![](/screenshots/fa9747a2-43ba-4a41-a067-94d31deee0de.png)
wyowings.ch
Open in
urlscan Pro
2001:1600:4:13:1a66:daff:fe85:d556
Malicious Activity!
Public Scan
Effective URL: https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/
Submission Tags: falconsandbox
Submission: On March 08 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 25th 2023. Valid for: 3 months.
This is the only time wyowings.ch was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Navy Federal Credit Union (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:310... 2606:4700:3108::ac42:2905 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 26 | 2001:1600:4:1... 2001:1600:4:13:1a66:daff:fe85:d556 | 29222 (INFOMANIA...) (INFOMANIAK-AS) | |
1 | 62.210.131.75 62.210.131.75 | 12876 (Online SAS) (Online SAS) | |
18 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
wyowings.ch
9 redirects
wyowings.ch |
485 KB |
1 |
none.com
none.com — Cisco Umbrella Rank: 852511 |
|
1 |
cli.co
1 redirects
cli.co |
200 B |
18 | 3 |
Domain | Requested by | |
---|---|---|
26 | wyowings.ch |
9 redirects
wyowings.ch
|
1 | none.com |
wyowings.ch
|
1 | cli.co | 1 redirects |
18 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
wyowings.ch R3 |
2023-02-25 - 2023-05-26 |
3 months | crt.sh |
none.com R3 |
2023-01-15 - 2023-04-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/
Frame ID: 286D17573304A03BF7C0B10F3A462796
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/fa9747a2-43ba-4a41-a067-94d31deee0de.png)
Page Title
Navy Federal Credit Union - We serve where you serveNavy Federal Credit Union - We serve where you servePage URL History Show full URLs
-
https://cli.co/2-39zk9
HTTP 302
https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/ Page URL
Detected technologies
Detected patterns
- /wp-(?:content|includes)/
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cli.co/2-39zk9
HTTP 302
https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/imgs/bat.js HTTP 307
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/imgs/bat.js/?v=ee2d312f5477
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/imgs/s39876891442473.js HTTP 307
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/imgs/s39876891442473.js/?v=ee2d312f5477
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/styles.css HTTP 307
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/styles.css/?v=ee2d312f5477
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/css.css HTTP 307
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/css.css/?v=ee2d312f5477
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/facebox.css HTTP 307
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/facebox.css/?v=ee2d312f5477
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/jquery-1.js HTTP 307
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/jquery-1.js/?v=ee2d312f5477
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/jquery.js HTTP 307
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/jquery.js/?v=ee2d312f5477
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/facebox.js HTTP 307
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/facebox.js/?v=ee2d312f5477
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/imgs/aggregator.css HTTP 307
- https://wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/imgs/aggregator.css/?v=ee2d312f5477
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/imgs/bat.js/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/imgs/s39876891442473.js/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/styles.css/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/css.css/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/facebox.css/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/jquery-1.js/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/jquery.js/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/img/facebox.js/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/imgs/aggregator.css/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header.PNG
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
headlnk.PNG
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginbd.PNG
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/images/ |
110 KB 105 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ads.PNG
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/images/ |
288 KB 289 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
help.PNG
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer.png
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/images/ |
59 KB 55 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signinbt.PNG
wyowings.ch/wp-includes/SimplePie/xms/secure/federal.orgNFOAA_Authlogin.jsp/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
none.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Navy Federal Credit Union (Government)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| unhideBody2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wyowings.ch/ | Name: PHPSESSID Value: fee07fda048c1eea812ebe3e6744c085 |
|
wyowings.ch/ | Name: wp_woocommerce_session_9f8631565b8ecfaf54fee5541e2b1cef Value: t_02e14d58b2d3d456c7d60201fb65c1%7C%7C1678464207%7C%7C1678460607%7C%7C5bf28a434139dccfd3a0d3a15bbf35e7 |
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=16000000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cli.co
none.com
wyowings.ch
2001:1600:4:13:1a66:daff:fe85:d556
2606:4700:3108::ac42:2905
62.210.131.75
4f81ccf4530d5d8a706f8f50e4072c03c1a9e2865a37b592b04a3cd2b5b7acbd
6877ea5eaa42d66d9bcc88ee4fef0b878587b7740af5d74d1228006e51ff6b9b
696e4c389f745a2e93d35ed8c3f63dbb1f0d257c44a6775c471bf90037d02351
7f711b583b4d6c24e7dc2e1d51495d1f53c0ca37fb6575e20d1c7f66ab52c33f
b68f256cc106ceb48acd4ce1389ce0c554b306bcb770a64d1a04fbf69f90a00d
c4829e9aed0e9ae4477d352cea824c69eacd6e6f970e1c19893df3df663f2ef3
c4a59e7623327ffc1b4055f12dc1a52d74fcf9cc0e4098025c4995385d426acf
c55c0eb5076a96447708fecec75ad0037a16b7f9d29e271e521fc0b22d2c6349
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855