![](/screenshots/31b5720f-9495-4128-97b1-03e7fcfa5ca2.png)
www.revistametro.com.ar
Open in
urlscan Pro
200.80.43.50
Malicious Activity!
Public Scan
Submission: On July 18 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 18th 2022. Valid for: 3 months.
This is the only time www.revistametro.com.ar was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 200.80.43.50 200.80.43.50 | 18747 (IFX18747) (IFX18747) | |
6 | 66.22.13.8 66.22.13.8 | 25773 (RADWARE-C...) (RADWARE-CLOUD-SERVICES) | |
10 | 3 |
ASN18747 (IFX18747, US)
PTR: cva1.toservers.com
www.revistametro.com.ar |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
uimn.org
www1.uimn.org — Cisco Umbrella Rank: 377825 |
254 KB |
3 |
revistametro.com.ar
www.revistametro.com.ar |
69 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
6 | www1.uimn.org |
www.revistametro.com.ar
|
3 | www.revistametro.com.ar |
www.revistametro.com.ar
www1.uimn.org |
10 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.uimn.org |
www1.uimn.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.revistametro.com.ar R3 |
2022-06-18 - 2022-09-16 |
3 months | crt.sh |
www1.uimn.org Sectigo RSA Extended Validation Secure Server CA |
2022-05-19 - 2023-05-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.revistametro.com.ar/wp-content/mu-plugins/mn/
Frame ID: 576D83E4351E2DEF187C3EB99BFE2188
Requests: 10 HTTP requests in this frame
8 Outgoing links
These are links going to different origins than the main page.
Title: Information For Applicants
Search URL Search Domain Scan URL
Title: How to Apply
Search URL Search Domain Scan URL
Title: Information Handbook
Search URL Search Domain Scan URL
Title: Video Library
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: Privacy and security
Search URL Search Domain Scan URL
Title: System requirements
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.revistametro.com.ar/wp-content/mu-plugins/mn/ |
18 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA27SVdfhjqru_10211210318124316.js
www1.uimn.org/ui_javascripts/ |
212 KB 92 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui.css
www1.uimn.org/ui_applicant/stylesheets/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.js
www1.uimn.org/ui_applicant/javascripts/ |
80 KB 81 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spacer.gif
www1.uimn.org/ui_applicant/images/ |
43 B 331 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Unemployment%20Insurance%20Logo%20RGB-websites-projects.png
www1.uimn.org/ui_applicant/images/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b_login.gif
www1.uimn.org/ui_applicant/images/ |
679 B 970 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spacer.gif
www.revistametro.com.ar/ui_applicant/images/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
rb_bf91035bph
www.revistametro.com.ar/ui_javascripts/ |
42 KB 43 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST |
rb_bf91035bph
www.revistametro.com.ar/ui_javascripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.revistametro.com.ar
- URL
- https://www.revistametro.com.ar/ui_javascripts/rb_bf91035bph?type=js3&sn=v_4_srv_-2D13_sn_3KOJNCLAFKU92EQQK469SC85E6G65GH0&svrid=-13&flavor=post&vi=BHJKRPMJFHFKUJUOIBPIPKEHUNUEMOWD-0&modifiedSince=1616794171116&rf=https%3A%2F%2Fwww.revistametro.com.ar%2Fwp-content%2Fmu-plugins%2Fmn%2F&bp=3&app=06fe4f82790bea7d&crc=2463555923&en=sstvhqbf&end=1
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Government (Government)106 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| dT_ object| dtrum boolean| isNN function| autoTab function| textCounter function| textCounterNew function| bindTextAreaEvents function| bindTextAreaEventsNew function| changeLanguagePref function| setCookie function| getAppointmentOptions object| selectedJudgeId function| getUnemploymentLawJudges object| rescheduleJudgeId function| getUnemploymentLawRescheduleJudges function| getReassignAppointmentOptions boolean| showFlag function| showHide function| blockView object| issueId object| issueSeqNu function| populateDataTable function| showHideReassign function| getEvents function| resetULJCriteria function| searchULJCriteria function| validateULJData function| createNoDataTable function| populateMobileData function| populateNoDataCard string| issueIdMob string| issueSeqMob function| renderMobileView function| resetApplicantCriteria function| searchApplicantCriteria function| validateApplicantData function| showValidationDialog function| resetEmployerCriteria function| searchEmployerCriteria function| validateEmployerData function| checkVisibility function| reassignAppeal string| selectedCalendarEvent function| scheduleAppeal function| removeBlockViewChildElements function| updateTimeOptionsMap function| replaceSelectTimesMessage function| checkBlockedTabVisibility function| createMultiSelectTimeStore function| consvertToMilitaryTime string| selectedStart string| selectedEnd function| daySelectedEvent function| blockAppointment function| unblockAppointment function| setViewBasedTime undefined| readOnly function| getUserReadOnlyAccess undefined| hasAdmin function| userAllowedToAddDeleteAdjudicators function| showAddDeleteAdjudicatorPane function| retrieveNonMonQueuesFromDataSource function| getAdjudicatorList function| populateAdjudicatorDropDown function| updateHistoryUserDropDown function| updateAdjudicatorDeleteDropDown function| getIssueStatusCodes function| updateQueueAccessPane function| getUsersWithQueueAccess function| updateQueueId function| saveUserQueueAccess function| saveCellValue function| updateAdjudicatorId function| updateQueueSaveNode function| formatSkillLevel function| formatToSkillCode function| updateQueueAccessOnTab function| updateAdjudicatorAccessPane function| getQueueAccessByAdjudicatorId function| updateAdjudicatorAccessPaneOnTab function| saveAdjudicatorQueueAccess function| deleteAdjudicator function| indicateDeletionSuccess function| reactivateAdjudicator function| indicateReactivationSuccess function| getAdjudicatorHistoryDetails function| issuesAdjudicatedPaneTab function| getAdjudicatorHistoryDetailsOnTab function| download function| formatApplicantId function| formatDateSource function| populateQueueMobileView function| populateAdjudicatorMobileView function| populateAdjHistoryMobileView function| formatAppId undefined| clickflag function| preventMultiSubmit function| multipleSelectItems6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.revistametro.com.ar/ | Name: dtCookie Value: v_4_srv_-2D13_sn_3KOJNCLAFKU92EQQK469SC85E6G65GH0 |
|
.revistametro.com.ar/ | Name: rxVisitor Value: 1658163283855RVO9KDRGV985L3TVLRQ2JHH58703865Q |
|
.revistametro.com.ar/ | Name: dtLatC Value: 720 |
|
.revistametro.com.ar/ | Name: dtSa Value: - |
|
.revistametro.com.ar/ | Name: rxvt Value: 1658165084790|1658163283861 |
|
.revistametro.com.ar/ | Name: dtPC Value: -13$363283843_124h-vBHJKRPMJFHFKUJUOIBPIPKEHUNUEMOWD-0e0 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.revistametro.com.ar
www1.uimn.org
www.revistametro.com.ar
200.80.43.50
66.22.13.8
257e73e5391c3cc378882ac81fe8c066f3fd0ccbdc3913720695a77c38e3550d
402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
b2aec0678ff5fcf795a673c25c619890949b3734805915f5ecd178cae8e55195
b78a67376d848cc80c7b49efeb54580e86325a773d3a381dc7ed897415c3ce6d
bd22423783e0d45c146b0d4fcd98b0aa427ad0622b9afa9a0307bc289123ef79
c38a43e8d5049d0b56377a2226d2f1fcef193142c115e753a02c8f0c9d8e6856
d14cc5be04b3ab95d8a382547e988d3536875528a0b195b1dcacc26989d24e46
ed19f1ff2fc9ad8582126a00c78e25e39c8bb30ea9615629e6a7b87133a474b4