![](/screenshots/7b4e9d29-0b2b-499d-b573-92da4439caea.png)
www.revistametro.com.ar
Open in
urlscan Pro
200.80.43.50
Malicious Activity!
Public Scan
Submission: On July 18 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 18th 2022. Valid for: 3 months.
This is the only time www.revistametro.com.ar was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 200.80.43.50 200.80.43.50 | 18747 (IFX18747) (IFX18747) | |
6 | 66.22.13.8 66.22.13.8 | 25773 (RADWARE-C...) (RADWARE-CLOUD-SERVICES) | |
9 | 2 |
ASN18747 (IFX18747, US)
PTR: cva1.toservers.com
www.revistametro.com.ar |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
uimn.org
www1.uimn.org — Cisco Umbrella Rank: 377825 |
254 KB |
3 |
revistametro.com.ar
www.revistametro.com.ar |
69 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
6 | www1.uimn.org |
www.revistametro.com.ar
|
3 | www.revistametro.com.ar |
www.revistametro.com.ar
www1.uimn.org |
9 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.uimn.org |
www1.uimn.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.revistametro.com.ar R3 |
2022-06-18 - 2022-09-16 |
3 months | crt.sh |
www1.uimn.org Sectigo RSA Extended Validation Secure Server CA |
2022-05-19 - 2023-05-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.revistametro.com.ar/wp-content/mu-plugins/mn/
Frame ID: C3D7A9F4BACB40A55CC63B0BA264E8FB
Requests: 9 HTTP requests in this frame
8 Outgoing links
These are links going to different origins than the main page.
Title: Information For Applicants
Search URL Search Domain Scan URL
Title: How to Apply
Search URL Search Domain Scan URL
Title: Information Handbook
Search URL Search Domain Scan URL
Title: Video Library
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: Privacy and security
Search URL Search Domain Scan URL
Title: System requirements
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.revistametro.com.ar/wp-content/mu-plugins/mn/ |
18 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA27SVdfhjqru_10211210318124316.js
www1.uimn.org/ui_javascripts/ |
212 KB 92 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ui.css
www1.uimn.org/ui_applicant/stylesheets/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.js
www1.uimn.org/ui_applicant/javascripts/ |
80 KB 81 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spacer.gif
www1.uimn.org/ui_applicant/images/ |
43 B 331 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Unemployment%20Insurance%20Logo%20RGB-websites-projects.png
www1.uimn.org/ui_applicant/images/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b_login.gif
www1.uimn.org/ui_applicant/images/ |
679 B 969 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spacer.gif
www.revistametro.com.ar/ui_applicant/images/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
rb_bf91035bph
www.revistametro.com.ar/ui_javascripts/ |
42 KB 43 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Government (Government)106 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| dT_ object| dtrum boolean| isNN function| autoTab function| textCounter function| textCounterNew function| bindTextAreaEvents function| bindTextAreaEventsNew function| changeLanguagePref function| setCookie function| getAppointmentOptions object| selectedJudgeId function| getUnemploymentLawJudges object| rescheduleJudgeId function| getUnemploymentLawRescheduleJudges function| getReassignAppointmentOptions boolean| showFlag function| showHide function| blockView object| issueId object| issueSeqNu function| populateDataTable function| showHideReassign function| getEvents function| resetULJCriteria function| searchULJCriteria function| validateULJData function| createNoDataTable function| populateMobileData function| populateNoDataCard string| issueIdMob string| issueSeqMob function| renderMobileView function| resetApplicantCriteria function| searchApplicantCriteria function| validateApplicantData function| showValidationDialog function| resetEmployerCriteria function| searchEmployerCriteria function| validateEmployerData function| checkVisibility function| reassignAppeal string| selectedCalendarEvent function| scheduleAppeal function| removeBlockViewChildElements function| updateTimeOptionsMap function| replaceSelectTimesMessage function| checkBlockedTabVisibility function| createMultiSelectTimeStore function| consvertToMilitaryTime string| selectedStart string| selectedEnd function| daySelectedEvent function| blockAppointment function| unblockAppointment function| setViewBasedTime undefined| readOnly function| getUserReadOnlyAccess undefined| hasAdmin function| userAllowedToAddDeleteAdjudicators function| showAddDeleteAdjudicatorPane function| retrieveNonMonQueuesFromDataSource function| getAdjudicatorList function| populateAdjudicatorDropDown function| updateHistoryUserDropDown function| updateAdjudicatorDeleteDropDown function| getIssueStatusCodes function| updateQueueAccessPane function| getUsersWithQueueAccess function| updateQueueId function| saveUserQueueAccess function| saveCellValue function| updateAdjudicatorId function| updateQueueSaveNode function| formatSkillLevel function| formatToSkillCode function| updateQueueAccessOnTab function| updateAdjudicatorAccessPane function| getQueueAccessByAdjudicatorId function| updateAdjudicatorAccessPaneOnTab function| saveAdjudicatorQueueAccess function| deleteAdjudicator function| indicateDeletionSuccess function| reactivateAdjudicator function| indicateReactivationSuccess function| getAdjudicatorHistoryDetails function| issuesAdjudicatedPaneTab function| getAdjudicatorHistoryDetailsOnTab function| download function| formatApplicantId function| formatDateSource function| populateQueueMobileView function| populateAdjudicatorMobileView function| populateAdjHistoryMobileView function| formatAppId undefined| clickflag function| preventMultiSubmit function| multipleSelectItems6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.revistametro.com.ar/ | Name: dtCookie Value: v_4_srv_-2D21_sn_G4IQA7N5F97TBQ5KUQS8S6RI32BUMTE3 |
|
.revistametro.com.ar/ | Name: rxVisitor Value: 16581633094344EHEFQU9FLR90E8LVFN0K79BMBA08KCV |
|
.revistametro.com.ar/ | Name: dtLatC Value: 679 |
|
.revistametro.com.ar/ | Name: dtSa Value: - |
|
.revistametro.com.ar/ | Name: rxvt Value: 1658165110950|1658163309435 |
|
.revistametro.com.ar/ | Name: dtPC Value: -21$363309431_348h-vLFVRWALGVCRNHCJETLKVMUPDBSHFOMOG-0e0 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.revistametro.com.ar
www1.uimn.org
200.80.43.50
66.22.13.8
257e73e5391c3cc378882ac81fe8c066f3fd0ccbdc3913720695a77c38e3550d
402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
b2aec0678ff5fcf795a673c25c619890949b3734805915f5ecd178cae8e55195
b78a67376d848cc80c7b49efeb54580e86325a773d3a381dc7ed897415c3ce6d
bd22423783e0d45c146b0d4fcd98b0aa427ad0622b9afa9a0307bc289123ef79
c38a43e8d5049d0b56377a2226d2f1fcef193142c115e753a02c8f0c9d8e6856
d14cc5be04b3ab95d8a382547e988d3536875528a0b195b1dcacc26989d24e46
ed19f1ff2fc9ad8582126a00c78e25e39c8bb30ea9615629e6a7b87133a474b4