secure-pnc-now01.ru
Open in
urlscan Pro
45.133.200.3
Malicious Activity!
Public Scan
URL:
https://secure-pnc-now01.ru/login.php?online_id=b135a39b2183091eb4a32527e&country=&iso=
Submission: On January 18 via manual from US — Scanned from DE
Submission: On January 18 via manual from US — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 3 HTTP transactions.
The main IP is 45.133.200.3, located in
Seychelles and
belongs to INTERNET-IT, SC.
The main domain is secure-pnc-now01.ru.
TLS certificate: Issued by R3 on January 12th 2022. Valid for: 3 months.
This is the only time secure-pnc-now01.ru was scanned on urlscan.io!
TLS certificate: Issued by R3 on January 12th 2022. Valid for: 3 months.
This is the only time secure-pnc-now01.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PNC Financial (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 45.133.200.3 45.133.200.3 | 200313 (INTERNET-IT) (INTERNET-IT) | |
| 1 | 104.90.188.16 104.90.188.16 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 3 | 3 |
2
45.133.200.3
(Seychelles)
ASN200313 (INTERNET-IT, SC)
PTR: cpanel-host.prohoster.info
ASN200313 (INTERNET-IT, SC)
PTR: cpanel-host.prohoster.info
| secure-pnc-now01.ru |
1
104.90.188.16
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a104-90-188-16.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a104-90-188-16.deploy.static.akamaitechnologies.com
| www.pnc.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
secure-pnc-now01.ru
secure-pnc-now01.ru |
321 KB |
| 1 |
pnc.com
www.pnc.com — Cisco Umbrella Rank: 36157 |
4 KB |
| 3 | 2 |
| Domain | Requested by | |
|---|---|---|
| 2 | secure-pnc-now01.ru |
secure-pnc-now01.ru
|
| 1 | www.pnc.com |
secure-pnc-now01.ru
|
| 3 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| apps.pnc.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| secure-pnc-now01.ru R3 |
2022-01-12 - 2022-04-12 |
3 months | crt.sh |
| www.pnc.com COMODO RSA Extended Validation Secure Server CA |
2020-05-14 - 2022-05-14 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://secure-pnc-now01.ru/login.php?online_id=b135a39b2183091eb4a32527e&country=&iso=
Frame ID: 42E81DD5C2DB30AD7902A06863D91C45
Requests: 9 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
URL: https://apps.pnc.com/locator/search
Title: Find a PNC Branch or ATM
Title: Find a PNC Branch or ATM
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
login.php
secure-pnc-now01.ru/ |
137 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.css
secure-pnc-now01.ru/css/ |
483 KB 299 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pnc_logo_rev.svg
www.pnc.com/content/dam/aox-images/ |
2 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
43 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
44 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
18 KB 18 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
19 KB 19 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
19 KB 19 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
19 KB 19 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PNC Financial (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
secure-pnc-now01.ru
www.pnc.com
104.90.188.16
45.133.200.3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
56442220d51519980d351f81883516960b8a7eaf0097f3de9cb0b2eda618ef8e
6b16046bc75cb2d9a0b4ef2c4d65ed011084d3c661920b39573d5a84b20cf577
728f526876002a8221c3677816bd7bb11027ab96e94ecf887cffdd8282468e32
935d2a3a89813d7f91a8e0555cc04dd460d32707b220192a041a3127fb92bf4d
9835582fa6ddf7e736cbae9c793f3a1e7d0b5fc428af5d2d1220131f9de13294
b1b8be8cc5d74aa0963fffdd7c5f82ec42380a633616fe0bba277fa48bcd5ac8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e2b2f11b08d67551efbb0a1fe2c529c7eb9972ffbc1a5981853a040b9258024d