www1.uimn.org
Open in
urlscan Pro
66.22.13.8
Malicious Activity!
Public Scan
Effective URL: https://www1.uimn.org/ui_applicant/applicant/login.do
Submission: On March 23 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Extended Validation Secur... on June 5th 2020. Valid for: 2 years.
This is the only time www1.uimn.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 80.67.48.250 80.67.48.250 | 31695 (IM-AS) (IM-AS) | |
2 | 130.211.29.114 130.211.29.114 | 15169 (GOOGLE) (GOOGLE) | |
6 | 35.241.15.240 35.241.15.240 | 15169 (GOOGLE) (GOOGLE) | |
10 | 66.22.13.8 66.22.13.8 | 25773 (RADWARE-C...) (RADWARE-CLOUD-SERVICES) | |
27 | 5 |
ASN15169 (GOOGLE, US)
PTR: 114.29.211.130.bc.googleusercontent.com
cdn.perfdrive.com |
ASN15169 (GOOGLE, US)
PTR: 240.15.241.35.bc.googleusercontent.com
cas.avalon.perfdrive.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
uimn.org
www1.uimn.org — Cisco Umbrella Rank: 642603 |
248 KB |
8 |
perfdrive.com
cdn.perfdrive.com — Cisco Umbrella Rank: 18603 cas.avalon.perfdrive.com — Cisco Umbrella Rank: 8033 |
28 KB |
8 |
ach-centr.ru
ach-centr.ru |
181 KB |
27 | 3 |
Domain | Requested by | |
---|---|---|
10 | www1.uimn.org |
www1.uimn.org
|
8 | ach-centr.ru |
ach-centr.ru
|
6 | cas.avalon.perfdrive.com |
cdn.perfdrive.com
|
2 | cdn.perfdrive.com |
ach-centr.ru
www1.uimn.org |
27 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.perfdrive.com Go Daddy Secure Certificate Authority - G2 |
2021-08-31 - 2022-09-26 |
a year | crt.sh |
cas.avalon.perfdrive.com Go Daddy Secure Certificate Authority - G2 |
2021-08-04 - 2022-08-05 |
a year | crt.sh |
www1.uimn.org Sectigo RSA Extended Validation Secure Server CA |
2020-06-05 - 2022-06-05 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www1.uimn.org/ui_applicant/applicant/login.do
Frame ID: DDC7B3ED7E31989F1A43EB5E9DD125E5
Requests: 27 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://ach-centr.ru/cache/jps/jp/final.html Page URL
- https://www1.uimn.org/ui_applicant/applicant/login.do Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://ach-centr.ru/cache/jps/jp/final.html Page URL
- https://www1.uimn.org/ui_applicant/applicant/login.do Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
final.html
ach-centr.ru/cache/jps/jp/ |
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aperture.js.download
ach-centr.ru/cache/jps/jp/final_files/ |
44 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ruxitagentjs_ICA27Vdfhjqru_10229211201102017.js.download
ach-centr.ru/cache/jps/jp/final_files/ |
216 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ui.css
ach-centr.ru/cache/jps/jp/final_files/ |
13 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
util.js.download
ach-centr.ru/cache/jps/jp/final_files/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spacer.gif
ach-centr.ru/cache/jps/jp/final_files/ |
43 B 332 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Unemployment%20Insurance%20Logo%20RGB-websites-projects.png
ach-centr.ru/cache/jps/jp/final_files/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
navLine.gif
ach-centr.ru/cache/jps/jp/final_files/ |
104 B 394 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aperture.js
cdn.perfdrive.com/aperture/ |
44 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
jsdata
cas.avalon.perfdrive.com/ |
151 B 304 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
jsdata
cas.avalon.perfdrive.com/ |
151 B 210 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
jsdata
cas.avalon.perfdrive.com/ |
151 B 215 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST |
rb_bf91035bph
ach-centr.ru/ui_javascripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.do
www1.uimn.org/ui_applicant/applicant/ |
22 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA27QVdfhjqru_10235220309135426.js
www1.uimn.org/ui_javascripts/ |
303 KB 128 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui.css
www1.uimn.org/ui_applicant/stylesheets/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.js
www1.uimn.org/ui_applicant/javascripts/ |
6 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spacer.gif
www1.uimn.org/ui_applicant/images/ |
43 B 220 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Unemployment%20Insurance%20Logo%20RGB-websites-projects.png
www1.uimn.org/ui_applicant/images/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UiApplicantDesign.js
www1.uimn.org/ui_applicant/javascripts/ |
9 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b_start.gif
www1.uimn.org/ui_applicant/images/ |
856 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b_login.gif
www1.uimn.org/ui_applicant/images/ |
679 B 856 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_D_10235220309135426.js
www1.uimn.org/ui_javascripts/ |
41 KB 17 KB |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aperture.js
cdn.perfdrive.com/aperture/ |
44 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
jsdata
cas.avalon.perfdrive.com/ |
151 B 166 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
jsdata
cas.avalon.perfdrive.com/ |
151 B 166 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
jsdata
cas.avalon.perfdrive.com/ |
151 B 166 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ach-centr.ru
- URL
- http://ach-centr.ru/ui_javascripts/rb_bf91035bph?type=js3&sn=v_4_srv_-2D51_sn_VATSSH0L1E5CA5UH5VT5RM5IIBNCPU1V&svrid=-51&flavor=post&vi=VCPGBBLHPAMCSOKOGRNUUJTPUSIPSHUT-0&modifiedSince=1638787899265&rf=http%3A%2F%2Fach-centr.ru%2Fcache%2Fjps%2Fjp%2Ffinal.html&bp=3&app=06fe4f82790bea7d&crc=829582608&en=sstvhqbf&end=1
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Government (Government)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ach-centr.ru/ | Name: __ssds Value: 2 |
|
.ach-centr.ru/ | Name: dtCookie Value: v_4_srv_-2D51_sn_VATSSH0L1E5CA5UH5VT5RM5IIBNCPU1V |
|
.ach-centr.ru/ | Name: rxVisitor Value: 16480633298085PD6LM1R8UPMDLTEA0F2TDP4LC1CM517 |
|
.ach-centr.ru/ | Name: dtLatC Value: 82 |
|
.ach-centr.ru/ | Name: __ssuzjsr2 Value: a9be2cd8e |
|
.ach-centr.ru/ | Name: __uzmaj2 Value: 8b89d07b-3df9-48f0-a8f1-0b75edd7b2d2 |
|
.ach-centr.ru/ | Name: __uzmbj2 Value: 1648063329 |
|
.ach-centr.ru/ | Name: __uzmcj2 Value: 214201080489 |
|
.ach-centr.ru/ | Name: __uzmdj2 Value: 1648063329 |
|
.ach-centr.ru/ | Name: rxvt Value: 1648065130139|1648063329810 |
|
.ach-centr.ru/ | Name: dtSa Value: false%7C_load_%7C2%7C_onload_%7C-%7C1648063330138%7C463329804_147%7Chttp%3A%2F%2Fach-centr.ru%2Fcache%2Fjps%2Fjp%2Ffinal.html%7C%7C%7C%7C |
|
www1.uimn.org/ | Name: __uzma Value: 70ee90ac-1c35-46ff-bf2d-fed488b168ce |
|
www1.uimn.org/ | Name: __uzmb Value: 1648063333 |
|
www1.uimn.org/ | Name: __uzme Value: 4829 |
|
www1.uimn.org/ | Name: __uzmc Value: 307211061937 |
|
www1.uimn.org/ | Name: __uzmd Value: 1648063333 |
|
www1.uimn.org/ | Name: rdw_storereferer Value: http://ach-centr.ru/ |
|
www1.uimn.org/ | Name: JSESSIONID Value: 00010YcHw-EwmTqJCtoQ0A4Etdn:1dq9sc8o7 |
|
.uimn.org/ | Name: dtCookie Value: v_4_srv_7_sn_4C75B4116D53748C0DC40B2CEF3778B7_perc_100000_ol_0_mul_1_app-3A06fe4f82790bea7d_1_rcs-3Acss_0 |
|
ach-centr.ru/ | Name: 8d62acda82a041cb6773d23a954cba1e Value: 8uhi4gvkjc3spuke7itvia4lf5 |
|
.ach-centr.ru/ | Name: dtPC Value: -51$463329804_147h-vVCPGBBLHPAMCSOKOGRNUUJTPUSIPSHUT-0e0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ach-centr.ru
cas.avalon.perfdrive.com
cdn.perfdrive.com
www1.uimn.org
ach-centr.ru
130.211.29.114
35.241.15.240
66.22.13.8
80.67.48.250
1ef89c6057c63e1fd2bda3054817b95cb244d353dc1dafd2736e0ad49ca97924
3e15caf8cb0ec619b311aa2214ba451df252a74cf6756bd716787ceb501f2af3
3f0bf879567cb968c9404e6ecf66d90110a1393c2764e2c11f08c15a5dc10edb
402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268
418ea6b06242965b952fa8c88c1a197c127ccca86111ca709a6be4973df275b0
548fa548fecea43ea67ed8e2853f4b7e0a83eca4e2927226249a98ee9cf16ca0
71e8a783059c336f7d3b7cd68b66cbc343b7fbc8a03990f63503ae2b58629131
819c5e6797cca1b144e323a7fbc9131b1896de02c153300bac606cfc8d1ed136
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d2e69c82db547dc318c04f2a13b8314a02212ffd807df68b9c40655dd995396
90b7a4abdf8a3ec7fb12ea449990d0b70701f5bbb9510cfe33c7d20390585b95
93e8e837bd1f524a4379996066a315761ed610be5cedbca5cf4ef80696324a84
9470317141a21115f0906341b111240908cb756a91d73af8a0c732977d6fce77
a14c6bf0020e3a1e2b95f922e11a133071d8371e4e0f7410c4c739e4840b9132
a6684335869d5162278f5b469288b624d8a570cba8c50ce3495771423ab3d7f4
d14cc5be04b3ab95d8a382547e988d3536875528a0b195b1dcacc26989d24e46
dfb5851dd4c4fda820e995f0dd625a0051f8703240a0d7ea6689bdcfb557010f
f10c216d8e1d561a8583b6a94a4655211d5eb36497a3f80f9159f25ba4ba55a4
f3ca101abe3776929aa7723f2bcb2174c1e3a21d38fd8e3528906ae16161eb43
f70c6e29598f81bb7a779b4b2ff9f70fc547dbbacfc5b6d06b94c5e4eb2501e7