urlscan.io logo urlscan.io
SecurityTrails logo

support-icuonline0g5.dynalias.com Open in urlscan Pro
104.131.74.98  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://icuu02device-online.servebbs.com/
Effective URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On December 16 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 21 HTTP transactions. The main IP is 104.131.74.98, located in Clifton, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is support-icuonline0g5.dynalias.com.
TLS certificate: Issued by R3 on December 16th 2023. Valid for: 3 months.
This is the only time support-icuonline0g5.dynalias.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Idaho Central Credit Union (Government)

Domain & IP information

IP Address AS Autonomous System
1 20 104.131.74.98 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
21 3
Apex Domain
Subdomains		 Transfer
19 dynalias.com
support-icuonline0g5.dynalias.com
715 KB
1 gstatic.com
fonts.gstatic.com
16 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
979 B
1 servebbs.com
icuu02device-online.servebbs.com
3 KB
21 4
Domain Requested by
19 support-icuonline0g5.dynalias.com 1 redirects icuu02device-online.servebbs.com
support-icuonline0g5.dynalias.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com support-icuonline0g5.dynalias.com
1 icuu02device-online.servebbs.com
21 4

This site contains links to these domains. Also see Links.

Domain
www.iccu.com
www.facebook.com
twitter.com
www.youtube.com
www.linkedin.com
instagram.com
Subject Issuer Validity Valid
support-icuonline0g5.dynalias.com
R3		 2023-12-16 -
2024-03-15		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Frame ID: BE3307773F299187802227853D7980EF
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Idaho Central Credit Union

Page URL History Show full URLs

  1. http://icuu02device-online.servebbs.com/ Page URL
  2. https://support-icuonline0g5.dynalias.com/login/ Page URL
  3. https://support-icuonline0g5.dynalias.com/login/login/Bots/bot/ HTTP 302
    https://support-icuonline0g5.dynalias.com/login/login/ Page URL
  4. https://support-icuonline0g5.dynalias.com/login/login/ses/session_index Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]+foundation[^>"]+css
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

21
Requests

95 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

735 kB
Transfer

730 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://icuu02device-online.servebbs.com/ Page URL
  2. https://support-icuonline0g5.dynalias.com/login/ Page URL
  3. https://support-icuonline0g5.dynalias.com/login/login/Bots/bot/ HTTP 302
    https://support-icuonline0g5.dynalias.com/login/login/ Page URL
  4. https://support-icuonline0g5.dynalias.com/login/login/ses/session_index Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://support-icuonline0g5.dynalias.com/login/login/Bots/bot/ HTTP 302
  • https://support-icuonline0g5.dynalias.com/login/login/

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
icuu02device-online.servebbs.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://icuu02device-online.servebbs.com/
Protocol
HTTP/1.1
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
2933
Content-Type
text/html
Date
Sat, 16 Dec 2023 15:50:12 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Sat, 16 Dec 2023 14:11:14 GMT
Server
Apache
/
support-icuonline0g5.dynalias.com/login/ 		58 B
246 B 		Document
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/
Requested by
Host: icuu02device-online.servebbs.com
URL: http://icuu02device-online.servebbs.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
http://icuu02device-online.servebbs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Connection
Keep-Alive
Content-Length
58
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Dec 2023 15:50:12 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
/
support-icuonline0g5.dynalias.com/login/login/
Redirect Chain
  • https://support-icuonline0g5.dynalias.com/login/login/Bots/bot/
  • https://support-icuonline0g5.dynalias.com/login/login/
61 B
267 B 		Document
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
https://support-icuonline0g5.dynalias.com/login/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Dec 2023 15:50:13 GMT
Keep-Alive
timeout=5, max=98
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Dec 2023 15:50:12 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Location
../../
Pragma
no-cache
Server
Apache
Primary Request session_index
support-icuonline0g5.dynalias.com/login/login/ses/ 		30 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
6fc0c2405beee79d5cef320856451475879fa535f5fb863e697f65f801b46294

Request headers

Referer
https://support-icuonline0g5.dynalias.com/login/login/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Dec 2023 15:50:13 GMT
Keep-Alive
timeout=5, max=97
Server
Apache
Transfer-Encoding
chunked
font-icons.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		115 KB
115 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/font-icons.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
33406f88bedd128e255abf4e0d9dece7d35960a8e84af3596f0e56627787eca0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:00 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
117897
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ 		2 KB
979 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
289d25d68f730e581e0a16b8bee8f63a061717973f8ac8c29ccf2ba8fed15adf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 16 Dec 2023 15:50:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 16 Dec 2023 13:50:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Dec 2023 15:50:14 GMT
jquery-ui.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		31 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/jquery-ui.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
5bed9d2f4811025c2bde2c4747db5f3cacc9e4547ea594a0468b1e4f00965df9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:02 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
31291
X-XSS-Protection
1; mode=block
base.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/base.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
f555d3efaa4e368224cc19b0b261b00da4183e8a5247d3858e8ce7e2aa764558
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:00 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2247
X-XSS-Protection
1; mode=block
iris.shim.mobile.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		611 B
918 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/iris.shim.mobile.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
06dee56fb4e2677948bc2f6ce7e20e9900e3c7431843ae3d9c9d975ff03889a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:00 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
611
X-XSS-Protection
1; mode=block
iris.android.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		96 KB
96 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/iris.android.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
65c12121b00f8425f4bd66383649d717e0b381b0336eaf39c732e6d5bb1109e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:00 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
98295
X-XSS-Protection
1; mode=block
iris-foundation.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		50 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/iris-foundation.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
f6fca06e2aac270b488f73bcf0a10d249e2722a015135e60dbb49360c5335a72
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:02 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
51310
X-XSS-Protection
1; mode=block
theme.mobile.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		131 KB
131 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/theme.mobile.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
e6c5538c91dc89369ca4a1edd66cf670b290169de4c99378c0c312c8129ce417
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:02 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
134311
X-XSS-Protection
1; mode=block
iris-components.shim.mobile.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		865 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/iris-components.shim.mobile.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
4c7b591f19c35000858633e0610ae0b2b4db8fbfd71bb1864ea4c9bde1958575
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:02 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
865
X-XSS-Protection
1; mode=block
iris-components.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		178 KB
179 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/iris-components.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
81f7da9e5ed534c6ac7ad9a0c45927f2c3c716cb15b3480aadb9dbe54f4bcb8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:00 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
182484
X-XSS-Protection
1; mode=block
isotope.1.5.3.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/isotope.1.5.3.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
bcf82308a4a42f5785de42dda6584b42785e242cc336bd5d8e937b6e2d0d816e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:15 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:02 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
5057
X-XSS-Protection
1; mode=block
Authentication-Isotope.min.css
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/Authentication-Isotope.min.css
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
409b5417b9cdf40d67e6264ca892ade68004a1443dd8fbfe70a55ec210020c52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:15 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:00 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
2560
X-XSS-Protection
1; mode=block
app-store-badge.svg
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/app-store-badge.svg
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
86c9954e1457d27db013c1f10a96ffaba845e5af7765c4ef9df4ac1549e47d67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:15 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:00 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
10850
X-XSS-Protection
1; mode=block
google-play-badge.svg
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/google-play-badge.svg
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
2dcf765854f1fe869b1674016feb1638870c1066f156f8d7dfd47b53d0dc093f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/session_index
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:15 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:00 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
9332
X-XSS-Protection
1; mode=block
MobileLogo.png
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/MobileLogo.png
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/files/Authentication-Isotope.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
2dc417c13f956f7a5f91634d4629bcc1492ac237ba8839f8513227ae02b510d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/files/Authentication-Isotope.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:15 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:02 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
6884
X-XSS-Protection
1; mode=block
Alkami.woff2
support-icuonline0g5.dynalias.com/login/login/ses/files/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://support-icuonline0g5.dynalias.com/login/login/ses/files/Alkami.woff2
Requested by
Host: support-icuonline0g5.dynalias.com
URL: https://support-icuonline0g5.dynalias.com/login/login/ses/files/font-icons.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.131.74.98 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
9460128bedffc7c32dfdd79353d72b1f0d0764a514acc2ffb743e37c9b673290
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://support-icuonline0g5.dynalias.com/login/login/ses/files/font-icons.css
Origin
https://support-icuonline0g5.dynalias.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Sat, 16 Dec 2023 15:50:15 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Apr 2022 10:35:00 GMT
Server
Apache
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
41968
X-XSS-Protection
1; mode=block
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://support-icuonline0g5.dynalias.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 08:54:09 GMT
x-content-type-options
nosniff
age
370567
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 11 Dec 2024 08:54:09 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Idaho Central Credit Union (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Domain/Path Name / Value
support-icuonline0g5.dynalias.com/ Name: PHPSESSID
Value: 98c6f30e6ae6cf7e2b2837a6e099bf44

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
icuu02device-online.servebbs.com
support-icuonline0g5.dynalias.com
104.131.74.98
2a00:1450:4001:813::2003
2a00:1450:4001:831::200a
06dee56fb4e2677948bc2f6ce7e20e9900e3c7431843ae3d9c9d975ff03889a7
289d25d68f730e581e0a16b8bee8f63a061717973f8ac8c29ccf2ba8fed15adf
2dc417c13f956f7a5f91634d4629bcc1492ac237ba8839f8513227ae02b510d2
2dcf765854f1fe869b1674016feb1638870c1066f156f8d7dfd47b53d0dc093f
33406f88bedd128e255abf4e0d9dece7d35960a8e84af3596f0e56627787eca0
409b5417b9cdf40d67e6264ca892ade68004a1443dd8fbfe70a55ec210020c52
4c7b591f19c35000858633e0610ae0b2b4db8fbfd71bb1864ea4c9bde1958575
5bed9d2f4811025c2bde2c4747db5f3cacc9e4547ea594a0468b1e4f00965df9
65c12121b00f8425f4bd66383649d717e0b381b0336eaf39c732e6d5bb1109e5
6fc0c2405beee79d5cef320856451475879fa535f5fb863e697f65f801b46294
81f7da9e5ed534c6ac7ad9a0c45927f2c3c716cb15b3480aadb9dbe54f4bcb8a
86c9954e1457d27db013c1f10a96ffaba845e5af7765c4ef9df4ac1549e47d67
9460128bedffc7c32dfdd79353d72b1f0d0764a514acc2ffb743e37c9b673290
bcf82308a4a42f5785de42dda6584b42785e242cc336bd5d8e937b6e2d0d816e
e6c5538c91dc89369ca4a1edd66cf670b290169de4c99378c0c312c8129ce417
f555d3efaa4e368224cc19b0b261b00da4183e8a5247d3858e8ce7e2aa764558
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6fca06e2aac270b488f73bcf0a10d249e2722a015135e60dbb49360c5335a72