urlscan.io logo urlscan.io
SecurityTrails logo

safeka.ru Open in urlscan Pro
2a00:f940:2:2:1:5:0:29  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://safeka.ru/.%20/adp/
Submission: On July 31 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 2a00:f940:2:2:1:5:0:29, located in Russian Federation and belongs to AS-REG, RU. The main domain is safeka.ru.
This is the only time safeka.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ADP (Online)

Domain & IP information

IP Address AS Autonomous System
1 2a00:f940:2:2... 197695 (AS-REG)
10 170.146.97.123 14299 (ADP1)
1 69.63.133.132 22903 (EDGE-HOSTING)
17 4
Apex Domain
Subdomains		 Transfer
10 adp.com
online.adp.com
545 KB
1 recruiter.com
www.recruiter.com
22 KB
1 safeka.ru
safeka.ru
3 KB
17 3
Domain Requested by
10 online.adp.com safeka.ru
1 www.recruiter.com safeka.ru
1 safeka.ru
17 3

This site contains links to these domains. Also see Links.

Domain
portal.adp.com
netsecure.adp.com
Subject Issuer Validity Valid
online.adp.com
DigiCert SHA2 Extended Validation Server CA		 2018-05-04 -
2020-06-20		 2 years crt.sh
www.recruiter.com
DigiCert SHA2 Extended Validation Server CA		 2017-09-20 -
2019-09-25		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://safeka.ru/.%20/adp/
Frame ID: 8980D51334B6B1FEC5F68E4C1D830534
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /angular.*\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

17
Requests

65 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

569 kB
Transfer

573 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
safeka.ru/.%20/adp/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Server
2a00:f940:2:2:1:5:0:29 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx / PHP/5.6.36 PleskLin
Resource Hash
43633360b2411a35043840d764e0c8e81702a37b8b6967944f964089e8a95eaa

Request headers

Host
safeka.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx
Date
Wed, 31 Jul 2019 15:46:06 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/5.6.36 PleskLin
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=1651b572de88d747e2a7ec35780e3687; path=/
Content-Encoding
gzip
font-awesome.min.css
online.adp.com/portal/inc/css/lib/fontawesome/css/ 		27 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://online.adp.com/portal/inc/css/lib/fontawesome/css/font-awesome.min.css
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
b4d6b22089928a2b989f6f596c10c26ffaa7b71fb20a4125fde64ab1d3b43cd5

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:10 GMT
Last-Modified
Tue, 12 Jan 2016 14:28:10 GMT
Server
Apache
ETag
"6b4e-52923dce2d280"
Transfer-Encoding
chunked
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=88
base.css
online.adp.com/portal/inc/css/ 		132 KB
133 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://online.adp.com/portal/inc/css/base.css
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
18343a68db96926f19619b89852b85b67c8b31cde1785f5afd056ded4c1837c2

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:11 GMT
Last-Modified
Wed, 10 Feb 2016 21:47:58 GMT
Server
Apache
ETag
"21126-52b7163219f80"
Transfer-Encoding
chunked
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=91
popovers.css
online.adp.com/portal/inc/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://online.adp.com/portal/inc/css/popovers.css
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
2734707516a1954503b50bad3f19549d93d7a1a535e5cec9513e122081eae285

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:11 GMT
Last-Modified
Tue, 02 Feb 2016 16:09:00 GMT
Server
Apache
ETag
"bf6-52acbb8295f00"
Transfer-Encoding
chunked
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=75
inline-messages.css
online.adp.com/portal/inc/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://online.adp.com/portal/inc/css/inline-messages.css
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
05aa0928fb2a252fc907554dda7502c9bfe960726fc162406b7cde4369566623

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:11 GMT
Last-Modified
Tue, 02 Feb 2016 16:09:00 GMT
Server
Apache
ETag
"ee6-52acbb8295f00"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
3814
login.css
online.adp.com/portal/inc/css/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://online.adp.com/portal/inc/css/login.css
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
456db7cb821b944a5a745c6717ae2f0f69f60a6684a544d7ed863b8cd1ff1fd9

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:11 GMT
Last-Modified
Fri, 15 Apr 2016 09:19:42 GMT
Server
Apache
ETag
"11e3-5308282ce6780"
Transfer-Encoding
chunked
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=89
adp-logo.png
www.recruiter.com/i/wp-content/uploads/2014/04/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.recruiter.com/i/wp-content/uploads/2014/04/adp-logo.png
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.63.133.132 , United States, ASN22903 (EDGE-HOSTING - Databank Holdings, Ltd, US),
Reverse DNS
beyondtheproject.com
Software
Apache /
Resource Hash
517b26488e36c0bb4679b4ca0f8a8625c3dd870810898d3b0bdf87f754d1156d
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:07 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 22 Nov 2016 23:51:01 GMT
Server
Apache
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
image/png
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10
Content-Length
21610
Expires
Thu, 30 Jul 2020 15:46:07 GMT
angular-translate-loader-static-files.min.js
online.adp.com/portal/inc/js/lib/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://online.adp.com/portal/inc/js/lib/angular-translate-loader-static-files.min.js
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
8ee57f30f15403cd2dc4a45a1fb90992feeb33d81aa790a68f8b13593a542242

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:11 GMT
Last-Modified
Tue, 12 Jan 2016 14:28:10 GMT
Server
Apache
ETag
"54e-52923dce2d280"
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=82
config.js
online.adp.com/portal/inc/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://online.adp.com/portal/inc/js/config.js
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
42790181e22b54e71756fda0d7fee6025720d252e4af5cf5757fe04e7759916e

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:12 GMT
Last-Modified
Sat, 29 Oct 2016 15:48:23 GMT
Server
Apache
ETag
"a7b-54002e7957fc0"
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=81
app.js
online.adp.com/portal/inc/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://online.adp.com/portal/inc/js/app.js
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
6bffeaa1fe8693d3b95dc35a5e8c6606e1a826a9e7258e7edf07eee781132a3a

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:12 GMT
Last-Modified
Thu, 14 Apr 2016 11:32:48 GMT
Server
Apache
ETag
"4aa-5307040f7b800"
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=48
inline-message-directive.js
online.adp.com/portal/inc/js/vdl/directives/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://online.adp.com/portal/inc/js/vdl/directives/inline-message-directive.js
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
34f54abc6ebf815099be337740860286d8e5c62dc166a8676f106289bbd28fae

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:12 GMT
Last-Modified
Tue, 02 Feb 2016 16:53:58 GMT
Server
Apache
ETag
"83d-52acc58f99580"
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=77
responsive-image-login.jpeg
online.adp.com/portal/inc/images/ 		365 KB
365 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.adp.com/portal/inc/images/responsive-image-login.jpeg
Requested by
Host: safeka.ru
URL: http://safeka.ru/.%20/adp/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
170.146.97.123 , United States, ASN14299 (ADP1 - Automatic Data Processing, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
561692964d3ce6b21ed89efdc81de1040f68fe3c4480d0d653edc2323f49c15e

Request headers

Referer
http://safeka.ru/.%20/adp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 31 Jul 2019 15:46:12 GMT
Last-Modified
Mon, 15 Aug 2016 16:46:48 GMT
Server
Apache
ETag
"5b220-53a1efa666e00"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
373280
proximanova-regular-webfont.woff
online.adp.com/portal/inc/fonts/ProximaNova/ 		0
0
proximanova-light-webfont.woff
online.adp.com/portal/inc/fonts/ProximaNova/ 		0
0
proximanova-semibold-webfont.woff
online.adp.com/portal/inc/fonts/ProximaNova/ 		0
0
fontawesome-webfont.woff2
online.adp.com/portal/inc/css/lib/fontawesome/fonts/ 		0
0
proximanova-lightitalic-webfont.woff
online.adp.com/portal/inc/fonts/ProximaNova/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
online.adp.com
URL
https://online.adp.com/portal/inc/fonts/ProximaNova/proximanova-regular-webfont.woff
Domain
online.adp.com
URL
https://online.adp.com/portal/inc/fonts/ProximaNova/proximanova-light-webfont.woff
Domain
online.adp.com
URL
https://online.adp.com/portal/inc/fonts/ProximaNova/proximanova-semibold-webfont.woff
Domain
online.adp.com
URL
https://online.adp.com/portal/inc/css/lib/fontawesome/fonts/fontawesome-webfont.woff2?v=4.5.0
Domain
online.adp.com
URL
https://online.adp.com/portal/inc/fonts/ProximaNova/proximanova-lightitalic-webfont.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ADP (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask undefined| config_module undefined| loginPageApp

0 Cookies