krayonmag.org Open in urlscan Pro
198.54.125.47 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://krayonmag.org/MACU/personal.php
Submission: On October 07 via automatic, source openphish (October 7th 2022, 2:15:19 am UTC) — Scanned from DE

Summary HTTP 23 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 23 HTTP transactions. The main IP is 198.54.125.47, located in United States and belongs to NAMECHEAP-NET, US. The main domain is krayonmag.org.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 20th 2021. Valid for: a year.

This is the only time krayonmag.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mountain America Credit Union (Banking)

Domain & IP information

	IP Address	AS Autonomous System
20	198.54.125.47 198.54.125.47	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2a02:26f0:ea:... 2a02:26f0:ea::1706:708b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:11a... 2a02:26f0:11a::6867:4841	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
23	4

20 198.54.125.47 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server258-1.web-hosting.com

krayonmag.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ea::1706:708b (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:11a::6867:4841 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	krayonmag.org krayonmag.org	72 KB
3	typekit.net p.typekit.net — Cisco Umbrella Rank: 1263 use.typekit.net — Cisco Umbrella Rank: 1023	37 KB
23	2

	Domain	Requested by
20	krayonmag.org	krayonmag.org
2	use.typekit.net	krayonmag.org
1	p.typekit.net	krayonmag.org
23	3

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.youtube.com
www.instagram.com
twitter.com
www.linkedin.com
www.ncua.gov
portal.hud.gov
o.macu.com
secure.macu.com
www.macu.com

Subject Issuer	Validity	Valid
krayonmag.org Sectigo RSA Domain Validation Secure Server CA	`2021-12-20` - `2022-12-20`	a year	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://krayonmag.org/MACU/personal.php
Frame ID: FBE06737602C59AC2EBED87E2C0C630A
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mountain America Credit Union in Utah & the West

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

23
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

4
IPs

2
Countries

109 kB
Transfer

444 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/MountainAmerica/
Title: Follow us on Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/mountainamerica
Title: Follow us on YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/mountainamericacu/
Title: Follow us on Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/MountainAmerica?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
Title: Follow us on Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mountain-america-credit-union/
Title: Follow us on LinkedIn

Search URL Search Domain Scan URL

URL: https://www.ncua.gov/Pages/default.aspx
Title: Go to the National Credit Union Administration Federally insured by NCUA

Search URL Search Domain Scan URL

URL: http://portal.hud.gov/hudportal/HUD
Title: Equal Housing Lender

Search URL Search Domain Scan URL

URL: https://o.macu.com/ForgotUsername
Title: ID

Search URL Search Domain Scan URL

URL: https://o.macu.com/ForgotPassword
Title: Password

Search URL Search Domain Scan URL

URL: https://secure.macu.com/#/account-opening
Title: Become a member

Search URL Search Domain Scan URL

URL: https://o.macu.com/Registration
Title: Register an Account

Search URL Search Domain Scan URL

URL: https://www.macu.com/about-us/contact-us/help-center
Title: Check out our FAQs

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request personal.php Show response krayonmag.org/MACU/	95 KB 16 KB	1004ms 504ms	Document text/html	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/personal.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / PHP/7.4.32 Resource Hash `e4703b036cd2f3556c84f78d02d7022f1a5a3b4959c36c3e11a91ea2e0100130` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-length 16381 content-type text/html; charset=UTF-8 date Fri, 07 Oct 2022 02:15:13 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding x-powered-by PHP/7.4.32 x-turbo-charged-by LiteSpeed
GET H2	404	fonts.css krayonmag.org/MACU/css/	0 0	166ms 162ms	Stylesheet text/html	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/css/fonts.css Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/personal.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / PHP/7.4.32 Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/personal.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.32 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed link <https://krayonmag.org/wp-json/>; rel="https://api.w.org/" content-length 36304 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	font-awesome.min.css krayonmag.org/MACU/css/	38 KB 7 KB	641ms 637ms	Stylesheet text/css	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/css/font-awesome.min.css Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/personal.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `cd200ca58fd7deefadb97d41cd302ee11a22bac62bc8f619d70b1e0f75a4c8e9` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/personal.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:23:48 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 6776 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	404	cssjquery.smartbanner.css krayonmag.org/MACU/	0 0	642ms 638ms	Stylesheet text/html	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/cssjquery.smartbanner.css Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/personal.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / PHP/7.4.32 Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/personal.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.32 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed link <https://krayonmag.org/wp-json/>; rel="https://api.w.org/" content-length 24157 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	main.css krayonmag.org/MACU/css/	249 KB 34 KB	480ms 477ms	Stylesheet text/css	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/css/main.css Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/personal.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `8410589b4971be529f338c82cfedcea52f21bde765b583960d438616b9d1d257` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/personal.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 21:37:22 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 35054 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	cvd1zmo.css krayonmag.org/MACU/css/	2 KB 593 B	637ms 635ms	Stylesheet text/css	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/css/cvd1zmo.css Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/personal.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `db5ada908e9f117b69973c0d2e72b8a8b8781603e4103ce83dea5f470cb2a5d1` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/personal.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:24:58 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 373 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	LiveChatWidgetFrame.css krayonmag.org/MACU/css/	2 KB 640 B	637ms 636ms	Stylesheet text/css	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/css/LiveChatWidgetFrame.css Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/personal.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `dfbb0e75d11ddbeffccee0ff70fad5a6e367fb7693d9177f7848aea80f5b8545` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/personal.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:25:52 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 420 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	search_icon_white.png krayonmag.org/MACU/images/	1 KB 1 KB	757ms 756ms	Image image/png	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/search_icon_white.png Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/personal.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `f6d1c3dd273fad6871f347b1391f11cd6b765d19a8cf91026f7d66558b512192` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/personal.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT last-modified Thu, 23 Dec 2021 01:26:50 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 1333 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	p.css p.typekit.net/	5 B 195 B	99ms 19ms	Stylesheet text/css	2a02:26f0:ea::1706:708b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=cvd1zmo&ht=tk&f=39680.39685.39687&a=1540528&app=typekit&e=css Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/cvd1zmo.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:ea::1706:708b Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash `1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers unused62 8096267 date Fri, 07 Oct 2022 02:15:14 GMT last-modified Sat, 16 Oct 2021 05:50:56 GMT server nginx etag "616a6840-5" content-type text/css access-control-allow-origin * cache-control public, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes content-length 5
GET H2	200	header_logo.svg krayonmag.org/MACU/images/	10 KB 4 KB	159ms 158ms	Image image/svg+xml	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/header_logo.svg Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `90af0447f5d8a9d4705c9aa636d31ce859f280460810f68f1de93922277fb0ef` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:27:22 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 3612 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	l use.typekit.net/af/a3a085/00000000000000007735ba73/30/	16 KB 17 KB	126ms 16ms	Font application/font-woff2	2a02:26f0:11a::6867:4841 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/a3a085/00000000000000007735ba73/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/cvd1zmo.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:11a::6867:4841 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash `ab072a017662be34b6ac4da319eeffa3a6b1132ba5fc02875b3e10dfb765471a` Request headers Referer https://krayonmag.org/ Origin https://krayonmag.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT server nginx etag "c8312ec3794d199c4baa21fae3f300f4162a37ff" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 16816
GET DATA	200 OK	truncated /	266 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	social-icon-facebook.svg krayonmag.org/MACU/images/	656 B 629 B	160ms 157ms	Image image/svg+xml	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/social-icon-facebook.svg Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `395ba7d4187e9ee539495094380c0292b5edcc3b28228d9e871c9d2a471f1916` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:30:16 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 404 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	social-icon-youtube.svg krayonmag.org/MACU/images/	1 KB 918 B	164ms 155ms	Image image/svg+xml	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/social-icon-youtube.svg Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `661ad0861039f6323b4167c759cec7305c985587c147ea964711686a889481c6` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:30:40 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 693 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	social-icon-instagram.svg krayonmag.org/MACU/images/	2 KB 1 KB	165ms 156ms	Image image/svg+xml	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/social-icon-instagram.svg Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `f5e52056a2430132f8aece37250adea25254c4728a05d600c1915931b6ebde4d` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:30:54 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 1012 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	social-icon-twitter.svg krayonmag.org/MACU/images/	995 B 790 B	165ms 156ms	Image image/svg+xml	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/social-icon-twitter.svg Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `6f2ec1d519d369425aeab2897e77ed0d739207f7cb5804bd878cfb5aca738d0f` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:31:22 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 565 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	social-icon-linkedin.svg krayonmag.org/MACU/images/	796 B 687 B	166ms 158ms	Image image/svg+xml	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/social-icon-linkedin.svg Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `d7b371bfbeda687c7e7e4738bea7f985953adab2134dd573874a281e3ed8be7a` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:31:42 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 462 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	ncua_logo.png krayonmag.org/MACU/images/	2 KB 2 KB	165ms 157ms	Image image/png	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/ncua_logo.png Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `a7a05d6db9fff3ed1d8626f59c88628a08dd321a7bc8682e007f2f8de2f9cd3c` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT last-modified Thu, 23 Dec 2021 01:32:04 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 1989 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	icon-equal-housing.svg krayonmag.org/MACU/images/	640 B 586 B	196ms 188ms	Image image/svg+xml	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/icon-equal-housing.svg Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `d35bdade27b3f2a1e604fb83aba7fad8e53dc22a98e6953218922c4ffd247a7b` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:37:18 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 361 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	200	footer_mountains.svg krayonmag.org/MACU/images/	2 KB 666 B	198ms 190ms	Image image/svg+xml	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://krayonmag.org/MACU/images/footer_mountains.svg Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / Resource Hash `e23b1851926f1f909295d26142dfe45ceabc52fe898f724b4f61a659f6ac6a53` Request headers accept-language de-DE,de;q=0.9 Referer https://krayonmag.org/MACU/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br last-modified Thu, 23 Dec 2021 01:41:30 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 441 expires Fri, 14 Oct 2022 02:15:14 GMT
GET H2	404	fontawesome-webfont.woff2 krayonmag.org/MACU/Fonts/	0 0	198ms 192ms	Font text/html	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/Fonts/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/font-awesome.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / PHP/7.4.32 Resource Hash Request headers Referer https://krayonmag.org/MACU/css/font-awesome.min.css Origin https://krayonmag.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.32 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed link <https://krayonmag.org/wp-json/>; rel="https://api.w.org/" content-length 36304 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	l use.typekit.net/af/e7065f/00000000000000007735ba3f/30/	20 KB 20 KB	119ms 15ms	Font application/font-woff2	2a02:26f0:11a::6867:4841 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/e7065f/00000000000000007735ba3f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/cvd1zmo.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:11a::6867:4841 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash `ed6e7f434ca0748610440d7d2b5903e49325a70406fb695eb91104e42114bdda` Request headers Referer https://krayonmag.org/ Origin https://krayonmag.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT server nginx etag "65381862afa1e35bdce2a257727d8a6c9625f357" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 20476
GET H2	404	fontawesome-webfont.woff krayonmag.org/MACU/Fonts/	0 0	159ms 158ms	Font text/html	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/Fonts/fontawesome-webfont.woff?v=4.7.0 Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/font-awesome.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / PHP/7.4.32 Resource Hash Request headers Referer https://krayonmag.org/MACU/css/font-awesome.min.css Origin https://krayonmag.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:14 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.32 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed link <https://krayonmag.org/wp-json/>; rel="https://api.w.org/" content-length 36304 expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	fontawesome-webfont.ttf krayonmag.org/MACU/Fonts/	0 0	159ms 158ms	Font text/html	198.54.125.47 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://krayonmag.org/MACU/Fonts/fontawesome-webfont.ttf?v=4.7.0 Requested by Host: krayonmag.org URL: https://krayonmag.org/MACU/css/font-awesome.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.125.47 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server258-1.web-hosting.com Software LiteSpeed / PHP/7.4.32 Resource Hash Request headers Referer https://krayonmag.org/MACU/css/font-awesome.min.css Origin https://krayonmag.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 02:15:15 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.32 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed link <https://krayonmag.org/wp-json/>; rel="https://api.w.org/" content-length 36304 expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mountain America Credit Union (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			krayonmag.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 35d0f511faab0d633b500c5ed115c8ae

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://krayonmag.org/MACU/css/fonts.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://krayonmag.org/MACU/cssjquery.smartbanner.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://krayonmag.org/MACU/Fonts/fontawesome-webfont.woff2?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://krayonmag.org/MACU/Fonts/fontawesome-webfont.woff?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://krayonmag.org/MACU/Fonts/fontawesome-webfont.ttf?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

krayonmag.org
p.typekit.net
use.typekit.net
198.54.125.47
2a02:26f0:11a::6867:4841
2a02:26f0:ea::1706:708b
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
395ba7d4187e9ee539495094380c0292b5edcc3b28228d9e871c9d2a471f1916
661ad0861039f6323b4167c759cec7305c985587c147ea964711686a889481c6
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
6f2ec1d519d369425aeab2897e77ed0d739207f7cb5804bd878cfb5aca738d0f
8410589b4971be529f338c82cfedcea52f21bde765b583960d438616b9d1d257
90af0447f5d8a9d4705c9aa636d31ce859f280460810f68f1de93922277fb0ef
a7a05d6db9fff3ed1d8626f59c88628a08dd321a7bc8682e007f2f8de2f9cd3c
ab072a017662be34b6ac4da319eeffa3a6b1132ba5fc02875b3e10dfb765471a
cd200ca58fd7deefadb97d41cd302ee11a22bac62bc8f619d70b1e0f75a4c8e9
d35bdade27b3f2a1e604fb83aba7fad8e53dc22a98e6953218922c4ffd247a7b
d7b371bfbeda687c7e7e4738bea7f985953adab2134dd573874a281e3ed8be7a
db5ada908e9f117b69973c0d2e72b8a8b8781603e4103ce83dea5f470cb2a5d1
dfbb0e75d11ddbeffccee0ff70fad5a6e367fb7693d9177f7848aea80f5b8545
e23b1851926f1f909295d26142dfe45ceabc52fe898f724b4f61a659f6ac6a53
e4703b036cd2f3556c84f78d02d7022f1a5a3b4959c36c3e11a91ea2e0100130
ed6e7f434ca0748610440d7d2b5903e49325a70406fb695eb91104e42114bdda
f5e52056a2430132f8aece37250adea25254c4728a05d600c1915931b6ebde4d
f6d1c3dd273fad6871f347b1391f11cd6b765d19a8cf91026f7d66558b512192

krayonmag.org Open in urlscan Pro 198.54.125.47 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

67 %IPv6

2 Domains

3 Subdomains

4 IPs

2 Countries

109 kBTransfer

444 kBSize

1 Cookies

12 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

krayonmag.org Open in urlscan Pro
198.54.125.47 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

4
IPs

2
Countries

109 kB
Transfer

444 kB
Size

1
Cookies

23 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!