www.revistametro.com.ar Open in urlscan Pro
200.80.43.50  Malicious Activity! Public Scan

8 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.revistametro.com.ar/wp-content/mu-plugins/mn/	18 KB 19 KB	2314ms 956ms	Document text/html	200.80.43.50 IFX18747
General Check archive.org Show headers Download Go to Full URL https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 200.80.43.50 Buenos Aires, Argentina, ASN18747 (IFX18747, US), Reverse DNS cva1.toservers.com Software Apache / PHP/7.4.28 Resource Hash bd22423783e0d45c146b0d4fcd98b0aa427ad0622b9afa9a0307bc289123ef79 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Mon, 18 Jul 2022 16:55:51 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked X-Powered-By PHP/7.4.28
GET H2	200	ruxitagentjs_ICA27SVdfhjqru_10211210318124316.js Show response www1.uimn.org/ui_javascripts/	212 KB 92 KB	1256ms 242ms	Script text/javascript	66.22.13.8 RADWARE-CLOUD-SER...
General Check archive.org Show headers Download Go to Full URL https://www1.uimn.org/ui_javascripts/ruxitagentjs_ICA27SVdfhjqru_10211210318124316.js Requested by Host: www.revistametro.com.ar URL: https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.22.13.8 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US), Reverse DNS Software / Resource Hash b2aec0678ff5fcf795a673c25c619890949b3734805915f5ecd178cae8e55195 Request headers accept-language de-DE,de;q=0.9 Referer https://www.revistametro.com.ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 18 Jul 2022 16:55:09 GMT content-encoding gzip expires Mon, 18 Jul 2022 17:55:09 GMT cache-control public, max-age=3600 content-type text/javascript; charset=utf-8
GET H2	200	ui.css www1.uimn.org/ui_applicant/stylesheets/	13 KB 3 KB	1149ms 136ms	Stylesheet text/css	66.22.13.8 RADWARE-CLOUD-SER...
General Check archive.org Show headers Download Go to Full URL https://www1.uimn.org/ui_applicant/stylesheets/ui.css Requested by Host: www.revistametro.com.ar URL: https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.22.13.8 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US), Reverse DNS Software / Resource Hash ed19f1ff2fc9ad8582126a00c78e25e39c8bb30ea9615629e6a7b87133a474b4 Request headers accept-language de-DE,de;q=0.9 Referer https://www.revistametro.com.ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 18 Jul 2022 16:55:09 GMT content-encoding gzip last-modified Fri, 17 Jun 2022 23:45:28 GMT server-timing dtSInfo;desc="0", dtRpid;desc="1909722329" etag W/"3293-5e1ad595cb77a" content-type text/css
GET H2	200	util.js Show response www1.uimn.org/ui_applicant/javascripts/	80 KB 81 KB	1388ms 376ms	Script application/x-javascript	66.22.13.8 RADWARE-CLOUD-SER...
General Check archive.org Show headers Download Go to Full URL https://www1.uimn.org/ui_applicant/javascripts/util.js Requested by Host: www.revistametro.com.ar URL: https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.22.13.8 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US), Reverse DNS Software / Resource Hash b78a67376d848cc80c7b49efeb54580e86325a773d3a381dc7ed897415c3ce6d Request headers accept-language de-DE,de;q=0.9 Referer https://www.revistametro.com.ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 18 Jul 2022 16:55:09 GMT last-modified Fri, 17 Jun 2022 23:45:06 GMT server-timing dtSInfo;desc="0", dtRpid;desc="-1343487429" accept-ranges bytes etag "140f0-5e1ad580b3d9f" content-length 82160 content-type application/x-javascript
GET H2	200	spacer.gif www1.uimn.org/ui_applicant/images/	43 B 331 B	123ms 123ms	Image image/gif	66.22.13.8 RADWARE-CLOUD-SER...
General Check archive.org Show headers Download Go to Show image Full URL https://www1.uimn.org/ui_applicant/images/spacer.gif Requested by Host: www.revistametro.com.ar URL: https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.22.13.8 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US), Reverse DNS Software / Resource Hash 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7 Request headers accept-language de-DE,de;q=0.9 Referer https://www.revistametro.com.ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 18 Jul 2022 16:55:09 GMT last-modified Fri, 17 Jun 2022 23:45:19 GMT server-timing dtSInfo;desc="0", dtRpid;desc="-799687025" accept-ranges bytes etag "2b-5e1ad58daea74" content-length 43 content-type image/gif
GET H2	200	Unemployment%20Insurance%20Logo%20RGB-websites-projects.png www1.uimn.org/ui_applicant/images/	77 KB 77 KB	129ms 129ms	Image image/png	66.22.13.8 RADWARE-CLOUD-SER...
General Check archive.org Show headers Download Go to Show image Full URL https://www1.uimn.org/ui_applicant/images/Unemployment%20Insurance%20Logo%20RGB-websites-projects.png Requested by Host: www.revistametro.com.ar URL: https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.22.13.8 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US), Reverse DNS Software / Resource Hash 402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268 Request headers accept-language de-DE,de;q=0.9 Referer https://www.revistametro.com.ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 18 Jul 2022 16:55:09 GMT last-modified Fri, 17 Jun 2022 23:45:11 GMT server-timing dtSInfo;desc="0", dtRpid;desc="-593757245" accept-ranges bytes etag "133e6-5e1ad585a92bf" content-length 78822 content-type image/png
GET H2	200	b_login.gif www1.uimn.org/ui_applicant/images/	679 B 969 B	124ms 124ms	Image image/gif	66.22.13.8 RADWARE-CLOUD-SER...
General Check archive.org Show headers Download Go to Show image Full URL https://www1.uimn.org/ui_applicant/images/b_login.gif Requested by Host: www.revistametro.com.ar URL: https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 66.22.13.8 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US), Reverse DNS Software / Resource Hash d14cc5be04b3ab95d8a382547e988d3536875528a0b195b1dcacc26989d24e46 Request headers accept-language de-DE,de;q=0.9 Referer https://www.revistametro.com.ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 18 Jul 2022 16:55:09 GMT last-modified Fri, 17 Jun 2022 23:45:13 GMT server-timing dtSInfo;desc="0", dtRpid;desc="-1348310397" accept-ranges bytes etag "2a7-5e1ad587f0b50" content-length 679 content-type image/gif
GET H/1.1	404 Not Found	spacer.gif www.revistametro.com.ar/ui_applicant/images/	8 KB 8 KB	1455ms 1455ms	Image text/html	200.80.43.50 IFX18747
General Check archive.org Show headers Download Go to Show image Full URL https://www.revistametro.com.ar/ui_applicant/images/spacer.gif Requested by Host: www.revistametro.com.ar URL: https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 200.80.43.50 Buenos Aires, Argentina, ASN18747 (IFX18747, US), Reverse DNS cva1.toservers.com Software Apache / PHP/7.4.28 Resource Hash c38a43e8d5049d0b56377a2226d2f1fcef193142c115e753a02c8f0c9d8e6856 Request headers accept-language de-DE,de;q=0.9 Referer https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Mon, 18 Jul 2022 16:55:54 GMT Server Apache X-Powered-By PHP/7.4.28 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://www.revistametro.com.ar/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=99 Expires Wed, 11 Jan 1984 05:00:00 GMT
POST H/1.1	404 Not Found	rb_bf91035bph Show response www.revistametro.com.ar/ui_javascripts/	42 KB 43 KB	1248ms 1248ms	XHR text/html	200.80.43.50 IFX18747
General Check archive.org Show headers Download Go to Full URL https://www.revistametro.com.ar/ui_javascripts/rb_bf91035bph?type=js3&sn=v_4_srv_-2D21_sn_G4IQA7N5F97TBQ5KUQS8S6RI32BUMTE3&svrid=-21&flavor=post&vi=LFVRWALGVCRNHCJETLKVMUPDBSHFOMOG-0&modifiedSince=1616794171116&rf=https%3A%2F%2Fwww.revistametro.com.ar%2Fwp-content%2Fmu-plugins%2Fmn%2F&bp=3&app=06fe4f82790bea7d&crc=2176506390&en=sstvhqbf&end=1 Requested by Host: www1.uimn.org URL: https://www1.uimn.org/ui_javascripts/ruxitagentjs_ICA27SVdfhjqru_10211210318124316.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 200.80.43.50 Buenos Aires, Argentina, ASN18747 (IFX18747, US), Reverse DNS cva1.toservers.com Software Apache / PHP/7.4.28 Resource Hash 257e73e5391c3cc378882ac81fe8c066f3fd0ccbdc3913720695a77c38e3550d Request headers Referer https://www.revistametro.com.ar/wp-content/mu-plugins/mn/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Mon, 18 Jul 2022 16:55:56 GMT Server Apache X-Powered-By PHP/7.4.28 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://www.revistametro.com.ar/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=100 Expires Wed, 11 Jan 1984 05:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Government (Government)

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| dT_ object| dtrum boolean| isNN function| autoTab function| textCounter function| textCounterNew function| bindTextAreaEvents function| bindTextAreaEventsNew function| changeLanguagePref function| setCookie function| getAppointmentOptions object| selectedJudgeId function| getUnemploymentLawJudges object| rescheduleJudgeId function| getUnemploymentLawRescheduleJudges function| getReassignAppointmentOptions boolean| showFlag function| showHide function| blockView object| issueId object| issueSeqNu function| populateDataTable function| showHideReassign function| getEvents function| resetULJCriteria function| searchULJCriteria function| validateULJData function| createNoDataTable function| populateMobileData function| populateNoDataCard string| issueIdMob string| issueSeqMob function| renderMobileView function| resetApplicantCriteria function| searchApplicantCriteria function| validateApplicantData function| showValidationDialog function| resetEmployerCriteria function| searchEmployerCriteria function| validateEmployerData function| checkVisibility function| reassignAppeal string| selectedCalendarEvent function| scheduleAppeal function| removeBlockViewChildElements function| updateTimeOptionsMap function| replaceSelectTimesMessage function| checkBlockedTabVisibility function| createMultiSelectTimeStore function| consvertToMilitaryTime string| selectedStart string| selectedEnd function| daySelectedEvent function| blockAppointment function| unblockAppointment function| setViewBasedTime undefined| readOnly function| getUserReadOnlyAccess undefined| hasAdmin function| userAllowedToAddDeleteAdjudicators function| showAddDeleteAdjudicatorPane function| retrieveNonMonQueuesFromDataSource function| getAdjudicatorList function| populateAdjudicatorDropDown function| updateHistoryUserDropDown function| updateAdjudicatorDeleteDropDown function| getIssueStatusCodes function| updateQueueAccessPane function| getUsersWithQueueAccess function| updateQueueId function| saveUserQueueAccess function| saveCellValue function| updateAdjudicatorId function| updateQueueSaveNode function| formatSkillLevel function| formatToSkillCode function| updateQueueAccessOnTab function| updateAdjudicatorAccessPane function| getQueueAccessByAdjudicatorId function| updateAdjudicatorAccessPaneOnTab function| saveAdjudicatorQueueAccess function| deleteAdjudicator function| indicateDeletionSuccess function| reactivateAdjudicator function| indicateReactivationSuccess function| getAdjudicatorHistoryDetails function| issuesAdjudicatedPaneTab function| getAdjudicatorHistoryDetailsOnTab function| download function| formatApplicantId function| formatDateSource function| populateQueueMobileView function| populateAdjudicatorMobileView function| populateAdjHistoryMobileView function| formatAppId undefined| clickflag function| preventMultiSubmit function| multipleSelectItems

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.revistametro.com.ar/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_-2D21_sn_G4IQA7N5F97TBQ5KUQS8S6RI32BUMTE3
			.revistametro.com.ar/	1969-12-31 23:59:59	Name: rxVisitor Value: 16581633094344EHEFQU9FLR90E8LVFN0K79BMBA08KCV
			.revistametro.com.ar/	1969-12-31 23:59:59	Name: dtLatC Value: 679
			.revistametro.com.ar/	1969-12-31 23:59:59	Name: dtSa Value: -
			.revistametro.com.ar/	1969-12-31 23:59:59	Name: rxvt Value: 1658165110950|1658163309435
			.revistametro.com.ar/	1969-12-31 23:59:59	Name: dtPC Value: -21$363309431_348h-vLFVRWALGVCRNHCJETLKVMUPDBSHFOMOG-0e0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.revistametro.com.ar/ui_applicant/images/spacer.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www.revistametro.com.ar/ui_javascripts/rb_bf91035bph?type=js3&sn=v_4_srv_-2D21_sn_G4IQA7N5F97TBQ5KUQS8S6RI32BUMTE3&svrid=-21&flavor=post&vi=LFVRWALGVCRNHCJETLKVMUPDBSHFOMOG-0&modifiedSince=1616794171116&rf=https%3A%2F%2Fwww.revistametro.com.ar%2Fwp-content%2Fmu-plugins%2Fmn%2F&bp=3&app=06fe4f82790bea7d&crc=2176506390&en=sstvhqbf&end=1 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.revistametro.com.ar
www1.uimn.org
200.80.43.50
66.22.13.8
257e73e5391c3cc378882ac81fe8c066f3fd0ccbdc3913720695a77c38e3550d
402df36267c7dd63cd0180cf618c6002668ff2f2268415fd4195925952d53268
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
b2aec0678ff5fcf795a673c25c619890949b3734805915f5ecd178cae8e55195
b78a67376d848cc80c7b49efeb54580e86325a773d3a381dc7ed897415c3ce6d
bd22423783e0d45c146b0d4fcd98b0aa427ad0622b9afa9a0307bc289123ef79
c38a43e8d5049d0b56377a2226d2f1fcef193142c115e753a02c8f0c9d8e6856
d14cc5be04b3ab95d8a382547e988d3536875528a0b195b1dcacc26989d24e46
ed19f1ff2fc9ad8582126a00c78e25e39c8bb30ea9615629e6a7b87133a474b4