paste2.org
Open in
urlscan Pro
188.114.97.3
Malicious Activity!
Public Scan
Effective URL: https://paste2.org/
Submission: On May 15 via api from US — Scanned from NL
Summary
TLS certificate: Issued by E1 on April 13th 2024. Valid for: 3 months.
This is the only time paste2.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 18 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:4f49 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
paste2.org
1 redirects
paste2.org |
89 KB |
1 |
cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 804 |
7 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
18 | paste2.org |
1 redirects
paste2.org
static.cloudflareinsights.com |
1 | static.cloudflareinsights.com |
paste2.org
|
18 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
twitter.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
paste2.org E1 |
2024-04-13 - 2024-07-12 |
3 months | crt.sh |
cloudflareinsights.com GTS CA 1P5 |
2024-05-08 - 2024-08-06 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://paste2.org/
Frame ID: FD63E6EEA1A9E9B8474841B7B48E807F
Requests: 15 HTTP requests in this frame
Frame:
https://paste2.org/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
Frame ID: DFAEF5C73D30599A68E94AFABAE0701C
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Paste2.org - New PastePage URL History Show full URLs
-
http://paste2.org/
HTTP 307
https://paste2.org/ Page URL
Detected technologies
Cloudflare Browser Insights (Analytics) ExpandDetected patterns
- static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://paste2.org/
HTTP 307
https://paste2.org/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://paste2.org/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://paste2.org/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
paste2.org/ Redirect Chain
|
26 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
paste2-compiled.css
paste2.org/static/templates/paste2/css/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
default.css
paste2.org/static/templates/paste2/pygments/ |
2 KB 911 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
follow_us-a.png
paste2.org/static/templates/paste2/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rocket-loader.min.js
paste2.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
static.cloudflareinsights.com/beacon.min.js/ |
19 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
stars.png
paste2.org/static/templates/paste2/img/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
paste2.org/static/templates/paste2/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tab_inactive.png
paste2.org/static/templates/paste2/img/ |
201 B 653 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
exclamation.png
paste2.org/static/templates/paste2/img/ |
538 B 991 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gh-icons.png
paste2.org/static/templates/paste2/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
paste2.org/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/ Frame DFAE Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
paste2-compiled.js
paste2.org/static/templates/paste2/js/ |
127 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
rum
paste2.org/cdn-cgi/ |
0 138 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
paste2.org/static/templates/paste2/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
select.png
paste2.org/static/templates/paste2/img/ |
316 B 761 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
884435361c576643
paste2.org/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame DFAE |
0 595 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
884435361c576643
paste2.org/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame DFAE |
0 592 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| __cfQR object| __cfBeacon function| downloadJSAtOnload boolean| __cfRLUnblockHandlers function| $ function| jQuery function| Sizzle function| checkAllPrettyCheckboxes object| s object| c object| $this1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.paste2.org/ | Name: cf_clearance Value: s5KhQbZq5l4UoksQMxoIvsK6MQP3eASu649nTvkdmjU-1715787431-1.0.1.1-YbE3GMOaLNHGP4YGnhdYmi68aEPRl8duXqIKqrjCV3kV0v1xsqCZA6SrB0wgNlO10o2gNI8KE_DjS_5VcbZqmQ |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
paste2.org
static.cloudflareinsights.com
188.114.97.3
2606:4700::6810:4f49
00cf6e7d2c6e5c82dc45c40c95e4af199d0a78ec5d3b209f2c747430c80f788a
018c7d12a799726510b7d6e7ce4a18023b3f70aded8102d3cdee725f34175658
5c1674da0ebe24996f0a48fea8982d47402333d12638ad5c6c7bbe3de606bc23
76f60c5dd2eb0f7dd74fbab98ec50df9a110c5d78c2d07e2a278a2d90f95dd72
88a84135c66ef1121cf4739622bd7dff598f7811b483c0d8e710cbb27a01f4be
8be54d1c4f478da6feb94528597f7471a50bc11b603411d3a4782bc71c78ae19
ae365ebd33969b398d8f47b780af0c4a95ba6887bc2860fa35587e8e372f3335
b39dd856be2f311c6279b64c08f0dd4f1d87be33aaa1480f0848c3d637ecc521
b40cf7a6236597089d1fafe6b6acdcb8262308f3620a881d5e9d8f1309f048ad
be3eaf3836e5eeb575d196313d5549014fe5ea4c3c535f6e5b3602da6caacbf5
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48dad69eba31f3ce752b7984349be85f600858fae2ede9c3cf64a4515dbc960
eaec1cd1663dc005f1fdf9e4acfa1eff5e527ad7c93a53ed2a78af1808d76340
fb263a5011b340d346a85642957957653441e6cbd204d7e7d013678ca2859a84