www1.uimn.org
Open in
urlscan Pro
156.99.122.11
Malicious Activity!
Public Scan
Effective URL: https://www1.uimn.org/ui_applicant/applicant/login.do
Submission: On February 27 via manual from US
Summary
TLS certificate: Issued by Sectigo RSA Extended Validation Secur... on June 5th 2020. Valid for: 2 years.
This is the only time www1.uimn.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 35.194.141.193 35.194.141.193 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:827::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a00:1450:400... 2a00:1450:400c:c1b::9b | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
8 | 156.99.122.11 156.99.122.11 | 1998 (STATE-OF-MN) (STATE-OF-MN) | |
1 | 2a00:1450:400... 2a00:1450:4001:80e::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::2003 | 15169 (GOOGLE) (GOOGLE) | |
17 | 8 |
ASN15169 (GOOGLE, US)
PTR: 193.141.194.35.bc.googleusercontent.com
reurl.cc |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN1998 (STATE-OF-MN, US)
PTR: www1.uimn.org
www1.uimn.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
uimn.org
www1.uimn.org |
189 KB |
2 |
facebook.net
connect.facebook.net |
32 KB |
2 |
google-analytics.com
www.google-analytics.com |
19 KB |
1 |
google.de
www.google.de |
505 B |
1 |
google.com
www.google.com |
505 B |
1 |
facebook.com
www.facebook.com |
408 B |
1 |
doubleclick.net
stats.g.doubleclick.net |
441 B |
1 |
reurl.cc
reurl.cc |
1 KB |
17 | 8 |
Domain | Requested by | |
---|---|---|
8 | www1.uimn.org |
reurl.cc
www1.uimn.org |
2 | connect.facebook.net |
reurl.cc
connect.facebook.net |
2 | www.google-analytics.com |
reurl.cc
www.google-analytics.com |
1 | www.google.de | |
1 | www.google.com | |
1 | www.facebook.com |
reurl.cc
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | reurl.cc | |
17 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.uimn.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
reurl.cc R3 |
2021-01-09 - 2021-04-09 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2021-01-26 - 2021-04-20 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-02-10 - 2021-05-10 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2021-01-26 - 2021-04-20 |
3 months | crt.sh |
www1.uimn.org Sectigo RSA Extended Validation Secure Server CA |
2020-06-05 - 2022-06-05 |
2 years | crt.sh |
www.google.com GTS CA 1O1 |
2021-01-26 - 2021-04-20 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2021-01-26 - 2021-04-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www1.uimn.org/ui_applicant/applicant/login.do
Frame ID: B34683959DF21F37093851CE5489FAD0
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://reurl.cc/mnoq5W Page URL
- https://www1.uimn.org/ui_applicant/applicant/login.do Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Ruxit (Analytics) Expand
Detected patterns
- script /ruxitagentjs/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Return to the Unemployment Benefits Home Page
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://reurl.cc/mnoq5W Page URL
- https://www1.uimn.org/ui_applicant/applicant/login.do Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
mnoq5W
reurl.cc/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
46 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
91 KB 24 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
collect
www.google-analytics.com/j/ |
4 B 65 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1675200226052423
connect.facebook.net/signals/config/ |
28 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 441 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
44 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
login.do
www1.uimn.org/ui_applicant/applicant/ |
11 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 505 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 505 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ruxitagentjs_ICA27SVdfhjqru_10209210209190405.js
www1.uimn.org/ui_javascripts/ |
207 KB 80 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ui.css
www1.uimn.org/ui_applicant/stylesheets/ |
13 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
util.js
www1.uimn.org/ui_applicant/javascripts/ |
5 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spacer.gif
www1.uimn.org/ui_applicant/images/ |
43 B 335 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Unemployment%20Insurance%20Logo%20RGB-websites-projects.png
www1.uimn.org/ui_applicant/images/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
rb_bf91035bph
www1.uimn.org/ui_javascripts/ |
125 B 441 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
rb_bf91035bph
www1.uimn.org/ui_javascripts/ |
125 B 299 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Government (Government)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| dT_ object| dtrum boolean| isNN function| autoTab function| textCounter function| textCounterNew function| bindTextAreaEvents function| bindTextAreaEventsNew7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.uimn.org/ | Name: rxvt Value: 1614440213943|1614438413471 |
|
.uimn.org/ | Name: dtLatC Value: 382 |
|
.uimn.org/ | Name: dtSa Value: - |
|
.uimn.org/ | Name: dtPC Value: 5$438413466_690h2vRKRWACBAMEHMRCUUFBIHNKLURWJLPPHT-0e1 |
|
.uimn.org/ | Name: rxVisitor Value: 1614438413469P7NQUIURV5FLKQMTJTMAR3I81NQSLRUT |
|
.uimn.org/ | Name: dtCookie Value: v_4_srv_5_sn_6ED74227BA6698FD97E0915A8F3337F2_perc_100000_ol_0_mul_1 |
|
www1.uimn.org/ | Name: MNUI-8675309-JSESSIONID Value: 0001qapPLJAAZAyGPgza3fgvtwV:1afje7i1s |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.facebook.net
reurl.cc
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www1.uimn.org
156.99.122.11
2a00:1450:4001:80e::2004
2a00:1450:4001:827::200e
2a00:1450:4001:82a::2003
2a00:1450:400c:c1b::9b
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
35.194.141.193
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
20a3b1222ad45b2642229170ae9376f47edbfaed85ada8cfdf3f7d395a3e84d5
3182c7b0f1b7586d120f840651af56d080fc5f8135c6395c6a13211ba94d4e20
402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268
53778182e38b7ff1d8eb9d767dc1e54cb55a0aa1d639e55898067d21f3988897
73a259c696855c1f1319cdceaba9fdc3d07da0b452b6d5f3417305db6692beba
819c5e6797cca1b144e323a7fbc9131b1896de02c153300bac606cfc8d1ed136
89f6b352c233f42fca2a67115b4c51df4b9870d1df90ef0e6bbbc234c61b0335
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
94e8d79d9bd391869fed31a8a5a5c11e40ae0e3ba16317789b3f4abc67cc4bf3
9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8