paintinsidethelines.com Open in urlscan Pro
69.49.234.158  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request verification.html Show response paintinsidethelines.com/CD/b/	33 KB 33 KB	406ms 131ms	Document text/html	69.49.234.158 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://paintinsidethelines.com/CD/b/verification.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 69.49.234.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 69-49-234-158.unifiedlayer.com Software Apache / Resource Hash 8b7b178c93a76adb09eef20d6c1c03348dd07589c68e53f447766cf1e600640e Request headers Host paintinsidethelines.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Thu, 19 Aug 2021 19:25:39 GMT Server Apache Last-Modified Wed, 26 May 2021 20:25:52 GMT Accept-Ranges bytes Content-Length 34041 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H2	200	bootstrap.min.css maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/	157 KB 25 KB	31ms 14ms	Stylesheet text/css	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 19:25:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 601, 617 age 12938315 cdn-cachedat 2021-03-11 11:57:51 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 timing-allow-origin * access-control-allow-origin * last-modified Mon, 25 Jan 2021 22:04:11 GMT server cloudflare cdn-requestpullcode 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type text/css; charset=utf-8 cdn-cache HIT vary Accept-Encoding cache-control public, max-age=31919000 cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestid 542e49561780812596250f098642438a cf-ray 6815c4e64b6305f5-FRA cdn-requestcountrycode DE cdn-requestpullsuccess True
GET H2	200	all.css use.fontawesome.com/releases/v5.7.0/css/	53 KB 13 KB	31ms 15ms	Stylesheet text/css	2606:4700:3037::6815:4e07 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.7.0/css/all.css Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash afdc6bf2de981ffd7d370b76f44e7580572f197efbe214b9cfa4005d189d8eae Request headers Origin https://paintinsidethelines.com Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 19:25:40 GMT content-encoding br vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 226257 access-control-allow-methods GET alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 x-amz-request-id TRSZJ08PZEK9Z87S x-amz-id-2 x2pxS5baMKJ+8a2XgPtiDWo273R490tjecWEZQmEPtCITup2xcGN7ysX5kkkKD83MzKxMIxDdaU= last-modified Wed, 30 Jun 2021 15:45:15 GMT server cloudflare etag W/"251d28bd755f5269a4531df8a81d5664" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 3000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kP7IrThOCfg279wbysNajOusz13Bv6%2BsANNFKlUfpAV61fn3WEXX0%2FOCL5UNZIyrDGsdL5g348OUQt8%2BcB8AWODqqd1cewR9npA6mAtCXkkEkSmvDMitRyoKJ96dL0MOWfAa9SlE4IttpXnBk%2FdUPQss"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * cache-control max-age=31556926 cf-ray 6815c4e64e284a85-FRA
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.5.1/	87 KB 31 KB	27ms 6ms	Script text/javascript	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 19:18:27 GMT content-encoding gzip x-content-type-options nosniff age 433 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31021 x-xss-protection 0 last-modified Fri, 08 May 2020 07:05:03 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 19 Aug 2022 19:18:27 GMT
GET H2	200	popper.min.js Show response cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/	21 KB 7 KB	14ms 13ms	Script application/javascript	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 19:25:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 84002 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 6696 timing-allow-origin * last-modified Mon, 04 May 2020 16:15:37 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03fa9-5309" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8yPjxEfyNl6dUO13%2BSBYNEif4SSbXjFDQNuCh8H5mzNclW3sR2ozBFW08X%2BR6BBaf1Ysm2JAly6f38iPMNLU1rpnMqbT2O7LIyND7fiSEQq%2FGCTebQnPhOfR3V4%2Bl0D9muf5bhDfMcPPQfXtf5bOdZZR"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6815c4e6383f4a5c-FRA expires Tue, 09 Aug 2022 19:25:40 GMT
GET H2	200	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/	59 KB 16 KB	29ms 13ms	Script application/javascript	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 19:25:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 601, 617, 617 age 2380417 cdn-cachedat 2021-07-21 17:53:41 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 timing-allow-origin * access-control-allow-origin * last-modified Mon, 25 Jan 2021 22:04:11 GMT server cloudflare cdn-requestpullcode 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript; charset=utf-8 cdn-cache HIT vary Accept-Encoding cache-control public, max-age=31919000 cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestid 8c3ded9e6abcba53400775a4a89b5cbd cf-ray 6815c4e64b6405f5-FRA cdn-requestcountrycode DE cdn-requestpullsuccess True
GET H2	200	logo.jpg quirky-shaw-20dc92.netlify.app/download-files/	4 KB 4 KB	364ms 336ms	Image image/jpeg	2a03:b0c0:3:d0::d22:8001 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://quirky-shaw-20dc92.netlify.app/download-files/logo.jpg Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:b0c0:3:d0::d22:8001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Netlify / Resource Hash e845fbeff8d887915686f428e8776f64c8598967b8557b58ab2508bf024222e8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-nf-request-id 01FDFY0K10BBE205X4MHYHXDP3 date Thu, 19 Aug 2021 19:25:40 GMT server Netlify age 0 etag "96865597bbb7af73637e85d36cfc9b8c-ssl" strict-transport-security max-age=31536000; includeSubDomains; preload content-type image/jpeg cache-control public, max-age=0, must-revalidate accept-ranges bytes content-length 4215
GET H2	200	top.jpg quirky-shaw-20dc92.netlify.app/download-files/	5 KB 5 KB	531ms 507ms	Image image/jpeg	2a03:b0c0:3:d0::d22:8001 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://quirky-shaw-20dc92.netlify.app/download-files/top.jpg Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:b0c0:3:d0::d22:8001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Netlify / Resource Hash 42a4af9fd520adeaa5adc5b816e3d06c561430313d2be48da527ee203bb8283a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-nf-request-id 01FDFY0K10S604SH3P2YNGQV3W date Thu, 19 Aug 2021 19:25:40 GMT server Netlify age 0 etag "4ab61ca10a5612ba10f1b836e85e13f3-ssl" strict-transport-security max-age=31536000; includeSubDomains; preload content-type image/jpeg cache-control public, max-age=0, must-revalidate accept-ranges bytes content-length 5183
GET DATA	200 OK	truncated /	4 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 574f6aeefe2fa8aee43405b5b14211cbfe518c390eaa09bc045eea3240c2593b Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	8 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c074e76dd727cfac94a3bd569636f9f6fbd2110ec2f2613fa460df9687dd26b7 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/jpeg
GET H2	200	ou.gif quirky-shaw-20dc92.netlify.app/	603 KB 604 KB	162ms 160ms	Image image/gif	2a03:b0c0:3:d0::d22:8001 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://quirky-shaw-20dc92.netlify.app/ou.gif Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:b0c0:3:d0::d22:8001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Netlify / Resource Hash 5fbc55c7aca8515003db933fbfc27147afea85b30c666bee69d1a535c6e5d7fe Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-nf-request-id 01FDFY0K2S6MRHH3D6GD12RDCX date Thu, 19 Aug 2021 19:25:40 GMT server Netlify age 0 etag "cd96f670647ca066121adf5d7746479f-ssl" strict-transport-security max-age=31536000; includeSubDomains; preload content-type image/gif cache-control public, max-age=0, must-revalidate accept-ranges bytes content-length 617715
GET H2	200	jquery-3.2.1.slim.min.js Show response code.jquery.com/	68 KB 24 KB	36ms 17ms	Script application/javascript	2001:4de0:ac18::1:a:1a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.2.1.slim.min.js Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Request headers Origin https://paintinsidethelines.com Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 19:25:40 GMT content-encoding gzip last-modified Mon, 20 Mar 2017 19:01:15 GMT server nginx etag W/"58d026fb-10fdd" vary Accept-Encoding x-hw 1629401140.dop246.fr8.t,1629401140.cds272.fr8.hn,1629401140.cds257.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 23856
GET H3-29	200	popper.min.js Show response cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/	19 KB 7 KB	28ms 27ms	Script application/javascript	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Origin https://paintinsidethelines.com Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 19:25:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1295407 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 6157 timing-allow-origin * last-modified Mon, 04 May 2020 16:15:37 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03fa9-4af4" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dOWZeaDzbklxr4BSXAuAIOwybGSq%2FYNNXRIG8uz5OiKHyLiUROdv0o4PwuRzUHgd%2FqoE%2FaC1HnraokUgYe179IPiEBzjMC5NaP9KhP1pMafPZ6Ys1dWWD64%2Bcxt%2BgeCCAfbmrHxHTMwbz7RzQ0Iz9osb"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6815c4e6ff7fdfdb-FRA expires Tue, 09 Aug 2022 19:25:40 GMT
GET H3-29	200	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/	48 KB 14 KB	27ms 17ms	Script application/javascript	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Origin https://paintinsidethelines.com Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 19:25:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 601 age 783208 cdn-cachedat 08/04/2021 00:04:37 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cdn-proxyver 1.0 timing-allow-origin * access-control-allow-origin * last-modified Mon, 25 Jan 2021 22:04:04 GMT server cloudflare cdn-requestpullcode 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript; charset=utf-8 cdn-cache HIT vary Accept-Encoding cache-control public, max-age=31919000 cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestid c832de1e641dffcb9c47688bdc8f92e0 cf-ray 6815c4e6fe0a4ed3-FRA cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H3-29	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.4/	84 KB 29 KB	21ms 7ms	Script text/javascript	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 18:18:37 GMT content-encoding gzip x-content-type-options nosniff age 4023 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30028 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 19 Aug 2022 18:18:37 GMT
GET H2	200	bootstrap.min.js Show response stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/	50 KB 14 KB	14ms 12ms	Script application/javascript	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 19:25:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 723, 718 age 12953857 cdn-cachedat 2021-03-11 11:57:52 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 timing-allow-origin * access-control-allow-origin * last-modified Mon, 25 Jan 2021 22:04:06 GMT server cloudflare cdn-requestpullcode 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript; charset=utf-8 cdn-cache HIT vary Accept-Encoding cache-control public, max-age=31919000 cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestid 48f4598378fe1b699fcee6ac68d6cc25 cf-ray 6815c4e6fd1c05f5-FRA cdn-requestcountrycode DE cdn-requestpullsuccess True
GET H2	200	jquery.session.min.js Show response cdn.jsdelivr.net/npm/jquery.session@1.0.0/	2 KB 1 KB	19ms 5ms	Script application/javascript	2a04:4e42:3::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js Requested by Host: paintinsidethelines.com URL: https://paintinsidethelines.com/CD/b/verification.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:3::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 76ad6584ac5bdd459939dc7532fae7c2bdd8e22d773ff16d2306f42a1ffc569c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://paintinsidethelines.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 51786 x-jsd-version 1.0.0 x-cache HIT cross-origin-resource-policy cross-origin content-length 933 etag W/"91d-mUGbC+S4VCL/hIcOVNvYpS3G2rE" x-served-by cache-fra19136-FRA x-jsd-version-type version date Thu, 19 Aug 2021 19:25:40 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET DATA	200 OK	truncated /	4 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 970db46ee8b429a0081070681ef437d42e4c25b1c87fa582652802dadf416912 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/jpeg

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| Popper object| bootstrap

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			paintinsidethelines.com/	1970-01-19 20:36:41	Name: __session:0.5531923409178066: Value: https:

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
maxcdn.bootstrapcdn.com
paintinsidethelines.com
quirky-shaw-20dc92.netlify.app
stackpath.bootstrapcdn.com
use.fontawesome.com
2001:4de0:ac18::1:a:1a
2606:4700:3037::6815:4e07
2606:4700::6810:135e
2606:4700::6812:bcf
2a00:1450:4001:80f::200a
2a03:b0c0:3:d0::d22:8001
2a04:4e42:3::485
69.49.234.158
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
42a4af9fd520adeaa5adc5b816e3d06c561430313d2be48da527ee203bb8283a
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
574f6aeefe2fa8aee43405b5b14211cbfe518c390eaa09bc045eea3240c2593b
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
5fbc55c7aca8515003db933fbfc27147afea85b30c666bee69d1a535c6e5d7fe
76ad6584ac5bdd459939dc7532fae7c2bdd8e22d773ff16d2306f42a1ffc569c
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
8b7b178c93a76adb09eef20d6c1c03348dd07589c68e53f447766cf1e600640e
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
970db46ee8b429a0081070681ef437d42e4c25b1c87fa582652802dadf416912
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
afdc6bf2de981ffd7d370b76f44e7580572f197efbe214b9cfa4005d189d8eae
c074e76dd727cfac94a3bd569636f9f6fbd2110ec2f2613fa460df9687dd26b7
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
e845fbeff8d887915686f428e8776f64c8598967b8557b58ab2508bf024222e8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d