krayonmag.org
Open in
urlscan Pro
198.54.125.47
Malicious Activity!
Public Scan
Submission: On October 07 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 20th 2021. Valid for: a year.
This is the only time krayonmag.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mountain America Credit Union (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
20 | 198.54.125.47 198.54.125.47 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2a02:26f0:ea:... 2a02:26f0:ea::1706:708b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:11a... 2a02:26f0:11a::6867:4841 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
23 | 4 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server258-1.web-hosting.com
krayonmag.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
krayonmag.org
krayonmag.org |
72 KB |
3 |
typekit.net
p.typekit.net — Cisco Umbrella Rank: 1263 use.typekit.net — Cisco Umbrella Rank: 1023 |
37 KB |
23 | 2 |
Domain | Requested by | |
---|---|---|
20 | krayonmag.org |
krayonmag.org
|
2 | use.typekit.net |
krayonmag.org
|
1 | p.typekit.net |
krayonmag.org
|
23 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.facebook.com |
www.youtube.com |
www.instagram.com |
twitter.com |
www.linkedin.com |
www.ncua.gov |
portal.hud.gov |
o.macu.com |
secure.macu.com |
www.macu.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
krayonmag.org Sectigo RSA Domain Validation Secure Server CA |
2021-12-20 - 2022-12-20 |
a year | crt.sh |
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-09-14 - 2023-10-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://krayonmag.org/MACU/personal.php
Frame ID: FBE06737602C59AC2EBED87E2C0C630A
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Mountain America Credit Union in Utah & the WestDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: Follow us on Facebook
Search URL Search Domain Scan URL
Title: Follow us on YouTube
Search URL Search Domain Scan URL
Title: Follow us on Instagram
Search URL Search Domain Scan URL
Title: Follow us on Twitter
Search URL Search Domain Scan URL
Title: Follow us on LinkedIn
Search URL Search Domain Scan URL
Title: Go to the National Credit Union Administration Federally insured by NCUA
Search URL Search Domain Scan URL
Title: Equal Housing Lender
Search URL Search Domain Scan URL
Title: ID
Search URL Search Domain Scan URL
Title: Password
Search URL Search Domain Scan URL
Title: Become a member
Search URL Search Domain Scan URL
Title: Register an Account
Search URL Search Domain Scan URL
Title: Check out our FAQs
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
personal.php
krayonmag.org/MACU/ |
95 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
krayonmag.org/MACU/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
krayonmag.org/MACU/css/ |
38 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cssjquery.smartbanner.css
krayonmag.org/MACU/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
krayonmag.org/MACU/css/ |
249 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cvd1zmo.css
krayonmag.org/MACU/css/ |
2 KB 593 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LiveChatWidgetFrame.css
krayonmag.org/MACU/css/ |
2 KB 640 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search_icon_white.png
krayonmag.org/MACU/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p.css
p.typekit.net/ |
5 B 195 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header_logo.svg
krayonmag.org/MACU/images/ |
10 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/a3a085/00000000000000007735ba73/30/ |
16 KB 17 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
266 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social-icon-facebook.svg
krayonmag.org/MACU/images/ |
656 B 629 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social-icon-youtube.svg
krayonmag.org/MACU/images/ |
1 KB 918 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social-icon-instagram.svg
krayonmag.org/MACU/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social-icon-twitter.svg
krayonmag.org/MACU/images/ |
995 B 790 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social-icon-linkedin.svg
krayonmag.org/MACU/images/ |
796 B 687 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ncua_logo.png
krayonmag.org/MACU/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-equal-housing.svg
krayonmag.org/MACU/images/ |
640 B 586 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer_mountains.svg
krayonmag.org/MACU/images/ |
2 KB 666 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
krayonmag.org/MACU/Fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/e7065f/00000000000000007735ba3f/30/ |
20 KB 20 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff
krayonmag.org/MACU/Fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.ttf
krayonmag.org/MACU/Fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mountain America Credit Union (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
krayonmag.org/ | Name: PHPSESSID Value: 35d0f511faab0d633b500c5ed115c8ae |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
krayonmag.org
p.typekit.net
use.typekit.net
198.54.125.47
2a02:26f0:11a::6867:4841
2a02:26f0:ea::1706:708b
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
395ba7d4187e9ee539495094380c0292b5edcc3b28228d9e871c9d2a471f1916
661ad0861039f6323b4167c759cec7305c985587c147ea964711686a889481c6
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
6f2ec1d519d369425aeab2897e77ed0d739207f7cb5804bd878cfb5aca738d0f
8410589b4971be529f338c82cfedcea52f21bde765b583960d438616b9d1d257
90af0447f5d8a9d4705c9aa636d31ce859f280460810f68f1de93922277fb0ef
a7a05d6db9fff3ed1d8626f59c88628a08dd321a7bc8682e007f2f8de2f9cd3c
ab072a017662be34b6ac4da319eeffa3a6b1132ba5fc02875b3e10dfb765471a
cd200ca58fd7deefadb97d41cd302ee11a22bac62bc8f619d70b1e0f75a4c8e9
d35bdade27b3f2a1e604fb83aba7fad8e53dc22a98e6953218922c4ffd247a7b
d7b371bfbeda687c7e7e4738bea7f985953adab2134dd573874a281e3ed8be7a
db5ada908e9f117b69973c0d2e72b8a8b8781603e4103ce83dea5f470cb2a5d1
dfbb0e75d11ddbeffccee0ff70fad5a6e367fb7693d9177f7848aea80f5b8545
e23b1851926f1f909295d26142dfe45ceabc52fe898f724b4f61a659f6ac6a53
e4703b036cd2f3556c84f78d02d7022f1a5a3b4959c36c3e11a91ea2e0100130
ed6e7f434ca0748610440d7d2b5903e49325a70406fb695eb91104e42114bdda
f5e52056a2430132f8aece37250adea25254c4728a05d600c1915931b6ebde4d
f6d1c3dd273fad6871f347b1391f11cd6b765d19a8cf91026f7d66558b512192