Report - justpaste.me/zLUd

Report Overview

Visited public
2023-10-22 20:51:10
Tags
URL
justpaste.me/zLUd
Finishing URL
justpaste.me/zLUd
IP / ASN
160.153.129.212
#21501 Host Europe GmbH
Title
Just Paste Me

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
justpaste.me	97689	2016-09-16	2017-02-12 09:17:23	2023-08-06 19:23:57	6.4 kB	232 kB	160.153.129.212
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-21 18:12:10	2.0 kB	4.2 kB	142.250.74.131
reliablemiraculouscaleb.com	unknown	2023-10-10	2023-10-10 11:25:13	2023-10-21 23:45:46	2.4 kB	5.4 kB	173.233.137.60
tomatohackblobs.com	unknown	2023-09-27	2023-09-27 03:59:10	2023-10-21 20:50:12	6.4 kB	7.7 kB	173.233.137.36
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-10-22 12:39:39	2.3 kB	173 kB	172.64.103.10
pl17792100.profitablegatetocontent.com	unknown	2022-08-30	2023-02-22 01:45:30	2023-08-06 19:24:07	456 B	15 kB	173.233.137.52
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-10-22 05:47:58	860 B	838 B	35.157.243.66
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-10-22 05:48:02	1.4 kB	97 kB	45.133.44.9
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-10-22 10:27:13	736 B	423 B	192.243.59.13
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-10-22 10:27:10	400 B	86 kB	104.21.234.92
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-10-22 12:37:58	486 B	1.9 kB	45.133.44.4
www.effectivecreativeformats.com	unknown	2022-07-15	2022-07-16 03:37:12	2023-10-18 03:31:17	448 B	12 kB	192.243.61.227
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-09-20 20:05:47	2.3 kB	71 kB	142.250.74.132
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-10-21 23:34:12	340 B	941 B	54.230.218.11
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-10-22 01:03:09	3.3 kB	813 kB	142.250.74.35
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-10-22 00:29:59	1.6 kB	49 kB	216.58.211.3
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-10-22 02:02:08	420 B	7.5 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-22	medium	profitablegatetocontent.com	Sinkholed
2023-10-22	medium	effectivecreativeformats.com	Sinkholed
2023-10-22	medium	reliablemiraculouscaleb.com	Sinkholed
2023-10-22	medium	reliablemiraculouscaleb.com	Sinkholed
2023-10-22	medium	tomatohackblobs.com	Sinkholed
2023-10-22	medium	tomatohackblobs.com	Sinkholed
2023-10-22	medium	tomatohackblobs.com	Sinkholed
2023-10-22	medium	unseenreport.com	Sinkholed
2023-10-22	medium	tomatohackblobs.com	Sinkholed
2023-10-22	medium	tomatohackblobs.com	Sinkholed
2023-10-22	medium	tomatohackblobs.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (31)

	URL	From	Size	First Seen	Last Seen
	justpaste.me/zLUd	ScriptElement	430 B	2023-03-14	2024-10-04
Pretty URL justpaste.me/zLUd IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 07:25 Last Seen2024-10-04 11:00 Times Seen20 Hash 5883f8c336d39a17a1ce63e07719d3dd fb548e1c65b3a5b87c17884d0093b41b5116b57e e9f1f534f9cf97220fab2dcf439175ee7a53c556f27416bebb3052c1a3274a3d Loading...

	justpaste.me/zLUd	ScriptElement	361 B	2023-03-14	2024-08-21
Pretty URL justpaste.me/zLUd IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 07:25 Last Seen2024-08-21 03:49 Times Seen1 Hash 054b31830c16bcf73d6e12548c483296 1036e4e4ecec795c046cca940ceb7a35e5b556d7 448929399aef49063407e5a3374deb6f8b5e4573bae317b3ef8b77555407fd03 Loading...

	unknown	ScriptElement	145 B	2023-08-03	2024-09-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-03 10:05 Last Seen2024-09-28 07:40 Times Seen11 Hash abef873102538c7b5dc978766ebe9522 d557e7a268e7877fb2e6fa83dcd7040ff70a731c 5af363a25b999782619d3c42c7363dc596120270aa11340139f2eed89b13b6a9 Loading...

	unknown	ScriptElement	1.3 kB	2023-08-03	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-03 10:05 Last Seen2024-08-21 03:49 Times Seen1 Hash 20746ca24a434feae8b95ed11a94396a bb466eda4e1e2b925bbe021a8e74cfa75aa15ebd 652a64d347bbc4a05c6e3ddb3f264d046dcc02a5b536c3c51d2b57c446da6ef8 Loading...

	justpaste.me/js/share42/share42.js	ScriptElement	3.8 kB	2023-03-14	2024-10-04
Pretty URL justpaste.me/js/share42/share42.js IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:25 Last Seen2024-10-04 11:00 Times Seen21 Hash a33d222efe1c9bcd896f2c2b45b4dcc7 35c79f40feb885b744c547e1747d14cb696dab0b e2bf3fe85a8f101cc67e10f85f9a9d7e82ccb2d30f51a7885f96ea1007456ea4 Loading...

	www.google.com/recaptcha/api.js	ScriptElement	850 B	2023-10-18	2024-08-21
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-18 19:33 Last Seen2024-08-21 04:12 Times Seen2929 Hash b728c89f14a97c7aa487e5bfd9a7e848 1b7d96842218a5eb4f44fb84b0fcc91b840f406d e397a9293ff31a20f9a7b8805f8221cc5bc225659b6d86bd8330f572b3a36f4a Loading...

	www.effectivecreativeformats.com/eecfd8a81f18a005b6403b46fa58fb16/invoke.js	ScriptElement	30 kB	2023-10-13	2024-08-21
Pretty URL www.effectivecreativeformats.com/eecfd8a81f18a005b6403b46fa58fb16/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 03:18 Last Seen2024-08-21 04:56 Times Seen29 Hash f8eebe0e6393dd36287b243ffea18e86 3d8aba98a6d5324f67abe128eda3088c52b00d75 4062a3d277361cce84ef2c3a415e9a993c0eecbc5f3063e92cbd29918195d6f7 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g	ScriptElement	69 B	2023-03-07	2025-06-12
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-06-12 23:35 Times Seen120328 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-06-12
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js IP 172.64.103.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-12 22:58 Times Seen7731 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	justpaste.me/js/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-06-12
Pretty URL justpaste.me/js/bootstrap.min.js IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-12 23:19 Times Seen29766 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g	ScriptElement	52 kB	2024-08-21	2024-08-21
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 03:49 Last Seen2024-08-21 03:49 Times Seen1 Hash 3de10989fb2de3cd30d2d3c537b1b2a3 7bf4ecc8d23290a9e47388e1cf6861db5db97ff7 9b8d8c4be8715727524aaecadbc83450904292c8ec190cab29f2a5b6016ec23b Loading...

	www.google.com/recaptcha/api2/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry	ScriptElement	0 B	0001-01-01	2025-06-12
Pretty URL www.google.com/recaptcha/api2/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-12 23:41 Times Seen4936974 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	justpaste.me/js/jquery-1.10.2.js	ScriptElement	93 kB	2023-03-07	2025-06-11
Pretty URL justpaste.me/js/jquery-1.10.2.js IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:45 Last Seen2025-06-11 11:26 Times Seen1151 Hash e3f24f23b859cf718282e3806ed5ce38 c92a61cb4fbc23adb05973638f60e2999bed4a26 e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240 Loading...

	justpaste.me/js/jquery.swipebox.js	ScriptElement	16 kB	2023-03-14	2025-03-21
Pretty URL justpaste.me/js/jquery.swipebox.js IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:25 Last Seen2025-03-21 01:12 Times Seen21 Hash 5f4cc67ad066dde63adfc91f354f5b4e 978b74abfa160cef8e8831edb6ca979720894010 7dce1ef59f9f53100db1f7d34c0feaf180b47876bb7330e500d968938c209eb5 Loading...

	www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js	ScriptElement	473 kB	2023-10-18	2024-08-22
Pretty URL www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-18 16:21 Last Seen2024-08-22 11:17 Times Seen8871 Hash 4efc45f285352a5b252b651160e1ced9 c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7 253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a Loading...

	pl17792100.profitablegatetocontent.com/e4/27/a9/e427a9148361046fb1389c0427165509.js	ScriptElement	40 kB	2023-10-22	2023-10-22
Pretty URL pl17792100.profitablegatetocontent.com/e4/27/a9/e427a9148361046fb1389c0427165509.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-22 22:51 Last Seen2023-10-22 22:51 Times Seen1 Hash 6df9cf8554c8942048f00c92667a51e8 7b2e5bc8296ec3cf065f038bb13f6b696966881d a7a8405425c377f24a56eb998f8f9a4f6abf82e5a6b8aa340273fe49c8dacdbf Loading...

	justpaste.me/zLUd	ScriptElement	88 B	2023-03-14	2024-09-28
Pretty URL justpaste.me/zLUd IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 07:25 Last Seen2024-09-28 07:40 Times Seen11 Hash 59bce393fdeec2eda41ffdb3eee1997d 2aa5d34556bf56db9d924799b890fb0e9a026f54 6ecbad2a88456e8d34c5fd894965b0470439daf8a0fe1d51d3bc68273caa9cba Loading...

	justpaste.me/zLUd	ScriptElement	904 B	2023-03-14	2024-10-04
Pretty URL justpaste.me/zLUd IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 07:25 Last Seen2024-10-04 11:00 Times Seen20 Hash 5973b4866ed84cb64510dda743a55c4d 9f6ed9247f571eea7a7d14b2d8e8972a0fff7c6a 26ecfaaf32239a6c485ae1eb385e0a2e7519c79cce139298ab4c2e489c783cdb Loading...

	justpaste.me/zLUd	ScriptElement	462 B	2023-03-14	2024-10-04
Pretty URL justpaste.me/zLUd IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 07:25 Last Seen2024-10-04 11:00 Times Seen20 Hash 9a8cd206c181e9e60b07537c2da777a5 3fc5f280498ff0ed4a55e04856e2b31d25143dbb 88e13690bc1d36ae3fdaeaa70fcf95881fe5b875c7f33632c89b7865663fb500 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 03:49 Last Seen2024-08-21 03:49 Times Seen1 Hash ddbf687756d26bd66d43299077bd4dad 41a838f953f221053a4654921108044786327616 0807db6e7fd37d3135905e17a84e1b990e7c7f80b7a67342b45d4bd19ccfbc59 Loading...

	justpaste.me/app/plugins/tinymce/tinymce.min.js	ScriptElement	385 kB	2023-03-09	2024-12-02
Pretty URL justpaste.me/app/plugins/tinymce/tinymce.min.js IP 160.153.129.212 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 23:41 Last Seen2024-12-02 06:57 Times Seen39 Hash bb16520a021ae170a7019675f2f5f81f da748d8ac26bd4148bb8972b93efbb5f808474aa 02e49d109a4e1853eca8f64a65fdcb7a8d042ae08ec802026357f0a7c8e2c307 Loading...

	justpaste.me/sandbox%20eval%20code		147 B	2023-04-11	2025-06-12
Pretty URL justpaste.me/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-12 23:41 Times Seen353317 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-12
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-12 23:41 Times Seen352575 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-08-25	2023-11-23
Pretty URL friendshipmale.com/sfp.js IP 104.21.234.92 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-25 12:30 Last Seen2023-11-23 01:47 Times Seen6642 Hash 2d0450888479d4ddda305bd96206b240 5b4595aab1cd3f854718e05db9be0c65a12ab2f6 44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 7bdf81e9356f0bb347cac41e8682f01a	2.1 kB	2024-08-21 03:49	2024-08-21 03:49
Pretty Observations First Seen2024-08-21 03:49 Last Seen2024-08-21 03:49 Times Seen1 Hash 7bdf81e9356f0bb347cac41e8682f01a 1acf0ae611d71bb309a785a946f3d77e23dc0e94 05b95502f4923975dd4a245671b494e89d1c5de25cb1720a2c42a772d437c651 Loading...

	#2 Eval - c541e0caa7878ce1a07f5a31fb87598c	22 B	2023-10-11 18:00	2024-08-21 05:00
Pretty Observations First Seen2023-10-11 18:00 Last Seen2024-08-21 05:00 Times Seen1015 Hash c541e0caa7878ce1a07f5a31fb87598c 3c1a0475d5ea8356e0e8523e58777815ce950c56 c5f82fe66165d9bfbf1c5369d67d73aba30acf666d995d723ba80c65028959f9 Loading...

	#3 Eval - cc8e3c07be3e442f2984adb05dc24aee	22 B	2023-10-11 18:00	2024-08-21 05:00
Pretty Observations First Seen2023-10-11 18:00 Last Seen2024-08-21 05:00 Times Seen1016 Hash cc8e3c07be3e442f2984adb05dc24aee 64a5934400a1fcff484f3cf439ec5465b8cce3d0 c478965306c1884a1fc0525716ffeac91df9fe8806aecc0a614c2a9d6698a260 Loading...

	#4 Eval - 4854508c31cc4c9755cb949936da8453	16 kB	2023-10-11 18:00	2024-08-21 05:00
Pretty Observations First Seen2023-10-11 18:00 Last Seen2024-08-21 05:00 Times Seen1011 Hash 4854508c31cc4c9755cb949936da8453 02b2ddd08f120d072c1de9e957b6c50ef8178df6 457691f2a190d56d76a63f3ae9d97b275262283c81e762ba351df61872d82d35 Loading...

	#5 Eval - 133116714189585194d28b30670f9d61	22 kB	2024-08-21 03:49	2024-08-21 03:49
Pretty Observations First Seen2024-08-21 03:49 Last Seen2024-08-21 03:49 Times Seen1 Hash 133116714189585194d28b30670f9d61 ab12e9502a716f00964a168deb2d43ca3bafbc31 f6ab40df7846c0fa11fb93aff6734457d19803942af0066b48382efe721ebc65 Loading...

	#6 Eval - 44beec48abb2e3a131d1c75f116abbc6	64 B	2023-10-11 18:00	2024-08-21 05:00
Pretty Observations First Seen2023-10-11 18:00 Last Seen2024-08-21 05:00 Times Seen1016 Hash 44beec48abb2e3a131d1c75f116abbc6 c44c7072df0c7c716ea0dc7d56d35bef5f8e8470 23f1972531527ef253d27e7b5a38caa2b0cafd61be6cc1dbd845e03bff0b6eec Loading...

		Size	First Seen	Last Seen
	#1 Write - 120870516b879d1c9a50a2e7d913da21	130 B	2023-03-14 07:25	2024-08-21 03:49
Pretty Observations First Seen2023-03-14 07:25 Last Seen2024-08-21 03:49 Times Seen1 Hash 120870516b879d1c9a50a2e7d913da21 3dc4f9a684906518eda3232e761ee95e15a20afa 372dddbdca57f8f44aa5eb669f4d4b389cf71dac9c0a246efcfbb546dc50d724 Loading...

HTTP Transactions (58)

URL IP Response Size

justpaste.me/zLUd

160.153.129.212

200 OK

3.6 kB

URL User Request GET HTTP/2
justpaste.me/zLUd
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (557)
Size
3.6 kB (3564 bytes)
Hash
ef99e3a6795cea6bf491296bbbe1d1b1
0d7d83fca3ebec4a5e4905dc72626ed8f68d73e2
1ddd9328f79603788d28b7771fe3ec6e5e9bc6fd0a6318c5a90473cb61f3cde0

HTTP Headers

GET /zLUd HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de; path=/
vary: Accept-Encoding
content-encoding: br
content-length: 3564
content-type: text/html; charset=UTF-8
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

justpaste.me/css/jpm.css

160.153.129.212

200 OK

359 B

URL GET HTTP/2
justpaste.me/css/jpm.css
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
ASCII text
Size
359 B (359 bytes)
Hash
e88e73735c3c02f9d1e2fa9a69553667
b6c69aaf5130b191a4f7116b09f2919286febe15
6acb6d8f7acad7e9e60a55b2ba10588b1709f45972bc4ac418da3f76e9a5b8a4

HTTP Headers

GET /css/jpm.css HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 29 Oct 2021 22:16:24 GMT
etag: "70a1d84-2e1-5cf852d79a6a0-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 359
content-type: text/css
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

justpaste.me/css/swipebox.css

160.153.129.212

200 OK

1.0 kB

URL GET HTTP/2
justpaste.me/css/swipebox.css
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
ASCII text
Size
1.0 kB (1011 bytes)
Hash
541a40d5b875fabb0fddb5ee7ae19ac2
6164fbd8baa1b8a6e661365fab379c3572a5a2ea
b0320f4fe9087231c2b75557d7735efef8a4dbd8d3d4aed1ecd2e9fbbc5cfe6c

HTTP Headers

GET /css/swipebox.css HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:28 GMT
etag: "70a1d86-110a-5759942715438-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1011
content-type: text/css
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

justpaste.me/js/share42/share42.js

160.153.129.212

200 OK

1.7 kB

URL GET HTTP/2
justpaste.me/js/share42/share42.js
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
HTML document, ASCII text, with very long lines (3761)
Size
1.7 kB (1722 bytes)
Hash
a33d222efe1c9bcd896f2c2b45b4dcc7
35c79f40feb885b744c547e1747d14cb696dab0b
e2bf3fe85a8f101cc67e10f85f9a9d7e82ccb2d30f51a7885f96ea1007456ea4

HTTP Headers

GET /js/share42/share42.js HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:31 GMT
etag: "70a1db0-edc-5759942980a83-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1722
content-type: application/javascript
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

justpaste.me/img/logo.png

160.153.129.212

200 OK

21 kB

URL GET HTTP/2
justpaste.me/img/logo.png
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
PNG image data, 236 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (21022 bytes)
Hash
bd1616dd28abe2395812c4b00e5fd0f0
0d04f784508c9b7ced5e1cf13401856f754c70e6
ff0289cdf8239173d75a9949bbd71ab39aa20614484f3277d4affcc11521f04a

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:30 GMT
etag: "70a1d9e-521e-575994287a724"
accept-ranges: bytes
content-length: 21022
content-type: image/png
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

justpaste.me/img/img_justpaste_me.gif

160.153.129.212

200 OK

8.3 kB

URL GET HTTP/2
justpaste.me/img/img_justpaste_me.gif
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
GIF image data, version 89a, 236 x 40\012- data
Size
8.3 kB (8270 bytes)
Hash
6d657f55923196e0446d57b3ab488f51
ad31093ab67971367b3831e145ea663ab77dcb83
bfe4d4ba846d1d31db98ffc402513d68316b80a38ef7d02143ac62ece490aded

HTTP Headers

GET /img/img_justpaste_me.gif HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:30 GMT
etag: "70a1da0-204e-5759942879784"
accept-ranges: bytes
content-length: 8270
content-type: image/gif
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

justpaste.me/css/bootstrap.min.css

160.153.129.212

200 OK

18 kB

URL GET HTTP/2
justpaste.me/css/bootstrap.min.css
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
ASCII text, with very long lines (65371)
Size
18 kB (18167 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:28 GMT
etag: "70a1d85-1d970-575994272bf82-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 18167
content-type: text/css
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

justpaste.me/js/jquery.swipebox.js

160.153.129.212

200 OK

4.0 kB

URL GET HTTP/2
justpaste.me/js/jquery.swipebox.js
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
ASCII text, with very long lines (14677)
Size
4.0 kB (3997 bytes)
Hash
5f4cc67ad066dde63adfc91f354f5b4e
978b74abfa160cef8e8831edb6ca979720894010
7dce1ef59f9f53100db1f7d34c0feaf180b47876bb7330e500d968938c209eb5

HTTP Headers

GET /js/jquery.swipebox.js HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:30 GMT
etag: "70a1da9-3efb-5759942900b9c-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 3997
content-type: application/javascript
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

justpaste.me/js/bootstrap.min.js

160.153.129.212

200 OK

9.5 kB

URL GET HTTP/2
justpaste.me/js/bootstrap.min.js
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
ASCII text, with very long lines (32033)
Size
9.5 kB (9522 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:30 GMT
etag: "70a1da7-90b5-57599428f966b-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 9522
content-type: application/javascript
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

justpaste.me/js/jquery-1.10.2.js

160.153.129.212

200 OK

32 kB

URL GET HTTP/2
justpaste.me/js/jquery-1.10.2.js
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
ASCII text, with very long lines (32072)
Size
32 kB (31907 bytes)
Hash
e3f24f23b859cf718282e3806ed5ce38
c92a61cb4fbc23adb05973638f60e2999bed4a26
e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240

HTTP Headers

GET /js/jquery-1.10.2.js HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:30 GMT
etag: "70a1da4-16bab-5759942925976-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 31907
content-type: application/javascript
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a371f086dbd536eca594de4a2287078e
c571bdb6b8f590dde562ca5fe7bdbea2e3b43c59
4e630bdcf1332869210318d0f5c8b35dc7f9cb5c11dd12a2f19ed3cd2fd26b8b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:50:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

justpaste.me/app/plugins/tinymce/tinymce.min.js

160.153.129.212

200 OK

122 kB

URL GET HTTP/2
justpaste.me/app/plugins/tinymce/tinymce.min.js
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
ASCII text, with very long lines (32030)
Size
122 kB (121864 bytes)
Hash
bb16520a021ae170a7019675f2f5f81f
da748d8ac26bd4148bb8972b93efbb5f808474aa
02e49d109a4e1853eca8f64a65fdcb7a8d042ae08ec802026357f0a7c8e2c307

HTTP Headers

GET /app/plugins/tinymce/tinymce.min.js HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:25:46 GMT
etag: "70a199e-5e039-575993ff1c369-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 121864
content-type: application/javascript
date: Sun, 22 Oct 2023 20:50:51 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c5cdec318e07f9e0da1a09a8c9b1d15d
3b7d38cabf6e06bc945559648b78fb6a7bc2ab4f
5360852752c9dee7df2cafbf35628a64e84e9a169ea988472b1c085daf74a01b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:50:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pl17792100.profitablegatetocontent.com/e4/27/a9/e427a9148361046fb1389c0427165509.js

173.233.137.52

200 OK

14 kB

URL GET HTTP/1.1
pl17792100.profitablegatetocontent.com/e4/27/a9/e427a9148361046fb1389c0427165509.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectprofitablegatetocontent.com
Fingerprint03:BE:52:85:1D:5A:C2:F1:5C:73:AD:DF:34:DB:52:60:B4:B5:CE:BB
ValidityMon, 28 Aug 2023 06:48:07 GMT - Sun, 26 Nov 2023 06:48:06 GMT

File type
ASCII text, with very long lines (40509), with no line terminators
Size
14 kB (14445 bytes)
Hash
6df9cf8554c8942048f00c92667a51e8
7b2e5bc8296ec3cf065f038bb13f6b696966881d
a7a8405425c377f24a56eb998f8f9a4f6abf82e5a6b8aa340273fe49c8dacdbf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e4/27/a9/e427a9148361046fb1389c0427165509.js HTTP/1.1
Host: pl17792100.profitablegatetocontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b426954ed0883cc6eea1b3cff38cd8f0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.effectivecreativeformats.com/eecfd8a81f18a005b6403b46fa58fb16/invoke.js

192.243.61.227

200 OK

11 kB

URL GET HTTP/1.1
www.effectivecreativeformats.com/eecfd8a81f18a005b6403b46fa58fb16/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjecteffectivecreativeformats.com
FingerprintA0:E6:FF:DB:91:48:01:05:BD:DA:F6:48:00:75:7F:B5:53:81:1F:1D
ValiditySat, 09 Sep 2023 06:28:05 GMT - Fri, 08 Dec 2023 06:28:04 GMT

File type
exported SGML document, ASCII text, with very long lines (29631), with no line terminators
Size
11 kB (10916 bytes)
Hash
f8eebe0e6393dd36287b243ffea18e86
3d8aba98a6d5324f67abe128eda3088c52b00d75
4062a3d277361cce84ef2c3a415e9a993c0eecbc5f3063e92cbd29918195d6f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eecfd8a81f18a005b6403b46fa58fb16/invoke.js HTTP/1.1
Host: www.effectivecreativeformats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f5607996c08f5abe44da21ab93b756bc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

justpaste.me/js/share42/icons.png

160.153.129.212

200 OK

6.4 kB

URL GET HTTP/2
justpaste.me/js/share42/icons.png
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
PNG image data, 160 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
6.4 kB (6382 bytes)
Hash
a1e21d40d2b325f2c8d4868e564734f6
8da9782b455e63cb786018f1a3cea3a3ef698ae7
5a626c757d6a449ac24a5e694d9b15f2921a5fc1e8bdf6c006e0265e9c18f022

HTTP Headers

GET /js/share42/icons.png HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:31 GMT
etag: "70a1daf-18ee-5759942993364"
accept-ranges: bytes
content-length: 6382
content-type: image/png
date: Sun, 22 Oct 2023 20:50:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.132

200 OK

1.0 kB

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint3D:4A:6B:FD:30:97:01:E9:C1:38:5F:67:2B:A6:A3:43:7B:2E:72:45
ValidityThu, 28 Sep 2023 05:32:37 GMT - Thu, 21 Dec 2023 05:32:36 GMT

File type
gzip compressed data\012- data
Size
1.0 kB (1026 bytes)
Hash
70bf52715d38071ebac546202215c8d9
14d0e8ee551b32905821ae8609e3818d494c8f37
809e6a8123c5511ba7d40541a9aa87f793e1a8f26633db7672f3e14b9e42a986

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
expires: Sun, 22 Oct 2023 20:50:51 GMT
date: Sun, 22 Oct 2023 20:50:51 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ed2e24057f1333d118418b86288bf5c0
a569a908e714e5609438d5eae0553e60ae3fe342
1c562f3476b94ff38282c60a24cbd0cc3276048ae02fce4047e923dd7d76db6d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 22 Oct 2023 20:50:53 GMT
Last-Modified: Sun, 22 Oct 2023 20:45:51 GMT
Server: ECAcc (ska/F776)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2vDgpLgfC8dGXQONGf4XThH1zSwOs5QPBn-jpn5o3l8LkqVHfIgaYg==
Age: 302

professionalswebcheck.com/stats

35.157.243.66

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
35.157.243.66:443
ASN
#16509 AMAZON-02

Requested by
https://justpaste.me/zLUd
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
c565a500a0f270e436021ca8db376b3a
6464bd993aa6dc2c3dd0aa8a4fa2fcd4bb104d30
4ed0d75b63bc07b01d97da33a1df53d333babbc6bb610e8a3bf518754f3685f5

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:53 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://justpaste.me
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=ad0b05f4-f7e8-4730-ab3d-dbf91462f504:2:1; expires=Wed, 19 Oct 2033 20:50:53 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

professionalswebcheck.com/stats

35.157.243.66

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
35.157.243.66:443
ASN
#16509 AMAZON-02

Requested by
https://justpaste.me/zLUd
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
87dcefb124ff8e51c8a053d8d3ad0b22
6d76d9f7c4a0539888fd1d028b3d3d6e1083b2be
487f9b954f39ff85ecca75a82969c1d970f83d2a28c0a74c1eb20e5d34bb1000

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:53 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://justpaste.me
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8:1:1; expires=Wed, 19 Oct 2033 20:50:53 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

justpaste.me/img/favicon.ico

160.153.129.212

200 OK

116 B

URL GET HTTP/2
justpaste.me/img/favicon.ico
IP
160.153.129.212:443
ASN
#21501 Host Europe GmbH

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectjustpaste.me
Fingerprint69:5A:5F:DD:DD:75:9B:01:5E:EF:01:59:90:BB:FF:CF:73:18:39:ED
ValidityMon, 18 Sep 2023 09:45:00 GMT - Sun, 17 Dec 2023 09:44:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
116 B (116 bytes)
Hash
623b6f9ac5562d5dbaed730f07a6ace7
9bf88d8fb7c0404fa95ee87e81db52111c682fea
d4e91fd2b2246b21fe204d38e545294d83d29bc8a84d6e7cd6c04db53fe12bbb

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: justpaste.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/zLUd
Cookie: PHPSESSID=2a3a0f0f9003ed4047ba1da9f6d198de; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 14:26:30 GMT
etag: "70a1d9f-47e-57599428610e3-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 116
content-type: image/x-icon
date: Sun, 22 Oct 2023 20:50:53 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d62d26bfdc78b03095b3b1ed71acbb77
8b17c7417306c2f5bfce55e5f4ca4cd0efab3284
7f23891dee43724ec01fae6da9ce6e6ea0d4dc3034e4f9a2bf43dd30da1a4646

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:50:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

200 OK

189 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Oct 2023 15:21:50 GMT
expires: Mon, 21 Oct 2024 15:21:50 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 19743
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d62d26bfdc78b03095b3b1ed71acbb77
8b17c7417306c2f5bfce55e5f4ca4cd0efab3284
7f23891dee43724ec01fae6da9ce6e6ea0d4dc3034e4f9a2bf43dd30da1a4646

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:50:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

173.233.137.60

307 Temporary Redirect

0 B

URL GET HTTP/1.1
reliablemiraculouscaleb.com/watch.453859992397.js?key=eecfd8a81f18a005b6403b46fa58fb16&kw=%5B%22just%22%2C%22paste%22%2C%22me%22%5D&refer=https%3A%2F%2Fjustpaste.me%2FzLUd&tz=0&dev=e&res=14.2079&uuid=ad0b05f4-f7e8-4730-ab3d-dbf91462f504%3A2%3A1
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectreliablemiraculouscaleb.com
FingerprintB0:CB:B2:A8:72:53:1B:CF:E0:77:F1:45:F2:12:5A:26:1F:A2:04:41
ValidityTue, 10 Oct 2023 08:24:28 GMT - Mon, 08 Jan 2024 08:24:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.453859992397.js?key=eecfd8a81f18a005b6403b46fa58fb16&kw=%5B%22just%22%2C%22paste%22%2C%22me%22%5D&refer=https%3A%2F%2Fjustpaste.me%2FzLUd&tz=0&dev=e&res=14.2079&uuid=ad0b05f4-f7e8-4730-ab3d-dbf91462f504%3A2%3A1 HTTP/1.1
Host: reliablemiraculouscaleb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:53 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://justpaste.me
Access-Control-Allow-Origin: https://justpaste.me
Access-Control-Allow-Credentials: true
Location: https://reliablemiraculouscaleb.com/watch.453859992397.js?key=eecfd8a81f18a005b6403b46fa58fb16&kw=%5B%22just%22%2C%22paste%22%2C%22me%22%5D&refer=https%3A%2F%2Fjustpaste.me%2FzLUd&tz=0&dev=e&res=14.2079&uuid=ad0b05f4-f7e8-4730-ab3d-dbf91462f504%3A2%3A1&shu=6e8d8f0f4505513060a293290ce4e06edbb242321cd6e1330aa6fd5a7a00cc5cba200c98a11ba6cfe5a65b6d9db1dd24583122e9e2833b4d7db5c33d1a53b588ed75dd5ec7123bdd9b476ff04b2035ba5faa4bf90ed2dab2bf3bb1684dd9ec27&pst=1698007913&rmtc=t
Set-Cookie: u_pl=17443720; expires=Mon, 23 Oct 2023 20:50:53 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQ0MzcyMCwiayI6ImVlY2ZkOGE4MWYxOGEwMDViNjQwM2I0NmZhNThmYjE2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDY1MDMsInBpZCI6MTQzNjE3LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjMsInB0Ijo0LCJwayI6Img0Zms2c21lIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9qdXN0cGFzdGUubWUvekxVZCJ9fQ.7hW9zGX0_xD0NGkUZhx9h-z1JA3dphvDSUwlEqviweQ; expires=Sun, 22 Oct 2023 20:51:53 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8e5fdd3c350ac54f43e97c5005478ad7
Strict-Transport-Security: max-age=0; includeSubdomains

reliablemiraculouscaleb.com/watch.453859992397.js?key=eecfd8a81f18a005b6403b46fa58fb16&kw=%5B%22just%22%2C%22paste%22%2C%22me%22%5D&refer=https%3A%2F%2Fjustpaste.me%2FzLUd&tz=0&dev=e&res=14.2079&uuid=ad0b05f4-f7e8-4730-ab3d-dbf91462f504%3A2%3A1&shu=6e8d8f0f4505513060a293290ce4e06edbb242321cd6e1330aa6fd5a7a00cc5cba200c98a11ba6cfe5a65b6d9db1dd24583122e9e2833b4d7db5c33d1a53b588ed75dd5ec7123bdd9b476ff04b2035ba5faa4bf90ed2dab2bf3bb1684dd9ec27&pst=1698007913&rmtc=t

173.233.137.60

200 OK

2.0 kB

URL GET HTTP/1.1
reliablemiraculouscaleb.com/watch.453859992397.js?key=eecfd8a81f18a005b6403b46fa58fb16&kw=%5B%22just%22%2C%22paste%22%2C%22me%22%5D&refer=https%3A%2F%2Fjustpaste.me%2FzLUd&tz=0&dev=e&res=14.2079&uuid=ad0b05f4-f7e8-4730-ab3d-dbf91462f504%3A2%3A1&shu=6e8d8f0f4505513060a293290ce4e06edbb242321cd6e1330aa6fd5a7a00cc5cba200c98a11ba6cfe5a65b6d9db1dd24583122e9e2833b4d7db5c33d1a53b588ed75dd5ec7123bdd9b476ff04b2035ba5faa4bf90ed2dab2bf3bb1684dd9ec27&pst=1698007913&rmtc=t
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectreliablemiraculouscaleb.com
FingerprintB0:CB:B2:A8:72:53:1B:CF:E0:77:F1:45:F2:12:5A:26:1F:A2:04:41
ValidityTue, 10 Oct 2023 08:24:28 GMT - Mon, 08 Jan 2024 08:24:27 GMT

File type
HTML document, ASCII text, with very long lines (2425)
Size
2.0 kB (1965 bytes)
Hash
46ccc5b0c1429ceda3271224bc116569
0e946553714176e71578f87f4bf35d0c8cc8668b
38990efe171767b826c272b1396457e07a41d3524c0793f64f05dcac076bac3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.453859992397.js?key=eecfd8a81f18a005b6403b46fa58fb16&kw=%5B%22just%22%2C%22paste%22%2C%22me%22%5D&refer=https%3A%2F%2Fjustpaste.me%2FzLUd&tz=0&dev=e&res=14.2079&uuid=ad0b05f4-f7e8-4730-ab3d-dbf91462f504%3A2%3A1&shu=6e8d8f0f4505513060a293290ce4e06edbb242321cd6e1330aa6fd5a7a00cc5cba200c98a11ba6cfe5a65b6d9db1dd24583122e9e2833b4d7db5c33d1a53b588ed75dd5ec7123bdd9b476ff04b2035ba5faa4bf90ed2dab2bf3bb1684dd9ec27&pst=1698007913&rmtc=t HTTP/1.1
Host: reliablemiraculouscaleb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
Referer: https://justpaste.me/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17443720; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQ0MzcyMCwiayI6ImVlY2ZkOGE4MWYxOGEwMDViNjQwM2I0NmZhNThmYjE2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDY1MDMsInBpZCI6MTQzNjE3LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6MjMsInB0Ijo0LCJwayI6Img0Zms2c21lIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9qdXN0cGFzdGUubWUvekxVZCJ9fQ.7hW9zGX0_xD0NGkUZhx9h-z1JA3dphvDSUwlEqviweQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://justpaste.me
Access-Control-Allow-Origin: https://justpaste.me
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ad0b05f4-f7e8-4730-ab3d-dbf91462f504:2:1; expires=Sun, 29 Oct 2023 20:50:53 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Oct 2023 20:50:53 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Oct 2023 20:50:53 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 23 Oct 2023 20:50:53 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 23 Oct 2023 20:50:53 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f07ff37f1f801cd7b08ff7ca400e937e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

142.250.74.35

200 OK

25 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Oct 2023 16:12:02 GMT
expires: Mon, 21 Oct 2024 16:12:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/css
vary: Accept-Encoding
age: 16732
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

200 OK

189 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Oct 2023 15:21:50 GMT
expires: Mon, 21 Oct 2024 15:21:50 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 19744
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.cloudimagesb.com/cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png

45.133.44.9

200 OK

56 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Size
56 kB (56505 bytes)
Hash
231d615f0b920b0f0c8758342141193b
ca68f0f6e4c9124bbe61c49d789d0447076b0332
3e24999c26c1c68485e879756ea30639ccee4d7f30f1e2c0e5190818cbab8996

HTTP Headers

GET /cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:54 GMT
content-type: image/png
content-length: 56505
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:14:41 GMT
etag: "61080be1-dcb9"
expires: Tue, 24 Oct 2023 20:50:54 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

tomatohackblobs.com/sbar.json?key=e427a9148361046fb1389c0427165509&uuid=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8%3A1%3A1

173.233.137.36

200 OK

3.7 kB

URL GET HTTP/1.1
tomatohackblobs.com/sbar.json?key=e427a9148361046fb1389c0427165509&uuid=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8%3A1%3A1
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjecttomatohackblobs.com
FingerprintAC:AA:0B:97:51:8F:5F:74:24:ED:81:7C:1F:0A:68:44:26:5D:F8:1A
ValidityWed, 27 Sep 2023 00:57:27 GMT - Tue, 26 Dec 2023 00:57:26 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (6383), with no line terminators
Size
3.7 kB (3654 bytes)
Hash
ce0753abacb7c6e6ffa0e1ca8e5f1bc2
34a7448d19f77100bf31dd54cbd3372ee04ad635
b2e231e393b7e1425b220e3776c7cde700c7d746311d3b6dcc5cb9fd626e8eec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=e427a9148361046fb1389c0427165509&uuid=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8%3A1%3A1 HTTP/1.1
Host: tomatohackblobs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:54 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://justpaste.me
Access-Control-Allow-Origin: https://justpaste.me
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17691601; expires=Mon, 23 Oct 2023 20:50:54 GMT; secure; SameSite=None
uid_id2=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8:1:1; expires=Sun, 29 Oct 2023 20:50:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Oct 2023 20:50:54 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Oct 2023 20:50:54 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 23 Oct 2023 20:50:54 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 23 Oct 2023 20:50:54 GMT; secure; SameSite=None
slece427a9148361046fb1389c0427165509=[4663323]; expires=Sun, 22 Oct 2023 20:50:59 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 426a6bb7ac1ef8da68eaf433e836cad0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.211.3

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Oct 2023 23:51:35 GMT
expires: Fri, 18 Oct 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 248359
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.35

200 OK

2.2 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 14:42:45 GMT
expires: Fri, 27 Oct 2023 14:42:45 GMT
cache-control: public, max-age=604800
age: 194889
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

200 OK

189 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Oct 2023 15:21:50 GMT
expires: Mon, 21 Oct 2024 15:21:50 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 19744
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

tomatohackblobs.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvbw4yeRKIKICHMQjODOdvf0fLQREtdkQ3DzQaKYm1ZXVU8qW93VVHVPT%2FYUDEggHib4D%2FQ8s5tFXYJevPnBrLcBYcfTHtyD4F3ckJsgM7u4%2BELxvFXPc3je563PhsU%2BcVHQvZUrel0qRZeadbd25pbnna2tyrTo1%2Fqd1set4GzN9N723LDuvlm7JNiaXvJdz3U916utSCNi3V%2FyPK%2FuQmbboVcP3Xrg171mgL75790WDix1wHv75EVIPv3%2F9pMAko2RJt9cEHYt19lbF5NC0Vwb9PjWh%2BlaqssUyXEbGwdxunWkhra7Kz9Ap5tzw9C9f4WRnBLnj98RpVtHLhH1Ng%2BNRgoiRcSfQ9kbQ6gxJB2D6fuQfJcAjOPqNaTJ46valPTuIUtn7JQsPDuALKdk4beXkCZPlpXs125qVeRSpxb9uILsjyG7Y2TFDvL1E5DlDlj%2BKST%2FhSw9W0WabFyzSkPyvdeblItWx28tttssXgyawl8MeUwXhcs8FnXacSg684SkHEPGYygxALUOitmRDorYQZE5SPherc2CTod3mpwKxvwo9jpxEAchZW7M3Eboo2CzGQbIswGYGoCZe8jMPazJR7vePkzxE%2BztCpY7sDlBj1coBUFpCUpKUEqCMicoe9UmV9a31WOubBF5R%2BgfYaMa6bw7pJs674qUDLN98sIsO%2BfUwS7WxF5NBH6bhl7QabQ8N2jFkdfohMwN%2FLbXajbdEFZWkPbEfNJ1OSUn3rmEbIaeg4juwKodMHkStHgNtBy1fRf09ijouFhPt%2B8UNs%2BozUU9EeC6QpYvIL%2FrDNU%2BeWW%2Bw0tnXoVgk%2FOn%2Fz747uJwAmYqZKbCHfkzQVc9GN3QJdm4oUtLvr2W5TKR63S235s5zcXCV%2B%2BLu6U2%2FPIFO%2FjyXTYjZu32B8LmqzTlMu1a8vWy5FyYFW2YIN9fth%2BJ6Hphby8XJi2y1evvrVxOMiOslTodg8opIaMDMDklpx5%2BMv%2B7b8TPQ5oxTFEhKSbkqCD1Dlh2DzabnP%2FfrdPRlelfsJrAqGNNlDkoi2pk%2FOj4UckpWY6fQonJuS%2Bimy9%2FPnkKGlWw4jiISEx%2B%2FPNQP7QP0DUOaH4faVKhZyr0VAWqBrDFyVGemcm5XxvzQqScUaSMsxEpox4dBmzlXk20RSsMAzdoc9eNAu77XlMw2ghoSH0%2FbiO3U9F8WP8HAAD%2F%2FwEAAP%2F%2F7Y0xTIwEAAA%3D

173.233.137.36

200 OK

7 B

URL GET HTTP/1.1
tomatohackblobs.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvbw4yeRKIKICHMQjODOdvf0fLQREtdkQ3DzQaKYm1ZXVU8qW93VVHVPT%2FYUDEggHib4D%2FQ8s5tFXYJevPnBrLcBYcfTHtyD4F3ckJsgM7u4%2BELxvFXPc3je563PhsU%2BcVHQvZUrel0qRZeadbd25pbnna2tyrTo1%2Fqd1set4GzN9N723LDuvlm7JNiaXvJdz3U916utSCNi3V%2FyPK%2FuQmbboVcP3Xrg171mgL75790WDix1wHv75EVIPv3%2F9pMAko2RJt9cEHYt19lbF5NC0Vwb9PjWh%2BlaqssUyXEbGwdxunWkhra7Kz9Ap5tzw9C9f4WRnBLnj98RpVtHLhH1Ng%2BNRgoiRcSfQ9kbQ6gxJB2D6fuQfJcAjOPqNaTJ46valPTuIUtn7JQsPDuALKdk4beXkCZPlpXs125qVeRSpxb9uILsjyG7Y2TFDvL1E5DlDlj%2BKST%2FhSw9W0WabFyzSkPyvdeblItWx28tttssXgyawl8MeUwXhcs8FnXacSg684SkHEPGYygxALUOitmRDorYQZE5SPherc2CTod3mpwKxvwo9jpxEAchZW7M3Eboo2CzGQbIswGYGoCZe8jMPazJR7vePkzxE%2BztCpY7sDlBj1coBUFpCUpKUEqCMicoe9UmV9a31WOubBF5R%2BgfYaMa6bw7pJs674qUDLN98sIsO%2BfUwS7WxF5NBH6bhl7QabQ8N2jFkdfohMwN%2FLbXajbdEFZWkPbEfNJ1OSUn3rmEbIaeg4juwKodMHkStHgNtBy1fRf09ijouFhPt%2B8UNs%2BozUU9EeC6QpYvIL%2FrDNU%2BeWW%2Bw0tnXoVgk%2FOn%2Fz747uJwAmYqZKbCHfkzQVc9GN3QJdm4oUtLvr2W5TKR63S235s5zcXCV%2B%2BLu6U2%2FPIFO%2FjyXTYjZu32B8LmqzTlMu1a8vWy5FyYFW2YIN9fth%2BJ6Hphby8XJi2y1evvrVxOMiOslTodg8opIaMDMDklpx5%2BMv%2B7b8TPQ5oxTFEhKSbkqCD1Dlh2DzabnP%2FfrdPRlelfsJrAqGNNlDkoi2pk%2FOj4UckpWY6fQonJuS%2Bimy9%2FPnkKGlWw4jiISEx%2B%2FPNQP7QP0DUOaH4faVKhZyr0VAWqBrDFyVGemcm5XxvzQqScUaSMsxEpox4dBmzlXk20RSsMAzdoc9eNAu77XlMw2ghoSH0%2FbiO3U9F8WP8HAAD%2F%2FwEAAP%2F%2F7Y0xTIwEAAA%3D
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjecttomatohackblobs.com
FingerprintAC:AA:0B:97:51:8F:5F:74:24:ED:81:7C:1F:0A:68:44:26:5D:F8:1A
ValidityWed, 27 Sep 2023 00:57:27 GMT - Tue, 26 Dec 2023 00:57:26 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvbw4yeRKIKICHMQjODOdvf0fLQREtdkQ3DzQaKYm1ZXVU8qW93VVHVPT%2FYUDEggHib4D%2FQ8s5tFXYJevPnBrLcBYcfTHtyD4F3ckJsgM7u4%2BELxvFXPc3je563PhsU%2BcVHQvZUrel0qRZeadbd25pbnna2tyrTo1%2Fqd1set4GzN9N723LDuvlm7JNiaXvJdz3U916utSCNi3V%2FyPK%2FuQmbboVcP3Xrg171mgL75790WDix1wHv75EVIPv3%2F9pMAko2RJt9cEHYt19lbF5NC0Vwb9PjWh%2BlaqssUyXEbGwdxunWkhra7Kz9Ap5tzw9C9f4WRnBLnj98RpVtHLhH1Ng%2BNRgoiRcSfQ9kbQ6gxJB2D6fuQfJcAjOPqNaTJ46valPTuIUtn7JQsPDuALKdk4beXkCZPlpXs125qVeRSpxb9uILsjyG7Y2TFDvL1E5DlDlj%2BKST%2FhSw9W0WabFyzSkPyvdeblItWx28tttssXgyawl8MeUwXhcs8FnXacSg684SkHEPGYygxALUOitmRDorYQZE5SPherc2CTod3mpwKxvwo9jpxEAchZW7M3Eboo2CzGQbIswGYGoCZe8jMPazJR7vePkzxE%2BztCpY7sDlBj1coBUFpCUpKUEqCMicoe9UmV9a31WOubBF5R%2BgfYaMa6bw7pJs674qUDLN98sIsO%2BfUwS7WxF5NBH6bhl7QabQ8N2jFkdfohMwN%2FLbXajbdEFZWkPbEfNJ1OSUn3rmEbIaeg4juwKodMHkStHgNtBy1fRf09ijouFhPt%2B8UNs%2BozUU9EeC6QpYvIL%2FrDNU%2BeWW%2Bw0tnXoVgk%2FOn%2Fz747uJwAmYqZKbCHfkzQVc9GN3QJdm4oUtLvr2W5TKR63S235s5zcXCV%2B%2BLu6U2%2FPIFO%2FjyXTYjZu32B8LmqzTlMu1a8vWy5FyYFW2YIN9fth%2BJ6Hphby8XJi2y1evvrVxOMiOslTodg8opIaMDMDklpx5%2BMv%2B7b8TPQ5oxTFEhKSbkqCD1Dlh2DzabnP%2FfrdPRlelfsJrAqGNNlDkoi2pk%2FOj4UckpWY6fQonJuS%2Bimy9%2FPnkKGlWw4jiISEx%2B%2FPNQP7QP0DUOaH4faVKhZyr0VAWqBrDFyVGemcm5XxvzQqScUaSMsxEpox4dBmzlXk20RSsMAzdoc9eNAu77XlMw2ghoSH0%2FbiO3U9F8WP8HAAD%2F%2FwEAAP%2F%2F7Y0xTIwEAAA%3D HTTP/1.1
Host: tomatohackblobs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Cookie: u_pl=17691601; uid_id2=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece427a9148361046fb1389c0427165509=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:54 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4e79770761e6ebabf3b6a0466f176d4e
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/si/d4/71/e8/d471e866a1924ea9dbc2f76b1a8e9f2c/1686846404.png

45.133.44.9

200 OK

14 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/d4/71/e8/d471e866a1924ea9dbc2f76b1a8e9f2c/1686846404.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14409 bytes)
Hash
405d4d1f26c3e6fdfa9d35458bc5b0bd
280ca8973e3979fd9502cb9d44efc1dfcfe618e6
4d56359b995a0d48393ab53da6aa232ce7c833bf8ae8ceef38d51987ad71ca66

HTTP Headers

GET /si/d4/71/e8/d471e866a1924ea9dbc2f76b1a8e9f2c/1686846404.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:54 GMT
content-type: image/png
content-length: 14409
server: nginx/1.21.6
last-modified: Thu, 15 Jun 2023 16:26:53 GMT
etag: "648b3bcd-3849"
expires: Tue, 24 Oct 2023 20:50:54 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/84/17/f1/8417f103cb0d035558518bf6ba6c2e1d/1697199900.png

45.133.44.9

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/84/17/f1/8417f103cb0d035558518bf6ba6c2e1d/1697199900.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
25 kB (25270 bytes)
Hash
bdc31a4330b8181ee2fb46f3c281480a
3e0f3a7438a7b4d0f704a1c348d333d0887244d7
aaab7b2cfbb3770c3f6c9ac22efcf9c88f9ad4f665f607f012d075b65fd3b4df

HTTP Headers

GET /si/84/17/f1/8417f103cb0d035558518bf6ba6c2e1d/1697199900.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:54 GMT
content-type: image/png
content-length: 25270
server: nginx/1.21.6
last-modified: Fri, 13 Oct 2023 12:25:09 GMT
etag: "65293725-62b6"
expires: Tue, 24 Oct 2023 20:50:54 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a6c3f88afc668807113b9548a21e9919
61be67550851957676e6086ee66e2c042cb279f7
d1c259a69c7bdd21b31a891ea65e92a0f0644150b7f10079c5a16fc5a0410636

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:50:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a6c3f88afc668807113b9548a21e9919
61be67550851957676e6086ee66e2c042cb279f7
d1c259a69c7bdd21b31a891ea65e92a0f0644150b7f10079c5a16fc5a0410636

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Oct 2023 20:50:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png

172.64.103.10

200 OK

591 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:54 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5026773
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iqGVRlrDbNI6Ber3iUQ8RtmpEFYwLH3kJZQVyyG1%2Bm%2FQOZm6eKHlZ8Vj11LO%2Bza5xSe828V51%2Bl1%2FXJmaBaEvYqeaF%2FccrkYuVkUjlo58LW9l1qSpba8307euFAxdvvxpLsX4iiOY%2BwB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a49d84eb994188-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

142.250.74.35

200 OK

25 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Oct 2023 16:12:02 GMT
expires: Mon, 21 Oct 2024 16:12:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/css
vary: Accept-Encoding
age: 16733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

200 OK

189 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Oct 2023 15:21:50 GMT
expires: Mon, 21 Oct 2024 15:21:50 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 19745
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

tomatohackblobs.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css&l=4168&fd=434

173.233.137.36

200 OK

0 B

URL GET HTTP/1.1
tomatohackblobs.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css&l=4168&fd=434
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjecttomatohackblobs.com
FingerprintAC:AA:0B:97:51:8F:5F:74:24:ED:81:7C:1F:0A:68:44:26:5D:F8:1A
ValidityWed, 27 Sep 2023 00:57:27 GMT - Tue, 26 Dec 2023 00:57:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css&l=4168&fd=434 HTTP/1.1
Host: tomatohackblobs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Cookie: u_pl=17691601; uid_id2=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece427a9148361046fb1389c0427165509=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=e427a9148361046fb1389c0427165509&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=e427a9148361046fb1389c0427165509&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintBE:8C:78:D1:BA:58:B8:88:10:09:32:1D:31:7A:D9:4A:09:BF:6C:7A
ValiditySat, 23 Sep 2023 07:33:12 GMT - Fri, 22 Dec 2023 07:33:11 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=e427a9148361046fb1389c0427165509&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Oct 2023 20:50:55 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 148cf1b824c5b6a6a95d53e2d89926db
Strict-Transport-Security: max-age=0; includeSubdomains

tomatohackblobs.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js&l=958&fd=326

173.233.137.36

200 OK

0 B

URL GET HTTP/1.1
tomatohackblobs.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js&l=958&fd=326
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjecttomatohackblobs.com
FingerprintAC:AA:0B:97:51:8F:5F:74:24:ED:81:7C:1F:0A:68:44:26:5D:F8:1A
ValidityWed, 27 Sep 2023 00:57:27 GMT - Tue, 26 Dec 2023 00:57:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js&l=958&fd=326 HTTP/1.1
Host: tomatohackblobs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Cookie: u_pl=17691601; uid_id2=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece427a9148361046fb1389c0427165509=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.211.3

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 10:05:24 GMT
expires: Sat, 19 Oct 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 211531
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.211.3

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 02:00:44 GMT
expires: Sat, 19 Oct 2024 02:00:44 GMT
cache-control: public, max-age=31536000
age: 240611
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

tomatohackblobs.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvbw5SuRKIKICHMQjODOdvf0zPQYIXFNNgQ3P0gUc9PqqupJZau7mqru6cmeggEJxMME%2F4GeN7tZ1CXoxZs%2FmPU2IOx42oN7ELyLG3ITZGYXFz9QvE%2FVe4f3eZ%2F6bFjsExcF3Vu5otelUnSpWXdrZ2553tnaqkyLfq0ftj5uBWdrpve253bq7pu1S4Kt6SXf9VzXc73aijQi1v0lz%2FPqLmS23fHqHbce%2BHWvGaBv%2Fnu3hQNLHfDePnkRkk%2F%2Fv%2F0kgGRjpMk3F4Rdy3X21sWkUDTXBj2%2B9WG6luoyRXLcxsZBnG4dqaHt7soP0Onm3DB0719hJKfE%2BeN3ROnWkUtEvc1Do5GCSBHx51D2xhBqDEnHYPo%2BJN8lAOO4eg1p8viqNiW9e8jSGTslC88OIMspWfjtJaTJk2Ul%2B7WbWhW51KlFP64g%2B2PI7hhZsYN8%2FQRkuQOWfwrJfyFLz1aRJhvXrNKQfO%2F1JuWiFfqtxXabxYtBU%2FiLHR7TReEyj0VhO%2B6IcJ6QlGPIeAwlBqDWQTE70kEROygyBwnfq7VZEIY8bHIqGPOj2AvjIA46lLkxcxsdHwWbzTBAng3A1ADM3ENm7mFNPtr19mGKn2BvV7Dcgc0JerxCKQhKS1BSglISlDlB2as2ubK%2BrR5zZYvIO0L%2FCBvVSOfdId3UeVekZJjtkxdm2TmnDnaxJvZqIvDbtOMFYaPluUErjrxG2GFu4Le9VrPpdmBlBWlPzCddl1Ny4p1LyGboOYjoDqzaAZMnQYvXQMtR23dBb4%2BC0MV6un2nsHlGbS7qiQDXFbJ8AfldZ6j2ySvzHV468yoEm5w%2F%2FffBdxeHEzBTITMV7sifCbrqweiGLsnGDV1a8u21LJeJXKez%2Fd7MaS4Wvnpf3C214Zcv2MGX77IZMWu3PxA2X6Upl2nXkq%2BXJefCrGjDBPn%2Bsv1IRNcLe3u5MGmRrV5%2Fb%2BVykhlhrdTpGFROCRkdgMkpOfXwk%2FnffSN%2BHtKMYYoKSTEhRwWpd8Cye7DZ5Pz%2Fbp2Orkz%2FgtUERh1rosxBWVQj40fHj0pOyXL8FEpMzn0R3Xz588lT0KiCFcdBRGLy45%2BH%2BqF9gK5xQPP7SJMKPVOhpypQNYAtTo7yzEzO%2FdqYFyLljCJlnI1IGfXoMGAr92qMuYJ6UdsTgotmg7GgxcKoFTeCtgibvIncTkXzYf0fAAAA%2F%2F8BAAD%2F%2FxKqmVyMBAAA

173.233.137.36

200 OK

7 B

URL GET HTTP/1.1
tomatohackblobs.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvbw5SuRKIKICHMQjODOdvf0zPQYIXFNNgQ3P0gUc9PqqupJZau7mqru6cmeggEJxMME%2F4GeN7tZ1CXoxZs%2FmPU2IOx42oN7ELyLG3ITZGYXFz9QvE%2FVe4f3eZ%2F6bFjsExcF3Vu5otelUnSpWXdrZ2553tnaqkyLfq0ftj5uBWdrpve253bq7pu1S4Kt6SXf9VzXc73aijQi1v0lz%2FPqLmS23fHqHbce%2BHWvGaBv%2Fnu3hQNLHfDePnkRkk%2F%2Fv%2F0kgGRjpMk3F4Rdy3X21sWkUDTXBj2%2B9WG6luoyRXLcxsZBnG4dqaHt7soP0Onm3DB0719hJKfE%2BeN3ROnWkUtEvc1Do5GCSBHx51D2xhBqDEnHYPo%2BJN8lAOO4eg1p8viqNiW9e8jSGTslC88OIMspWfjtJaTJk2Ul%2B7WbWhW51KlFP64g%2B2PI7hhZsYN8%2FQRkuQOWfwrJfyFLz1aRJhvXrNKQfO%2F1JuWiFfqtxXabxYtBU%2FiLHR7TReEyj0VhO%2B6IcJ6QlGPIeAwlBqDWQTE70kEROygyBwnfq7VZEIY8bHIqGPOj2AvjIA46lLkxcxsdHwWbzTBAng3A1ADM3ENm7mFNPtr19mGKn2BvV7Dcgc0JerxCKQhKS1BSglISlDlB2as2ubK%2BrR5zZYvIO0L%2FCBvVSOfdId3UeVekZJjtkxdm2TmnDnaxJvZqIvDbtOMFYaPluUErjrxG2GFu4Le9VrPpdmBlBWlPzCddl1Ny4p1LyGboOYjoDqzaAZMnQYvXQMtR23dBb4%2BC0MV6un2nsHlGbS7qiQDXFbJ8AfldZ6j2ySvzHV468yoEm5w%2F%2FffBdxeHEzBTITMV7sifCbrqweiGLsnGDV1a8u21LJeJXKez%2Fd7MaS4Wvnpf3C214Zcv2MGX77IZMWu3PxA2X6Upl2nXkq%2BXJefCrGjDBPn%2Bsv1IRNcLe3u5MGmRrV5%2Fb%2BVykhlhrdTpGFROCRkdgMkpOfXwk%2FnffSN%2BHtKMYYoKSTEhRwWpd8Cye7DZ5Pz%2Fbp2Orkz%2FgtUERh1rosxBWVQj40fHj0pOyXL8FEpMzn0R3Xz588lT0KiCFcdBRGLy45%2BH%2BqF9gK5xQPP7SJMKPVOhpypQNYAtTo7yzEzO%2FdqYFyLljCJlnI1IGfXoMGAr92qMuYJ6UdsTgotmg7GgxcKoFTeCtgibvIncTkXzYf0fAAAA%2F%2F8BAAD%2F%2FxKqmVyMBAAA
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjecttomatohackblobs.com
FingerprintAC:AA:0B:97:51:8F:5F:74:24:ED:81:7C:1F:0A:68:44:26:5D:F8:1A
ValidityWed, 27 Sep 2023 00:57:27 GMT - Tue, 26 Dec 2023 00:57:26 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTvbw5SuRKIKICHMQjODOdvf0zPQYIXFNNgQ3P0gUc9PqqupJZau7mqru6cmeggEJxMME%2F4GeN7tZ1CXoxZs%2FmPU2IOx42oN7ELyLG3ITZGYXFz9QvE%2FVe4f3eZ%2F6bFjsExcF3Vu5otelUnSpWXdrZ2553tnaqkyLfq0ftj5uBWdrpve253bq7pu1S4Kt6SXf9VzXc73aijQi1v0lz%2FPqLmS23fHqHbce%2BHWvGaBv%2Fnu3hQNLHfDePnkRkk%2F%2Fv%2F0kgGRjpMk3F4Rdy3X21sWkUDTXBj2%2B9WG6luoyRXLcxsZBnG4dqaHt7soP0Onm3DB0719hJKfE%2BeN3ROnWkUtEvc1Do5GCSBHx51D2xhBqDEnHYPo%2BJN8lAOO4eg1p8viqNiW9e8jSGTslC88OIMspWfjtJaTJk2Ul%2B7WbWhW51KlFP64g%2B2PI7hhZsYN8%2FQRkuQOWfwrJfyFLz1aRJhvXrNKQfO%2F1JuWiFfqtxXabxYtBU%2FiLHR7TReEyj0VhO%2B6IcJ6QlGPIeAwlBqDWQTE70kEROygyBwnfq7VZEIY8bHIqGPOj2AvjIA46lLkxcxsdHwWbzTBAng3A1ADM3ENm7mFNPtr19mGKn2BvV7Dcgc0JerxCKQhKS1BSglISlDlB2as2ubK%2BrR5zZYvIO0L%2FCBvVSOfdId3UeVekZJjtkxdm2TmnDnaxJvZqIvDbtOMFYaPluUErjrxG2GFu4Le9VrPpdmBlBWlPzCddl1Ny4p1LyGboOYjoDqzaAZMnQYvXQMtR23dBb4%2BC0MV6un2nsHlGbS7qiQDXFbJ8AfldZ6j2ySvzHV468yoEm5w%2F%2FffBdxeHEzBTITMV7sifCbrqweiGLsnGDV1a8u21LJeJXKez%2Fd7MaS4Wvnpf3C214Zcv2MGX77IZMWu3PxA2X6Upl2nXkq%2BXJefCrGjDBPn%2Bsv1IRNcLe3u5MGmRrV5%2Fb%2BVykhlhrdTpGFROCRkdgMkpOfXwk%2FnffSN%2BHtKMYYoKSTEhRwWpd8Cye7DZ5Pz%2Fbp2Orkz%2FgtUERh1rosxBWVQj40fHj0pOyXL8FEpMzn0R3Xz588lT0KiCFcdBRGLy45%2BH%2BqF9gK5xQPP7SJMKPVOhpypQNYAtTo7yzEzO%2FdqYFyLljCJlnI1IGfXoMGAr92qMuYJ6UdsTgotmg7GgxcKoFTeCtgibvIncTkXzYf0fAAAA%2F%2F8BAAD%2F%2FxKqmVyMBAAA HTTP/1.1
Host: tomatohackblobs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Cookie: u_pl=17691601; uid_id2=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece427a9148361046fb1389c0427165509=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a7f82b90965acf48e7800c0e6982a5c0
Strict-Transport-Security: max-age=0; includeSubdomains

tomatohackblobs.com/pixel/sbs?c=1

173.233.137.36

200 OK

0 B

URL GET HTTP/1.1
tomatohackblobs.com/pixel/sbs?c=1
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjecttomatohackblobs.com
FingerprintAC:AA:0B:97:51:8F:5F:74:24:ED:81:7C:1F:0A:68:44:26:5D:F8:1A
ValidityWed, 27 Sep 2023 00:57:27 GMT - Tue, 26 Dec 2023 00:57:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: tomatohackblobs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Cookie: u_pl=17691601; uid_id2=5ade6826-77cf-45e2-9dfa-e0c1cb87f9e8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece427a9148361046fb1389c0427165509=[4663323]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 22 Oct 2023 20:50:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

www.google.com/recaptcha/api2/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2

142.250.74.132

200 OK

102 B

URL GET HTTP/3
www.google.com/recaptcha/api2/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintC9:4D:78:AD:EC:04:27:EE:F0:06:4C:C8:78:D8:9F:06:B5:CC:39:37
ValidityThu, 28 Sep 2023 05:26:21 GMT - Thu, 21 Dec 2023 05:26:20 GMT

File type
ASCII text, with no line terminators
Size
102 B (102 bytes)
Hash
26c4f76e985234506205b82e3e6e520f
987d32a005fd1a1be9cc3a4f85796705beadb340
bd7e05751a03c3c81bf4f38808d12af294f672494f6b9d7641aaf0dfbb5fb012

HTTP Headers

GET /recaptcha/api2/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript; charset=UTF-8
expires: Sun, 22 Oct 2023 20:50:54 GMT
date: Sun, 22 Oct 2023 20:50:54 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html

45.133.44.4

200 OK

1.5 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://justpaste.me/zLUd
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintCB:0F:87:85:B0:83:8B:5C:86:E5:81:91:9D:F5:ED:C4:A2:B6:B1:BE
ValidityTue, 12 Sep 2023 01:01:21 GMT - Mon, 11 Dec 2023 01:01:20 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (1639), with no line terminators
Size
1.5 kB (1538 bytes)
Hash
97b357c624104a8e915d01424dfe16ce
6bd7fcedfb7986b149601b1bc840f525b67a8f06
8d010e7163298acf3671bb429a2e0b1d69033a5adc314fa4bddebf74b9775e6e

HTTP Headers

GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:54 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 22 Oct 2023 21:50:54 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.92

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
104.21.234.92:443
ASN
#13335 CLOUDFLARENET

Requested by
https://justpaste.me/zLUd
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85471 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:53 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: bb42c108a6323dd50c0efd854c59ace6
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 22 Oct 2023 20:50:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZJu9mO01LfViiC6atlMPOF9bgygIGoMf8J6M6XmtMryFlPpEYrHk6FyFFMZhO0i3Q1RRwonXZZ7wNNJzTL%2BdjCadDNpueemfZ8P2VafTmUXgIafduanfJtXN2DWc%2BxsC6NwyCKg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a49d7b3ddd6403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css

172.64.103.10

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
79 kB (79249 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:54 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:06:42 GMT
etag: W/"62136432-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LuKXNKXEW98%2FVjcqeMLgLn6k6%2FmATb8lQSXat%2FEU3Kr9T6KtuI6T8K%2BNcHNx2uLhHrToVSg6qrY6LRIvMds1y2mJNlAfulYTnAc02G6npQSZhDjBCGOLAhZLY8JnNLGza3mkPZP9bwvy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a49d844fec35dc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry

142.250.74.132

200 OK

7.2 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintC9:4D:78:AD:EC:04:27:EE:F0:06:4C:C8:78:D8:9F:06:B5:CC:39:37
ValidityThu, 28 Sep 2023 05:26:21 GMT - Thu, 21 Dec 2023 05:26:20 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7480), with no line terminators
Size
7.2 kB (7249 bytes)
Hash
7e3fcddb98af81d4f798654bb1edc4d3
637d511ab413b7d14cfe394410631ca4e0bed715
c3b1714d45f8d9425ea92b94f967243cc05a6009af837094bf4d19d6009179c7

HTTP Headers

GET /recaptcha/api2/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 22 Oct 2023 20:50:55 GMT
content-security-policy: script-src 'nonce-6-Eqzb9PwrftyGWqq1blzA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css

172.64.103.10

200 OK

4.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (4404), with no line terminators
Size
4.2 kB (4168 bytes)
Hash
68b1992666e9738c9fe476446c9554c6
7ed918e75115fd3be8bd1df1f6106d3f53129c78
c3ca1c3bc15dfab20c6c3733049214afc18b2deaba8d9685c57cc3f238b687d8

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:55 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:59:09 GMT
etag: W/"6213707d-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RVNwvl%2F6TCVGGG2sraqoFgXmx9x8ayxYw6gcCEOGQckDNBca9vQSK8ayuIkIYOYkPhkrohmHau2Bc5wqf1OZrc61YGdcgp1yZaGEVwWA6Rf0Ilitex5D870Kv2nqUEytnyGsLYYNVtbb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a49d844ff235dc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

6.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint28:23:2B:8B:2D:09:6C:BB:06:7A:35:80:95:BB:F8:03:41:C8:99:2C
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 22 Oct 2023 20:50:54 GMT
date: Sun, 22 Oct 2023 20:50:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js

172.64.103.10

200 OK

958 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (1009), with no line terminators
Size
958 B (958 bytes)
Hash
04835fd7dd7f8cfbad901bee8cff2170
38e9ed1e93f8f0beba9447a99afe3995e63b6f3e
be63bbd38c66ca9a9ee1c8abfed042fd5fc090c40b91ad561e922744ece47c41

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://justpaste.me
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:55 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5gVo3VU1Q39LVySwllDpnIisniMjfmhkvVEPZWxgUt86%2Fx55q5yfIoFHEgABMFR8c606Tcr9ZgGP%2FtI3RDD4H2k2737ktcZtGuO1p7pw23nLEXBzIWbXgKkZaznfPDffnEXOW7Y%2FxGa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a49d860a1735dc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g

142.250.74.132

200 OK

60 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintC9:4D:78:AD:EC:04:27:EE:F0:06:4C:C8:78:D8:9F:06:B5:CC:39:37
ValidityThu, 28 Sep 2023 05:26:21 GMT - Thu, 21 Dec 2023 05:26:20 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (51766)
Size
60 kB (60227 bytes)
Hash
4ffc446f47228106d1f26b36f82865e6
c93f4359939491147138fa277466f803b987aabd
63da9125d40e0b98fb16587b634312568f6847476079fed958dac7fb933b146c

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6LfaQQcUAAAAALYGofaAxzjCgzHmHdidKG_SxGry&co=aHR0cHM6Ly9qdXN0cGFzdGUubWU6NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=normal&cb=k4toow6n8t1g HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://justpaste.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 22 Oct 2023 20:50:53 GMT
content-security-policy: script-src 'nonce-JJ5dDco7FCUyLlCRCDEVOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js

172.64.103.10

200 OK

84 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://justpaste.me/zLUd
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (32025)
Size
84 kB (84380 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Oct 2023 20:50:54 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 21473934
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vfz0MyO%2Fj7L5pEzs0HEL8vIxKLxaJnEH649FCitwPctaGg%2FqZkcPGG5fxCBkUcw19h%2Bl9VcHgyIczQvF8oRQA%2FfXXwyItqi56G%2FmB4UfG1RE2MtIjIZwz2i7j71KzR61xoH%2BtfEpE9RZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81a49d84db964188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN