hicu-com.preview-domain.com Open in urlscan Pro
2606:4700::6812:1978 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hicu-com.preview-domain.com/icu/iccu/login.php
Submission: On August 05 via automatic, source openphish (August 5th 2022, 1:24:22 am UTC) — Scanned from DE

Summary HTTP 131 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 11 domains to perform 131 HTTP transactions. The main IP is 2606:4700::6812:1978, located in United States and belongs to CLOUDFLARENET, US. The main domain is hicu-com.preview-domain.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 3rd 2022. Valid for: a year.

This is the only time hicu-com.preview-domain.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Idaho Central Credit Union (Government)

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700::68... 2606:4700::6812:1978	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	44.230.126.250 44.230.126.250	16509 (AMAZON-02) (AMAZON-02)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
57	2600:9000:249... 2600:9000:2490:fc00:4:819e:800:93a1	16509 (AMAZON-02) (AMAZON-02)
4	18.66.122.105 18.66.122.105	16509 (AMAZON-02) (AMAZON-02)
13	104.18.219.35 104.18.219.35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:21f... 2600:9000:21f3:9600:10:fcf8:9540:93a1	16509 (AMAZON-02) (AMAZON-02)
13	2600:9000:211... 2600:9000:211a:fc00:a:6cdf:4440:93a1	16509 (AMAZON-02) (AMAZON-02)
12	2600:9000:21f... 2600:9000:21f3:fe00:1e:54f1:26c0:93a1	16509 (AMAZON-02) (AMAZON-02)
13	2600:9000:20e... 2600:9000:20eb:6e00:13:ab57:d440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
131	13

2 2606:4700::6812:1978 (United States)

ASN13335 (CLOUDFLARENET, US)

hicu-com.preview-domain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.230.126.250 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: b-app19-42.boldchat.com

vmss.boldchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

57 2600:9000:2490:fc00:4:819e:800:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.orb.alkamitech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.66.122.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-105.fra60.r.cloudfront.net

iris.alkamitech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 104.18.219.35 (None, )

ASN13335 (CLOUDFLARENET, US)

myebranch.iccu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:9600:10:fcf8:9540:93a1 (United States)

ASN16509 (AMAZON-02, US)

bcdn-god.we-stats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:9000:211a:fc00:a:6cdf:4440:93a1 (United States)

ASN16509 (AMAZON-02, US)

1.a79ab95c1589a13f8a4cab612bc71f9f7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:21f3:fe00:1e:54f1:26c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

1.b406929acabac9b095f124c81bdfcf57f.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:9000:20eb:6e00:13:ab57:d440:93a1 (United States)

ASN16509 (AMAZON-02, US)

1.c81358859121583b7adf2ace89cb39f44.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
61	alkamitech.com assets.orb.alkamitech.com — Cisco Umbrella Rank: 24907 iris.alkamitech.com — Cisco Umbrella Rank: 34034	2 MB
13	c81358859121583b7adf2ace89cb39f44.com 1.c81358859121583b7adf2ace89cb39f44.com — Cisco Umbrella Rank: 18666	17 KB
13	a79ab95c1589a13f8a4cab612bc71f9f7.com 1.a79ab95c1589a13f8a4cab612bc71f9f7.com — Cisco Umbrella Rank: 18673	16 KB
13	iccu.com myebranch.iccu.com — Cisco Umbrella Rank: 228568	178 KB
12	b406929acabac9b095f124c81bdfcf57f.com 1.b406929acabac9b095f124c81bdfcf57f.com — Cisco Umbrella Rank: 18553	16 KB
2	preview-domain.com hicu-com.preview-domain.com	124 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 283	725 B
1	we-stats.com bcdn-god.we-stats.com — Cisco Umbrella Rank: 51578	115 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	791 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 402	14 KB
1	boldchat.com vmss.boldchat.com — Cisco Umbrella Rank: 11803	18 KB
131	11

	Domain	Requested by
57	assets.orb.alkamitech.com	hicu-com.preview-domain.com assets.orb.alkamitech.com
13	1.c81358859121583b7adf2ace89cb39f44.com	bcdn-god.we-stats.com 1.c81358859121583b7adf2ace89cb39f44.com
13	1.a79ab95c1589a13f8a4cab612bc71f9f7.com	bcdn-god.we-stats.com 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
13	myebranch.iccu.com	hicu-com.preview-domain.com
12	1.b406929acabac9b095f124c81bdfcf57f.com	bcdn-god.we-stats.com 1.b406929acabac9b095f124c81bdfcf57f.com
4	iris.alkamitech.com	hicu-com.preview-domain.com
2	hicu-com.preview-domain.com	hicu-com.preview-domain.com
1	bam.nr-data.net	js-agent.newrelic.com
1	bcdn-god.we-stats.com	hicu-com.preview-domain.com
1	fonts.googleapis.com	hicu-com.preview-domain.com
1	js-agent.newrelic.com	hicu-com.preview-domain.com
1	vmss.boldchat.com	hicu-com.preview-domain.com
131	12

This site contains links to these domains. Also see Links.

Domain
www.iccu.com
www.apple.com
play.google.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh
*.boldchat.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-11` - `2023-03-14`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
*.orb.alkamitech.com Entrust Certification Authority - L1K	`2022-01-03` - `2023-01-03`	a year	crt.sh
iris.alkamitech.com Amazon	`2022-06-23` - `2023-07-22`	a year	crt.sh
myebranch.iccu.com Entrust Certification Authority - L1M	`2022-03-04` - `2023-03-04`	a year	crt.sh
*.we-stats.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-09-02` - `2022-09-29`	a year	crt.sh
*.a79ab95c1589a13f8a4cab612bc71f9f7.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-04` - `2023-04-04`	a year	crt.sh
*.b406929acabac9b095f124c81bdfcf57f.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-06` - `2023-04-07`	a year	crt.sh
*.c81358859121583b7adf2ace89cb39f44.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-06` - `2023-04-07`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://hicu-com.preview-domain.com/icu/iccu/login.php
Frame ID: 079BC2FD6D02CD55839409B7F26463AE
Requests: 89 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 09CAE61E43329C76CC634A2BF1E42C5B
Requests: 2 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: 44EB97EC50CA5FCC9D305FD38F0A45D6
Requests: 2 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: 3519A6940BCA04EC8A07A99147B75485
Requests: 2 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: E672280FBF81A1F14E83E3853B1C12EE
Requests: 2 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: 02D3D37ABEEED489C11BA060BDD38A6B
Requests: 1 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: C36EE3AC6D77A880CE3CCD3A403D7753
Requests: 1 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 361A0350AB673CEAF39D0E8D56921E6E
Requests: 2 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: FF2B73EEC032F569BB73420DBB9E0CF8
Requests: 2 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: 8FA70E77D1BBE0EB32206370DED14DA5
Requests: 2 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 6731BCA14B185F674EB594F3E7920953
Requests: 2 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: 99218D9F2EE0D7A88A07330BB6E3A99E
Requests: 2 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: E85121E92E4E02CC9C2D77F37263BBF0
Requests: 2 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 570E1F1CDBAA2B8D1197BB9A8E3702F2
Requests: 2 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: 750A6769C16537C700D8AD802714BB3E
Requests: 2 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: 23ACDD370697698D270CADE46D82A072
Requests: 2 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 2F91EA4B6E3AACA5DEE44C5243AF1214
Requests: 2 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: 8FF36089A42132EE630646DFD99F9E5C
Requests: 2 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: B7E86D69F07A660598E32A19C9270335
Requests: 2 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 235704AA416D6B2CABAF88398FEEF9DE
Requests: 2 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: 3DB4180EB919F0F37B7FD91ED2CF955C
Requests: 1 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: 47BC789DE75E0BE8A2232F5F2912DD5F
Requests: 2 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 528777F75E511AA189DB55E399B3753D
Requests: 1 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: 38CBC421EB415CD8582795CB78B92E2F
Requests: 1 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: 5779D7D0DFE4397037B3F75F7E473DDD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

| Idaho Central Credit Union