onpointz.duckdns.org Open in urlscan Pro
178.128.252.140 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://onpointz.duckdns.org/
Submission: On June 28 via api (June 28th 2024, 8:37:20 am UTC) from US — Scanned from NL

Summary HTTP 18 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 18 HTTP transactions. The main IP is 178.128.252.140, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is onpointz.duckdns.org.
TLS certificate: Issued by R10 on June 27th 2024. Valid for: 3 months.

This is the only time onpointz.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OnPoint Community Credit Union (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	178.128.252.140 178.128.252.140	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
12	192.0.54.4 192.0.54.4	62659 (Q2HOLDINGS) (Q2HOLDINGS)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
18	4

1 178.128.252.140 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

onpointz.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.0.54.4 (United States)

ASN62659 (Q2HOLDINGS, US)

cdn1.onlineaccess1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	onlineaccess1.com cdn1.onlineaccess1.com — Cisco Umbrella Rank: 21120	403 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 83	913 B
1	duckdns.org onpointz.duckdns.org	18 KB
0	Failed function sub() { [native code] }. Failed
18	4

	Domain	Requested by
12	cdn1.onlineaccess1.com	onpointz.duckdns.org cdn1.onlineaccess1.com
1	fonts.googleapis.com	cdn1.onlineaccess1.com
1	onpointz.duckdns.org
0	mhtml.blink Failed	onpointz.duckdns.org
18	4

This site contains links to these domains. Also see Links.

Domain
secure.onpointcu.com
www.onpointcu.com
cdn1.onlineaccess1.com

Subject Issuer	Validity	Valid
webdisk.onpointz.duckdns.org R10	`2024-06-27` - `2024-09-25`	3 months	crt.sh
onlineaccess1.com GTS CA 1P5	`2024-05-08` - `2024-08-06`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://onpointz.duckdns.org/
Frame ID: 6FC4311829DAFE030B1CC2B98B65A1FB
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OnPoint Community Credit Union

Page Statistics

18
Requests

78 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

422 kB
Transfer

2598 kB
Size

2
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.onpointcu.com/opccuonline_42/uux.aspx#/login/resetPasswordUsername

Search URL Search Domain Scan URL

URL: https://secure.onpointcu.com/opccuonline_42/sdk/IDologyAutoEnrollmentE2E/ForgotLogin
Title: Forgot Login ID

Search URL Search Domain Scan URL

URL: https://www.onpointcu.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/images/ncua_logo_large-4a4a13e41007adaf4841dd9e4b145458.png

Search URL Search Domain Scan URL

URL: https://secure.onpointcu.com/opccuonline_42/uux.aspx#/login
Title: Return to login

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
onpointz.duckdns.org/ 17 KB
18 KB 198ms
17ms Document
text/html 178.128.252.140
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://onpointz.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 178.128.252.140 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 4483497438628f7ffef13d13a3101e9e169f69109b1655206398a1e033dfcf31

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 17782
Content-Type: text/html
Date: Fri, 28 Jun 2024 08:37:14 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Tue, 04 Apr 2023 17:20:56 GMT
Server: Apache

GET css-33f78766-cfc2-46f6-8f00-528134bfc3e3@mhtml.blink
/ 0
0

GET css-82037456-a503-440d-a320-7d486cb79338@mhtml.blink
/ 0
0

GET css-5a6c6648-f32b-4f2a-995c-1ff20b1325ef@mhtml.blink
/ 0
0

GET css-69aad04c-5e12-423e-b569-bdb6fd1722c0@mhtml.blink
/ 0
0

GET
H2 200 q2-tecton-theme.css
cdn1.onlineaccess1.com/cdn/base/tecton/v1.10.5/ 32 KB
5 KB 97ms
39ms Stylesheet
text/css 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.10.5/q2-tecton-theme.css

Requested by

Host: onpointz.duckdns.org
URL: https://onpointz.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04330ffee350c99dd47276ea9e40ff460069f7fe0bd71ab3fa6aa33b5583af39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://onpointz.duckdns.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 42579
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 24 Jan 2022 20:24:37 GMT
server: cloudflare
etag: W/"61ef0b05-801d"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a910a220df3-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 highcontrast-18df5a8ba9e966e15cd989df372dfe93.css
cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/ 1 MB
143 KB 98ms
41ms Stylesheet
text/css 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/highcontrast-18df5a8ba9e966e15cd989df372dfe93.css

Requested by

Host: onpointz.duckdns.org
URL: https://onpointz.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1b77b72494cf192d3183013edec28c6d97a78bb3731c649ecd0ca9b716f4c43

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://onpointz.duckdns.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 42579
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Nov 2022 19:26:05 GMT
server: cloudflare
etag: W/"637d224d-12a78c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a910a2b0df3-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app.css
cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/ 93 KB
17 KB 117ms
61ms Stylesheet
text/css 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/app.css

Requested by

Host: onpointz.duckdns.org
URL: https://onpointz.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15d83a51b60396d427c6ddc25d9730980297f17d7c3fe2a5dcb32c1a1b691300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://onpointz.duckdns.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 42579
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 22 Apr 2022 23:05:47 GMT
server: cloudflare
etag: W/"626334cb-175bf"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a910a2c0df3-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 base.css
cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/ 0
0 571ms
515ms Stylesheet
text/html 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/base.css

Requested by

Host: onpointz.duckdns.org
URL: https://onpointz.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://onpointz.duckdns.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
etag: "5b4ac9f5-0"
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
timing-allow-origin: *
access-control-allow-headers: *
content-length: 0
cf-ray: 89ac5a910a2a0df3-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 theme-q2-b33159883934fe3a96afb2cb9740f2a9.css
cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/ 1 MB
143 KB 256ms
200ms Stylesheet
text/css 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/theme-q2-b33159883934fe3a96afb2cb9740f2a9.css

Requested by

Host: onpointz.duckdns.org
URL: https://onpointz.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a1060c3e1c734b812e7ca9380f621304fbec44ab9564dbb480caa9cb7828c0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://onpointz.duckdns.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Nov 2022 19:26:05 GMT
server: cloudflare
etag: W/"637d224d-121dc2"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a910a290df3-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tecton-590048df214033d1c1591d552a32c9af.css
cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/ 8 KB
2 KB 115ms
60ms Stylesheet
text/css 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/tecton-590048df214033d1c1591d552a32c9af.css

Requested by

Host: onpointz.duckdns.org
URL: https://onpointz.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbb5d60b0e8fbf3ce2eeb2479ad9ef6744585303f9ee0bf27c62b35a0a2dc30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://onpointz.duckdns.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 42579
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 22 Apr 2022 23:05:47 GMT
server: cloudflare
etag: W/"626334cb-1f56"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a910a260df3-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 35 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer: https://onpointz.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 ncua_logo_small-522fff694e01c333db64c939a8e1f17d.png
cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/images/ 5 KB
5 KB 56ms
56ms Image
image/png 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/images/ncua_logo_small-522fff694e01c333db64c939a8e1f17d.png

Requested by

Host: onpointz.duckdns.org
URL: https://onpointz.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a055d762b41b75dedefaed72ad1c5efa297b9298368b4297c9571d9277760839

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://onpointz.duckdns.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 85213
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 24 Jun 2024 18:50:01 GMT
server: cloudflare
etag: W/"6679bfd9-143a"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a910a2e0df3-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
913 B 120ms
48ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Dosis:300,400,500&display=swap

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/base/tecton/v1.10.5/q2-tecton-theme.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9f1569ee2a7a51c32b4556926a95d5b9f7dee295a4757ad5176459dffee36cb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cdn1.onlineaccess1.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Jun 2024 08:37:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 28 Jun 2024 08:37:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Jun 2024 08:37:15 GMT

GET
H2 200 logo-8c469eb87d20466873ce51f82e83e518.png
cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/images/logos/ 2 KB
2 KB 37ms
36ms Image
image/png 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/images/logos/logo-8c469eb87d20466873ce51f82e83e518.png

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/theme-q2-b33159883934fe3a96afb2cb9740f2a9.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5962b5a5dcd77571f10ecf2dec093f9c6378571d6febe84daa64590605a8554b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/theme-q2-b33159883934fe3a96afb2cb9740f2a9.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 42578
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 27 Jun 2024 13:47:50 GMT
server: cloudflare
etag: W/"667d6d86-8f2"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a945e930df3-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 OpenSans-Regular.woff
cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/fonts/OpenSans/ 24 KB
25 KB 78ms
51ms Font
font/woff 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/fonts/OpenSans/OpenSans-Regular.woff

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/tecton-590048df214033d1c1591d552a32c9af.css

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95915582ecc56aa27829e7bd118b423f09cba0856ce517fdcd82e4e05726e6e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/tecton-590048df214033d1c1591d552a32c9af.css
Origin: https://onpointz.duckdns.org
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
age: 42579
alt-svc: h3=":443"; ma=86400
content-length: 24872
last-modified: Fri, 22 Apr 2022 23:05:48 GMT
server: cloudflare
etag: "626334cc-6128"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a9499376572-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fontello.woff2
cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/fonts/ 34 KB
34 KB 600ms
574ms Font
font/woff2 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/fonts/fontello.woff2?29134652

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/highcontrast-18df5a8ba9e966e15cd989df372dfe93.css

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aaa8f13900c90fb79456072f2fe99960f9506f642c87cbc96e1851cd54c2fa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/highcontrast-18df5a8ba9e966e15cd989df372dfe93.css
Origin: https://onpointz.duckdns.org
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: REVALIDATED
last-modified: Fri, 22 Apr 2022 23:05:47 GMT
server: cloudflare
etag: "626334cb-8748"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *
content-length: 34632
cf-ray: 89ac5a9499336572-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 OpenSans-Semibold.woff
cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/fonts/OpenSans/ 24 KB
25 KB 213ms
188ms Font
font/woff 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/fonts/OpenSans/OpenSans-Semibold.woff

Requested by

Host: cdn1.onlineaccess1.com
URL: https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/tecton-590048df214033d1c1591d552a32c9af.css

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e335db7f8ef9f87be9dcc9c56f071d27a7b5bbd9111cfcdabd6babe5eb4e968

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/tecton-590048df214033d1c1591d552a32c9af.css
Origin: https://onpointz.duckdns.org
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
content-length: 24952
last-modified: Fri, 22 Apr 2022 23:05:48 GMT
server: cloudflare
etag: "626334cc-6178"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a94992f6572-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 favicon-ebadff0d34edf108a19e69c9d85d341d.ico
cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/images/ 1 KB
1 KB 179ms
178ms Other
image/x-icon 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1.onlineaccess1.com/cdn/depot/5123_Test__/304/7aa2b9cd77837554154830c28b583fe6/assets/images/favicon-ebadff0d34edf108a19e69c9d85d341d.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62372f054e22221b146ae621435675715fcf7ae53b557a34570247e80a172c4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://onpointz.duckdns.org/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 08:37:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
content-length: 1304
last-modified: Tue, 09 Apr 2024 01:38:24 GMT
server: cloudflare
etag: "66149c10-518"
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *
cf-ray: 89ac5a948ecd0df3-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mhtml.blink
URL: cid:css-33f78766-cfc2-46f6-8f00-528134bfc3e3@mhtml.blink

Domain: mhtml.blink
URL: cid:css-82037456-a503-440d-a320-7d486cb79338@mhtml.blink

Domain: mhtml.blink
URL: cid:css-5a6c6648-f32b-4f2a-995c-1ff20b1325ef@mhtml.blink

Domain: mhtml.blink
URL: cid:css-69aad04c-5e12-423e-b569-bdb6fd1722c0@mhtml.blink

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OnPoint Community Credit Union (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.onlineaccess1.com/	1969-12-31 23:59:59	Name: __cfruid Value: 41efc4a1a2cf87282a820658a02692c7c649a911-1719563835
			cdn1.onlineaccess1.com/	1970-01-20 21:39:52	Name: __cflb Value: 02DiuDJZwTATiSnybBeVDKjTCUZYfphxGFd45wYa6A4eU

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: cid:css-33f78766-cfc2-46f6-8f00-528134bfc3e3@mhtml.blink Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: cid:css-82037456-a503-440d-a320-7d486cb79338@mhtml.blink Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: cid:css-5a6c6648-f32b-4f2a-995c-1ff20b1325ef@mhtml.blink Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: cid:css-69aad04c-5e12-423e-b569-bdb6fd1722c0@mhtml.blink Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: https://cdn1.onlineaccess1.com/cdn/base/4.4.0.124C/assets/base.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn1.onlineaccess1.com
fonts.googleapis.com
mhtml.blink
onpointz.duckdns.org
mhtml.blink
178.128.252.140
192.0.54.4
2a00:1450:4001:830::200a
04330ffee350c99dd47276ea9e40ff460069f7fe0bd71ab3fa6aa33b5583af39
15d83a51b60396d427c6ddc25d9730980297f17d7c3fe2a5dcb32c1a1b691300
4483497438628f7ffef13d13a3101e9e169f69109b1655206398a1e033dfcf31
4a1060c3e1c734b812e7ca9380f621304fbec44ab9564dbb480caa9cb7828c0a
5962b5a5dcd77571f10ecf2dec093f9c6378571d6febe84daa64590605a8554b
5aaa8f13900c90fb79456072f2fe99960f9506f642c87cbc96e1851cd54c2fa2
5e335db7f8ef9f87be9dcc9c56f071d27a7b5bbd9111cfcdabd6babe5eb4e968
62372f054e22221b146ae621435675715fcf7ae53b557a34570247e80a172c4a
90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f
95915582ecc56aa27829e7bd118b423f09cba0856ce517fdcd82e4e05726e6e6
9f1569ee2a7a51c32b4556926a95d5b9f7dee295a4757ad5176459dffee36cb9
a055d762b41b75dedefaed72ad1c5efa297b9298368b4297c9571d9277760839
e1b77b72494cf192d3183013edec28c6d97a78bb3731c649ecd0ca9b716f4c43
fbb5d60b0e8fbf3ce2eeb2479ad9ef6744585303f9ee0bf27c62b35a0a2dc30a

onpointz.duckdns.org Open in urlscan Pro 178.128.252.140 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

18 Requests

78 %HTTPS

33 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

422 kBTransfer

2598 kBSize

2 Cookies

5 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

5 Console Messages

Indicators

onpointz.duckdns.org Open in urlscan Pro
178.128.252.140 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

78 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

422 kB
Transfer

2598 kB
Size

2
Cookies

18 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!