www1.uimn.org
Open in
urlscan Pro
66.22.13.8
Malicious Activity!
Public Scan
Effective URL: https://www1.uimn.org/ui_applicant/applicant/login.do
Submission: On July 21 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Extended Validation Secur... on May 19th 2022. Valid for: a year.
This is the only time www1.uimn.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 198.54.115.217 198.54.115.217 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
19 | 66.22.13.8 66.22.13.8 | 25773 (RADWARE-C...) (RADWARE-CLOUD-SERVICES) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 130.211.29.114 130.211.29.114 | 15169 (GOOGLE) (GOOGLE) | |
3 | 35.241.15.240 35.241.15.240 | 15169 (GOOGLE) (GOOGLE) | |
25 | 5 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server112-3.web-hosting.com
uiimn.xyz |
ASN15169 (GOOGLE, US)
PTR: 114.29.211.130.bc.googleusercontent.com
cdn.perfdrive.com |
ASN15169 (GOOGLE, US)
PTR: 240.15.241.35.bc.googleusercontent.com
cas.avalon.perfdrive.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
uimn.org
www1.uimn.org — Cisco Umbrella Rank: 359552 |
592 KB |
4 |
perfdrive.com
cdn.perfdrive.com — Cisco Umbrella Rank: 17228 cas.avalon.perfdrive.com — Cisco Umbrella Rank: 7327 |
14 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 226 |
7 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 303 |
31 KB |
1 |
uiimn.xyz
1 redirects
uiimn.xyz |
243 B |
25 | 5 |
Domain | Requested by | |
---|---|---|
19 | www1.uimn.org |
www1.uimn.org
|
3 | cas.avalon.perfdrive.com |
cdn.perfdrive.com
|
1 | cdn.perfdrive.com |
www1.uimn.org
|
1 | cdnjs.cloudflare.com |
www1.uimn.org
|
1 | ajax.googleapis.com |
www1.uimn.org
|
1 | uiimn.xyz | 1 redirects |
25 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.uimn.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www1.uimn.org Sectigo RSA Extended Validation Secure Server CA |
2022-05-19 - 2023-05-19 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-06-27 - 2022-09-19 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
*.perfdrive.com Go Daddy Secure Certificate Authority - G2 |
2021-08-31 - 2022-09-26 |
a year | crt.sh |
cas.avalon.perfdrive.com Go Daddy Secure Certificate Authority - G2 |
2021-08-04 - 2022-08-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www1.uimn.org/ui_applicant/applicant/login.do
Frame ID: ADD8DD83CA5CE931B4ABDF1AAC880773
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
Welcome to the Minnesota Unemployment Insurance Benefits SystemPage URL History Show full URLs
-
https://uiimn.xyz/claimants/form.php
HTTP 302
https://www1.uimn.org/ui_applicant/applicant/login.do Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Popper (Miscellaneous) Expand
Detected patterns
- <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Information For Applicants
Search URL Search Domain Scan URL
Title: How to Apply
Search URL Search Domain Scan URL
Title: Information Handbook
Search URL Search Domain Scan URL
Title: Video Library
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://uiimn.xyz/claimants/form.php
HTTP 302
https://www1.uimn.org/ui_applicant/applicant/login.do Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.do
www1.uimn.org/ui_applicant/applicant/ Redirect Chain
|
16 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA27QVdfhjqru_10243220606153550.js
www1.uimn.org/ui_javascripts/ |
300 KB 126 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
www1.uimn.org/ui_applicant/stylesheets/bootstrap/css/ |
157 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.css
www1.uimn.org/ui_applicant/stylesheets/ |
18 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
www1.uimn.org/ui_applicant/stylesheets/css/ |
72 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
www1.uimn.org/ui_applicant/stylesheets/bootstrap/js/ |
82 KB 82 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
leftNavCommon.js
www1.uimn.org/ui_applicant/javascripts/ |
6 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toggleMobileAgentContextHeader.js
www1.uimn.org/ui_applicant/javascripts/ |
188 B 375 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.js
www1.uimn.org/ui_applicant/javascripts/ |
80 KB 81 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-datepicker.min.js
www1.uimn.org/ui_applicant/javascripts/bootstrap/1.9.0/ |
33 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datepicker.js
www1.uimn.org/ui_applicant/javascripts/datepicker/ |
22 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Unemployment%20Insurance%20Logo%20RGB-websites-projects.png
www1.uimn.org/ui_applicant/images/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UiApplicantDesign.js
www1.uimn.org/ui_applicant/javascripts/ |
9 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_D_10243220606153550.js
www1.uimn.org/ui_javascripts/ |
41 KB 17 KB |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aperture.js
cdn.perfdrive.com/aperture/ |
44 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
www1.uimn.org/ui_applicant/stylesheets/webfonts/ |
78 KB 79 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
jsdata
cas.avalon.perfdrive.com/ |
211 B 270 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
jsdata
cas.avalon.perfdrive.com/ |
211 B 364 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
jsdata
cas.avalon.perfdrive.com/ |
211 B 275 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rb_bf91035bph
www1.uimn.org/ui_javascripts/ |
121 B 374 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rb_bf91035bph
www1.uimn.org/ui_javascripts/ |
121 B 374 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rb_bf91035bph
www1.uimn.org/ui_javascripts/ |
121 B 374 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rb_bf91035bph
www1.uimn.org/ui_javascripts/ |
121 B 374 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Government (Government)132 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| dT_ object| dtrum function| $ function| Popper object| bootstrap number| width object| leftNavFlag boolean| clickFlag string| path function| loadNavPreference function| preventMultipleSubmit function| handleMainContentClick function| mainLeftNav function| openSidebar function| closeSidebar function| getNavOverflowAndAdjustRightContent boolean| isNN function| autoTab function| textCounter function| textCounterNew function| bindTextAreaEvents function| bindTextAreaEventsNew function| changeLanguagePref function| setCookie function| getAppointmentOptions object| selectedJudgeId function| getUnemploymentLawJudges object| rescheduleJudgeId function| getUnemploymentLawRescheduleJudges function| getReassignAppointmentOptions boolean| showFlag function| showHide function| blockView object| issueId object| issueSeqNu function| populateDataTable function| showHideReassign function| getEvents function| resetULJCriteria function| searchULJCriteria function| validateULJData function| createNoDataTable function| populateMobileData function| populateNoDataCard string| issueIdMob string| issueSeqMob function| renderMobileView function| resetApplicantCriteria function| searchApplicantCriteria function| validateApplicantData function| showValidationDialog function| resetEmployerCriteria function| searchEmployerCriteria function| validateEmployerData function| checkVisibility function| reassignAppeal string| selectedCalendarEvent function| scheduleAppeal function| removeBlockViewChildElements function| updateTimeOptionsMap function| replaceSelectTimesMessage function| checkBlockedTabVisibility function| createMultiSelectTimeStore function| consvertToMilitaryTime string| selectedStart string| selectedEnd function| daySelectedEvent function| blockAppointment function| unblockAppointment function| setViewBasedTime undefined| readOnly function| getUserReadOnlyAccess boolean| hasAdmin function| userAllowedToAddDeleteAdjudicators function| showAddDeleteAdjudicatorPane function| retrieveNonMonQueuesFromDataSource function| getAdjudicatorList function| populateAdjudicatorDropDown function| updateHistoryUserDropDown function| updateAdjudicatorDeleteDropDown function| getIssueStatusCodes function| updateQueueAccessPane function| getUsersWithQueueAccess function| updateQueueId function| saveUserQueueAccess function| saveCellValue function| updateAdjudicatorId function| updateQueueSaveNode function| formatSkillLevel function| formatToSkillCode function| updateQueueAccessOnTab function| updateAdjudicatorAccessPane function| getQueueAccessByAdjudicatorId function| updateAdjudicatorAccessPaneOnTab function| saveAdjudicatorQueueAccess function| deleteAdjudicator function| indicateDeletionSuccess function| reactivateAdjudicator function| indicateReactivationSuccess function| getAdjudicatorHistoryDetails function| issuesAdjudicatedPaneTab function| getAdjudicatorHistoryDetailsOnTab function| download function| formatApplicantId function| formatDateSource function| populateQueueMobileView function| populateAdjudicatorMobileView function| populateAdjHistoryMobileView function| formatAppId boolean| clickflag function| preventMultiSubmit function| multipleSelectItems string| __uzdbm_1 string| __uzdbm_2 object| SSJSConnectorObj string| loc object| ssTimeLogs object| BrowserStyle string| j function| ssJSActionTaker function| ssJSConnWriteCookies number| __sstemp object| ssEventCollectorFunctions string| eventName18 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www1.uimn.org/ | Name: __uzma Value: 6c9e0146-2db6-4421-9908-9b5fe364a47d |
|
www1.uimn.org/ | Name: __uzmb Value: 1658436540 |
|
www1.uimn.org/ | Name: __uzme Value: 3262 |
|
www1.uimn.org/ | Name: JSESSIONID Value: 0001cN4lYIaZ0hyNyJ3e7OKQbXo:1dq9sbsoe |
|
.uimn.org/ | Name: dtCookie Value: v_4_srv_8_sn_6A5153E0421EE3BF45E3F1257A93D278_perc_100000_ol_0_mul_1_app-3A06fe4f82790bea7d_1_rcs-3Acss_0 |
|
.uimn.org/ | Name: rxVisitor Value: 1658436540976O8UL4J3P7MRBQE5EHKU5UATI5TEQQAFA |
|
.uimn.org/ | Name: dtLatC Value: 555 |
|
.uimn.org/ | Name: dtSa Value: - |
|
.uimn.org/ | Name: __ssds Value: 2 |
|
.uimn.org/ | Name: __ssuzjsr2 Value: a9be0cd8e |
|
.uimn.org/ | Name: __uzmaj2 Value: 8b324226-fc03-4f6f-9957-7273051b3992 |
|
.uimn.org/ | Name: __uzmbj2 Value: 1658436541 |
|
.uimn.org/ | Name: __uzmcj2 Value: 265021024715 |
|
.uimn.org/ | Name: __uzmdj2 Value: 1658436541 |
|
.uimn.org/ | Name: dtPC Value: 8$36540973_874h-vKBDJTFKOWOPMUHNMEFJGKRRHHPHEASAI-0e0 |
|
.uimn.org/ | Name: rxvt Value: 1658438343685|1658436540978 |
|
www1.uimn.org/ | Name: __uzmc Value: 419632217509 |
|
www1.uimn.org/ | Name: __uzmd Value: 1658436544 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cas.avalon.perfdrive.com
cdn.perfdrive.com
cdnjs.cloudflare.com
uiimn.xyz
www1.uimn.org
130.211.29.114
198.54.115.217
2606:4700::6811:180e
2a00:1450:4001:802::200a
35.241.15.240
66.22.13.8
1842d87f4cb8e55de14ef766e1a0adfbcdb45f5123ef2b6d73e8c7fb2f656bea
1ef89c6057c63e1fd2bda3054817b95cb244d353dc1dafd2736e0ad49ca97924
1f28aa0d46ad932a60eb5734b29478d1294e9bdb58d5198f7bfdb54ea5fd064d
34457b777f4633c195ff5f00cdd4328509b0ed9ecbd2132db8e687291b0c8c7c
37e4af27123979a6558319c32211da44083d442604cf459b1ffad82f3dee6c8d
37f4316e199f496e82e6ea27b45882662d2b5bbaa2a4806a84fb9c7c7573d711
402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268
418ea6b06242965b952fa8c88c1a197c127ccca86111ca709a6be4973df275b0
68dc95e421d8166e7db1f71980efc2197d4db73edc4d509d360bc2f376c41707
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
7cb70fda4fab489e2783e574b69bc05e04ed17687c52279d3bb7235c66e0d2c3
85e44d38646692833c249d124a6c2e2aad81f140f20c0e99b673c96d899de4cc
8aaa219431bec67f4c46de770caca0cda391bedce14c2378c6f8b52c7354dce3
8ac8932fa7fce97a1dc5b2f476b02073e7d9ef2ea9abca6581f7456c93434d30
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
90f665312aa2e80e5761566bb626b20f53b966b5191f03de4c8a0bbbd0f68222
a396760c7e039118203bce59d4e6f5385e42acd04d0fc85418fd9da1e715e5b4
c129f5956bc8e9c3a2838069e9a3ff50ad7a540a077b42934b2c5d7c902f4efc
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
ef82139d6f253772dea21ecf67da5f3584f8adb0cc5b7de97edf59217ec40d40
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
ffdfffdb462f605120db7ebcb48d12f195fa616575c02d7d219ba90878dad1e6