itg2host.com Open in urlscan Pro
172.96.187.127 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://itg2host.com/west/www/
Effective URL:
http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform
Submission: On October 13 via automatic, source openphish (October 13th 2022, 1:03:53 pm UTC) — Scanned from DE

Summary HTTP 25 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 25 HTTP transactions. The main IP is 172.96.187.127, located in Secaucus, United States and belongs to SINGLEHOP-LLC, US. The main domain is itg2host.com.

This is the only time itg2host.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address		AS Autonomous System
25	172.96.187.127 172.96.187.127		32475 (SINGLEHOP...) (SINGLEHOP-LLC)
25	1

25 172.96.187.127 (Secaucus, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: 172.96.187.127-static.reverse.arandomserver.com

itg2host.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	itg2host.com itg2host.com	48 KB
25	1

	Domain	Requested by
25	itg2host.com	itg2host.com
25	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform
Frame ID: 2A4A853B621DD29D62941FC7B40AC1F2
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Chase Personal Banking Investments Credit Cards Home Auto Commercial Small Business Insurance

Page URL History Show full URLs

http://itg2host.com/west/www/ Page URL
http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

25
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

48 kB
Transfer

64 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://itg2host.com/west/www/ Page URL
http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response itg2host.com/west/www/	321 B 539 B	361ms 88ms	Document text/html	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL http://itg2host.com/west/www/ Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `61c6e669dd8768615890b659bf74565ddafeb98f3175881873d9f3b37cc9bb50` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 accept-ranges bytes content-encoding gzip content-length 247 content-type text/html date Thu, 13 Oct 2022 13:03:47 GMT last-modified Sat, 20 Aug 2011 09:12:52 GMT server LiteSpeed vary Accept-Encoding
GET H/1.1	200 OK	Primary Request logon.php Show response itg2host.com/west/www/	26 KB 6 KB	134ms 134ms	Document text/html	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / PHP/5.3.29 Resource Hash `6f6fc6f4d8eba3937fc661b1563ad11f7b9318e47bf1983e9421affc2253b506` Request headers Referer http://itg2host.com/west/www/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 content-encoding gzip content-length 5961 content-type text/html date Thu, 13 Oct 2022 13:03:47 GMT server LiteSpeed vary Accept-Encoding x-powered-by PHP/5.3.29
GET H/1.1	200 OK	content_home.css itg2host.com/west/www/images/	3 KB 1 KB	85ms 84ms	Stylesheet text/css	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL http://itg2host.com/west/www/images/content_home.css Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `6067966a07decce0777066dd8e01a4c9c0509738da98cb5e4e851aa0727564cc` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:47 GMT content-encoding gzip last-modified Sun, 13 Jan 2008 20:30:08 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 922 expires Thu, 20 Oct 2022 13:03:47 GMT
GET H/1.1	200 OK	Chase_Home_New.css itg2host.com/west/www/images/	3 KB 1 KB	173ms 89ms	Stylesheet text/css	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL http://itg2host.com/west/www/images/Chase_Home_New.css Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `030d393a047c399e02e3067caf7c33100fa7ddb6b1170ad34ab45ea798318f12` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT content-encoding gzip last-modified Sun, 13 Jan 2008 20:28:36 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 909 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	chaseNewlogo.gif itg2host.com/west/www/images/	742 B 1 KB	164ms 96ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/chaseNewlogo.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `d82b8b41b5b6bcd2069fd19593e54bae7af16be3458f9765ffc30aee5b5a187f` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:34 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 742 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	search_button_home.gif itg2host.com/west/www/images/	2 KB 2 KB	173ms 88ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/search_button_home.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `51802eee7e8e31eab442d1ce16a42bd07e6752a9a0e773332dd5b25578b09e18` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:34 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 1556 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	enroll_region.gif itg2host.com/west/www/images/	2 KB 2 KB	174ms 90ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/enroll_region.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `fef64b0cef076446765951d32ddf92c30f57905c03df23cc0c2c426429bb2925` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:34 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 2209 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	logon_header_home.gif itg2host.com/west/www/images/	749 B 1 KB	173ms 88ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/logon_header_home.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `a68809d23529a74a1cab37cc09ea126b3d25378a3653bfc52b65b04b4f3b5af2` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:34 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 749 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	logon_button_home.gif itg2host.com/west/www/images/	2 KB 2 KB	179ms 89ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/logon_button_home.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `9dcfd35244b9113a3f5a927b5523cf70b1aa275fe002a6d1c120476b51ad9c83` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:36 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 1638 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	sec_msg_sec_msg_01.gif itg2host.com/west/www/images/	4 KB 5 KB	95ms 88ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/sec_msg_sec_msg_01.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `56c104f6ab361f10677f2843a5d9f10556349ad2b54c2c5e82a7bcb35f476191` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:36 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 4401 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	arrow_dblue_on_white.gif itg2host.com/west/www/images/	71 B 394 B	100ms 89ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/arrow_dblue_on_white.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `0bb89e8f05ff49dc110f033744a85142d78fd7059ee21df50055a735fb35678d` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:36 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 71 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	spacer.gif itg2host.com/west/www/images/	43 B 366 B	88ms 88ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/spacer.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:36 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 43 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	spacer_002.gif itg2host.com/west/www/images/	43 B 366 B	89ms 88ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/spacer_002.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Tue, 31 Jan 2006 21:28:26 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 43 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	subhead_pb.gif itg2host.com/west/www/images/	499 B 823 B	255ms 88ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/subhead_pb.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `ce43c5a921b99d28467888756ff81be4b52a1285c2312d2eb20f608a31b869a4` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:42 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 499 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	subhead_business.gif itg2host.com/west/www/images/	332 B 656 B	244ms 88ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/subhead_business.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `655b3aca06f17140b4f4acdbe9e7d55733e5b1f4a40225365eafc157c9ae635b` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:42 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 332 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	subhead_pl.gif itg2host.com/west/www/images/	497 B 821 B	177ms 91ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/subhead_pl.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `00668ac3551fec229da91a05b413b7e67213086fd6a9cf9e788b03ff3d9d1c91` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:42 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 497 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	subhead_i_n_i.gif itg2host.com/west/www/images/	586 B 910 B	161ms 87ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/subhead_i_n_i.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `3c2a596d854eed2ff253682d73899f0dfcf4009cb0e67a9851350d2fba4e17e1` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:42 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 586 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	subhead_tellme.gif itg2host.com/west/www/images/	440 B 764 B	155ms 87ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/subhead_tellme.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `bee0b4f77295f210688a8be2b0eb4976bd8dfe4ec06b0ff014f1e41c1b74de3f` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:42 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 440 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	subhead_news.gif itg2host.com/west/www/images/	624 B 948 B	176ms 89ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/subhead_news.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `d8b4bfb55e0004d1fc114bbe9cb5820aa8f12e227151df01da0d6575c43664db` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:42 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 624 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	bk-dash.gif itg2host.com/west/www/images/	53 B 376 B	178ms 92ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/bk-dash.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/images/Chase_Home_New.css Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `3ae96e425d90169ed208ac9ff8ecef52e8100f0c6ebf560dde388b5e6b9c5df9` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/images/Chase_Home_New.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Tue, 31 Jan 2006 21:28:26 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 53 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	lb.gif itg2host.com/west/www/images/	51 B 374 B	89ms 87ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/lb.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `1cbfec53bae25afc0c51e014d9e0e49063f77b6a7fe312757debfeaa06ccb6c8` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:41:54 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 51 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	45948_billpay_home_155x90.gif itg2host.com/west/www/images/	7 KB 8 KB	93ms 91ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/45948_billpay_home_155x90.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `ff3c4612d5c015c78c15c201d2ad97a09eb3e755884a59aa311d86ae76cd1395` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Mon, 28 Apr 2008 19:02:06 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 7388 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	chase_csl155x90.gif itg2host.com/west/www/images/	10 KB 10 KB	89ms 88ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/chase_csl155x90.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `c49445582fb76849ed3872a86c8ed4218fb36209564fa6325f11aee2f5aea8e6` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Mon, 28 Apr 2008 19:02:06 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 10187 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	ftr_chasehouse.gif itg2host.com/west/www/images/	251 B 575 B	154ms 89ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/ftr_chasehouse.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `2495958ec171c682a165352a0c9c9c72cf9a521b7180d1fe372ee3fcf8e67434` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/logon.php?LOB=20568&RBGLogn&_pageLabel=page_logonform User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Sun, 13 Jan 2008 19:32:48 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 251 expires Thu, 20 Oct 2022 13:03:48 GMT
GET H/1.1	200 OK	footer_gradient.gif itg2host.com/west/www/images/	154 B 478 B	91ms 90ms	Image image/gif	172.96.187.127 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Show image Full URL http://itg2host.com/west/www/images/footer_gradient.gif Requested by Host: itg2host.com URL: http://itg2host.com/west/www/images/Chase_Home_New.css Protocol HTTP/1.1 Server 172.96.187.127 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS 172.96.187.127-static.reverse.arandomserver.com Software LiteSpeed / Resource Hash `7dc6e266a1553c7d09ef5476fa0527a39040799bfde6ff33e718080ea44f270c` Request headers accept-language de-DE,de;q=0.9 Referer http://itg2host.com/west/www/images/Chase_Home_New.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 13:03:48 GMT last-modified Fri, 25 Apr 2008 20:22:52 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 154 expires Thu, 20 Oct 2022 13:03:48 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

itg2host.com
172.96.187.127
00668ac3551fec229da91a05b413b7e67213086fd6a9cf9e788b03ff3d9d1c91
030d393a047c399e02e3067caf7c33100fa7ddb6b1170ad34ab45ea798318f12
0bb89e8f05ff49dc110f033744a85142d78fd7059ee21df50055a735fb35678d
1cbfec53bae25afc0c51e014d9e0e49063f77b6a7fe312757debfeaa06ccb6c8
2495958ec171c682a165352a0c9c9c72cf9a521b7180d1fe372ee3fcf8e67434
3ae96e425d90169ed208ac9ff8ecef52e8100f0c6ebf560dde388b5e6b9c5df9
3c2a596d854eed2ff253682d73899f0dfcf4009cb0e67a9851350d2fba4e17e1
51802eee7e8e31eab442d1ce16a42bd07e6752a9a0e773332dd5b25578b09e18
56c104f6ab361f10677f2843a5d9f10556349ad2b54c2c5e82a7bcb35f476191
6067966a07decce0777066dd8e01a4c9c0509738da98cb5e4e851aa0727564cc
61c6e669dd8768615890b659bf74565ddafeb98f3175881873d9f3b37cc9bb50
655b3aca06f17140b4f4acdbe9e7d55733e5b1f4a40225365eafc157c9ae635b
6f6fc6f4d8eba3937fc661b1563ad11f7b9318e47bf1983e9421affc2253b506
7dc6e266a1553c7d09ef5476fa0527a39040799bfde6ff33e718080ea44f270c
9dcfd35244b9113a3f5a927b5523cf70b1aa275fe002a6d1c120476b51ad9c83
a68809d23529a74a1cab37cc09ea126b3d25378a3653bfc52b65b04b4f3b5af2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bee0b4f77295f210688a8be2b0eb4976bd8dfe4ec06b0ff014f1e41c1b74de3f
c49445582fb76849ed3872a86c8ed4218fb36209564fa6325f11aee2f5aea8e6
ce43c5a921b99d28467888756ff81be4b52a1285c2312d2eb20f608a31b869a4
d82b8b41b5b6bcd2069fd19593e54bae7af16be3458f9765ffc30aee5b5a187f
d8b4bfb55e0004d1fc114bbe9cb5820aa8f12e227151df01da0d6575c43664db
fef64b0cef076446765951d32ddf92c30f57905c03df23cc0c2c426429bb2925
ff3c4612d5c015c78c15c201d2ad97a09eb3e755884a59aa311d86ae76cd1395

itg2host.com Open in urlscan Pro 172.96.187.127 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

48 kBTransfer

64 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

itg2host.com Open in urlscan Pro
172.96.187.127 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

48 kB
Transfer

64 kB
Size

0
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!