Overview

URL pastebin.com/raw/cktyvfqt
IP104.20.67.143
ASNCLOUDFLARENET
Location
Report completed2022-09-29 07:11:41 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-29 2 pastebin.com/raw/cktyvfqt Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (2)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS firefox.settings.services.mozilla.com (1) 867 2020-05-28 17:26:30 UTC 2022-09-29 05:05:36 UTC 143.204.55.36
mnemonic passive DNS pastebin.com (2) 25623 2012-05-20 18:39:30 UTC 2022-09-28 23:39:13 UTC 104.20.67.143


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.20.67.143

Date UQ / IDS / BL URL IP
2022-11-19 21:06:38 +0000
0 - 0 - 1 pastebin.com/raw/bGP57Cw4 104.20.67.143
2022-11-07 06:43:43 +0000
0 - 0 - 1 pastebin.com/raw/CSDquxq9 104.20.67.143
2022-11-06 23:05:14 +0000
0 - 0 - 1 pastebin.com/raw/bG7zFCL4 104.20.67.143
2022-10-23 05:27:12 +0000
0 - 0 - 1 pastebin.com/raw/89HKc7WB 104.20.67.143
2022-10-23 05:13:21 +0000
0 - 0 - 1 pastebin.com/raw/PXuJ2cR6 104.20.67.143

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-01 20:56:20 +0000
0 - 0 - 2 cw-trk.ju4w.in/ga/click/2-70382221-3715-25652 (...) 172.67.139.152
2022-12-01 20:56:10 +0000
0 - 0 - 2 airbank.space/ 104.21.87.177
2022-12-01 20:55:31 +0000
0 - 0 - 3 fluctuationlocomotive.cn/ 188.114.97.1
2022-12-01 20:54:56 +0000
0 - 0 - 3 172.67.186.57 172.67.186.57
2022-12-01 20:54:19 +0000
0 - 0 - 2 cent.oq7j.in/error.php 104.21.73.138

Last 5 reports on domain: pastebin.com

Date UQ / IDS / BL URL IP
2022-11-19 21:06:47 +0000
0 - 0 - 1 pastebin.com/raw/aCUeZzx6 172.67.34.170
2022-11-19 21:06:38 +0000
0 - 0 - 1 pastebin.com/raw/bGP57Cw4 104.20.67.143
2022-11-19 21:06:30 +0000
0 - 0 - 1 pastebin.com/raw/SizdT00A 172.67.34.170
2022-11-19 19:42:53 +0000
0 - 0 - 1 pastebin.com/raw/7mfAY8wk 104.20.68.143
2022-11-18 21:59:39 +0000
0 - 0 - 1 pastebin.com/raw/1z810bGR 104.20.68.143

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-23 04:48:45 +0000
0 - 0 - 1 pastebin.com/raw/cktyvfqt 172.67.34.170
2022-10-23 04:46:25 +0000
0 - 0 - 1 pastebin.com/raw/cL49LHSm 172.67.34.170
2022-10-23 04:46:22 +0000
0 - 0 - 1 pastebin.com/raw/Y39hPQSy 172.67.34.170
2022-10-23 04:46:19 +0000
0 - 0 - 1 pastebin.com/raw/FiYDPwxJ 104.20.68.143
2022-10-23 04:39:32 +0000
0 - 0 - 1 pastebin.com/raw/wWrpn4er 172.67.34.170


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (3)


Request Response
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 06:29:33 GMT
Expires: Thu, 29 Sep 2022 06:37:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YboZxB-BDXk849z3UT_7msObbme1yt7XrFkeigIvnWkUsBzxfEkmvg==
Age: 2523


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /raw/cktyvfqt HTTP/1.1 
Host: pastebin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.20.67.143
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
date: Thu, 29 Sep 2022 07:11:31 GMT
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: MISS
last-modified: Thu, 29 Sep 2022 07:11:31 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7522e7b9edbfb515-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: pastebin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pastebin.com/raw/cktyvfqt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.20.67.143
HTTP/2 200 OK
content-type: image/x-icon
                                        
date: Thu, 29 Sep 2022 07:11:31 GMT
last-modified: Sat, 24 Sep 2022 08:49:37 GMT
etag: W/"632ec4a1-13e"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6351
vary: Accept-Encoding
server: cloudflare
cf-ray: 7522e7bb9809b515-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---