control0ea54.online Open in urlscan Pro
162.240.167.185 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://kernel.guru/rXKbb
Effective URL:
https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b
Submission: On January 30 via api (January 30th 2024, 10:57:31 pm UTC) from DE — Scanned from CH

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 162.240.167.185, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is control0ea54.online.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 30th 2024. Valid for: 3 months.

This is the only time control0ea54.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.240.139.66 35.240.139.66	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 12	162.240.167.185 162.240.167.185	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
11	2

1 35.240.139.66 (Singapore, Singapore) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 66.139.240.35.bc.googleusercontent.com

kernel.guru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 162.240.167.185 (United States) 3 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-240-167-185.unifiedlayer.com

control0ea54.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	control0ea54.online 3 redirects control0ea54.online	331 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2611	24 KB
1	kernel.guru 1 redirects kernel.guru	475 B
11	3

	Domain	Requested by
12	control0ea54.online	3 redirects control0ea54.online
2	www.paypalobjects.com	control0ea54.online
1	kernel.guru	1 redirects
11	3

This site contains no links.

Subject Issuer	Validity	Valid
control0ea54.online cPanel, Inc. Certification Authority	`2024-01-30` - `2024-04-29`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-10-12` - `2024-10-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b
Frame ID: D7AF8C83C12199292F54347B02AA3B8F
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Melden Sie sich bei Ihrem PayPal-Konto an

Page URL History Show full URLs

https://kernel.guru/rXKbb HTTP 301
https://control0ea54.online/ HTTP 302
https://control0ea54.online/secure/index?id=chase&country=CH HTTP 302
https://control0ea54.online/secure/3 HTTP 301
https://control0ea54.online/secure/3/ Page URL
https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cd... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

355 kB
Transfer

353 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kernel.guru/rXKbb HTTP 301
https://control0ea54.online/ HTTP 302
https://control0ea54.online/secure/index?id=chase&country=CH HTTP 302
https://control0ea54.online/secure/3 HTTP 301
https://control0ea54.online/secure/3/ Page URL
https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://kernel.guru/rXKbb HTTP 301
https://control0ea54.online/ HTTP 302
https://control0ea54.online/secure/index?id=chase&country=CH HTTP 302
https://control0ea54.online/secure/3 HTTP 301
https://control0ea54.online/secure/3/

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
control0ea54.online/secure/3/
Redirect Chain

https://kernel.guru/rXKbb
https://control0ea54.online/
https://control0ea54.online/secure/index?id=chase&country=CH
https://control0ea54.online/secure/3
https://control0ea54.online/secure/3/

125 B
175 B

275ms
275ms

Document
text/html

162.240.167.185
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://control0ea54.online/secure/3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.240.167.185 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-240-167-185.unifiedlayer.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-CH,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Tue, 30 Jan 2024 22:57:25 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

content-length: 245
content-type: text/html; charset=iso-8859-1
date: Tue, 30 Jan 2024 22:57:24 GMT
location: https://control0ea54.online/secure/3/
server: Apache

GET
H2 200 Primary Request 4.php Show response
control0ea54.online/secure/3/ 4 KB
4 KB 234ms
234ms Document
text/html 162.240.167.185
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.240.167.185 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-240-167-185.unifiedlayer.com

Software

Apache /

Resource Hash

f31ae037a2f8a37f3c0bdaaeb7dd7d304fac74dac577c91dd1dab9af20fc598c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://control0ea54.online/secure/3/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-CH,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 30 Jan 2024 22:57:25 GMT
server: Apache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 jquery-3.2.1.min.js Show response
control0ea54.online/secure/3/56ce037aad0253/ 85 KB
85 KB 524ms
524ms Script
application/javascript 162.240.167.185
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://control0ea54.online/secure/3/56ce037aad0253/jquery-3.2.1.min.js

Requested by

Host: control0ea54.online
URL: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.240.167.185 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-240-167-185.unifiedlayer.com

Software

Apache /

Resource Hash

a9cb021d2bf22fd7b002d027be449f491ed1c34928a9d49abb9551cda88ee727

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jan 2024 22:57:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Nov 2022 14:24:04 GMT
server: Apache
content-type: application/javascript
accept-ranges: bytes
content-length: 87312
x-xss-protection: 1; mode=block

GET
H2 200 stylogino.css
control0ea54.online/secure/3/statics/ 66 KB
66 KB 1111ms
1110ms Stylesheet
text/css 162.240.167.185
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://control0ea54.online/secure/3/statics/stylogino.css

Requested by

Host: control0ea54.online
URL: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.240.167.185 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-240-167-185.unifiedlayer.com

Software

Apache /

Resource Hash

42e7b111308859983ca55376d0878f84ae8562a51c881856c236cff8eba244b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jan 2024 22:57:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Nov 2022 08:26:14 GMT
server: Apache
content-type: text/css
accept-ranges: bytes
content-length: 67234
x-xss-protection: 1; mode=block

GET
H2 200 flagcountry.css
control0ea54.online/secure/3/statics/ 7 KB
7 KB 329ms
328ms Stylesheet
text/css 162.240.167.185
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://control0ea54.online/secure/3/statics/flagcountry.css

Requested by

Host: control0ea54.online
URL: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.240.167.185 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-240-167-185.unifiedlayer.com

Software

Apache /

Resource Hash

ef9d53838631fa6adaf861f047dc36844cf716ca0e25d6673d5fb8b22ecdd400

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jan 2024 22:57:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Nov 2022 08:24:22 GMT
server: Apache
content-type: text/css
accept-ranges: bytes
content-length: 6883
x-xss-protection: 1; mode=block

GET
H2 200 plugins.js Show response
control0ea54.online/secure/3/0de0fb0f/ 55 KB
55 KB 1111ms
1110ms Script
application/javascript 162.240.167.185
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://control0ea54.online/secure/3/0de0fb0f/plugins.js

Requested by

Host: control0ea54.online
URL: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.240.167.185 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-240-167-185.unifiedlayer.com

Software

Apache /

Resource Hash

656b81fc8ce755e7cdacde6bcb9e9c2af44902025e0c10cd1ac897ca3945dacb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jan 2024 22:57:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Nov 2022 14:24:32 GMT
server: Apache
content-type: application/javascript
accept-ranges: bytes
content-length: 55810
x-xss-protection: 1; mode=block

GET
H2 200 login.js Show response
control0ea54.online/secure/3/0de0fb0f/ 4 KB
4 KB 1111ms
1111ms Script
application/javascript 162.240.167.185
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://control0ea54.online/secure/3/0de0fb0f/login.js

Requested by

Host: control0ea54.online
URL: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.240.167.185 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-240-167-185.unifiedlayer.com

Software

Apache /

Resource Hash

40018c15ae45f4265cdc58cb3703ecdada5a69990976d2e499ba9f09c5bfab6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://control0ea54.online/secure/3/4.php?join-us.x=906ff16ac00cc59e7cda4814d0292f6b906ff16ac00cc59e7cda4814d0292f6b
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jan 2024 22:57:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Nov 2022 09:23:30 GMT
server: Apache
content-type: application/javascript
accept-ranges: bytes
content-length: 4372
x-xss-protection: 1; mode=block

GET
H2 200 pdf.png
control0ea54.online/secure/3/statics/images/img/ 2 KB
2 KB 246ms
245ms Image
image/png 162.240.167.185
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://control0ea54.online/secure/3/statics/images/img/pdf.png

Requested by

Host: control0ea54.online
URL: https://control0ea54.online/secure/3/statics/stylogino.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.240.167.185 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-240-167-185.unifiedlayer.com

Software

Apache /

Resource Hash

d662747018528e56e73f581f4ac187dffe16319c79d9822dae27b33ff69593e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://control0ea54.online/secure/3/statics/stylogino.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jan 2024 22:57:26 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Feb 2022 10:22:54 GMT
server: Apache
content-type: image/png
accept-ranges: bytes
content-length: 1848
x-xss-protection: 1; mode=block

GET
H2 200 sprite_form_2x.png
www.paypalobjects.com/webstatic/i/consumer/onboarding/ 5 KB
6 KB 79ms
19ms Image
image/png 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/i/consumer/onboarding/sprite_form_2x.png

Requested by

Host: control0ea54.online
URL: https://control0ea54.online/secure/3/statics/stylogino.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (muc/3306) /

Resource Hash

f65097de26a69f4441361502879888c86efde568de00761c31afc4f51531343a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://control0ea54.online/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jan 2024 22:57:27 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: cdd6ee07f1bcd
dc: ccg11-origin-www-1.paypal.com
content-length: 5461
last-modified: Tue, 02 Sep 2014 09:03:25 GMT
accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
server: ECAcc (muc/3306)
traceparent: 00-0000000000000000000cdd6ee07f1bcd-0f66732266b657ed-01
etag: "540587dd-1555"
content-type: image/png
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Tue, 30 Jan 2024 23:57:27 GMT

GET
H2 200 all-flag.png
control0ea54.online/secure/3/statics/images/img/ 108 KB
108 KB 269ms
268ms Image
image/png 162.240.167.185
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://control0ea54.online/secure/3/statics/images/img/all-flag.png

Requested by

Host: control0ea54.online
URL: https://control0ea54.online/secure/3/statics/flagcountry.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.240.167.185 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

162-240-167-185.unifiedlayer.com

Software

Apache /

Resource Hash

21f89c7c27f0eab13388645aea1eedb4a342c06333a14d74c1a10dfca04d6455

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://control0ea54.online/secure/3/statics/flagcountry.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jan 2024 22:57:26 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Feb 2022 09:50:38 GMT
server: Apache
content-type: image/png
accept-ranges: bytes
content-length: 110177
x-xss-protection: 1; mode=block

GET
H2 200 PayPalSansBig-Medium.woff2
www.paypalobjects.com/paypal-ui/fonts/ 18 KB
18 KB 77ms
17ms Font
application/font-woff2 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2

Requested by

Host: control0ea54.online
URL: https://control0ea54.online/secure/3/statics/stylogino.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (muc/3315) /

Resource Hash

2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://control0ea54.online/
Origin: https://control0ea54.online
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jan 2024 22:57:27 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: d00f0e31003ec
dc: ccg11-origin-www-1.paypal.com
content-length: 18508
last-modified: Sat, 13 Feb 2021 00:27:06 GMT
server: ECAcc (muc/3315)
traceparent: 00-0000000000000000000d00f0e31003ec-346b6722378ccfe1-01
etag: "60271cda-484c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Tue, 30 Jan 2024 23:57:27 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _0xfc4d function| $ function| jQuery function| validateEmail

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			control0ea54.online/	1969-12-31 23:59:59	Name: PHPSESSID Value: 470b57aa05fdd61b1701b10887e802f6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

control0ea54.online
kernel.guru
www.paypalobjects.com
162.240.167.185
192.229.221.25
35.240.139.66
21f89c7c27f0eab13388645aea1eedb4a342c06333a14d74c1a10dfca04d6455
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
40018c15ae45f4265cdc58cb3703ecdada5a69990976d2e499ba9f09c5bfab6a
42e7b111308859983ca55376d0878f84ae8562a51c881856c236cff8eba244b9
656b81fc8ce755e7cdacde6bcb9e9c2af44902025e0c10cd1ac897ca3945dacb
a9cb021d2bf22fd7b002d027be449f491ed1c34928a9d49abb9551cda88ee727
d662747018528e56e73f581f4ac187dffe16319c79d9822dae27b33ff69593e6
ef9d53838631fa6adaf861f047dc36844cf716ca0e25d6673d5fb8b22ecdd400
f31ae037a2f8a37f3c0bdaaeb7dd7d304fac74dac577c91dd1dab9af20fc598c
f65097de26a69f4441361502879888c86efde568de00761c31afc4f51531343a

control0ea54.online Open in urlscan Pro 162.240.167.185 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

355 kBTransfer

353 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

control0ea54.online Open in urlscan Pro
162.240.167.185 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

355 kB
Transfer

353 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!