urlscan.io logo urlscan.io
SecurityTrails logo

itcitymm.com Open in urlscan Pro
100.42.56.12  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Submission: On July 03 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 100.42.56.12, located in Austin, United States and belongs to SOFTLAYER, US. The main domain is itcitymm.com.
This is the only time itcitymm.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

IP Address AS Autonomous System
10 100.42.56.12 36351 (SOFTLAYER)
1 2a00:1450:400... 15169 (GOOGLE)
1 69.89.31.230 46606 (UNIFIEDLA...)
12 3
Domain Requested by
10 itcitymm.com itcitymm.com
1 smallenvelop.com itcitymm.com
1 ajax.googleapis.com itcitymm.com
12 3

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1O1		 2020-06-17 -
2020-09-09		 3 months crt.sh
smallenvelop.com
Let's Encrypt Authority X3		 2020-06-24 -
2020-09-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Frame ID: 30B50308D191AB227252A632ACBC22ED
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

12
Requests

17 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

66 kB
Transfer

119 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request surf3.php
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
4b887acea89baa88c0d2e3b48be7a3b15d015d8d705fdad50fc070c358dad595

Request headers

Host
itcitymm.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Fri, 03 Jul 2020 01:26:57 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
1347
Connection
keep-alive
Keep-Alive
timeout=15
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
ngpass_ngall
1
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Jun 2020 16:35:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1846294
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 11 Jun 2021 16:35:23 GMT
e6.png
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/e6.png
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
d0d3a76eec3f23582bb71975a87e99a9a03689df45cf1574aa185b9d64f703d4

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 03 Jul 2020 01:26:57 GMT
Last-Modified
Wed, 24 Oct 2018 13:19:54 GMT
Server
nginx
ETag
"9717b0-10d4-578f95783d280"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
4308
ngpass_ngstatic
1
Expires
Fri, 10 Jul 2020 01:26:57 GMT
b8.png
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/b8.png
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
13d52d8aa36cb38261ad4dbe587869ed3c31c7af7d62bc7239e01acc68b687bb

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 03 Jul 2020 01:26:58 GMT
Last-Modified
Fri, 20 Jan 2017 02:30:24 GMT
Server
nginx
ETag
"971605-5e4-5467d6e9a1000"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1508
ngpass_ngstatic
1
Expires
Fri, 10 Jul 2020 01:26:58 GMT
bo28.png
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/bo28.png
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
165effc61cb51e8b81ebb94897a29f10cd4577215f565b481d39b4e679bb4676

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 03 Jul 2020 01:26:58 GMT
Last-Modified
Tue, 02 Jan 2018 11:20:18 GMT
Server
nginx
ETag
"971786-2217-561c9489b2080"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
8727
ngpass_ngstatic
1
Expires
Fri, 10 Jul 2020 01:26:58 GMT
bo29.png
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/bo29.png
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
3f30a8aab972b0b808073478b3fc31648e60731750064d638445d8ad4ff63bc3

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 03 Jul 2020 01:26:58 GMT
Last-Modified
Fri, 20 Jan 2017 02:01:50 GMT
Server
nginx
ETag
"971788-429-5467d08707f80"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1065
ngpass_ngstatic
1
Expires
Fri, 10 Jul 2020 01:26:58 GMT
b7.png
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/b7.png
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
44f9fcdaf0581ddbb603c540f544773de770ced3444d0af611705a7dedc6cdfc

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 03 Jul 2020 01:26:58 GMT
Last-Modified
Sat, 06 May 2017 07:53:48 GMT
Server
nginx
ETag
"971603-2483-54ed64e595b00"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
9347
ngpass_ngstatic
1
Expires
Fri, 10 Jul 2020 01:26:58 GMT
b9.png
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/b9.png
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
d32527a3374bdd83ee998af5f6242651354d5d0091bb4f83dcf2b808be5b1841

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 03 Jul 2020 01:26:58 GMT
Last-Modified
Sat, 06 May 2017 07:59:52 GMT
Server
nginx
ETag
"971606-cba-54ed6640b8e00"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
3258
ngpass_ngstatic
1
Expires
Fri, 10 Jul 2020 01:26:58 GMT
b10.png
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/b10.png
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
66b07bc89b7918c6f31fb5b3504a2b182a62560f070c7af878beb8aa407b8bbf

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 03 Jul 2020 01:26:58 GMT
Last-Modified
Sat, 06 May 2017 08:06:46 GMT
Server
nginx
ETag
"9715fd-4bc-54ed67cb8b180"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1212
ngpass_ngstatic
1
Expires
Fri, 10 Jul 2020 01:26:58 GMT
e7.png
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/e7.png
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
4bad71b490b99d708fcc302464c4f58e7de5c3fbf5092cd5cca94620bc076999

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 03 Jul 2020 01:26:58 GMT
Last-Modified
Sun, 30 Jul 2017 14:11:42 GMT
Server
nginx
ETag
"9717b1-62a-555897e560380"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1578
ngpass_ngstatic
1
Expires
Fri, 10 Jul 2020 01:26:58 GMT
cnf.png
itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/images/cnf.png
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
HTTP/1.1
Server
100.42.56.12 Austin, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
stats.abyssinian.arvixe.com
Software
nginx /
Resource Hash
40784ccba851d649ae89f757b9768bbfbb63345ba70266c1d87be61cf4e9e9a9

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 03 Jul 2020 01:26:58 GMT
Last-Modified
Fri, 20 Jan 2017 02:58:34 GMT
Server
nginx
ETag
"9717a2-4a9-5467dd3556a80"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1193
ngpass_ngstatic
1
Expires
Fri, 10 Jul 2020 01:26:58 GMT
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
Requested by
Host: itcitymm.com
URL: http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.89.31.230 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box430.bluehost.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://itcitymm.com/wordpress/confirmnewboa/confirmnewboa/surf3.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery

0 Cookies