urlscan.io logo urlscan.io
SecurityTrails logo

pastehaven.com Open in urlscan Pro
172.67.153.241  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://of4free.com/breckie-hill
Effective URL: https://pastehaven.com/ic9olG-t
Submission: On December 30 via api from US — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 4 countries across 16 domains to perform 26 HTTP transactions. The main IP is 172.67.153.241, located in United States and belongs to CLOUDFLARENET, US. The main domain is pastehaven.com.
TLS certificate: Issued by WE1 on December 17th 2024. Valid for: 3 months.
This is the only time pastehaven.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 185.27.133.19 34119 (WILDCARD-...)
6 172.67.153.241 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:205... 16509 (AMAZON-02)
1 2a04:4e42::649 54113 (FASTLY)
1 104.18.11.207 13335 (CLOUDFLAR...)
1 2606:4700:310... 13335 (CLOUDFLAR...)
1 104.17.24.14 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 104.21.32.1 13335 (CLOUDFLAR...)
5 104.21.48.1 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
1 2606:4700:310... 13335 (CLOUDFLAR...)
1 3.160.150.5 16509 (AMAZON-02)
1 52.92.248.233 16509 (AMAZON-02)
26 15
1    185.27.133.19 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: sv83.ifastnet.com
of4free.com
6    172.67.153.241 (United States)

ASN13335 (CLOUDFLARENET, US)
pastehaven.com
1    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2600:9000:2057:4000:16:1026:5c80:21 (United States)

ASN16509 (AMAZON-02, US)
dt3y1f1i1disy.cloudfront.net
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2606:4700:3108::ac42:28a3 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.quilljs.com
1    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
2    104.21.32.1 (None, )

ASN13335 (CLOUDFLARENET, US)
ukankingwithea.com
5    104.21.48.1 (None, )

ASN13335 (CLOUDFLARENET, US)
ediatesuperviso.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    2606:4700:3108::ac42:2ad4 (United States)

ASN13335 (CLOUDFLARENET, US)
www.jopi.com
1    3.160.150.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-160-150-5.fra60.r.cloudfront.net
getrunkhomuto.info
1    52.92.248.233 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-w.amazonaws.com
webpick-cdn.s3.amazonaws.com
Apex Domain
Subdomains		 Transfer
6 pastehaven.com
pastehaven.com
1 MB
5 ediatesuperviso.com
ediatesuperviso.com
2 KB
2 ukankingwithea.com
ukankingwithea.com — Cisco Umbrella Rank: 30258
101 KB
1 amazonaws.com
webpick-cdn.s3.amazonaws.com — Cisco Umbrella Rank: 204578 Failed
3 KB
1 getrunkhomuto.info
getrunkhomuto.info — Cisco Umbrella Rank: 22441
2 KB
1 jopi.com
www.jopi.com — Cisco Umbrella Rank: 333624
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3353
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 617
7 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
14 KB
1 quilljs.com
cdn.quilljs.com — Cisco Umbrella Rank: 24276
78 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1255
12 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 847
31 KB
1 cloudfront.net
dt3y1f1i1disy.cloudfront.net
60 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
108 KB
1 of4free.com
of4free.com
468 B
0 Failed
function sub() { [native code] }. Failed
26 16
Domain Requested by
6 pastehaven.com pastehaven.com
static.cloudflareinsights.com
5 ediatesuperviso.com pastehaven.com
dt3y1f1i1disy.cloudfront.net
2 ukankingwithea.com dt3y1f1i1disy.cloudfront.net
1 webpick-cdn.s3.amazonaws.com dt3y1f1i1disy.cloudfront.net
1 getrunkhomuto.info dt3y1f1i1disy.cloudfront.net
1 www.jopi.com pastehaven.com
1 region1.google-analytics.com www.googletagmanager.com
1 static.cloudflareinsights.com pastehaven.com
1 cdnjs.cloudflare.com pastehaven.com
1 cdn.quilljs.com pastehaven.com
1 maxcdn.bootstrapcdn.com pastehaven.com
1 code.jquery.com pastehaven.com
1 dt3y1f1i1disy.cloudfront.net pastehaven.com
1 www.googletagmanager.com pastehaven.com
1 of4free.com 1 redirects
0 undefined Failed dt3y1f1i1disy.cloudfront.net
26 16

This site contains no links.

Subject Issuer Validity Valid
pastehaven.com
WE1		 2024-12-17 -
2025-03-17		 3 months crt.sh
*.google-analytics.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
bootstrapcdn.com
WE1		 2024-11-18 -
2025-02-16		 3 months crt.sh
cdn.quilljs.com
WE1		 2024-12-15 -
2025-03-15		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-11-26 -
2025-02-24		 3 months crt.sh
cloudflareinsights.com
WE1		 2024-11-01 -
2025-01-30		 3 months crt.sh
ukankingwithea.com
WE1		 2024-11-03 -
2025-02-01		 3 months crt.sh
ediatesuperviso.com
WE1		 2024-11-08 -
2025-02-06		 3 months crt.sh
jopi.com
WE1		 2024-12-22 -
2025-03-22		 3 months crt.sh
getrunkhomuto.info
Amazon RSA 2048 M03		 2024-04-01 -
2025-04-30		 a year crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2024-04-22 -
2025-04-07		 a year crt.sh

This page contains 4 frames:

Primary Page: https://pastehaven.com/ic9olG-t
Frame ID: DE2A27D6904712897620E71E63D36FBA
Requests: 23 HTTP requests in this frame

Frame: https://www.jopi.com/gam/go-up-dash/
Frame ID: 07D789D57828CA7799BB79DFA2C2DEFF
Requests: 1 HTTP requests in this frame

Frame: https://undefined/VEJnd2E1IAQaXjV/BVEUJi5aUlMSZ1UxBSBxHkYHZStWEwgnO0kUDTs3AxETOywTWQ8xNkJFJ2IUMA87BxQ+RSAuIREWMhEENy8zOhgxGxcxBTEQMj0pUDobGhAsJAY4CzYcGR8BJgAgOiEWODU8CSoNDmENHw8KBAU1AykDJQw5MgUvAQ1RJw8xMRE2OAhHID53VxQlFQEoGTM6IRBHWB9wEx8yPXJSODVhECs0Ai0PJhgWHjgqDzI9NQgWGzMGLg4gYg02RlkxOiUQMDkuFC0mAgcuLwk6ISFPAzYFNRsgEAMJPhhlCAZECiEgMRgmMnAtTzIDbxNCLy0XBDkyIyoqNlUtCyQ9FgwqXk87AwgkFg9tOD1GGSwLDUMJFRYxBDsWGC0WUj90NzYCbCAgJQ0XOBAGMQAyIREpIC8pEDAmCA0EFgcVFCc7ZhgDE1I4dj0iKyQgICUNHDgAAS8tISERKScTPjFYIRhVIQsHKx9HOyNkDQQOOjJaAlNsM1YaAiUI
Frame ID: B1C623300C65CFDAA994EE1DDED8B9F4
Requests: 1 HTTP requests in this frame

Frame: https://webpick-cdn.s3.amazonaws.com/snapecaht.png
Frame ID: 902A4763EF1A1F5FD0FA21A9CBE54EA3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://of4free.com/breckie-hill HTTP 301
    https://pastehaven.com/ic9olG-t Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

92 %
HTTPS

47 %
IPv6

16
Domains

16
Subdomains

15
IPs

4
Countries

1548 kB
Transfer

2401 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://of4free.com/breckie-hill HTTP 301
    https://pastehaven.com/ic9olG-t Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ic9olG-t
pastehaven.com/
Redirect Chain
  • https://of4free.com/breckie-hill
  • https://pastehaven.com/ic9olG-t
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pastehaven.com/ic9olG-t
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1f3349c7e588cf0606de3814d5ab7071985131b176c3a640fa971ecb8a6ab9b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f9f6db54a6393e4-LHR
content-encoding
zstd
content-type
text/html; charset=utf-8
date
Mon, 30 Dec 2024 04:53:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SjXycvTEZFPAlrYNWPl%2BMYV%2BcZaFwoPGGIVmlq5cdPfgc5QVes15TjOxZYeYUiyP7j9FHM4JGdYDJgihG72P2Wy52wYP63%2FZ3eTKU0xI1x%2FPAdCV1FWj2e8yye3%2Bx9hgfA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfCacheStatus;desc="DYNAMIC" cfL4;desc="?proto=QUIC&rtt=42339&min_rtt=42314&rtt_var=8969&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4215&recv_bytes=4447&delivery_rate=14876&cwnd=12000&unsent_bytes=0&cid=0b11cdf569f8c814&ts=150&x=1" cfExtPri cfHdrFlush;dur=0
vary
Cookie

Redirect headers

cache-control
max-age=0
content-length
301
content-type
text/html; charset=iso-8859-1
date
Mon, 30 Dec 2024 04:53:51 GMT
expires
Mon, 30 Dec 2024 04:53:51 GMT
location
https://pastehaven.com/ic9olG-t
server
openresty
js
www.googletagmanager.com/gtag/ 		323 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-GX09DWLM9P
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9d713da42c721a108e864e7dff31e60c946691d242c1d8b1c056a21c9e59bbf3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 30 Dec 2024 04:53:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 30 Dec 2024 04:53:51 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
109742
x-xss-protection
0
server
Google Tag Manager
/
dt3y1f1i1disy.cloudfront.net/ 		203 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dt3y1f1i1disy.cloudfront.net/?ifytd=1056135
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4000:16:1026:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f13ea150bc6d43638cdf4ac52a923dca5ffe4daa287005278483fd44c9ae3237

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding
gzip
pragma
no-cache
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
61497
x-amz-cf-id
PfYBvj9_sApxezwf_k-vz8VBGHGUvd31EguXqskYspQA0ggiw4M_pg==
date
Mon, 30 Dec 2024 04:53:52 GMT
x-amz-cf-pop
FRA6-C1
style.css
pastehaven.com/static/css/ 		25 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pastehaven.com/static/css/style.css
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a53a8134546876312f0309b323191e7bcc063cb5536fa41edff371456a88ce4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/ic9olG-t

Response headers

content-encoding
zstd
cf-cache-status
REVALIDATED
etag
W/"1734110855.0-26078-3544059032"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Byc61%2FC%2FSG71vEFi%2F0mPGI9sDeSGLMQMxQ9%2FgRYtIRjbOK3DR%2FaERIDCKAqKATWmgGVIFec2Vms9m3HJoY%2B6m%2B2AZMTNn8%2BFZumOZ7gwxvWgPL35cmJGT1ixZ2eJe6Lnzw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=42336&min_rtt=42091&rtt_var=3897&sent=16&recv=14&lost=0&retrans=0&sent_bytes=7258&recv_bytes=5948&delivery_rate=32413&cwnd=12000&unsent_bytes=0&cid=0b11cdf569f8c814&ts=313&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 30 Dec 2024 04:53:51 GMT
content-type
text/css; charset=utf-8
content-disposition
inline; filename=style.css
vary
Cookie, Accept-Encoding
last-modified
Fri, 13 Dec 2024 17:27:35 GMT
priority
u=0,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f9f6db66ae893e4-LHR
server
cloudflare
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

content-encoding
gzip
etag
W/"28feccc0-15d9d"
age
4057722
x-cache
HIT, HIT
date
Mon, 30 Dec 2024 04:53:51 GMT
content-type
application/javascript; charset=utf-8
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits
8, 788650
x-served-by
cache-lga21931-LGA, cache-fra-etou8220071-FRA
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=604800
x-timer
S1735534432.863776,VS0,VE0
cross-origin-resource-policy
cross-origin
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
30875
server
nginx
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/ 		39 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

cdn-status
200
content-encoding
br
cf-cache-status
HIT
etag
"2f34b630ffe30ba2ff2b91e3f3c322a1"
age
516004
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 30 Dec 2024 04:53:51 GMT
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cdn-cache
HIT
cdn-cachedat
09/30/2024 19:30:39
cdn-requestpullcode
200
priority
u=1,i=?0
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
timing-allow-origin
*
cdn-requesttime
0
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
fe626af388fd1e168bb43f8174aa8a12
cross-origin-resource-policy
cross-origin
cdn-pullzone
252412
cdn-proxyver
1.04
cf-ray
8f9f6db6ba40ef2f-LHR
access-control-allow-origin
*
cdn-edgestorageid
1186
server
cloudflare
cdn-requestcountrycode
FR
quill.js
cdn.quilljs.com/1.3.6/ 		427 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.quilljs.com/1.3.6/quill.js
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28a3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4da70cd71b5a0e224e95865829a8356a93907c7d47ebb6b23cb8014c6ff9c48
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"c11e87e46275c866af8ef7b394884fb9"
age
140883
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4NJ88lVTwuvlPZsLM2RKfC1q4emKNGHJuh9OtxKIwTrEBjssfrIU1ZF4U5smb7I8VvSfJrNYrGy5xDbk%2F6SliN6iYa8pOuWk2HsLazQtTFP1lqcUwOGlcySnHXmBD99EGxKeEO8F52fSwwU8bg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=42369&min_rtt=42362&rtt_var=8948&sent=7&recv=10&lost=0&retrans=0&sent_bytes=4002&recv_bytes=2150&delivery_rate=91792&cwnd=125&unsent_bytes=0&cid=02caf39fa76c2efd&ts=60&x=0"
date
Mon, 30 Dec 2024 04:53:51 GMT
content-type
application/javascript
last-modified
Mon, 22 Apr 2024 16:07:39 UTC
vary
Accept-Encoding, Accept-Encoding
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f9f6db70f7963cb-LHR
access-control-allow-origin
*
server
cloudflare
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ 		47 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"61182885-3694"
age
92803
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xam%2BtUoci42jDyBIR8Zks9vxHC4zGpBncZKgNR3hQuTHjAY8UHhMPyrlvpXStjs7xt%2BHPnVTJ8ihEQZogjvxkjkSAxAryTnfS%2Fix%2FpkPfvTd2IIbPzmOAESuYhLR0V7uwCPOG9xB"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sat, 20 Dec 2025 04:53:51 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 30 Dec 2024 04:53:51 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 14 Aug 2021 20:33:09 GMT
vary
Accept-Encoding
priority
u=1,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8f9f6db6aae57196-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
13972
server
cloudflare
daco.js
pastehaven.com/static/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pastehaven.com/static/js/daco.js
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd1b4e3f9086659d0a51d1157ef3d3b611289dba5a2fd4378fec8d32d2d4d825

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/ic9olG-t

Response headers

content-encoding
zstd
cf-cache-status
REVALIDATED
etag
W/"1731526949.0-3362-2903771942"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yK1AJWy3ZM3LMwAFR%2FMXMYiebvMLKbvtgkaRhNZFeRSbG2hcJ%2BYM%2BzzgTrcDRE7y%2FNmU6ClEj8BJcTpWMg1cZRZ8EleiswO%2F2n2EQyokr34p09BkF%2BhSjyhp4hR7U12bIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=42336&min_rtt=42091&rtt_var=3897&sent=22&recv=14&lost=0&retrans=0&sent_bytes=12987&recv_bytes=5948&delivery_rate=32413&cwnd=12000&unsent_bytes=0&cid=0b11cdf569f8c814&ts=314&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 30 Dec 2024 04:53:51 GMT
content-type
application/javascript; charset=utf-8
content-disposition
inline; filename=daco.js
vary
Cookie, Accept-Encoding
last-modified
Wed, 13 Nov 2024 19:42:29 GMT
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f9f6db66aea93e4-LHR
server
cloudflare
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://pastehaven.com
Referer
https://pastehaven.com/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
8f9f6db9085977b2-LHR
access-control-allow-origin
*
date
Mon, 30 Dec 2024 04:53:52 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
asd100.bin
ukankingwithea.com/ 		100 KB
101 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ukankingwithea.com/asd100.bin
Requested by
Host: dt3y1f1i1disy.cloudfront.net
URL: https://dt3y1f1i1disy.cloudfront.net/?ifytd=1056135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.32.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

cf-cache-status
HIT
age
389
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oEQs34oB0Tn0K5bG79LtDQE7fq3rA28DUsUuIHbUtzTJ0CpqBkuixMrbl1SfxFJuu2n4ZWdD2zXQzot4GfUybgRffKCoHgmoDTicED8XKbMz5xR%2F6Cvf0jI52x7Ad5zOOxVX5mA%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
date
Mon, 30 Dec 2024 04:53:52 GMT
content-type
binary/octet-stream
vary
Accept-Encoding
last-modified
Mon, 30 Dec 2024 04:47:23 GMT
access-control-allow-headers
X-Requested-With, content-type
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
8f9f6dba9a4d48b8-LHR
access-control-allow-origin
https://pastehaven.com
server
cloudflare
/
ukankingwithea.com/ 		26 B
541 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ukankingwithea.com/
Requested by
Host: dt3y1f1i1disy.cloudfront.net
URL: https://dt3y1f1i1disy.cloudfront.net/?ifytd=1056135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.32.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e311e4a77bc63cfc1347e3ef1262051892fa70d93cc18a0a8f7e49161681c62

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hkJoyllrOLFfUXNAs4UKkSvGaJYcru0znv2thJSvNHRWwOHlRFcWgb6qRsUkr0b1vCFhVCtvMogcp7HKquZjETQ6z0LI7MewY2h11Hwut9qSqPcDr5bY6fM%2BCPlAclqylix7MWw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
access-control-allow-credentials
true
cf-ray
8f9f6dba9a4e48b8-LHR
access-control-allow-origin
https://pastehaven.com
alt-svc
h3=":443"; ma=86400
date
Mon, 30 Dec 2024 04:53:52 GMT
content-type
text/plain
server
cloudflare
access-control-allow-headers
X-Requested-With, content-type
TXBxCSwELWpIb0N0YkpsRHJlSmxB
ediatesuperviso.com/cEFXeVhffjQKZRIGLwkPNxMCLjQ2Lg8vLBYZEA0LJwcvGDk2BHENMRR8ZkltRnBkTH4AKDNEa0JnJA05BDQkRGlWKDkfN01nIURoXnh5S3ZGZyJEaVY1Jxg/ 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ediatesuperviso.com/cEFXeVhffjQKZRIGLwkPNxMCLjQ2Lg8vLBYZEA0LJwcvGDk2BHENMRR8ZkltRnBkTH4AKDNEa0JnJA05BDQkRGlWKDkfN01nIURoXnh5S3ZGZyJEaVY1Jxg/TXBxCSwELWpIb0N0YkpsRHJlSmxB
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.48.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fHhJppGoJt6h9dtXp4%2BbR4e9WEruIezWXb6YFhA5KuaxYCw3JVVxxnX5ZzNeNzp18Iyfo9UJQEIhMAJEcQdytx%2BE%2FmCbTuKKVHFGf9qZCwXaksnV9iJWWAgTHCPbgU0ICCAZj5nt"}],"group":"cf-nel","max_age":604800}
cf-ray
8f9f6dba9f73bec8-LHR
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Mon, 30 Dec 2024 04:53:52 GMT
server
cloudflare
Q3ZFaEtsSSYbdiYgCxkGcjgHMh0KMiQDfiQuMionFyELMgpxL2McIidLdFh+dUd2XW0zHyFVeHFQNhwqNwM2VXlzRnJOIi0QKlV5ZQB4WGV6WHdGfWUDeFltNwYkD3ZyUDUcPy9LdF94dkN2XH9wRHZceQ
ediatesuperviso.com/ 		0
381 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ediatesuperviso.com/Q3ZFaEtsSSYbdiYgCxkGcjgHMh0KMiQDfiQuMionFyELMgpxL2McIidLdFh+dUd2XW0zHyFVeHFQNhwqNwM2VXlzRnJOIi0QKlV5ZQB4WGV6WHdGfWUDeFltNwYkD3ZyUDUcPy9LdF94dkN2XH9wRHZceQ
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.48.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=giJ3VWHYkp3s%2FsgwKBZI3u%2BqsG6ZxlWN3NjsKfYk8HFNtX2hos4D83wOzTqGKybpN96nBKwlum8wQ7fxofqmYG6NvMY2RaxfVJJFE%2BRD9bTH2tkzz7HSOjbovodvB%2FOGfBe0GLrv"}],"group":"cf-nel","max_age":604800}
cf-ray
8f9f6dba9f71bec8-LHR
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Mon, 30 Dec 2024 04:53:52 GMT
server
cloudflare
popunder.gif
ediatesuperviso.com/ 		35 B
571 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ediatesuperviso.com/popunder.gif
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.48.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
age
91443
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RiFvzClOqrBgFRRe6rhXPai6icYHkXmiGTGjrqnwqI%2B6%2FPW%2F%2FvCHIAOgtb3%2F%2B9fEe3XLiC%2FCDqYMTmrKpVeCOAjv5SozyZOVpBs7WZQcQU%2FHI9%2Bre4arJtmLEmOiruIOOyu%2FoIcl"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
date
Mon, 30 Dec 2024 04:53:52 GMT
content-type
image/gif
last-modified
Sun, 29 Dec 2024 03:29:49 GMT
vary
Accept-Encoding
cache-control
public, max-age=604800, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
public
cf-ray
8f9f6dba9f72bec8-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
58
server
cloudflare
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-GX09DWLM9P&gtm=45je4cc1v9199520120za200&_p=1735534432346&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1048585978.1735534432&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1735534432&sct=1&seg=0&dl=https%3A%2F%2Fpastehaven.com%2Fic9olG-t&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1126
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GX09DWLM9P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://pastehaven.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 30 Dec 2024 04:53:52 GMT
content-type
text/plain
server
Golfe2
/
www.jopi.com/gam/go-up-dash/ Frame 07D7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.jopi.com/gam/go-up-dash/
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/ic9olG-t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2ad4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://pastehaven.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
6913
cache-control
max-age=2678400
cf-cache-status
HIT
cf-ray
8f9f6dbb2af745a1-LHR
content-encoding
br
content-type
text/html
date
Mon, 30 Dec 2024 04:53:52 GMT
last-modified
Wed, 20 Mar 2024 12:19:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLLXVwOsQcSuR%2FPd6uzGrLc7Cg7AcWZEnO5r7jgv8gfRUib8kbp%2BsxDZNl9OJOZLusv0BDzG4RGQflu92OF4u3R6hXnec9zWEhzVJT90ZB7r0vosbcJ5HNB91rYptlpK2BaGq62F9PhPEw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=42310&min_rtt=42255&rtt_var=8964&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3983&recv_bytes=2365&delivery_rate=91777&cwnd=239&unsent_bytes=0&cid=fd05610d18b603ed&ts=56&x=0"
vary
Accept-Encoding Accept-Encoding
x-cache
MISS
wait_backmby.png
pastehaven.com/static/img/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pastehaven.com/static/img/wait_backmby.png
Requested by
Host: pastehaven.com
URL: https://pastehaven.com/static/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c9cd1311f71762e23458de401e68b05fa027c787fce945692416c8288242e6b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/static/css/style.css

Response headers

cf-cache-status
REVALIDATED
etag
"1728859962.0-1143548-894242628"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vt1VuLz7ihsEhKh16JrTNa5Uz0FtBqTaoDgiQ34xW0UxRLp9C0ceDiEMyP0yzKFYnh82vr7feRe6DVfISDjngUZApm6H8fhWqmFdV8EoKnur8abFh5%2Bv7IkULtQ0wq%2F%2BeA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=42564&min_rtt=42091&rtt_var=1306&sent=26&recv=20&lost=0&retrans=0&sent_bytes=15029&recv_bytes=6969&delivery_rate=62225&cwnd=12000&unsent_bytes=0&cid=0b11cdf569f8c814&ts=981&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 30 Dec 2024 04:53:52 GMT
content-type
image/png
content-disposition
inline; filename=wait_backmby.png
vary
Cookie, Accept-Encoding
last-modified
Sun, 13 Oct 2024 22:52:42 GMT
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f9f6dba8d9093e4-LHR
accept-ranges
bytes
content-length
1143548
server
cloudflare
BVEUJi5aUlMSZ1UxBSBxHkYHZStWEwgnO0kUDTs3AxETOywTWQ8xNkJFJ2IUMA87BxQ+RSAuIREWMhEENy8zOhgxGxcxBTEQMj0pUDobGhAsJAY4CzYcGR8BJgAgOiEWODU8CSoNDmENHw8KBAU1AykDJQw5MgUvAQ1RJw8xMRE2OAhHID53VxQlFQEoGTM6IRBHW...
undefined/VEJnd2E1IAQaXjV/ Frame B1C6 		0
0
bjJlNHpBDQZHRzR0AgAjBGQGVh0sYSFyNBx2M3E+O3UCeC8Jc0NAEwoPVARPWANWAVweWwEJSVwUFkAbGkcWCUheAlISEwBUCglISERYBFRXHFcaTEhHWAVcGkIEU0dfFBVADgIPVANJWwdWAE5dAFEBQg
ediatesuperviso.com/ 		0
382 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://ediatesuperviso.com/bjJlNHpBDQZHRzR0AgAjBGQGVh0sYSFyNBx2M3E+O3UCeC8Jc0NAEwoPVARPWANWAVweWwEJSVwUFkAbGkcWCUheAlISEwBUCglISERYBFRXHFcaTEhHWAVcGkIEU0dfFBVADgIPVANJWwdWAE5dAFEBQg
Requested by
Host: dt3y1f1i1disy.cloudfront.net
URL: https://dt3y1f1i1disy.cloudfront.net/?ifytd=1056135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.48.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jZ0wmPmefywKRCuCB2BxLOGx%2BaDsszwS7%2BQK3%2BGk0cl%2Fz2ZEEDvVMxJg6QZ5uRH8T7SlsaMc94LuNN4b9K4qpcL5GXIgQIpJGyur7P4Rk0pzBTrf9A8y3XdD8yBk1IQ%2F6ixrFNSQ"}],"group":"cf-nel","max_age":604800}
cf-ray
8f9f6dbaff74bec8-LHR
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Mon, 30 Dec 2024 04:53:52 GMT
server
cloudflare
floater
getrunkhomuto.info/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://getrunkhomuto.info/floater?cs=aVVnanBRY19aSV5mUllGXWVUWkU&abt=0&red=1&sm=83&k=paste%20pastehaven%20sharing&v=0.9.2.6&sts=0&prn=0&emb=0&tid=1056135&rxy=1600_1200&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fpastehaven.com%2Fic9olG-t&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F131.0.0.0%20safari%2F537.36&tzd=0&uloc=&if=0&aa=oi1_&_4lhW=1735534432458&crc=1
Requested by
Host: dt3y1f1i1disy.cloudfront.net
URL: https://dt3y1f1i1disy.cloudfront.net/?ifytd=1056135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.160.150.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-160-150-5.fra60.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
66da36c88a1606ac37314b15d4269782018faa2dd84d064402ee0d993fb29f91

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
pragma
no-cache
access-control-allow-credentials
true
via
1.1 96f7375d4633bdc30f727db82897e3b4.cloudfront.net (CloudFront)
access-control-allow-origin
https://pastehaven.com
x-cache
Miss from cloudfront
content-length
947
p3p
CP="NID DSP ALL COR"
date
Mon, 30 Dec 2024 04:53:53 GMT
content-type
text/plain; charset=utf-8
x-amz-cf-pop
FRA60-P7
server
openresty/1.17.8.2
x-amz-cf-id
PRJWnGouWJkqJ-ZM1Bt7iCgVkPJRWZqnT7SolcAprokRNyGI20KpVQ==
rum
pastehaven.com/cdn-cgi/ 		0
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pastehaven.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
application/json
Referer
https://pastehaven.com/ic9olG-t

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
x-content-type-options
nosniff
cf-ray
8f9f6dbd9f3293e4-LHR
access-control-allow-origin
https://pastehaven.com
date
Mon, 30 Dec 2024 04:53:52 GMT
vary
Origin
server
cloudflare
x-frame-options
DENY
favicon.ico
pastehaven.com/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pastehaven.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69eb73ba0866212a435475f6cb1306798497496af7fa7226e405094622ce836b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/ic9olG-t

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
EXPIRED
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XwMxHVwgEYaqW%2BV3E%2BE5ixRWQslul9RAgEon0OWMvcxEXsbDAz4gNGUTa19bTid51v9LGutJgodY%2BbuSKWz%2FESbsdSrpy1Q%2BorAwOIRKFSZ7Asi9ZqreQAgpKU2zgUIDOw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f9f6dbdaf3993e4-LHR
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=43043&min_rtt=42091&rtt_var=521&sent=1156&recv=236&lost=143&retrans=143&sent_bytes=1357354&recv_bytes=25806&delivery_rate=2592&cwnd=367080&unsent_bytes=0&cid=0b11cdf569f8c814&ts=1495&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 30 Dec 2024 04:53:53 GMT
content-type
text/html; charset=utf-8
vary
Cookie, Accept-Encoding
server
cloudflare
last-modified
Mon, 30 Dec 2024 04:53:53 GMT
priority
u=1,i
WHZ8FyNbMj40M1Q7On8gWzRrZhNbJiI9dQIQeGliB2t6aWQFZnhjYgdiemZoAXU4bGAbamBjfgN1O2xoBGt2ZmMNan5lYQxlfWl2QSMvNm0EdT4lJFluf2ZjAGZ9ZWQGZ39nYQ
ediatesuperviso.com/U05RUDV8cTIjCDJ8PmRhYCIFCHQRa2MWZBU2CxRtKx4JYVofKGEnEycnNW0EY3tnYQZmaCE5UW59Y3ZGJy8lJUZufGFgAHUnPzZabnxhYANjfmFgA3Z5EjhBJz4idQYSa2MWEGEIJjVXIycyOxgwKj9+RmBgMD1UKSE/MUIgYDI/ 		0
381 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://ediatesuperviso.com/U05RUDV8cTIjCDJ8PmRhYCIFCHQRa2MWZBU2CxRtKx4JYVofKGEnEycnNW0EY3tnYQZmaCE5UW59Y3ZGJy8lJUZufGFgAHUnPzZabnxhYANjfmFgA3Z5EjhBJz4idQYSa2MWEGEIJjVXIycyOxgwKj9+RmBgMD1UKSE/MUIgYDI/WHZ8FyNbMj40M1Q7On8gWzRrZhNbJiI9dQIQeGliB2t6aWQFZnhjYgdiemZoAXU4bGAbamBjfgN1O2xoBGt2ZmMNan5lYQxlfWl2QSMvNm0EdT4lJFluf2ZjAGZ9ZWQGZ39nYQ
Requested by
Host: dt3y1f1i1disy.cloudfront.net
URL: https://dt3y1f1i1disy.cloudfront.net/?ifytd=1056135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.48.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pastehaven.com/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yG6y2x5msvWajaOpS%2FHeKFJ1sxYaNykIYvNW0MDIHEKwd1tJZqwJdyFh0iopl6EtwJ%2BPcK%2B61XdK%2Bz7ulIdpR0tdmxMsI9YguJ2IoU%2FaJLRlEQbW0CNgqbrF5piYCXhs3Yy9FR4J"}],"group":"cf-nel","max_age":604800}
cf-ray
8f9f6dc5af81bec8-LHR
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Mon, 30 Dec 2024 04:53:54 GMT
server
cloudflare
snapecaht.png
webpick-cdn.s3.amazonaws.com/ 		0
0
snapecaht.png
webpick-cdn.s3.amazonaws.com/ Frame 902A 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webpick-cdn.s3.amazonaws.com/snapecaht.png
Requested by
Host: dt3y1f1i1disy.cloudfront.net
URL: https://dt3y1f1i1disy.cloudfront.net/?ifytd=1056135
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
52.92.248.233 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
5af1e32d6499ad2c5e9249164daa9a39860fb4e6f64b223b04fe0afa0c0b6ee2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-meta-s3b-last-modified
20181225T134720Z
ETag
"84cde431b32705bc6e18c3d7ccc2dd29"
x-amz-request-id
Y1TRR9T1AWR8K181
Accept-Ranges
bytes
Content-Length
2888
Date
Mon, 30 Dec 2024 04:53:55 GMT
Last-Modified
Tue, 25 Dec 2018 13:48:43 GMT
Content-Type
image/png
Server
AmazonS3
x-amz-id-2
OqvxDzn8dDugp8XUfoq8bkUa2+mrTs359H9owU51JzYwRRb2wlu6T2fcP+IlTTwZuLEIrwwYSzI=
truncated
/ Frame 902A 		897 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be1f5cf222de390da64f302bda4ffb1b7e650b89ece430a6a08796fd64aad060

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
undefined
URL
https://undefined/VEJnd2E1IAQaXjV/BVEUJi5aUlMSZ1UxBSBxHkYHZStWEwgnO0kUDTs3AxETOywTWQ8xNkJFJ2IUMA87BxQ+RSAuIREWMhEENy8zOhgxGxcxBTEQMj0pUDobGhAsJAY4CzYcGR8BJgAgOiEWODU8CSoNDmENHw8KBAU1AykDJQw5MgUvAQ1RJw8xMRE2OAhHID53VxQlFQEoGTM6IRBHWB9wEx8yPXJSODVhECs0Ai0PJhgWHjgqDzI9NQgWGzMGLg4gYg02RlkxOiUQMDkuFC0mAgcuLwk6ISFPAzYFNRsgEAMJPhhlCAZECiEgMRgmMnAtTzIDbxNCLy0XBDkyIyoqNlUtCyQ9FgwqXk87AwgkFg9tOD1GGSwLDUMJFRYxBDsWGC0WUj90NzYCbCAgJQ0XOBAGMQAyIREpIC8pEDAmCA0EFgcVFCc7ZhgDE1I4dj0iKyQgICUNHDgAAS8tISERKScTPjFYIRhVIQsHKx9HOyNkDQQOOjJaAlNsM1YaAiUI
Domain
webpick-cdn.s3.amazonaws.com
URL
https://webpick-cdn.s3.amazonaws.com/snapecaht.png

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| google_tag_manager object| google_tag_data object| dataLayer string| lklefsvsdg number| _1816122478 function| gtag function| onYouTubeIframeAPIReady object| gaGlobal function| $ function| jQuery function| Quill object| CryptoJS object| quill function| getLastSegmentOfURL function| getVIP string| cas object| __cfBeacon string| a number| refS

5 Cookies

Domain/Path Name / Value
pastehaven.com/ Name: access_token
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTczNTUzNDQzMSwianRpIjoiYWUyY2U2NmQtNTU3Ny00MzgwLWIyN2ItZDg4N2QwZDQzMDllIiwidHlwZSI6ImFjY2VzcyIsInN1YiI6ImM5YTY5YjgzLWM0ODEtNGMzMC1hZjk1LTk3ODg3YzM4YjJjMSIsIm5iZiI6MTczNTUzNDQzMSwiY3NyZiI6IjM4OGEwMDQ2LTFmZjgtNDNkNy05NGNkLTllNmQwODdlNzRlNiIsImV4cCI6MTczNTUzOTgzMX0.ADlthAuz5evhQGYpb6v734_9dQyF-LXLR5tJGrB1edU
pastehaven.com/ Name: session
Value: cKlYoqDDYSWB-5qMSuLKusZ4GZHyk_M1SMnm0KHEzv0._PDXIX-b1G7icC_SCS7HPbBSRgM
.pastehaven.com/ Name: _ga
Value: GA1.1.1048585978.1735534432
.pastehaven.com/ Name: _ga_GX09DWLM9P
Value: GS1.1.1735534432.1.0.1735534432.0.0.0
ukankingwithea.com/ Name: csu
Value: 818873890419638@1@1735534432

1 Console Messages

Source Level URL
Text
security warning URL: https://dt3y1f1i1disy.cloudfront.net/?ifytd=1056135(Line 153)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.quilljs.com
cdnjs.cloudflare.com
code.jquery.com
dt3y1f1i1disy.cloudfront.net
ediatesuperviso.com
getrunkhomuto.info
maxcdn.bootstrapcdn.com
of4free.com
pastehaven.com
region1.google-analytics.com
static.cloudflareinsights.com
ukankingwithea.com
undefined
webpick-cdn.s3.amazonaws.com
www.googletagmanager.com
www.jopi.com
undefined
webpick-cdn.s3.amazonaws.com
104.17.24.14
104.18.11.207
104.21.32.1
104.21.48.1
172.67.153.241
185.27.133.19
2001:4860:4802:32::36
2600:9000:2057:4000:16:1026:5c80:21
2606:4700:3108::ac42:28a3
2606:4700:3108::ac42:2ad4
2606:4700::6810:4f49
2a00:1450:4001:80f::2008
2a04:4e42::649
3.160.150.5
52.92.248.233
1e311e4a77bc63cfc1347e3ef1262051892fa70d93cc18a0a8f7e49161681c62
2c9cd1311f71762e23458de401e68b05fa027c787fce945692416c8288242e6b
5af1e32d6499ad2c5e9249164daa9a39860fb4e6f64b223b04fe0afa0c0b6ee2
66da36c88a1606ac37314b15d4269782018faa2dd84d064402ee0d993fb29f91
69eb73ba0866212a435475f6cb1306798497496af7fa7226e405094622ce836b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
9a53a8134546876312f0309b323191e7bcc063cb5536fa41edff371456a88ce4
9d713da42c721a108e864e7dff31e60c946691d242c1d8b1c056a21c9e59bbf3
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a4da70cd71b5a0e224e95865829a8356a93907c7d47ebb6b23cb8014c6ff9c48
bd1b4e3f9086659d0a51d1157ef3d3b611289dba5a2fd4378fec8d32d2d4d825
be1f5cf222de390da64f302bda4ffb1b7e650b89ece430a6a08796fd64aad060
e1f3349c7e588cf0606de3814d5ab7071985131b176c3a640fa971ecb8a6ab9b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f13ea150bc6d43638cdf4ac52a923dca5ffe4daa287005278483fd44c9ae3237
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e