| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css | 104.17.25.14 | | 19 kB |
URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css IP104.17.25.14:0
File typeASCII text, with very long lines (52276) Hashded1c367363e8b20bdc6a19b8350a737 8c06d82739d14b094ff6d9036021a252bd1d985d 1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf
GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: text/css; charset=utf-8
content-length: 18752
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 181892
expires: Mon, 07 Apr 2025 20:23:17 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wi%2BXjO1djOz%2FdmrIk8i61wMwWNfgnBJh9vi8zns%2B1w2NDST8gWAoA4Blm4RQTj1%2F%2FHhwvieKIYGLQA%2FXmckS4JqVKDXCs%2BKjW2Azch0NJydYCPrrYm%2Fh6jXsc%2F94dhKY5kjRfapB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875f21cf5980712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js | 104.17.25.14 | | 28 kB |
URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP104.17.25.14:0
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2910904
expires: Mon, 07 Apr 2025 20:23:17 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UIpelQ5M8oQBSlu8bwG%2Bjhkhv2C4exiESVbmbMGIhDO4foRdtte%2FxIsN3tXcpOjwYM5jd6bZPb5KnAUpNL44vE5%2FtHGBKy0UQFw6LKJS%2BpXqjf7Udi%2FBXO%2FnV07qGoKEWD9M%2B0GI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875f21cf79aa712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 | 142.250.74.168 | | 93 kB |
URL www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (3034) Hash1e8246df71fd4b11781f250ffcb9c64d e5392068ed2dbaa2faf38f6a13672960d90fdaed 094e80aa134224f79bea71f434fa3d4064eab14e26e0f82ec85b7507f10c4f52
GET /gtag/js?id=G-HKXR34F8P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 17 Apr 2024 20:23:17 GMT
expires: Wed, 17 Apr 2024 20:23:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93133
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| paste.fo/assets/img/bg1.gif | 104.21.28.76 | | 25 kB |
URL paste.fo/assets/img/bg1.gif IP104.21.28.76:0
File typeRIFF (little-endian) data, Web/P image Hashdcab8f9443952c7589be3e4db6072853 824ca8c921eeca604844d3f00d08691631199201 a1a2a8e83029575fa6afde2c7b946fd3d98407fccf673c587aac398cd2fc8cef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/bg1.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:18 GMT
content-type: image/gif
content-length: 24898
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "6142-614ce4abce86d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 220
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FZA5bG7hsBkBMKLdFu3FIaZ6Yp%2B0xOVWL%2FwsiKLYX3EELDCuErrTU2Hks9SGeTPCUXDBdz5wxOMMpsWFx2I3youIS%2F9U4ScQUWG8LoDzhGGr7zFSI%2FZcreQamg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875f21d27f8d0b41-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap | 142.250.74.74 | | 151 kB |
URL fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap IP142.250.74.74:0
File typegzip compressed data, max compression Size151 kB (151366 bytes) Hashaf07298f0e71d00c1de56f796b00a2eb 71be3a168eee120fd7b163ea778367f3b929abec d6b9da668d1eb33468e26ebe10007b000dc6ed401cfa13554dabdaa5226fbd02
GET /css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 17 Apr 2024 20:23:18 GMT
date: Wed, 17 Apr 2024 20:23:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 | 104.17.25.14 | | 25 kB |
URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 IP104.17.25.14:0
File typeWeb Open Font Format (Version 2), TrueType, length 24948, version 772.256 Hash61f30b79daf5b31f0d254a31fba66158 fb363d27cfdfe71a243fa2ac3dab2815232b9b7e 8e7e5ea1b15f62ab14dbd41768e8fbcd21cc859a4ea5da812457ee714299fb35
GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 17 Apr 2024 20:23:18 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 24948
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-6174"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 182371
expires: Mon, 07 Apr 2025 20:23:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XDg%2FBqfT61pM8bDFxtqGJJBRbWxPy7%2BJH%2FILv6dBUmsbAIw3yHGo0uVDqpTsdB0iq81z%2BNbRn%2BaBX1DOhLB6a7EdXs0g74FagZ1VdIf4a7vvlagUCMxilXWgNBjifJcuDBjcW3wh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875f21d2ae4e712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| paste.fo/codemirror/mode/shell/shell.js | 104.21.28.76 | | 2.0 kB |
URL paste.fo/codemirror/mode/shell/shell.js IP104.21.28.76:0
File typeJavaScript source, ASCII text, with very long lines (1184) Hashef6669a00f0ae004bf997e217fb0a09f 7fba87e2f140eea0bfb39b10eb34ffb2471a1e2b a76146be8ce9aee15409c7f15625f1922d554e43cbcd5c9503aa544d9eb598eb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/shell/shell.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5383
etag: W/"1507-614ce4aba2950-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 219
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eOYJjwP%2FAHr8yyqTEYODTW0iJ9XWzlMP3hNpkhxDgLjfuqLRuEyLdKMr3159OGOJPX5FUGwturReh40ULTXCQLX3yFKKs3YGpZDeDDDx4xsZXRafTWUgPeJQQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21cf1c5a0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 | 142.250.74.131 | | 22 kB |
URL fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 IP142.250.74.131:0
File typeWeb Open Font Format (Version 2), TrueType, length 21528, version 1.0 Hash6113a25a586aeb6d0d3af5b5b652b973 25619eeae1fe17389310e4d392c427b7711dba44 539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f
GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:46:52 GMT
expires: Wed, 16 Apr 2025 10:46:52 GMT
cache-control: public, max-age=31536000
age: 120986
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 | 142.250.74.131 | | 22 kB |
URL fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 IP142.250.74.131:0
File typeWeb Open Font Format (Version 2), TrueType, length 21528, version 1.0 Hash6113a25a586aeb6d0d3af5b5b652b973 25619eeae1fe17389310e4d392c427b7711dba44 539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f
GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:46:52 GMT
expires: Wed, 16 Apr 2025 10:46:52 GMT
cache-control: public, max-age=31536000
age: 120986
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| paste.fo/CSSc0fe91fc538bd3bee.css | 104.21.28.76 | | 22 kB |
URL paste.fo/CSSc0fe91fc538bd3bee.css IP104.21.28.76:0
Hash688a915e25d978d8778bff27904ec6ef 294363ea1fd2b6ea1e94de0c14d1a8b11ff729af cbbefb19cf77c6afb6211427b01f8db155f5eb6074bc664500e678b8185981f6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /CSSc0fe91fc538bd3bee.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Wed, 17 Apr 2024 20:23:17 GMT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VpUWKEuk374v2Zw%2BPelfEVdwGz50QdVSibOy1FWF6qTzX5BJYysV3nPZ2zKWhK5Hmq0xGpHrIZpzI%2FRwfSZ2udc%2FkO5BFeq1QVqucDoojgj7cYTrkDKxgahSnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21cf1c600b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/htmlmixed/htmlmixed.js | 104.21.28.76 | | 2.1 kB |
URL paste.fo/codemirror/mode/htmlmixed/htmlmixed.js IP104.21.28.76:0
File typeJavaScript source, ASCII text, with very long lines (623) Hash5b166a8ebd19d3f44d17bffea8cea4bc 2d24ccc2d3644c33c7cd3a665258cef67619084a 1a4d93f8e0244d90d6f22ce15075e1aac1186593de3ca438649b4df6f8ae3397
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/htmlmixed/htmlmixed.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5688
etag: W/"1638-614ce4aba4890-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 219
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S9Kx%2Fjewrd6MfF2iZUXlJzRZr25okf7vLon5TR2JF0rzbNyShZ2dBHZP6esTR62xoKxxpupSPHzAMHdnEqn%2FMp3LDLzpAEC9e7E75HF4SssvdnJVsyFYUMwQpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21cf1c5d0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/js/hyperlink.js | 104.21.28.76 | | 552 B |
URL paste.fo/assets/js/hyperlink.js IP104.21.28.76:0
File typeASCII text, with very long lines (630) Hash754527075e7f43e5b376a6879d591ad3 019edc8ec844b25f28c0049c56aa09c5cc0a5121 d5ff35dd76c5fa9ebfe3b89012a8dd40e85a89ee50f4f85623d338f0514e15d4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/hyperlink.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2060
etag: W/"80c-614ce4abce86d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 219
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P5%2FN1FqFNErfD%2FcJelrWd3kkkH4TOIvYpze63dU%2FnaYwCz2Rk5gajk7m3VqKitrYyua7mFpD95i1iIjCsFeQ4bel2tugZSVjAhHjeoglHn5qVo%2B2%2FR%2B9ba6MpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21cf1c5f0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/assets/svg/discord.php | 104.21.28.76 | | 1.3 kB |
URL paste.fo/assets/svg/discord.php IP104.21.28.76:0
File typeexported SGML document, ASCII text, with very long lines (1557) Hash9e11d725232644a01452b56fe0fa8bcc 72bd4257388bceb963492b4e6c4a72cad7d3be96 99d543831ee87e57ca87d24cc16028b0e7784a41754b95ade07e069ef56ff8a3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/svg/discord.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMRuCUze6GjPGR5QJkd7J%2BUiPhlWHPcunGZA4vU%2Fse2XJbq4XyeNN6p1yeAuNAYXLn9S%2FpAbqCUDlThLmvGqu4FoWOJzHYDVfEMj2BXzUevc%2FqLMJPb4CD7Yvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21cf2c6c0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js | 104.21.28.76 | | 15 kB |
URL paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js IP104.21.28.76:0
File typeJavaScript source, ASCII text, with very long lines (42951), with no line terminators Hashf15be88a3c9bf40debcc080b125c7e91 4a636976285768dd43278f43d63ba5779f3f493d 8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /node_modules/sweetalert2/dist/sweetalert2.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"a7c7-614ce4ab9fa71-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 219
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BfaH0EZQ0ZkeDyKpdXs2zLnAqZYVIkl2yS8xDDFFDHAHs9vBs5afklC3uN6BcojXlMWWIlsI8kmKEV9Pv9CMfvlpFrZ6%2BzXo5BX4vF34WGZn7EpW7GblJyJUmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21cefc340b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js | 104.21.28.76 | 200 OK | 7.6 kB |
URL GET HTTP/3paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP104.21.28.76:443
Requested byhttps://paste.fo/da4d7ca673d7 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typegzip compressed data, from Unix Hashe113304447ab126a6510037d97249074 ab897da2f1d80f2f6314eebaf35c40fa88a0bae6 aa1639494260c596aa2f36d92a28a1401431246670d756dcb778f98588e3d4ac
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:45:04 GMT
etag: W/"661e9d00-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S5uqMmR%2BGRLkbcJS6RK8Szfej8ePl%2FAux2RcMswc3QG8q8tTDylwwqsLjJxYhjzr%2FZBELyjV4Y%2B8Jte%2FdrbpzrydOlPTgR%2BdAIOwku19u6BpyDNXhFHLqbojYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875f21cf2c6f0b41-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 19 Apr 2024 20:23:17 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| paste.fo/cdn-cgi/challenge-platform/h/g/jsd/r/875f21cc0ee756cb | 104.21.28.76 | | 0 B |
URL paste.fo/cdn-cgi/challenge-platform/h/g/jsd/r/875f21cc0ee756cb IP104.21.28.76:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/jsd/r/875f21cc0ee756cb HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12137
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d; _ga_HKXR34F8P3=GS1.1.1713385398.1.0.1713385398.0.0.0; _ga=GA1.1.1066573723.1713385398
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:18 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=yFVK9pZ4WXUScnboTpkl2Qd.338DSssdgxfRdD4AgiQ-1713385398-1.0.1.1-q5viwq_9U0IAnhPwmtY0Mkin9XFUxto.mZG_5OwlcjIcDt1_BpqAT7Con4MxIlKhtOCddL27Q226RANpSgisdQ; path=/; expires=Thu, 17-Apr-25 20:23:18 GMT; domain=.paste.fo; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I5Tw%2F5nY48i4jUU%2FRpzz3FlpYo91z%2BRc9yqZoERy5SpEV6u0rsKzDl%2BA3HVIslbdVsr31NGSj3AGY5ZmWFbI427PbZoI%2BXp%2B7BMIkLeyHxYOfPf35NvRR2qBUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21d57a8d0b41-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/F44D04E5MC0D4C1612105C4B190A1C0F575B17515E4E567B4D1A16452AM1495D48515A051A0D4800015A015655020706071B5E5054.jpg | 104.21.28.76 | 200 OK | 3.0 MB |
URL GET HTTP/3paste.fo/F44D04E5MC0D4C1612105C4B190A1C0F575B17515E4E567B4D1A16452AM1495D48515A051A0D4800015A015655020706071B5E5054.jpg IP104.21.28.76:443
Requested byhttps://paste.fo/da4d7ca673d7 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeGIF image data, version 89a, 440 x 110 Size3.0 MB (2966147 bytes) Hash03c559e180edc5d28bcdc8f5df40d89f 0070b2a0a161b0095ee7d63afd762e71727782c1 81b3a43841357f9948a15a26e3ab18494d2f44f4b28482d973654bd4b2b6abf1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /F44D04E5MC0D4C1612105C4B190A1C0F575B17515E4E567B4D1A16452AM1495D48515A051A0D4800015A015655020706071B5E5054.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:19 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: MISS
last-modified: Wed, 17 Apr 2024 20:23:19 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RXmU%2FA0kaDxbDkUZ1oA7B0zWk9juk%2FPirLihbRvZsB5uC0eAfrkP5KoJoJ2Vn4RTWyoBnjOJRwfhkKdLbBXfCUH6oIPd6Yk3KEcWkmzYbz7pf7vXQOMCViaowg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875f21d27f850b41-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u.paste.fo/api/send | 104.21.28.76 | | 0 B |
IP104.21.28.76:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://paste.fo/
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Wed, 17 Apr 2024 20:23:20 GMT
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
access-control-max-age: 86400
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G2ypL6lzf4Awy%2BCH2vXjTbiQ5perm3oLbjuqvxB0wTnoQHrEggM3%2FUEJpu%2FvkSlqKXGZ%2BDRO7rKb8E3JkDIFg4BVGsc5kU8vrI9%2BMXkv0XUf14OPdkYnvmDcpufg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21dfed910b41-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/codemirror/mode/php/php.js | 104.21.28.76 | | 11 kB |
URL paste.fo/codemirror/mode/php/php.js IP104.21.28.76:0
File typeJavaScript source, ASCII text, with very long lines (10405) Hash435c5cc4f876bcb6369acfccba865995 a65908ec04cd4f6907098d22702320c7f88e725e 1ece120c4b6f866fc0f6a32b7a031709a76d3a192025fdef0931a52953f489cd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /codemirror/mode/php/php.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=18339
etag: W/"47a3-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 219
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z4kXedkCqaKHBwZQaJMORLKmHQxQ5A4dggC3YU85VUrsKtLKBijPCF1IWkvEf4qrQ%2F8WykRPuVjGhXD0w8XOZN6ycNPzWRTEkfSn6uX8EOHUDHIIUB2oTulIlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21cf1c570b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/A6592F1AMC58474614460F4B165A1D5150074F005FAM4D526E33597B7F584D6707474B5F5C53.jpg | 104.21.28.76 | 200 OK | 8.1 MB |
URL GET HTTP/3paste.fo/A6592F1AMC58474614460F4B165A1D5150074F005FAM4D526E33597B7F584D6707474B5F5C53.jpg IP104.21.28.76:443
Requested byhttps://paste.fo/da4d7ca673d7 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeGIF image data, version 89a, 800 x 200 Size8.1 MB (8070546 bytes) Hashc939a1eca9218b77440f549bfc136dc4 dcce988a65a42e80ab13017cd935b4493aef01ce 1e7deec50210747021b61e301dfd43ba2289351bdcf2662a1d445d521178151e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /A6592F1AMC58474614460F4B165A1D5150074F005FAM4D526E33597B7F584D6707474B5F5C53.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:19 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: MISS
last-modified: Wed, 17 Apr 2024 20:23:19 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gm6sSkupzPnrrK5Ck1vfNh%2BIWE4roW9uM%2Fq0ijfzqYGfupVaVjXGbv23UBz3ZfuE1I837%2Besl4Bm38NuJ9CXzcCh5h9B6WO6mE7MZl53PQbqPbPDEjFhsYWNOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875f21d27f8c0b41-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js | 104.21.28.76 | | 241 kB |
URL paste.fo/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js IP104.21.28.76:0
File typeJavaScript source, ASCII text, with very long lines (7847), with no line terminators Size241 kB (241310 bytes) Hashd4eed34cdbbe2bd0eeecb123d0f9c96f a90b285977380570419b42cdf7397db490f26aec a5afa51a24901442cfb0dc40c6cbe3313205de8117b1fefb7670ff363eee7e27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:18 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
vary: accept-encoding
x-content-type-options: nosniff
cache-control: max-age=14400, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hRIq87Qgaod0%2FSvkQoslD4FDDsVAepC%2FG6f7pCQWrDcGCP5yYehZPT1d1NKEo%2F1G%2BINiOxj7a6m2mh0ib11EiFYYhrVH15PzH%2FStBoxH4cfOdN1kxck9JAiE%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875f21d4192e0b41-OSL
alt-svc: h3=":443"; ma=86400
|
|
| paste.fo/cdn-cgi/rum? | 104.21.28.76 | | 0 B |
IP104.21.28.76:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 481
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d; _ga_HKXR34F8P3=GS1.1.1713385398.1.0.1713385398.0.0.0; _ga=GA1.1.1066573723.1713385398; cf_clearance=yFVK9pZ4WXUScnboTpkl2Qd.338DSssdgxfRdD4AgiQ-1713385398-1.0.1.1-q5viwq_9U0IAnhPwmtY0Mkin9XFUxto.mZG_5OwlcjIcDt1_BpqAT7Con4MxIlKhtOCddL27Q226RANpSgisdQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 204 No Content
date: Wed, 17 Apr 2024 20:23:41 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 875f2264ceb20b41-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 | 104.17.25.14 | 200 OK | 150 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 IP104.17.25.14:443
Requested byhttps://paste.fo/da4d7ca673d7 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 150124, version 772.256 Size150 kB (150124 bytes) Hashc64278386c2bbb5e293e11b94ca2f6d1 6b99aa650bd12a36caa14e0127435d8f4cd3ba73 7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 20:23:18 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150124
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-24a6c"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 178781
expires: Mon, 07 Apr 2025 20:23:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vdlC2mfhA6MAVgGH3l%2F92KGDgrlqdXSStDyeJRr4IDdh7iE3VhYuUgQn0dS9LGFhd2KOPEJ%2Bj7%2F%2Bk7jK8N8%2FeBijsik1zykV9MKwhhgCSVq0JRvXwMrtRuBFbx07kTLZDQ3AG6kc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875f21d29e41712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| paste.fo/favicon.ico | 104.21.28.76 | 200 OK | 15 kB |
IP104.21.28.76:443
Requested byhttps://paste.fo/da4d7ca673d7 CertificateIssuerCloudflare, Inc. Subjectpaste.fo Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22 ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel Hashcf593ad6a070c546ba238d5172b52aa1 9bed079538917ab59999ea26e8becca1cec74af8 d19e9b6b10d3890ef6cffdc76821fca266f2c0db6c653ffe16b5984a200a4015
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/da4d7ca673d7
Cookie: PHPSESSID=t3nfpk85bqp5s101n5j5hedi1d; _ga_HKXR34F8P3=GS1.1.1713385398.1.0.1713385398.0.0.0; _ga=GA1.1.1066573723.1713385398
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:18 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3bec-614ce4abd368d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 218
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUVd%2B8ElLFcntKZs2mPrc0qUwiNkZmt9mbPadZTR4bsEioGUULGk0M%2BJhGM3cdKlwHifdGw239TSxQgpv1nN%2FD%2B7wgRvINHXr5J1Gy1qiKPMOLdjVHThyNJJ1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875f21d4ea1e0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| newassets.hcaptcha.com/c/282d0ff/hsw.js | 104.18.124.91 | 200 OK | 528 kB |
URL GET HTTP/3newassets.hcaptcha.com/c/282d0ff/hsw.js IP104.18.124.91:443
Requested byhttps://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0pdfhxevc06b&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible CertificateIssuerLet's Encrypt Subjecthcaptcha.com Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5 ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT
Size528 kB (527636 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/282d0ff/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 20:23:18 GMT
content-type: application/javascript
etag: W/"f593c8f46e9cb4a93e13a33ec29e7214"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 22 May 2024 20:23:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 875f21d79ddeb4fd-OSL
content-encoding: br
|
|