 ae45e0588f3aabb9a119bd6b02f13cdc104c3280 e45f8bf1878c28fd125fa5dfc9ca4cadf247e70f5e5dbef0011fde8c76549b8f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/htmlmixed/htmlmixed.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5688
etag: W/"1638-614ce4aba4890-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 562
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2BiKxeIb9vprzSVzJTpyzTSm1fVcn%2BVirFmIjR9WLWrz7aVJ7S2G%2FTnrjldvb0bnxDLE4vCCLE%2FzpDgs7xAN8HaMNe8hpQyj12saE7p5ikXfSrXAd3XrS%2FKw8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f90e8a0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/python/python.js | 172.67.144.225 | 200 OK | 10 kB |
URL GET HTTP/3paste.fo/codemirror/mode/python/python.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1008) Hash0f85fa739faa6c58233a3576fa0bd324 d9abf35ff26170be2399e4432785ac152ddd711d 08c699cbbadb7aafb466ebb10da8b506cd3af41f400279eafcb7ef95b8d02839
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/python/python.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=14926
etag: W/"3a4e-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 562
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2F%2B1q8qU3yswEG35jZoVzw85ekip%2FWXnkYBtB%2BC%2Bv9vaQ8vuknixlEic1ezcKhIwiYA%2FV46fGCEwgiIFPGxAuakLy1VJtnLsfu7rYFmJoGmJ69xxS2rtmTEeXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe840b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 | 104.16.80.73 | 200 OK | 19 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP104.16.80.73:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerGoogle Trust Services LLC Subjectcloudflareinsights.com FingerprintCE:62:08:77:7A:C9:4F:2B:EB:19:EA:54:43:3D:9F:10:06:33:69:E8 ValidityWed, 08 May 2024 03:07:03 GMT - Tue, 06 Aug 2024 03:07:02 GMT
File typeJavaScript source, ASCII text, with very long lines (19189), with no line terminators Hash4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192
GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5f94dc9b4fa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html | 104.18.125.91 | 200 OK | 1.8 kB |
URL GET HTTP/3newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html IP104.18.125.91:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
File typeHTML document, ASCII text, with very long lines (1803), with no line terminators Hasha4b0cd73823c04eac73b745bac712a18 52a8be2d8367580c2aff2f27db4e4252489e1ad6 57d905cf66dbb89494f60aebd3925345e5458f77ac172f2e78fdd15480060eb6
GET /captcha/v1/18fa736/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:51 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 23 May 2024 01:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df5ff2ec40b31-OSL
content-encoding: br
|
|
| paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/880df5f63cdb56a2 | 172.67.144.225 | 200 OK | 0 B |
URL POST HTTP/3paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/880df5f63cdb56a2 IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/jsd/r/880df5f63cdb56a2 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12138
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su; _ga_HKXR34F8P3=GS1.1.1715218611.1.0.1715218611.0.0.0; _ga=GA1.1.1795518426.1715218611
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:51 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=.Zw2kv1pmC4XEvljSPZH3REEgs9H5lawihAaeS_5zCQ-1715218611-1.0.1.1-32fbw_hErTa35kiOM7CTVZDwHfJ9E2hKoRuRoCSDsPkdr86u7MmP6PjDLqCKKMRCg_bi9dCReQ3FE56zHoJjAA; Path=/; Expires=Fri, 09-May-25 01:36:51 GMT; Domain=.paste.fo; HttpOnly; Secure; SameSite=None; Partitioned
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VM8VUfuDiNcvuRTXtTBT8CRQBCBy%2BQOqHS8LaIWbtuu5puwu2u4pNGAQUsJIWIZ%2BOQUFeG7jVanzHadV%2BG%2BXXc3Fx0RsTWfCLUec4lu1W0dz5wxcoD7Ll6EmOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df604384b0b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/css/user.css | 172.67.144.225 | 200 OK | 5.2 kB |
URL GET HTTP/3paste.fo/assets/css/user.css IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (5248), with no line terminators Hash7690e1f323bfc9cd0658b8355ec967ae f6556ee7ace5044dcc0a5a8db6a4cc2b76dfcec2 2b878eddd32ef75f04d6923d6bc597d06e0f41d6988ef952edd17dfbacc6b849
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/user.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7053
etag: W/"1b8d-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tWb8OZcyo%2FF1PKODV3J8a7wRCudjnXw8uiY1pR18Hel2BkrFKwa6n0dpibfWooNMi9YpgfJh1poCclxffTXRREEGetkNPueIz3Q7bwy8LkW%2BTgsIToJ6bxxUxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8de740b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/xml/xml.js | 172.67.144.225 | 200 OK | 9.6 kB |
URL GET HTTP/3paste.fo/codemirror/mode/xml/xml.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (9904), with no line terminators Hash3ec07361d74afef5a6157560b789479f 34b9c1956f2ad4cd02ff2155615cda04f17bccfc 05c1e29bd73a327db390a83066b86acc99162f86e2ded090cbb70fd84d94e575
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/xml/xml.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=13353
etag: W/"3429-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 562
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOJYASg7%2BjA204FLuCv4vAE80QlgOp%2B7ILZRUHGK2ZnazqMpHEPcBI0xmga73R7Uj%2Bfdt2zYtGKgmcDa4P6LRqJolev0Cdc4ih5lmo7%2FfThuF6WcV5ogPmI%2BrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe7f0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u.paste.fo/api/send | 172.67.144.225 | 204 No Content | 0 B |
IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://paste.fo/
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
date: Thu, 09 May 2024 01:36:52 GMT
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
access-control-max-age: 86400
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kqqS1pio7UDmS8f7UM9qH4qLk%2F5tf%2Bk8pV4GhVWIGICtW0bFu5hUQZgLi8I4aHSCKOlb6vO2Hc8ErBgj%2FLcvkSnRtVcqLRztaAK0GIJf8LeRepaB74I9%2BJEy2fzV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df60558b20b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/sql/sql.js | 172.67.144.225 | 200 OK | 50 kB |
URL GET HTTP/3paste.fo/codemirror/mode/sql/sql.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (43375) Hash3cdc1020173551b4420eaf86ba005542 b8d24d2ff67841845091e27077fb018dfd90dfcb 319f94b54817677bb7cb4b39e3c1188b7036b60f6e83d7fe4dffcedda4244713
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/sql/sql.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=59538
etag: W/"e892-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4541
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Y7PLnK3GWErqrsVWIRRs8UFrl2Gz8pTqG32XbowTffxW1a6e7FDBrZWsW3aQ5oD6MGbAuMAE0plPHrhX3BDQ2eedW2plu3LSNoZSNQqCou704CR%2Fj%2FbpyTPrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8fe820b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/A7326F14MC094D4644155B1A4A0D1C0857001D010D4E604F0C575464071C653225AM217E2D724C7A71193508520B05461447071E2607125B5E0F1F035951.jpg | 172.67.144.225 | 200 OK | 13 MB |
URL GET HTTP/3paste.fo/A7326F14MC094D4644155B1A4A0D1C0857001D010D4E604F0C575464071C653225AM217E2D724C7A71193508520B05461447071E2607125B5E0F1F035951.jpg IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Size13 MB (13434744 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /A7326F14MC094D4644155B1A4A0D1C0857001D010D4E604F0C575464071C653225AM217E2D724C7A71193508520B05461447071E2607125B5E0F1F035951.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: HIT
age: 498
last-modified: Thu, 09 May 2024 01:28:32 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yRuc%2BLjLhgUvHDppJnAYu9DnyJCw9X5mRVk0zykNg%2Fxow9b3sUkN10RykiNvW%2BlhF%2FCv%2Bkb5YAQFwUD4NKqQcnfmxviGgzOjSFIqcH5tpzJIObAuKzpFoMj1qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5fd2f040b4d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| newassets.hcaptcha.com/c/f922a41/hsw.js | 104.18.125.91 | 200 OK | 470 kB |
URL GET HTTP/3newassets.hcaptcha.com/c/f922a41/hsw.js IP104.18.125.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=0p7dbd0dr8o&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size470 kB (469642 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/f922a41/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:52 GMT
content-type: application/javascript
etag: W/"a015c3f04def6c02f6d3a815ff97f100"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 13 Jun 2024 01:36:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df60588810b31-OSL
content-encoding: br
|
|
| newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js | 104.18.125.91 | 200 OK | 387 kB |
URL GET HTTP/3newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js IP104.18.125.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=0p7dbd0dr8o&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size387 kB (387161 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /captcha/v1/18fa736/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:51 GMT
content-type: application/javascript
etag: W/"53dd4c97b84fc9233d1e06e83a19de29"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 23 May 2024 01:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df602dfeb0b31-OSL
content-encoding: br
|
|
| | 172.67.144.225 | 200 OK | 26 kB |
URL User Request GET HTTP/2IP172.67.144.225:443
CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /007d6b4d6609 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 01:36:49 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su; path=/
token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
sscore: 0.016161616161616
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DVv6%2B0a7O5salYmIXLy%2BJjwhEXD72o9lYdKf%2BstFgUODESegAX7JNKm1rl8OimFIgfR76sZKeKdE23zkuNnA%2BwVi5eyDzY1py0DViy9OGhTcd3qKgFrL5Abe2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f63cdb56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| paste.fo/CSSl03f0a6e63b.css | 172.67.144.225 | 200 OK | 173 B |
URL GET HTTP/3paste.fo/CSSl03f0a6e63b.css IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash83b06e13074a7a938d1a6ecc18a97da9 bbb744e328aa894ef5c74eae785e31a874746267 16ac94aefdba035f34fcde1f6b54ec67321c5fa22026d1f5ec10422d87fdaf13
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /CSSl03f0a6e63b.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Thu, 09 May 2024 01:36:50 GMT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XlmQoUh%2BMw1yOHcKtI3v0npWNRUA4IETPBDGNtIDizTANmxHMnrWUt9yQzS7FG%2B7HMZ1d8j4kSp0%2BQt1QfmO98nIWFYAxVUlUeT7bwtteAY%2F8oXfICy7RXXeqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f91e8d0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js | 104.18.125.91 | 200 OK | 387 kB |
URL GET HTTP/3newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js IP104.18.125.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=1tm74e7j046&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size387 kB (387161 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /captcha/v1/18fa736/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:51 GMT
content-type: application/javascript
etag: W/"53dd4c97b84fc9233d1e06e83a19de29"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 23 May 2024 01:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df602afad0b31-OSL
content-encoding: br
|
|
| paste.fo/assets/css/cio.css | 172.67.144.225 | 200 OK | 1.2 kB |
URL GET HTTP/3paste.fo/assets/css/cio.css IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1152), with no line terminators Hash6a91b9352b213689c0432bb87eddb2ae 4a9beb1f3a827dee5a03a246a296fac2f3677165 5721962451086a4c469a6d1b1e4cc133f03c3ea0377916a91b45373463855620
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/cio.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1653
etag: W/"675-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5m%2F%2Fmy9XPZ8O3rgSrvcAcb7twlplAIWJ8dC8gwU1EKDtVPbzHmxktRAEjYNZAnDf0KR9FWh0h%2BPO0TdpRrixCaeCqW5%2BV%2BxfNSck3EQPMfHrYpUuGSAXPYlhLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f8de760b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/thumbs-up-regular.svg | 172.67.144.225 | 200 OK | 1.5 kB |
URL GET HTTP/3paste.fo/assets/svg/thumbs-up-regular.svg IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash8316f24250b74fb4d08b7d0d8d7d1a66 e241a00103a7a81d5678741010703fddd7de83dd 7a4a04f8e984441f7a9fd9d4a796726e1d9b2124095688d9ecd0b891ab2f84e0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/thumbs-up-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5d9-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4542
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4wT8hiAMoYXkI2k6Xz48TUFbpFs18jLsaJmltQsbAw9kVhHLYl2Q%2BiPCCf7IYx6hDGFuBzsaT9apfZhbb2pNCzUwmIXEV8xi858n2msKRYnj3GQzJsLHkh%2F%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df5f91e8e0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js | 172.67.144.225 | 200 OK | 7.9 kB |
URL GET HTTP/3paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7852), with no line terminators Hashde634c0b8b655570277242e73c9b4f30 b4b8bf9c4e4036ed57de3427419df86eb4e053d8 19661a893eb480f3b5a677d9ad2923f05fcaaf94cf2748d026eb1e2e18fa1076
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su; _ga_HKXR34F8P3=GS1.1.1715218611.1.0.1715218611.0.0.0; _ga=GA1.1.1795518426.1715218611
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:51 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RQFGV3ue7rhV30%2BhNCiwtOvI2HOzP3z8mmMleMjejgk1mk7L0J9aoxpNXTKNP0IeeysBdncpU68ppb2GMGJBVgFmw%2F78AQJC18owtMMh4hUE%2BUpEajQ6Oeg4OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df602d8220b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| newassets.hcaptcha.com/c/f922a41/hsw.js | 104.18.125.91 | 200 OK | 470 kB |
URL GET HTTP/3newassets.hcaptcha.com/c/f922a41/hsw.js IP104.18.125.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=1tm74e7j046&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size470 kB (469642 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/f922a41/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:52 GMT
content-type: application/javascript
etag: W/"a015c3f04def6c02f6d3a815ff97f100"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 13 Jun 2024 01:36:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df605b8940b31-OSL
content-encoding: br
|
|
| paste.fo/assets/js/hyperlink.js | 172.67.144.225 | 200 OK | 1.0 kB |
URL GET HTTP/3paste.fo/assets/js/hyperlink.js IP172.67.144.225:443
Requested byhttps://paste.fo/007d6b4d6609 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1107), with no line terminators Hash57f9dc10b415891524d8668c91b97120 8c5e819d656b25748485e8380bb50b24bd2a159d 4904079029f843d33043406564cfb3ccae3570f8a1d97f303ef0fa7e07001e5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/hyperlink.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/007d6b4d6609
Cookie: PHPSESSID=96bpcoh1ca9f44h6mvlfafh5su
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 01:36:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2060
etag: W/"80c-614ce4abce86d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 562
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YKVagnbX7vc9dnJrt8804i9502xfyE2mkWWN%2BXFGsSO1RMICNKv6tKMog2scssIFgaLVBU1yG1I6hD64o%2B8Bm%2Bzmc73JFA4Ah6FGIGvZYJAYnrlM0n4mxkuYMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df5f91e8c0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|