This detection rule identifies direct access to raw paste services commonly utilized in the second stages of malware operations to download obfuscated malicious code. These paste services allow users to store and share text, often facilitating the distribution of code snippets in a way that can evade network filters. The rule is designed for proxy log analysis, looking for specific Uniform Resource Identifier (URI) patterns indicative of raw paste accesses from sites like Pastebin and Hastebin. By flagging these URIs, the detection aims to uncover potential command-and-control communication or data exfiltration attempts devised by threat actors. The rationale is that legitimate access can be excluded, while any unusual usage patterns may warrant further investigation.