Report - paste.fo/4e494ed73477

Report Overview

Submitted URL
paste.fo/4e494ed73477
IP
172.67.144.225
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-09 01:35:11
Access
public
Website Title
ALBORAAQ | 1682X MEGA CAPTURE | FULL OF PORN,TOOL. | paste.fo
Final URL
paste.fo/4e494ed73477
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
newassets.hcaptcha.com	11055	2018-01-12	2021-03-22	2024-05-07	1.0 kB	206 kB	104.18.124.91
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	548 B	7.6 kB	142.250.74.106
u.paste.fo	unknown	2022-08-23	2023-05-13	2023-12-04	475 B	7.9 kB	104.21.28.76
api2.hcaptcha.com	unknown	2018-01-12	2023-05-02	2024-05-07	597 B	1.5 kB	104.18.124.91
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-08	2.0 kB	309 kB	104.17.24.14
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-08	415 B	95 kB	142.250.74.168
paste.fo	unknown	2022-08-23	2022-09-02	2024-04-18	8.4 kB	7.9 MB	104.21.28.76
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-08	1.1 kB	45 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed
2024-05-09	medium	paste.fo	Sinkholed

ThreatFox

No alerts detected

JavaScript (31)

	URL	Size	First Seen	Last Seen
	paste.fo/codemirror/mode/clike/clike.js	28 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/mode/clike/clike.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:39 Times Seen1612 Hash 2b5341f353f5cb58026ebb1b6f047842 1bdda948cdf3b6c9644d8d07cc74c8aaef330f64 c0e7c4989a015e232a497a9b28e5c0fbb2558066ac52a6339ad59d3d924a0d3e Loading...

	paste.fo/4e494ed73477	153 B	2023-03-08	2024-05-20
Pretty URL paste.fo/4e494ed73477 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:38 Times Seen927 Hash 2bc0082aba5a35e515758023fa651be0 a8db1112fc735be0d64a64e864a52131f7eaf878 75367336210d6cc8328fad7ddbdcf9afaceae3dae97c2a2e6b95a6ae82d8bc1f Loading...

	newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js	387 kB	2024-05-07	2024-05-13
Pretty URL newassets.hcaptcha.com/captcha/v1/18fa736/hcaptcha.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:01:15 Last Seen2024-05-13 11:03:32 Times Seen269 Hash 4d80931f436a73b647471384c48e1604 ae59d307aa2d23a6bf38ba532bae9cbd67c5a3e9 d196d722737dff0be8bdbf3dbd35e00b8af3437be8424e83abc1cfb5b5983e64 Loading...

	paste.fo/codemirror/mode/htmlmixed/htmlmixed.js	4.3 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/mode/htmlmixed/htmlmixed.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:38 Times Seen1100 Hash 5b166a8ebd19d3f44d17bffea8cea4bc 2d24ccc2d3644c33c7cd3a665258cef67619084a 1a4d93f8e0244d90d6f22ce15075e1aac1186593de3ca438649b4df6f8ae3397 Loading...

	paste.fo/4e494ed73477	220 B	2023-03-08	2024-05-20
Pretty URL paste.fo/4e494ed73477 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:38 Times Seen742 Hash 3db1e9a5b3900e6e537c9a3c37c3a710 ad5a93d1d63c4147ccea4e92c31e76ac33e48fa2 009775e1b19c7979e577f9eacfb2da159c57074b82eb7985b4fb0e31c28133f2 Loading...

	paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.8 kB	2024-05-09	2024-05-09
Pretty URL paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:35:13 Last Seen2024-05-09 03:35:13 Times Seen1 Hash 963c3452846de2a6f626baeeb2bbd931 f891e888ca23adf670b8ea67689e6debd30be5ac fc2a18106a8aa54484cc078f9011bc693ba9d8b4fa7cff7bb37819f36aa29048 Loading...

	paste.fo/codemirror/mode/shell/shell.js	3.9 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/mode/shell/shell.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:38 Times Seen1088 Hash ef6669a00f0ae004bf997e217fb0a09f 7fba87e2f140eea0bfb39b10eb34ffb2471a1e2b a76146be8ce9aee15409c7f15625f1922d554e43cbcd5c9503aa544d9eb598eb Loading...

	paste.fo/4e494ed73477	733 B	2024-05-09	2024-05-09
Pretty URL paste.fo/4e494ed73477 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 03:35:13 Last Seen2024-05-09 03:35:13 Times Seen1 Hash de2ed20235ff7a47a2327d62a6c193a1 66e2ca4fbfeb6854bf5d42970765e2a2335084bc 6aae63931752d21737068359efa555335ba0fd0083905d1781020eb2cf0cda99 Loading...

	newassets.hcaptcha.com/c/f922a41/hsw.js	470 kB	2024-05-03	2024-05-14
Pretty URL newassets.hcaptcha.com/c/f922a41/hsw.js IP 104.18.124.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 01:29:42 Last Seen2024-05-14 03:33:19 Times Seen288 Hash a015c3f04def6c02f6d3a815ff97f100 2322366db22def41a31f2dae0a2133ad75e6d1ac 42d9a4011ac36ae483e8e3cb4bb2b3829b96bf366bbc1c0e2ab40d4d7deb9240 Loading...

	unknown	48 B	2023-04-11	2024-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:45:29 Last Seen2024-05-20 07:02:14 Times Seen19480 Hash 43d643e449b4ea13394fe737b1d6a447 1c03d56d955fd266d7659379e63d5711bd5382db 4817661f6ac7d2e1691bc3aeb9966e66012891ccda569ff872dc0932010c540d Loading...

	paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js	43 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:38 Times Seen1869 Hash f15be88a3c9bf40debcc080b125c7e91 4a636976285768dd43278f43d63ba5779f3f493d 8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910 Loading...

	paste.fo/codemirror/mode/css/css.js	33 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/mode/css/css.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:39 Times Seen1618 Hash cbeb7b6de8ada022149bfa4792e625ce 4f4f5c1bc7dfa002df676fa44ecd6d7294ba4c12 dea0ae84464fd019f70399964e19a94d9c27086aadb937e522e7a7862080132f Loading...

	paste.fo/4e494ed73477	45 B	2024-04-29	2024-05-09
Pretty URL paste.fo/4e494ed73477 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 03:20:29 Last Seen2024-05-09 03:50:56 Times Seen5 Hash b08a0e8a6be2b53817e6404aaefb473e 192c4d18bb16bf929ed8dee5cc0897c8a5d6154b 1df2e17f886a53cb60b312d0ebce7e28b3eaa686c6352ee111b034c4aadaf784 Loading...

	paste.fo/codemirror/mode/xml/xml.js	9.6 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/mode/xml/xml.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:39 Times Seen1034 Hash 3e37a737221f3057bb62d1736573f38b bf16c6b34152dfb151dcdb344ce4045174ffdf03 19d4307c9eb14112572604815e03c05ea17ed64dcb7015838cf755ee585fcb37 Loading...

	paste.fo/codemirror/mode/php/php.js	16 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/mode/php/php.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:39 Times Seen1615 Hash 435c5cc4f876bcb6369acfccba865995 a65908ec04cd4f6907098d22702320c7f88e725e 1ece120c4b6f866fc0f6a32b7a031709a76d3a192025fdef0931a52953f489cd Loading...

	paste.fo/codemirror/mode/python/python.js	10 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/mode/python/python.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:39 Times Seen1612 Hash 0f85fa739faa6c58233a3576fa0bd324 d9abf35ff26170be2399e4432785ac152ddd711d 08c699cbbadb7aafb466ebb10da8b506cd3af41f400279eafcb7ef95b8d02839 Loading...

	paste.fo/assets/js/hyperlink.js	1.0 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/assets/js/hyperlink.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:38 Times Seen900 Hash 754527075e7f43e5b376a6879d591ad3 019edc8ec844b25f28c0049c56aa09c5cc0a5121 d5ff35dd76c5fa9ebfe3b89012a8dd40e85a89ee50f4f85623d338f0514e15d4 Loading...

	www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3	274 kB	2024-05-09	2024-05-09
Pretty URL www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:35:13 Last Seen2024-05-09 03:50:56 Times Seen6 Hash 388f0ec2500884ce9a9ac7e75a5d9008 3b067a1b4398fa48974b42b224bd82e9186bae4c 3fbabcd7a338b0f81d56a5ffe5bc6d061737f3935a83e456a6dd8aafbfcfa001 Loading...

	paste.fo/codemirror/lib/codemirror.js	262 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/lib/codemirror.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:39 Times Seen1629 Hash 9775b8d7cc0bda6b762fcef0f617a5dc 42c642c7a6c070207773fd5ef00310ed4ef8380f c6f3c3f85b438110a153601b764ec02d90a4899c37e7699e9187c01fe5b96c45 Loading...

	paste.fo/4e494ed73477	744 B	2024-05-09	2024-05-09
Pretty URL paste.fo/4e494ed73477 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 03:35:13 Last Seen2024-05-09 03:35:13 Times Seen1 Hash 9becc2be35b58881a90c03eb862f2df9 48b8334a0a4ca03cd0a9c6c8bc81e56fe9b0df34 460ecc3a04a4f022862a6fdf93207fc0731cdfdd48dd06960d1fc2dbbabc9d4a Loading...

	paste.fo/4e494ed73477	696 B	2024-05-09	2024-05-09
Pretty URL paste.fo/4e494ed73477 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 03:35:13 Last Seen2024-05-09 03:35:13 Times Seen1 Hash 608f4c3c8f92a1575776bb2f5bf8a261 71c88e0cdbf5a17f1859eb65930f5129068a01e9 a8a89933953ae0b1865eb87ffc733493537a05ae8f6f7a5c76928bd3c3845ff7 Loading...

	paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-05-20
Pretty URL paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-20 07:42:36 Times Seen57776 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	unknown	247 B	2024-05-09	2024-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 03:35:13 Last Seen2024-05-09 03:35:13 Times Seen1 Hash c8efd12c044791107fb0884aa428050e ecf2e623da18fc0d1270126a23fd4386000df372 4d6fe3afff2d940ea4c1d100b507bd22051541bb45f775c7f34b28b29b7f63f6 Loading...

	paste.fo/4e494ed73477	573 B	2024-05-09	2024-05-09
Pretty URL paste.fo/4e494ed73477 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 03:35:13 Last Seen2024-05-09 03:35:13 Times Seen1 Hash 17c14252de6e45d8e2363956e04a9f44 7e08717f99cfb20c6a61cc32c0fceec728fde79f d7b1df408125f86568749e949a6a75731652b74e3921f14cb760b223c8a8f6a7 Loading...

	paste.fo/codemirror/mode/javascript/javascript.js	30 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/mode/javascript/javascript.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:39 Times Seen1626 Hash b5bf8a874f93ad7109c420727888ad47 8d08219bc1257d5537a649cac713ef426158b9a8 4a0ab339997f3729a8eb6a08fca6574408918d1684eaee21760a438bbea82189 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-20 07:20:03 Times Seen275301 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	paste.fo/4e494ed73477	362 B	2023-03-08	2024-05-20
Pretty URL paste.fo/4e494ed73477 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:38 Times Seen718 Hash cc410e71e4e11ef150fc0b841e53a779 40fe8f68130bf0d500f779f7be6504a90d0b670e b2eeea9c303e9ed86aad00cf3f5224a2bcb03dbec9db3139d1b1c267b27457cf Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	19 kB	2024-04-24	2024-05-20
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56:41 Last Seen2024-05-20 07:30:50 Times Seen2635 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

	paste.fo/codemirror/mode/sql/sql.js	50 kB	2023-03-08	2024-05-20
Pretty URL paste.fo/codemirror/mode/sql/sql.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-05-20 03:30:39 Times Seen1616 Hash 3cdc1020173551b4420eaf86ba005542 b8d24d2ff67841845091e27077fb018dfd90dfcb 319f94b54817677bb7cb4b39e3c1188b7036b60f6e83d7fe4dffcedda4244713 Loading...

	paste.fo/4e494ed73477	1.1 kB	2024-05-09	2024-05-09
Pretty URL paste.fo/4e494ed73477 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 03:35:13 Last Seen2024-05-09 03:35:13 Times Seen1 Hash 0a86e7a71a4eb39639087a045f52972a ca0182bcec9795583ddef1a70336d15fbd491bed 2ff52383297c53b8f28706ea5ce38cf45f5b064ac5c84474eb6e419c5aa32f5d Loading...

	u.paste.fo/script.js	2.4 kB	2024-02-20	2024-05-20
Pretty URL u.paste.fo/script.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 04:21:10 Last Seen2024-05-20 03:30:38 Times Seen922 Hash 8285978df55a18d7ba03a3106d4b28d2 3c69c6b6715afaca3b655fa3ea18e6c447a0956e 56e70678cbf7e8c157c423bac4d2872f3b384a1784f43b1126ae5e59fd45d144 Loading...

HTTP Transactions (29)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

104.17.24.14

19 kB

URL
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (52276)
Size
19 kB (18752 bytes)
Hash
ded1c367363e8b20bdc6a19b8350a737
8c06d82739d14b094ff6d9036021a252bd1d985d
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: text/css; charset=utf-8
content-length: 18752
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 90446
expires: Tue, 29 Apr 2025 01:34:43 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mnxABuOBD1yZ6%2BLs%2FNHxqZl3%2BqXrh9a4JHgybiFN7tnOBwKwND03SLCo4Y0XKwpLjjV2MC3tKM98mntTR8jrYyAaxkJ0gi5uFxUdV2jtzSLMv1x2L9hwkZa0q7itNamDYzRhe0Uo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880df2e309cc56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.24.14

28 kB

URL
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 26125
expires: Tue, 29 Apr 2025 01:34:43 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wferZGgy0cwvmh6neGbqb0REnSjr9TwtUIOmQzcFf5ZpnVnnKxpzcz8l5LZqBipoHdDSAH8PlezwugNx9f5k0PiwN6qD6FdFrqx3qRIifes%2F2u%2Bg%2BY%2FjNVOc9dT0n8%2B1SvoZNYkp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880df2e329d656be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3

142.250.74.168

95 kB

URL
www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (3034)
Size
95 kB (94705 bytes)
Hash
388f0ec2500884ce9a9ac7e75a5d9008
3b067a1b4398fa48974b42b224bd82e9186bae4c
3fbabcd7a338b0f81d56a5ffe5bc6d061737f3935a83e456a6dd8aafbfcfa001

HTTP Headers

GET /gtag/js?id=G-HKXR34F8P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 May 2024 01:34:43 GMT
expires: Thu, 09 May 2024 01:34:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 94705
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-brands-400.woff2

104.17.24.14

108 kB

URL
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-brands-400.woff2
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 108020, version 772.256
Size
108 kB (108020 bytes)
Hash
8b0ddedbb27cbc9971c8667caa8a0cc1
4350f9ba93384634faf35f41c503c99c767f1069
748332090c4b8e20f95d0ff59f0be20fa9c889359d3b36d4b886d73376054207

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:34:44 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 108020
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-1a5f4"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 28819
expires: Tue, 29 Apr 2025 01:34:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m8NI2VfNRBp8eyhnvmT3gWWXxE6WK6aL9ZNmDMkk9PNPeP7lTITuAs8sQ%2FAT2O2akqQ5Pt1d5nFKoWiyb2AJPdq%2Byw4gMovF3bNAh4J2OKgiNlEIJ786lK72XiL9BARsF7gl3Dnw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880df2e66c6056be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/assets/img/bg1.gif

104.21.28.76

25 kB

URL
paste.fo/assets/img/bg1.gif
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (24898 bytes)
Hash
dcab8f9443952c7589be3e4db6072853
824ca8c921eeca604844d3f00d08691631199201
a1a2a8e83029575fa6afde2c7b946fd3d98407fccf673c587aac398cd2fc8cef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/bg1.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:44 GMT
content-type: image/gif
content-length: 24898
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "6142-614ce4abce86d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4412
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k3G3tgEgzfRha2%2F8tHkKVmH0%2F3O%2BDucctZgiraBuviUh10BQsfgov7uq2rPYiUPJjw6llqrLR7CYQkQWFXCtMSgC%2BPJaQladTT6z%2FJOmP%2Bup8OMcuv3NtOa6tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df2e61b04b4fa-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/assets/img/cracked.png

104.21.28.76

31 kB

URL
paste.fo/assets/img/cracked.png
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
31 kB (31300 bytes)
Hash
0f731a8dafaf0ad3ddf6cae003a867f1
9abb2405062b7f7f017072df166d22dcb0c07019
4eb8cff99bda9846cb0f2340e07681b65a7820d0d00d39807336d02d7b3a7105

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/cracked.png HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/assets/css/user.css
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:44 GMT
content-type: image/png
content-length: 31300
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "7a44-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 260
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mHSDEGFXlneICJDvqGH3KBix8CARnxBTiIwEjuOs%2BHwdWljLxXuBV%2Fcima1rGz2yJCcgDhB34Umw9rhjDUrjPyGzTZ34%2FlLB3bbme46%2BB%2B6eGauczjej0SEGFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df2e62b0bb4fa-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2

104.17.24.14

150 kB

URL
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 150124, version 772.256
Size
150 kB (150124 bytes)
Hash
c64278386c2bbb5e293e11b94ca2f6d1
6b99aa650bd12a36caa14e0127435d8f4cd3ba73
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 09 May 2024 01:34:44 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150124
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-24a6c"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 24736
expires: Tue, 29 Apr 2025 01:34:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KQYChwojyWv7stHTwbYxlRLC4jeDh2Csf4zU8BsVSlFmfTGsm6FbKi%2BLFyImW45JdSFEbx0YRLhDt5vy9SVBYvqusJe%2FGD0b0ZY8wIG%2BMbojyFkMpTxxszCnw%2FBdVd9UYg73YN%2FE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880df2e67c6d56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/codemirror/mode/php/php.js

104.21.28.76

31 kB

URL
paste.fo/codemirror/mode/php/php.js
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (10405)
Size
31 kB (30634 bytes)
Hash
435c5cc4f876bcb6369acfccba865995
a65908ec04cd4f6907098d22702320c7f88e725e
1ece120c4b6f866fc0f6a32b7a031709a76d3a192025fdef0931a52953f489cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/php/php.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=18339
etag: W/"47a3-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4415
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KfCop4sfLnTq%2BYctDiJphLwgi8IljWqd0cUa9Xr7WeerJw4q%2BYEipO%2Fdxtzi%2BvEyjQaNQm7wTx2QTmaPjKn6%2BU4Sse34QSxQvB7el6G9irbwr7jczLkZOkxJ1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2e2a956b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/thumbs-up-regular.svg

104.21.28.76

1.3 kB

URL
paste.fo/assets/svg/thumbs-up-regular.svg
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1284 bytes)
Hash
16edbe83aaa9c8b1f0dae88e622e97cb
49c1e9c26f6db1c4c768e72dfbbf231a0e6fd237
3c1e8bd2dd9e8b3935c601e8bb4fc3f90ee85359acabded24b7f943b9fd1c65b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/thumbs-up-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5d9-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4415
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pop3Oqy5h87Bb1Ck5uqqRkXaa48LQX%2BYVU%2F6JwVJHht72EcyZl%2BEO1rf%2Bw75d7MivaaGSsQlz3mowZwBHoJZu6I7Jhcg3PjMjHsZEigb7Lx4sbp%2B%2FgbMFxbVmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df2e2a95eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/4e494ed73477
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 464586
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/assets/svg/discord.php

104.21.28.76

1.2 kB

URL
paste.fo/assets/svg/discord.php
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
exported SGML document, ASCII text, with very long lines (1557)
Size
1.2 kB (1239 bytes)
Hash
9e11d725232644a01452b56fe0fa8bcc
72bd4257388bceb963492b4e6c4a72cad7d3be96
99d543831ee87e57ca87d24cc16028b0e7784a41754b95ade07e069ef56ff8a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/discord.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XhpolNhBwJUgKiqRPN4sAaGeW%2F4LqoKEy5IoU7ANNZO%2FmMdw72hArgeZt6NJEZ00TEIpcpF%2Bp15f%2BNyQLc17gD9PKi9nldwrQhHy8%2FXZCCjgVUGRKf0gdaQVKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2e2a960b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/thumbs-down-regular.svg

104.21.28.76

1.3 kB

URL
paste.fo/assets/svg/thumbs-down-regular.svg
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1286 bytes)
Hash
474a2e020269034a296989b87f4c7833
5a4f05d10c284d86bd395bd1ee9ea783ce7aeea2
d978602a2ebecea81d86f2664b8919dbeaa3c3904513eec9e940b0e08b8f9c73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/thumbs-down-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5f1-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4414
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tex3fN2yiE09H0uUYX9yymUSvsFGsReCW3%2F35Pr7ub71W1bULLR7OYpNfdSgVW96%2B1mhOLHAiMm%2FeccepClDMFoRq%2FwpvC9JzTymk01v0Ml8D1LttKJFJBkiag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df2e2a95fb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/4e494ed73477
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 464586
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/codemirror/mode/javascript/javascript.js

104.21.28.76

29 kB

URL
paste.fo/codemirror/mode/javascript/javascript.js
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (1412)
Size
29 kB (29256 bytes)
Hash
b5bf8a874f93ad7109c420727888ad47
8d08219bc1257d5537a649cac713ef426158b9a8
4a0ab339997f3729a8eb6a08fca6574408918d1684eaee21760a438bbea82189

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/javascript/javascript.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38892
etag: W/"97ec-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4415
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dnQ%2BGrlk6vBtQVEF%2Fk%2FGG%2FUs7vpOLSAJgpx6dD7lEEzhwJfCL6EuUzv3i%2BMysitofUL5%2FQJTVP79XMMQ2DnKymS9nzgxWQc%2FJlv2CeXRnIuPggklXtmMt%2BTZ1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2e2a953b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/sql/sql.js

104.21.28.76

15 kB

URL
paste.fo/codemirror/mode/sql/sql.js
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (43375)
Size
15 kB (14902 bytes)
Hash
3cdc1020173551b4420eaf86ba005542
b8d24d2ff67841845091e27077fb018dfd90dfcb
319f94b54817677bb7cb4b39e3c1188b7036b60f6e83d7fe4dffcedda4244713

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/sql/sql.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=59538
etag: W/"e892-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4414
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZ91eOXn1CbYAt%2FqgSRKjsM4lfS%2FTwOuyMuAU%2BNQkEqS3RSfvGRrxfgP8BjofgU%2F%2FvgyIt98F6yvO3vPnpwG%2BnIAi3PQZO2qXnF57KuYZnN6Hy35N1XG1Urkvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2e2a955b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/shell/shell.js

104.21.28.76

1.5 kB

URL
paste.fo/codemirror/mode/shell/shell.js
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (1184)
Size
1.5 kB (1539 bytes)
Hash
ef6669a00f0ae004bf997e217fb0a09f
7fba87e2f140eea0bfb39b10eb34ffb2471a1e2b
a76146be8ce9aee15409c7f15625f1922d554e43cbcd5c9503aa544d9eb598eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/shell/shell.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5383
etag: W/"1507-614ce4aba2950-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 435
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GlHBenXzUjiEIRkfwPAnWcf88ARicxeXxPsLUc9OKEfzUMgmuGcm%2Fw%2BTU4G%2B5ah4oQ8RiebO2ATK%2B0voUaLU0Nb%2Fp6DLH%2FThxyzYr9in%2FTous4szPht4gFenog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2e2a958b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/30CDC019MC504217164B591D49594C0F5052175B591B294C7D4133401AM917544B050A571904150054500B0006500701531C57505E.jpg

104.21.28.76

2.2 MB

URL
paste.fo/30CDC019MC504217164B591D49594C0F5052175B591B294C7D4133401AM917544B050A571904150054500B0006500701531C57505E.jpg
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 600 x 150
Size
2.2 MB (2157297 bytes)
Hash
57474bde6d46797c55e95cf467037cf6
1673e054fd6f3bf27032191b60d45cdecf3afc72
9ceb8547b2055b29c1071bc564615de0b169809c9cf0ee9df989291e0adeb8ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /30CDC019MC504217164B591D49594C0F5052175B591B294C7D4133401AM917544B050A571904150054500B0006500701531C57505E.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:44 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: HIT
age: 247
last-modified: Thu, 09 May 2024 01:30:37 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IezZsh6Hr0mNx1dNseStQgo5Q8yB3Y9LqYjJJhAunGng3qlPa1CoW%2BnwaIo6tpQLm%2BW8sNFnArIvjqkdt9pv2lqUwM%2B46IDdJml%2B2%2BgIsRxewF2Ypr%2FA16cidQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df2e61b00b4fa-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js

104.21.28.76

15 kB

URL
paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (42951), with no line terminators
Size
15 kB (14556 bytes)
Hash
f15be88a3c9bf40debcc080b125c7e91
4a636976285768dd43278f43d63ba5779f3f493d
8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/sweetalert2/dist/sweetalert2.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"a7c7-614ce4ab9fa71-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 435
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5YpTyr35Jv0kO5%2BgfDyZhCbknMZx7esDIKXsIUBgEO%2BCI22vc1iuN46ao3Hc9Womxm5dDMYCw%2FFJH6TaOmqxaimtQTdMT5Je2yNNgwN9Bxd0DHN62U3xFWXdwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2e2693fb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/node_modules/@sweetalert2/theme-dark/dark.css

104.21.28.76

13 kB

URL
paste.fo/node_modules/@sweetalert2/theme-dark/dark.css
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (24342), with no line terminators
Size
13 kB (12584 bytes)
Hash
80b002261f8a746e3756d6883342252a
c8282deb8dfdcdf89ca54c6d6e34b23bc2beeb22
6b7dfdcc77e85a9db663a990f749d892c774f63254404cf2a72b312a8136bfd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/@sweetalert2/theme-dark/dark.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=30018
etag: W/"7542-614ce4ab9ead1-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4415
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=szTcSdTTe3VXtmpQ2k1i5EjP2R3fu2%2FObzyQK2ySE1zbyV%2FWYZpHwSDPRNYTGVA7z1p%2FJHcRGInXMTvurSIdMDzAw97oNcVUY76exL82XNcpOZReyIe%2FBKQ2Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2e2693eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/4e494ed73477

104.21.28.76

35 kB

URL
paste.fo/4e494ed73477
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (749), with CRLF, LF line terminators
Size
35 kB (35191 bytes)
Hash
8477a5156b0c1537c3de4c8f581fb047
f9032bfecc7945d366a698677fc710588b98be2e
1c559e5ba4aa5a187a5f1d4d1ce75d9212363e359b13227f05c1692480b19d0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4e494ed73477 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004; path=/
token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
sscore: 0.00072181898383927
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SMwUmq1ZWDjyWHNfB7lVPp%2BynOF0tl%2FxUSEzina5O4DNWAv0inqOZ6%2BWBQP4lyTW5tS4kNNznUC5pyvq6DhQq8qORqRku0MdOsLXU7iKrpF3KUcrSFyBiA6g4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2df7bdcb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/assets/css/responsive.css

104.21.28.76

7.8 kB

URL
paste.fo/assets/css/responsive.css
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4570), with no line terminators
Size
7.8 kB (7813 bytes)
Hash
85e024d58588895496ff6e65f47a0484
ff6cb78df5ee61dffa425ace5283407ee562e4af
fd51897bd68e6bdf326bfb11b3580be32da026ab50c5e494677b202f93822877

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/responsive.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7512
etag: W/"1d58-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4415
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQszHjkOauaH%2BwJz4oPpnwlTV0AkVuwoCKYb7hrQcDpACk2JHJod2MeYmtYdKzdL2uZiWewXsVaqT18xJExbanCmm18TDW6pTQmGsYbs9vVFG8NAZu5lKVR7HA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2e2693ab4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/5FEE86E8MC0E10101515591E175D090240411E5AM65D584E475460530E0A5B1F515E04.jpg

104.21.28.76

5.5 MB

URL
paste.fo/5FEE86E8MC0E10101515591E175D090240411E5AM65D584E475460530E0A5B1F515E04.jpg
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 800 x 200
Size
5.5 MB (5475535 bytes)
Hash
7a6863feb121bfd0d6adaf78b28f0d62
029043b6cccd7c5559058867efe12ebb86a3a04d
4476b0c826cef6f85cf5d4b8a325428631c604d72e3a8a0f02cee77e03a2a376

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5FEE86E8MC0E10101515591E175D090240411E5AM65D584E475460530E0A5B1F515E04.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:45 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Thu, 09 May 2024 01:34:45 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZFmhJBXh1V6Kg8UQQczAz4Z0%2Fb0RKxI24R0Bp5KkZhp6pJE1e2iQWVlIL8ckE46YzOMzdz%2B4QIIYB2EAdaml0ncdoTwIVKQmgSr8IzsasobcOxAj9mxwIcLTqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df2e61afdb4fa-OSL
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/c/f922a41/hsw.js

104.18.124.91

203 kB

URL
newassets.hcaptcha.com/c/f922a41/hsw.js
IP
104.18.124.91:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
203 kB (203188 bytes)
Hash
a015c3f04def6c02f6d3a815ff97f100
2322366db22def41a31f2dae0a2133ad75e6d1ac
42d9a4011ac36ae483e8e3cb4bb2b3829b96bf366bbc1c0e2ab40d4d7deb9240

HTTP Headers

GET /c/f922a41/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:45 GMT
content-type: application/javascript
etag: W/"a015c3f04def6c02f6d3a815ff97f100"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 13 Jun 2024 01:34:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df2ecdf9f56bb-OSL
content-encoding: br

fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

142.250.74.106

7.0 kB

URL
fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
7.0 kB (6956 bytes)
Hash
067b6888c2ec3f77fe036eaed00e910b
95ea80c11d2f396d4de7fa9f52c1111b3aa62525
a0f0d2811ed51eda4d212567f74662a802c0631800061bbbbc6cdc2566f6aa55

HTTP Headers

GET /css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 May 2024 01:34:44 GMT
date: Thu, 09 May 2024 01:34:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

u.paste.fo/api/send

104.21.28.76

7.1 kB

URL
u.paste.fo/api/send
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (589), with no line terminators
Size
7.1 kB (7077 bytes)
Hash
4bf602763ce1dd87617edf0befd21459
556e46842c0bfc18a8f659e2a0946c021bcaefbf
9a00fdde57082a2ed8d3edf425f285e5c6e569aaaaf72c77626489be7e2d7eee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://paste.fo/
Content-Type: application/json
Content-Length: 275
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:47 GMT
content-type: text/plain
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
etag: W/"kqsq9xgpugd-gzip"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0TTk4JVEset1BGucP8mXiC5crh9Ahp7s7p7%2B570el70trxNJBDyNHMN6jFTbFONJZfZ3nOLHontxt3T4viGlD%2FEGD%2BumvcZDvQqPBxHrFGuswCOQS%2Bvvd%2Bdm3BDM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880df2fadd52b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/rum?

104.21.28.76

0 B

URL
paste.fo/cdn-cgi/rum?
IP
104.21.28.76:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 496
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Thu, 09 May 2024 01:35:07 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 880df379aba7b4fa-OSL
x-frame-options: DENY
x-content-type-options: nosniff

newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html

104.18.124.91

200 OK

1.8 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/4e494ed73477
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
HTML document, ASCII text, with very long lines (1803), with no line terminators
Size
1.8 kB (1758 bytes)
Hash
a4b0cd73823c04eac73b745bac712a18
52a8be2d8367580c2aff2f27db4e4252489e1ad6
57d905cf66dbb89494f60aebd3925345e5458f77ac172f2e78fdd15480060eb6

HTTP Headers

GET /captcha/v1/18fa736/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:44 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Thu, 23 May 2024 01:34:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df2e87dfd56bb-OSL
content-encoding: br

paste.fo/favicon.ico

104.21.28.76

200 OK

15 kB

URL GET HTTP/3
paste.fo/favicon.ico
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/4e494ed73477
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Size
15 kB (15340 bytes)
Hash
cf593ad6a070c546ba238d5172b52aa1
9bed079538917ab59999ea26e8becca1cec74af8
d19e9b6b10d3890ef6cffdc76821fca266f2c0db6c653ffe16b5984a200a4015

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/4e494ed73477
Cookie: PHPSESSID=pba03uls7ps0kadnucf58lh004
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:44 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3bec-614ce4abd368d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 434
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wUbVhFREhM1qSvNhxuEv5BA2Txxhirj58qGu%2F51H7Wgx%2FZD6w5ucHg16EYJp6y263mZvJi5kGZBPl7h3NoXXfOlmMz%2FRwichy0k5wTeF%2FL9wV%2BEIz65PPl02A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880df2e90cdbb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

api2.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0

104.18.124.91

200 OK

718 B

URL POST HTTP/3
api2.hcaptcha.com/checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/18fa736/static/hcaptcha.html#frame=challenge&id=11qjgwhxcr5y&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (734), with no line terminators
Size
718 B (718 bytes)
Hash
b556fa07e9834365be15cfd3d0f982fa
cbf02157e8ced5e98c4641f3894ad9a9aeb41bbe
91082bde9b6aeeb4215b420bec0d88cca9d47679da6fe515f34055ed52762e9d

HTTP Headers

POST /checksiteconfig?v=18fa736&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api2.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 09 May 2024 01:34:45 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vk2VKwPbLoawFj9mU2fhedYxxWRCuWtprXyEm4h; SameSite=None; Secure; path=/; expires=Thu, 09-May-24 02:04:45 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 880df2eb1ee656bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML