www1.uimn.org Open in urlscan Pro
156.99.122.11  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://reurl.cc/mnoq5W Page URL
2. https://www1.uimn.org/ui_applicant/applicant/login.do Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	mnoq5W Show response reurl.cc/	2 KB 1 KB	1077ms 271ms	Document text/html	35.194.141.193 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://reurl.cc/mnoq5W Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.194.141.193 New Taipei, Taiwan, ASN15169 (GOOGLE, US), Reverse DNS 193.141.194.35.bc.googleusercontent.com Software nginx/1.4.6 (Ubuntu) / Resource Hash 94e8d79d9bd391869fed31a8a5a5c11e40ae0e3ba16317789b3f4abc67cc4bf3 Security Headers Name Value X-Frame-Options DENY Request headers Host reurl.cc Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server nginx/1.4.6 (Ubuntu) Date Sat, 27 Feb 2021 15:06:51 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Target https://www1.uimn.org/ui_applicant/applicant/login.do X-Frame-Options DENY Content-Encoding gzip
GET H2	200	analytics.js Show response www.google-analytics.com/	46 KB 19 KB	6ms 5ms	Script text/javascript	2a00:1450:4001:827::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: reurl.cc URL: https://reurl.cc/mnoq5W Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://reurl.cc/mnoq5W User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Fri, 05 Feb 2021 21:33:27 GMT server Golfe2 age 4774 date Sat, 27 Feb 2021 13:47:17 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18980 expires Sat, 27 Feb 2021 15:47:17 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	91 KB 24 KB	19ms 6ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: reurl.cc URL: https://reurl.cc/mnoq5W Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://reurl.cc/mnoq5W User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 23762 x-fb-rlafr 0 pragma public x-fb-debug tcWM2xMRtLGqoqww04UYZY2u/vH5vI2Wmk//7xfckj7mXNlgfXxf657XRYLGGdMyVV4ovL66PFyhNVOrVwBOBg== x-fb-trip-id 686109401 x-frame-options DENY date Sat, 27 Feb 2021 15:06:51 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 x-xss-protection 0 cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
POST H3-Q050	200	collect Show response www.google-analytics.com/j/	4 B 65 B	13ms 13ms	XHR text/plain	2a00:1450:4001:827::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j88&a=2699786&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2Fmnoq5W&ul=en-us&de=UTF-8&dt=Applicant%20login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=2143244861&gjid=995321225&cid=1781657932.1614438412&tid=UA-102456694-1&_gid=1864636593.1614438412&_r=1&_slc=1&z=1996844181 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://reurl.cc/mnoq5W User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Sat, 27 Feb 2021 15:06:52 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://reurl.cc cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	1675200226052423 Show response connect.facebook.net/signals/config/	28 KB 8 KB	6ms 6ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1675200226052423?v=2.9.33&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 20a3b1222ad45b2642229170ae9376f47edbfaed85ada8cfdf3f7d395a3e84d5 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://reurl.cc/mnoq5W User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; content-encoding gzip x-content-type-options nosniff x-xss-protection 0 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 8092 x-fb-rlafr 0 pragma public x-fb-debug OixNj6UlGZqDLrBWcaXBW8Jv6vJeGp9oG/zHHpjWSjdWfXhZByfPH7DRAhV0spx1HlQqufWWPEurzzfVGpBGbA== x-fb-trip-id 686109401 x-frame-options DENY date Sat, 27 Feb 2021 15:06:52 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
POST H2	200	collect stats.g.doubleclick.net/j/	4 B 441 B	40ms 13ms	XHR text/plain	2a00:1450:400c:c1b::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-102456694-1&cid=1781657932.1614438412&jid=2143244861&gjid=995321225&_gid=1864636593.1614438412&_u=IEBAAEAAAAAAAC~&z=381428132 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c1b::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://reurl.cc/mnoq5W User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Sat, 27 Feb 2021 15:06:52 GMT content-type text/plain access-control-allow-origin https://reurl.cc cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 408 B	19ms 5ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2Fmnoq5W&rl=&if=false&ts=1614438412027&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=28&fbp=fb.1.1614438412025.1164429160&it=1614438412011&coo=false&rqm=GET Requested by Host: reurl.cc URL: https://reurl.cc/mnoq5W Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://reurl.cc/mnoq5W User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 27 Feb 2021 15:06:52 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 44 expires Sat, 27 Feb 2021 15:06:52 GMT
GET H/1.1	200 OK	Primary Request Cookie set login.do Show response www1.uimn.org/ui_applicant/applicant/	11 KB 12 KB	926ms 162ms	Document text/html	156.99.122.11 STATE-OF-MN
General Check archive.org Show headers Download Go to Full URL https://www1.uimn.org/ui_applicant/applicant/login.do Requested by Host: reurl.cc URL: https://reurl.cc/mnoq5W Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 156.99.122.11 Stillwater, United States, ASN1998 (STATE-OF-MN, US), Reverse DNS www1.uimn.org Software / Servlet/3.0 Resource Hash 73a259c696855c1f1319cdceaba9fdc3d07da0b452b6d5f3417305db6692beba Request headers Host www1.uimn.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://reurl.cc/mnoq5W Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://reurl.cc/mnoq5W Response headers Date Sat, 27 Feb 2021 15:06:51 GMT X-Powered-By Servlet/3.0 X-OneAgent-JS-Injection true Set-Cookie MNUI-8675309-JSESSIONID=0001CIxHdLERu__gnawRnW64KJU:1afje7i1s; Path=/; HttpOnly MNUI-8675309-JSESSIONID=00019RqlufhydL3_iTxoQDmlOhL:1afje7i1s; Path=/; HttpOnly MNUI-8675309-JSESSIONID=0001qapPLJAAZAyGPgza3fgvtwV:1afje7i1s; Path=/; HttpOnly dtCookie=v_4_srv_5_sn_6ED74227BA6698FD97E0915A8F3337F2_perc_100000_ol_0_mul_1; Path=/; Domain=.uimn.org Expires Thu, 01 Dec 1994 16:00:00 GMT Cache-Control no-cache="set-cookie, set-cookie2" Server-Timing dtRpid;desc="769836725" Keep-Alive timeout=10, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=ISO-8859-1 Content-Language en-US
GET H2	200	ga-audiences www.google.com/ads/	42 B 505 B	48ms 28ms	Image image/gif	2a00:1450:4001:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-102456694-1&cid=1781657932.1614438412&jid=2143244861&_u=IEBAAEAAAAAAAC~&z=1021308706 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://reurl.cc/mnoq5W User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Sat, 27 Feb 2021 15:06:52 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 505 B	50ms 30ms	Image image/gif	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-102456694-1&cid=1781657932.1614438412&jid=2143244861&_u=IEBAAEAAAAAAAC~&z=1021308706 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://reurl.cc/mnoq5W User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Sat, 27 Feb 2021 15:06:52 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	ruxitagentjs_ICA27SVdfhjqru_10209210209190405.js Show response www1.uimn.org/ui_javascripts/	207 KB 80 KB	362ms 125ms	Script text/javascript	156.99.122.11 STATE-OF-MN
General Check archive.org Show headers Download Go to Full URL https://www1.uimn.org/ui_javascripts/ruxitagentjs_ICA27SVdfhjqru_10209210209190405.js Requested by Host: www1.uimn.org URL: https://www1.uimn.org/ui_applicant/applicant/login.do Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 156.99.122.11 Stillwater, United States, ASN1998 (STATE-OF-MN, US), Reverse DNS www1.uimn.org Software / Resource Hash 89f6b352c233f42fca2a67115b4c51df4b9870d1df90ef0e6bbbc234c61b0335 Request headers Referer https://www1.uimn.org/ui_applicant/applicant/login.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 27 Feb 2021 15:06:52 GMT Content-Encoding gzip Last-Modified Wed, 03 Mar 2010 07:01:40 GMT Content-Type text/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control public, max-age=31536000, immutable Connection Keep-Alive Keep-Alive timeout=10, max=98 Content-Length 81694 Expires Sun, 27 Feb 2022 15:06:52 GMT
GET H/1.1	200 OK	ui.css www1.uimn.org/ui_applicant/stylesheets/	13 KB 13 KB	232ms 131ms	Stylesheet text/css	156.99.122.11 STATE-OF-MN
General Check archive.org Show headers Download Go to Full URL https://www1.uimn.org/ui_applicant/stylesheets/ui.css Requested by Host: www1.uimn.org URL: https://www1.uimn.org/ui_applicant/applicant/login.do Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 156.99.122.11 Stillwater, United States, ASN1998 (STATE-OF-MN, US), Reverse DNS www1.uimn.org Software / Resource Hash 819c5e6797cca1b144e323a7fbc9131b1896de02c153300bac606cfc8d1ed136 Request headers Referer https://www1.uimn.org/ui_applicant/applicant/login.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 27 Feb 2021 15:06:51 GMT Last-Modified Mon, 08 Feb 2021 21:29:53 GMT ETag "327d-5bad9dedc2bc3" Content-Type text/css Connection Keep-Alive Server-Timing dtRpid;desc="1953913631" Accept-Ranges bytes Keep-Alive timeout=10, max=99 Content-Length 12925
GET H/1.1	200 OK	util.js Show response www1.uimn.org/ui_applicant/javascripts/	5 KB 6 KB	381ms 126ms	Script application/x-javascript	156.99.122.11 STATE-OF-MN
General Check archive.org Show headers Download Go to Full URL https://www1.uimn.org/ui_applicant/javascripts/util.js Requested by Host: www1.uimn.org URL: https://www1.uimn.org/ui_applicant/applicant/login.do Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 156.99.122.11 Stillwater, United States, ASN1998 (STATE-OF-MN, US), Reverse DNS www1.uimn.org Software / Resource Hash 53778182e38b7ff1d8eb9d767dc1e54cb55a0aa1d639e55898067d21f3988897 Request headers Referer https://www1.uimn.org/ui_applicant/applicant/login.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 27 Feb 2021 15:06:52 GMT Last-Modified Mon, 08 Feb 2021 21:29:51 GMT ETag "14d1-5bad9debbbe77" Content-Type application/x-javascript Connection Keep-Alive Server-Timing dtRpid;desc="1773567404" Accept-Ranges bytes Keep-Alive timeout=10, max=100 Content-Length 5329
GET H/1.1	200 OK	spacer.gif www1.uimn.org/ui_applicant/images/	43 B 335 B	128ms 128ms	Image image/gif	156.99.122.11 STATE-OF-MN
General Check archive.org Show headers Download Go to Show image Full URL https://www1.uimn.org/ui_applicant/images/spacer.gif Requested by Host: www1.uimn.org URL: https://www1.uimn.org/ui_applicant/applicant/login.do Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 156.99.122.11 Stillwater, United States, ASN1998 (STATE-OF-MN, US), Reverse DNS www1.uimn.org Software / Resource Hash 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7 Request headers Referer https://www1.uimn.org/ui_applicant/applicant/login.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 27 Feb 2021 15:06:52 GMT Last-Modified Mon, 08 Feb 2021 21:29:52 GMT ETag "2b-5bad9ded358ff" Content-Type image/gif Connection Keep-Alive Server-Timing dtRpid;desc="-447974474" Accept-Ranges bytes Keep-Alive timeout=10, max=97 Content-Length 43
GET H/1.1	200 OK	Unemployment%20Insurance%20Logo%20RGB-websites-projects.png www1.uimn.org/ui_applicant/images/	77 KB 77 KB	134ms 133ms	Image image/png	156.99.122.11 STATE-OF-MN
General Check archive.org Show headers Download Go to Show image Full URL https://www1.uimn.org/ui_applicant/images/Unemployment%20Insurance%20Logo%20RGB-websites-projects.png Requested by Host: www1.uimn.org URL: https://www1.uimn.org/ui_applicant/applicant/login.do Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 156.99.122.11 Stillwater, United States, ASN1998 (STATE-OF-MN, US), Reverse DNS www1.uimn.org Software / Resource Hash 402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268 Request headers Referer https://www1.uimn.org/ui_applicant/applicant/login.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 27 Feb 2021 15:06:52 GMT Last-Modified Mon, 08 Feb 2021 21:29:51 GMT ETag "133e6-5bad9dec5480b" Content-Type image/png Connection Keep-Alive Server-Timing dtRpid;desc="-1225943950" Accept-Ranges bytes Keep-Alive timeout=10, max=99 Content-Length 78822
POST H/1.1	200 OK	rb_bf91035bph Show response www1.uimn.org/ui_javascripts/	125 B 441 B	126ms 125ms	XHR text/plain	156.99.122.11 STATE-OF-MN
General Check archive.org Show headers Download Go to Full URL https://www1.uimn.org/ui_javascripts/rb_bf91035bph?type=js3&sn=v_4_srv_5_sn_6ED74227BA6698FD97E0915A8F3337F2_perc_100000_ol_0_mul_1&svrid=5&flavor=post&vi=RKRWACBAMEHMRCUUFBIHNKLURWJLPPHT-0&modifiedSince=1614207112571&rf=https%3A%2F%2Fwww1.uimn.org%2Fui_applicant%2Fapplicant%2Flogin.do&bp=3&app=06fe4f82790bea7d&crc=1196900804&end=1 Requested by Host: www1.uimn.org URL: https://www1.uimn.org/ui_javascripts/ruxitagentjs_ICA27SVdfhjqru_10209210209190405.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 156.99.122.11 Stillwater, United States, ASN1998 (STATE-OF-MN, US), Reverse DNS www1.uimn.org Software / Resource Hash 3182c7b0f1b7586d120f840651af56d080fc5f8135c6395c6a13211ba94d4e20 Request headers Referer https://www1.uimn.org/ui_applicant/applicant/login.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Sat, 27 Feb 2021 15:06:54 GMT Connection Keep-Alive Keep-Alive timeout=10, max=98 Content-Length 125 Content-Type text/plain; charset=utf-8
POST H/1.1	200 OK	rb_bf91035bph Show response www1.uimn.org/ui_javascripts/	125 B 299 B	124ms 124ms	XHR text/plain	156.99.122.11 STATE-OF-MN
General Check archive.org Show headers Download Go to Full URL https://www1.uimn.org/ui_javascripts/rb_bf91035bph?type=js3&sn=v_4_srv_5_sn_6ED74227BA6698FD97E0915A8F3337F2_perc_100000_ol_0_mul_1_app-3A06fe4f82790bea7d_1&svrid=5&flavor=post&vi=RKRWACBAMEHMRCUUFBIHNKLURWJLPPHT-0&modifiedSince=1614207112571&rf=https%3A%2F%2Fwww1.uimn.org%2Fui_applicant%2Fapplicant%2Flogin.do&bp=3&app=06fe4f82790bea7d&crc=147514508&end=1 Requested by Host: www1.uimn.org URL: https://www1.uimn.org/ui_javascripts/ruxitagentjs_ICA27SVdfhjqru_10209210209190405.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 156.99.122.11 Stillwater, United States, ASN1998 (STATE-OF-MN, US), Reverse DNS www1.uimn.org Software / Resource Hash 3182c7b0f1b7586d120f840651af56d080fc5f8135c6395c6a13211ba94d4e20 Request headers Referer https://www1.uimn.org/ui_applicant/applicant/login.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Sat, 27 Feb 2021 15:06:56 GMT Connection Keep-Alive Keep-Alive timeout=10, max=97 Content-Length 125 Content-Type text/plain; charset=utf-8

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Government (Government)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| dT_ object| dtrum boolean| isNN function| autoTab function| textCounter function| textCounterNew function| bindTextAreaEvents function| bindTextAreaEventsNew

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.uimn.org/	1969-12-31 23:59:59	Name: rxvt Value: 1614440213943|1614438413471
			.uimn.org/	1969-12-31 23:59:59	Name: dtLatC Value: 382
			.uimn.org/	1969-12-31 23:59:59	Name: dtSa Value: -
			.uimn.org/	1969-12-31 23:59:59	Name: dtPC Value: 5$438413466_690h2vRKRWACBAMEHMRCUUFBIHNKLURWJLPPHT-0e1
			.uimn.org/	1969-12-31 23:59:59	Name: rxVisitor Value: 1614438413469P7NQUIURV5FLKQMTJTMAR3I81NQSLRUT
			.uimn.org/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_5_sn_6ED74227BA6698FD97E0915A8F3337F2_perc_100000_ol_0_mul_1
			www1.uimn.org/	1969-12-31 23:59:59	Name: MNUI-8675309-JSESSIONID Value: 0001qapPLJAAZAyGPgza3fgvtwV:1afje7i1s

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
reurl.cc
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www1.uimn.org
156.99.122.11
2a00:1450:4001:80e::2004
2a00:1450:4001:827::200e
2a00:1450:4001:82a::2003
2a00:1450:400c:c1b::9b
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
35.194.141.193
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
20a3b1222ad45b2642229170ae9376f47edbfaed85ada8cfdf3f7d395a3e84d5
3182c7b0f1b7586d120f840651af56d080fc5f8135c6395c6a13211ba94d4e20
402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268
53778182e38b7ff1d8eb9d767dc1e54cb55a0aa1d639e55898067d21f3988897
73a259c696855c1f1319cdceaba9fdc3d07da0b452b6d5f3417305db6692beba
819c5e6797cca1b144e323a7fbc9131b1896de02c153300bac606cfc8d1ed136
89f6b352c233f42fca2a67115b4c51df4b9870d1df90ef0e6bbbc234c61b0335
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
94e8d79d9bd391869fed31a8a5a5c11e40ae0e3ba16317789b3f4abc67cc4bf3
9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8