paste2.org Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://paste2.org/
Effective URL:
https://paste2.org/
Submission: On May 15 via api (May 15th 2024, 3:37:16 pm UTC) from US — Scanned from NL

Summary HTTP 18 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is paste2.org.
TLS certificate: Issued by E1 on April 13th 2024. Valid for: 3 months.

This is the only time paste2.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 18	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2

18 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

paste2.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	paste2.org 1 redirects paste2.org	89 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 804	7 KB
18	2

	Domain	Requested by
18	paste2.org	1 redirects paste2.org static.cloudflareinsights.com
1	static.cloudflareinsights.com	paste2.org
18	2

This site contains links to these domains. Also see Links.

Domain
twitter.com

Subject Issuer	Validity	Valid
paste2.org E1	`2024-04-13` - `2024-07-12`	3 months	crt.sh
cloudflareinsights.com GTS CA 1P5	`2024-05-08` - `2024-08-06`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://paste2.org/
Frame ID: FD63E6EEA1A9E9B8474841B7B48E807F
Requests: 15 HTTP requests in this frame

Frame: https://paste2.org/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
Frame ID: DFAEF5C73D30599A68E94AFABAE0701C
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Paste2.org - New Paste

Page URL History Show full URLs

http://paste2.org/ HTTP 307
https://paste2.org/ Page URL

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Page Statistics

18
Requests

94 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

95 kB
Transfer

236 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/paste2org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://paste2.org/ HTTP 307
https://paste2.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://paste2.org/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://paste2.org/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
paste2.org/
Redirect Chain

http://paste2.org/
https://paste2.org/

26 KB
7 KB

70ms
33ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paste2.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76f60c5dd2eb0f7dd74fbab98ec50df9a110c5d78c2d07e2a278a2d90f95dd72

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

age: 23691
alt-svc: h3=":443"; ma=86400
cache-control: max-age=7200
cf-cache-status: HIT
cf-ray: 884435361c576643-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 15 May 2024 15:37:11 GMT
last-modified: Tue, 14 May 2024 22:31:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4qNWjqBlcyma3OLnFKoqsTziA4X4%2BrRvOWRnXaC2B2IcGQ7uCTptjSjdZeNQpj8cqQvEkCg29KQ4Sg4tMBCaaM28sQ9GFRs%2BCI2KIcA7fhxs%2FPoBWeSlJo0GTCb"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

Location: https://paste2.org/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 paste2-compiled.css
paste2.org/static/templates/paste2/css/ 22 KB
5 KB 30ms
29ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Requested by: Host: paste2.org
URL: https://paste2.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8be54d1c4f478da6feb94528597f7471a50bc11b603411d3a4782bc71c78ae19

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6153
cf-polished: origSize=22727
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
server: cloudflare
etag: W/"54c3e753-58c7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IscUgCRVGefhilqZvZd9Rl3NztVIsHGH7qAf8dGqUYYANXCKsPPGFxnsrJ3wU9uJF%2FeF8q55PhY8N%2FFJVcYaongv8IqcgGSlJozrbDyMCsbqgoMYjLztxjamtl4g"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=7200
cf-ray: 884435365c9f6643-AMS
priority: u=0,i=?0

GET
H3 200 default.css
paste2.org/static/templates/paste2/pygments/ 2 KB
911 B 30ms
30ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paste2.org/static/templates/paste2/pygments/default.css
Requested by: Host: paste2.org
URL: https://paste2.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88a84135c66ef1121cf4739622bd7dff598f7811b483c0d8e710cbb27a01f4be

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6153
cf-polished: origSize=3906
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
server: cloudflare
etag: W/"54c3e753-f42"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MGI%2Bj4pemCQtqhBdh%2Bu4sd1eeS8HP%2Bo8WtjJtb6eJpu8n%2FjNMqGDZhjQDCi%2F5oIs8UWsQDhW8U%2F3DVj%2FmDTsJjvragkdJk%2BcVxboRV9Zazy9GYO1GQpAVAlZ2Mxc"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=7200
cf-ray: 884435365ca26643-AMS
priority: u=0,i=?0

GET
H3 200 follow_us-a.png
paste2.org/static/templates/paste2/img/ 2 KB
2 KB 31ms
30ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paste2.org/static/templates/paste2/img/follow_us-a.png
Requested by: Host: paste2.org
URL: https://paste2.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e48dad69eba31f3ce752b7984349be85f600858fae2ede9c3cf64a4515dbc960

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3532
alt-svc: h3=":443"; ma=86400
content-length: 1981
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
server: cloudflare
etag: "54c3e753-7bd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OoJqN11WhKkFdyfjdIkDkxXBsreyTaorfyU%2B6%2BizyOGwlaXWJ5DzSBs4E7c2hGKLYU8AjIGwCsCQdCjsTxsUyS2h4hJBBGswe5jp288a4Ru5Z8JwU%2BmYK1ndTTzl"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 884435365ca36643-AMS
priority: u=2,i

GET
H3 200 rocket-loader.min.js Show response
paste2.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 23ms
22ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paste2.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: paste2.org
URL: https://paste2.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 May 2024 09:31:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"663b4689-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7PjssjFH9Wi4HKGWisOqORUD7kEAt6uEwYpvpLkdokoNEnmAT4pNZEUFEFzxla2ecngKGzPBY9rUu6lrSpNyLcsLuC0LlpIbyd1eyxgoiAvrRpTc%2F6G%2FqUUp0fPg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 884435367cb36643-AMS
expires: Fri, 17 May 2024 15:37:11 GMT

GET
H2 200 vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 98ms
59ms Script
text/javascript 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
Requested by: Host: paste2.org
URL: https://paste2.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/
Origin: https://paste2.org
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
content-encoding: gzip
last-modified: Mon, 06 May 2024 19:01:13 GMT
server: cloudflare
etag: W/"2024.4.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 88443536bd5f6560-AMS

GET
H3 200 stars.png
paste2.org/static/templates/paste2/img/ 7 KB
8 KB 25ms
24ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paste2.org/static/templates/paste2/img/stars.png
Requested by: Host: paste2.org
URL: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae365ebd33969b398d8f47b780af0c4a95ba6887bc2860fa35587e8e372f3335

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3532
alt-svc: h3=":443"; ma=86400
content-length: 7538
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
server: cloudflare
etag: "54c3e753-1d72"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l4xxRpTaryPdL9MRhSTkqPMFkzJjxCju3Pq8RHzXjNxDn4E%2B%2B76ShqCGMhNnPBm6t%2FBfsBPK6bsWriFMwYMoDM5egb0B8VL%2BX2l%2Fx9udFRIDo%2F4SUUaUDX3dDpB6"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 88443536acee6643-AMS
priority: u=3,i

GET
H3 200 logo.png
paste2.org/static/templates/paste2/img/ 5 KB
5 KB 28ms
26ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paste2.org/static/templates/paste2/img/logo.png
Requested by: Host: paste2.org
URL: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c1674da0ebe24996f0a48fea8982d47402333d12638ad5c6c7bbe3de606bc23

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3532
alt-svc: h3=":443"; ma=86400
content-length: 4993
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
server: cloudflare
etag: "54c3e753-1381"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Evw4r2ISPYPYmrRywrREcWGSx1Mwy8Z%2BIsCI7FIbzs0RsiI%2FxoUqe02%2Bey14uNGXPoWZjW6ya9nbs8pz%2BuyeJfbislatjxncMgEC5DTd%2BLkY83d5VrpE0o2cCI6"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 88443536acf26643-AMS
priority: u=3,i

GET
H3 200 tab_inactive.png
paste2.org/static/templates/paste2/img/ 201 B
653 B 25ms
24ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paste2.org/static/templates/paste2/img/tab_inactive.png
Requested by: Host: paste2.org
URL: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b39dd856be2f311c6279b64c08f0dd4f1d87be33aaa1480f0848c3d637ecc521

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 604
alt-svc: h3=":443"; ma=86400
content-length: 201
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
server: cloudflare
etag: "54c3e753-c9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xkIhnSfnGKZ%2BldMA4Saok6L6teV4Nk6HPpfb2RUNbXHR8zqdwjnI3F1ovRDX3jicQvCIo4uxiZupEFwQ34vRTxrOwMmWAX6e9u%2B0iw%2B6mJ7NkcKmveGqEe51lt5I"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 88443536acf66643-AMS
priority: u=3,i

GET
H3 200 exclamation.png
paste2.org/static/templates/paste2/img/ 538 B
991 B 58ms
57ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paste2.org/static/templates/paste2/img/exclamation.png
Requested by: Host: paste2.org
URL: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b40cf7a6236597089d1fafe6b6acdcb8262308f3620a881d5e9d8f1309f048ad

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
cf-cache-status: HIT
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "54c3e753-21a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TEYs42WI%2B9HkEHAvmbMYSPdrtxjWmf8AmLkNXi5%2B%2B0qSxy%2FYv4On%2BHCLAhp41MDfq4gh4871GE6p4DCgimRfkdvUVZzqNWPkUt6lZJ3TIKjYZpjgUehxpJ81IQRw"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 88443536acf86643-AMS
alt-svc: h3=":443"; ma=86400
content-length: 538
priority: u=3,i

GET
H3 200 gh-icons.png
paste2.org/static/templates/paste2/img/ 4 KB
4 KB 44ms
44ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paste2.org/static/templates/paste2/img/gh-icons.png
Requested by: Host: paste2.org
URL: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 018c7d12a799726510b7d6e7ce4a18023b3f70aded8102d3cdee725f34175658

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
cf-cache-status: HIT
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "54c3e753-f6c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1zB4HYxf5EbXHqfYGUmRX0F10dtlfncsufcKM0bCgR1tvHBme67%2Fww9orvm6z5X%2BkOXxvGZdUGaDf2JpZ8FzWTLmyBEsqAFzQlW7xsAi0feGRuY%2BLvX1OUBbrdvg"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 88443536bd086643-AMS
alt-svc: h3=":443"; ma=86400
content-length: 3948
priority: u=3,i

GET
H3

200

main.js Show response
paste2.org/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/ Frame DFAE
Redirect Chain

https://paste2.org/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://paste2.org/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js

8 KB
4 KB

21ms
20ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paste2.org/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js

Protocol

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaec1cd1663dc005f1fdf9e4acfa1eff5e527ad7c93a53ed2a78af1808d76340

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6e0SWHIGtEh7spRR%2B94RiEyDAt%2B10GQjGkAYoo6xuoWfLWtoZipKtkV4f1HlacvBEqXt2VOlbci0dfMTVvz6QF4mh8B0gl4ZGPFNeVyw7310hKNQWakwYoSokros"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 884435377dc56643-AMS
alt-svc: h3=":443"; ma=86400
priority: u=3,i=?0

Redirect headers

date: Wed, 15 May 2024 15:37:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oCsDoMbi72vZqP5C%2BG%2BFkXumuYZmQUFyHPAr5F0082LFOAqyycBvBrE30l87wzoBs3KvjlsVsjGOBzfoPEOWVFeQ7nNh0ootLrKMk4x6wT4RhpnYnRHFpvnb%2BHan"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 884435372d756643-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i=?0

GET
H3 200 paste2-compiled.js Show response
paste2.org/static/templates/paste2/js/ 127 KB
42 KB 30ms
30ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paste2.org/static/templates/paste2/js/paste2-compiled.js?1
Requested by: Host: paste2.org
URL: https://paste2.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00cf6e7d2c6e5c82dc45c40c95e4af199d0a78ec5d3b209f2c747430c80f788a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3532
cf-polished: origSize=130392
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
server: cloudflare
etag: W/"54c3e753-1fd58"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eraHaSM5z8oLZ0c6n0VVZkCmDZ2N5XOw0yQKoNsA6DVC%2Bopj7bzFmVHMyCqHh54rfE%2BZbO8eG5btnKjVq6kVs%2FKC5uqiFbwXaaAuGFgmjQMKfUIgf4pwjt%2BU%2BCcC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 884435372d7d6643-AMS
priority: u=3,i=?0

POST
H3 204 rum Show response
paste2.org/cdn-cgi/ 0
138 B 18ms
18ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paste2.org/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://paste2.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://paste2.org
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 884435373d8f6643-AMS

GET
H3 200 favicon.ico
paste2.org/static/templates/paste2/ 1 KB
1 KB 29ms
29ms Other
image/x-icon 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paste2.org/static/templates/paste2/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be3eaf3836e5eeb575d196313d5549014fe5ea4c3c535f6e5b3602da6caacbf5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5841
etag: W/"54c3e753-57e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yLhXo2VvvKeH4c5oEBtAlnSSSYrxF0IXYhqDofWnP5xhA8diSK%2B3QdM2ByvTTlO9zXWagyzse1sX0kknsgotg5mFSVqsEiaBbRrGX3l%2FWt%2Boz9PmaRkw6U1jBQUz"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: max-age=7200
cf-ray: 884435378dca6643-AMS
alt-svc: h3=":443"; ma=86400
priority: u=1,i

GET
H3 200 select.png
paste2.org/static/templates/paste2/img/ 316 B
761 B 43ms
42ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paste2.org/static/templates/paste2/img/select.png
Requested by: Host: paste2.org
URL: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb263a5011b340d346a85642957957653441e6cbd204d7e7d013678ca2859a84

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://paste2.org/static/templates/paste2/css/paste2-compiled.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
cf-cache-status: HIT
last-modified: Sat, 24 Jan 2015 18:41:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "54c3e753-13c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=omrpfAy20DcGtb%2B2ILVVpLGspNEyEfqidCxEFM7RABmZlPlIb1oHMZpzkmxBKJgk0ySYnZfsdNdBmY4OBskhbu21t796eKBvfWHdOMFnm6AmPm0ZjqeXsQHHA8SO"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 884435379de06643-AMS
alt-svc: h3=":443"; ma=86400
content-length: 316
priority: u=3,i

POST
H3 200 884435361c576643 Show response
paste2.org/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame DFAE 0
595 B 35ms
34ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paste2.org/cdn-cgi/challenge-platform/h/g/jsd/r/884435361c576643
Requested by: Host: paste2.org
URL: https://paste2.org/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lRQSITyVLnLmAWJb6UMnFctTCQswlnPAs4M%2FLMVMHBvMgmrhMUBr70%2BSiTxNG2MmQeuWwcIUGF2yWaiCAxpnCO2XLLi1TUt%2Bd24vlSlHazIjfPPLV3G%2BqShdZK4Y"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 884435387eae6643-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=1,i

POST
H3 200 884435361c576643 Show response
paste2.org/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame DFAE 0
592 B 32ms
32ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paste2.org/cdn-cgi/challenge-platform/h/g/jsd/r/884435361c576643
Requested by: Host: paste2.org
URL: https://paste2.org/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 15 May 2024 15:37:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ErLfkHXE%2Fd9ZMfFAIC2ZaxfMtwYRki2yaZwfd0cWLLMgeiY3HYlnV59wSLzJPf1wqlXi0eB7Ncrqwo3Y8P0r63nuBhama1iTurC2E%2BlPFbWYpxaRTyFzJYpKqIon"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 884435390f436643-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.paste2.org/	1970-01-21 05:22:03	Name: cf_clearance Value: s5KhQbZq5l4UoksQMxoIvsK6MQP3eASu649nTvkdmjU-1715787431-1.0.1.1-YbE3GMOaLNHGP4YGnhdYmi68aEPRl8duXqIKqrjCV3kV0v1xsqCZA6SrB0wgNlO10o2gNI8KE_DjS_5VcbZqmQ

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

paste2.org
static.cloudflareinsights.com
188.114.97.3
2606:4700::6810:4f49
00cf6e7d2c6e5c82dc45c40c95e4af199d0a78ec5d3b209f2c747430c80f788a
018c7d12a799726510b7d6e7ce4a18023b3f70aded8102d3cdee725f34175658
5c1674da0ebe24996f0a48fea8982d47402333d12638ad5c6c7bbe3de606bc23
76f60c5dd2eb0f7dd74fbab98ec50df9a110c5d78c2d07e2a278a2d90f95dd72
88a84135c66ef1121cf4739622bd7dff598f7811b483c0d8e710cbb27a01f4be
8be54d1c4f478da6feb94528597f7471a50bc11b603411d3a4782bc71c78ae19
ae365ebd33969b398d8f47b780af0c4a95ba6887bc2860fa35587e8e372f3335
b39dd856be2f311c6279b64c08f0dd4f1d87be33aaa1480f0848c3d637ecc521
b40cf7a6236597089d1fafe6b6acdcb8262308f3620a881d5e9d8f1309f048ad
be3eaf3836e5eeb575d196313d5549014fe5ea4c3c535f6e5b3602da6caacbf5
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48dad69eba31f3ce752b7984349be85f600858fae2ede9c3cf64a4515dbc960
eaec1cd1663dc005f1fdf9e4acfa1eff5e527ad7c93a53ed2a78af1808d76340
fb263a5011b340d346a85642957957653441e6cbd204d7e7d013678ca2859a84

paste2.org Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

94 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

95 kBTransfer

236 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

1 Cookies

Indicators

paste2.org Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

95 kB
Transfer

236 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!