![](/screenshots/3b195701-dec4-4fcb-bbdc-66ff5d45632d.png)
onlinebanking.pro
Open in
urlscan Pro
2606:4700:3037::6815:4f4a
Malicious Activity!
Public Scan
Submission: On December 09 via manual from SG — Scanned from DE
Summary
This is the only time onlinebanking.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PNC Financial (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 2606:4700:303... 2606:4700:3037::6815:4f4a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
17 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
onlinebanking.pro
onlinebanking.pro |
71 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 679 |
30 KB |
17 | 2 |
Domain | Requested by | |
---|---|---|
16 | onlinebanking.pro |
onlinebanking.pro
|
1 | code.jquery.com |
onlinebanking.pro
|
17 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://onlinebanking.pro/
Frame ID: 0119C4C96C18F14D0F4E6C7442B83CC0
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
onlinebanking.pro/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.css
onlinebanking.pro/ |
238 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lock.png
onlinebanking.pro/img/ |
228 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reset.css
onlinebanking.pro/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_fade.png
onlinebanking.pro/img/ |
244 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
topHeader_Short_bg.png
onlinebanking.pro/img/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
navSprite.png
onlinebanking.pro/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
noNav_bg.png
onlinebanking.pro/img/ |
354 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content_bg.png
onlinebanking.pro/img/ |
142 B 943 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
panelSprite.png
onlinebanking.pro/img/ |
712 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
topRight.png
onlinebanking.pro/img/ |
150 B 952 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
buttons_disabled.png
onlinebanking.pro/img/ |
172 B 981 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
botRight.png
onlinebanking.pro/img/ |
100 B 897 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blank_topLeft.png
onlinebanking.pro/img/ |
170 B 975 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blank_topRight.png
onlinebanking.pro/img/ |
94 B 894 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_bot.png
onlinebanking.pro/img/ |
628 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PNC Financial (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
onlinebanking.pro
2001:4de0:ac18::1:a:1a
2606:4700:3037::6815:4f4a
15437ff9e91a30ac2260c86ec2da1ad95bc1a508f610951a8ced45736e548fda
424171982c2e7b6ea8e2750cc0c709a103ac79291218331b6e0d86b2e5db7459
504bd0d64fe73a49f07ebbb1682f3d1b7c58298d70040f5e0d997d819022a0be
5967c6966f0c716e80d31797c83a4a56ed5ac22efc8b6694420d31bcbd93f3d4
5c7484f3edb6fe12bee237d7a090c728a3a2fa2cdf61b7637953fadd404fcaa3
6a1e22db4bf8076f7b2e67115b94dfe458743fe8e3be5e59373c45810d28d199
92061d3c466b5272e495be98635d1a300770b95c465a09ca9a97e12cf002046d
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a573cba74a0593edbbc189008c9432e4d713627233a061d2465920a915d419df
a99772fc532f03960dd45ea143b95b35134a4451474496a990923794051a8687
d1688e9a3b68f7c5dbaa6ea1f147739919603d3e17e38ca4585d30216977aff6
d21fb7c639ad1467608e47d38d195d3053c16dfdd71eee7895921f3f3599fd6a
e1ab40e38e139a56c56e2d27adc3b206bac6ff6555407314e869568630695df0
ea5a07b73992e6376dad3be745a98001e77bdff9a1ed88ae0f49e5825957e294
edc468fb28baeb12d16bb1b039b8b384f7b02cab15e4457a35441c4236f7d216
ef8661d65562cf197ed09f429dd2be78959d43ec73f8f460e4f6f91e8ff62224
fb8dc6f43f5fef822508fe0429d55e26c1082db8e300f56bee728b6b2de58c47