![](/screenshots/6d52b0e7-b6c8-4511-a4b5-9789aa3bf1e8.png)
pyramide.bf
Open in
urlscan Pro
5.9.249.60
Malicious Activity!
Public Scan
Submission: On May 21 via automatic, source phishtank
Summary
This is the only time pyramide.bf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 5.9.249.60 5.9.249.60 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 95.101.242.48 95.101.242.48 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
17 | 3 |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-242-48.deploy.akamaitechnologies.com
www.paypalobjects.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
pyramide.bf
pyramide.bf |
296 KB |
2 |
paypalobjects.com
www.paypalobjects.com |
4 KB |
0 |
paypal-search.com
Failed
www.paypal-search.com Failed |
|
17 | 3 |
Domain | Requested by | |
---|---|---|
14 | pyramide.bf |
pyramide.bf
|
2 | www.paypalobjects.com |
pyramide.bf
|
0 | www.paypal-search.com Failed |
pyramide.bf
|
17 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
personal.paypal.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.paypalobjects.com Symantec Class 3 EV SSL CA - G3 |
2015-10-12 - 2017-09-02 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/Web
Frame ID: 31806.1
Requests: 17 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Title: Problem with login?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Web
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core.css
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/FoLooX/ |
20 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home0311.css
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/FoLooX/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.js
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/FoLooX/ |
60 KB 60 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
animation.js
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/FoLooX/ |
326 B 326 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pa.js
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/FoLooX/ |
36 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
baynote.js
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/FoLooX/ |
96 KB 96 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.png
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/FoLooX/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
imgUS_BgSplshWmnPssngCrd_201204_542x228.jpg
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/FoLooX/ |
32 KB 32 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer.png
pyramide.bf/paypal.com/limit/Limit-id=4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8/79fd9a8fe17e06952308f9990be8b33f/FoLooX/ |
37 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
listener2
www.paypal-search.com/baynote/tags3/baynoteObserver/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_body_bg.jpg
www.paypalobjects.com/WEBSCR-640-20120706-1/en_US/i/pui/core/ |
403 B 421 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_box_bg_sprite.jpg
pyramide.bf/en_US/Marketing/i/scr/ |
490 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icn_arrow_lock.png
pyramide.bf/en_US/Marketing/i/icon/ |
486 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hdr_cpr_welcome_560x82.gif
www.paypalobjects.com/en_US/Marketing/i/header/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter_bg.gif
pyramide.bf/en_US/Marketing/i/scr/ |
481 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
animation.js
pyramide.bf/js/lib/yui/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.paypal-search.com
- URL
- https://www.paypal-search.com/baynote/tags3/baynoteObserver/listener2?customerId=paypal&code=www&msgId=0&fmt=1&len=214&msg=%7B%22a%22%3A%22v%22%2C%22c%22%3A%221.A%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fpyramide.bf%2Fpaypal.com%2Flimit%2FLimit-id%3D4n6jh3c7R26oj4EeM5BkCd6ieGHN3L43GU4gs6U0337103YUBM8%2F79fd9a8fe17e06952308f9990be8b33f%2FWeb%22%2C%22r%22%3A%22%22%2C%22t%22%3A1495387049914%2C%22u%22%3A%221742117172990883881%22%7D
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
pyramide.bf/ | Name: bn_u Value: 1742117172990883881 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
pyramide.bf
www.paypal-search.com
www.paypalobjects.com
www.paypal-search.com
5.9.249.60
95.101.242.48
052a784be8f1e97641f516bd73a935ae25bc7267ae068a40743ea4c64656d659
26a2a90ed973c58afb53d37c0ba9a755f51a4eb4e0b73bb3985b37fb924b5e3f
2de23792a3d1810bfe03737e4c0ad89b74b434539a25f81a94f6caf13657577d
401a814f764be015b319018793b764a70fb250b2d37aad94e8b65e42c3f86963
41831bd0756b04a195032151c0d95af7cabc6af6f33943fa71c54573730327e2
5d57b3a233b4adf6f16b85cba37429a920d76a7d5cd6c960df5568ee241917ea
77795c8a3c5a8ff8129cb4db828828c53a590f93583fcfb0b1112a4e670c97d4
7a8a920b72e9392dd81961236eb4bb44a0109d91c11bf94791b3881faadc152f
806ea2a5f0ebb682989adb97fc4a895505e2d0ffb7f7efe827808bdcb3018c6e
8796f5bf8ea91e9fde1db9ee120f3e90815a4bfb107ba788787ad7afbcfb52a4
896f2a612a6c0e709f0e8f7efbc45ce3cc11e8f4b7ef73ee9e1e34a1529cd544
939a610a9c5a952d491e5e43118d01582c55d651a920c7b5dbaeaf9050ec0eb4
a67cd1e87f0d8b8a3235925dbfe17d6352ef19f2ca2d1233410782a4160663dc
cc412858ca0c673dfe1ee522aeecc948d6c8795ba944dfefbc8113748a58fb3c
d1e593f0b9937657f85558cffaa6da1f2371f6fa413ad65198bf1762ffc636d2