urlscan.io logo urlscan.io
SecurityTrails logo

miitbd.com Open in urlscan Pro
192.227.128.150  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://miitbd.com/silcated.php?x=f
Submission: On August 18 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 5 countries across 10 domains to perform 23 HTTP transactions. The main IP is 192.227.128.150, located in Buffalo, United States and belongs to AS-COLOCROSSING - ColoCrossing, US. The main domain is miitbd.com.
This is the only time miitbd.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ADP (Online)

Domain & IP information

IP Address AS Autonomous System
1 192.227.128.150 36352 (AS-COLOCR...)
1 78.128.76.163 ()
8 23.193.47.54 20940 (AKAMAI-ASN1)
3 188.125.66.33 34010 (YAHOO-IRD)
4 204.79.197.200 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
1 172.217.22.34 15169 (GOOGLE)
1 2a00:1450:401... 15169 (GOOGLE)
23 10
1    192.227.128.150 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: linserver9.securehostingservice.net
miitbd.com
1    78.128.76.163 (Bulgaria)

ASN- ()
PTR: orbit.vivawebhost.com
kuma.lk
8    23.193.47.54 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-193-47-54.deploy.static.akamaitechnologies.com
static.adp.com
3    188.125.66.33 (Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com
sp.analytics.yahoo.com
4    204.79.197.200 (Redmond, United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: a-0001.a-msedge.net
bat.bing.com
1    2a00:1450:4001:816::2008 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
www.googletagmanager.com
1    2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, DE)
s.yimg.com
1    172.217.22.34 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: fra15s16-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:401b:801::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
www.google.de
Domain Requested by
8 static.adp.com kuma.lk
4 bat.bing.com kuma.lk
3 sp.analytics.yahoo.com kuma.lk
s.yimg.com
1 www.google.de
1 www.googleadservices.com www.googletagmanager.com
1 s.yimg.com kuma.lk
1 www.googletagmanager.com kuma.lk
1 kuma.lk miitbd.com
1 miitbd.com
0 bid.g.doubleclick.net Failed www.googleadservices.com
23 10

This site contains links to these domains. Also see Links.

Domain
netsecure.adp.com
Subject Issuer Validity Valid
kuma.lk
Let's Encrypt Authority X3		 2017-08-14 -
2017-11-12		 3 months crt.sh
workforcenow.adp.com
Symantec Class 3 EV SSL CA - G3		 2016-11-15 -
2018-11-16		 2 years crt.sh
*.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2017-06-29 -
2017-12-28		 6 months crt.sh
www.bing.com
Microsoft IT TLS CA 5		 2017-07-20 -
2019-07-10		 2 years crt.sh
*.google-analytics.com
Google Internet Authority G2		 2017-08-08 -
2017-10-31		 3 months crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2017-07-31 -
2017-09-14		 a month crt.sh
www.googleadservices.com
Google Internet Authority G2		 2017-08-08 -
2017-10-31		 3 months crt.sh
www.google.de
Google Internet Authority G2		 2017-08-08 -
2017-10-31		 3 months crt.sh

This page contains 3 frames:

Frame: https://kuma.lk/my.adp.com/static/redbox/login.html
Frame ID: 2231.1
Requests: 2 HTTP requests in this frame

Frame: https://kuma.lk/my.adp.com/static/redbox/login.html
Frame ID: 2243.1
Requests: 20 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 2243.2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

23
Requests

87 %
HTTPS

33 %
IPv6

10
Domains

10
Subdomains

10
IPs

5
Countries

519 kB
Transfer

1292 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request 21
  • https://www.google.com/ads/user-lists/1062739562/?random=1503059134249&cv=8&fst=1503057600000&num=1&fmt=3&label=IwQUCMSbtWgQ6rzg-gM&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=...
  • https://www.google.de/ads/user-lists/1062739562/?random=1503059134249&cv=8&fst=1503057600000&num=1&fmt=3&label=IwQUCMSbtWgQ6rzg-gM&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=2...

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request silcated.php
miitbd.com/ 		12 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://miitbd.com/silcated.php?x=f
Protocol
HTTP/1.1
Server
192.227.128.150 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
linserver9.securehostingservice.net
Software
Apache /
Resource Hash
7693b7e98263c1846dc04dbeb9bc5f7f088fc911d7b56ae9b7c44aa301fa50c6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Date
Fri, 18 Aug 2017 12:25:32 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
login.html
kuma.lk/my.adp.com/static/redbox/ 		0
0
login.html
kuma.lk/my.adp.com/static/redbox/ Frame 2243 		33 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
78.128.76.163 , Bulgaria, ASN (),
Reverse DNS
orbit.vivawebhost.com
Software
Apache /
Resource Hash
808892c2bb8209eec9d84bf6ffdb5a438dac3054771c8bd7dc9fd413ca044cf3

Request headers

Upgrade-Insecure-Requests
1
Referer
http://miitbd.com/silcated.php?x=f
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Date
Fri, 18 Aug 2017 12:25:33 GMT
Last-Modified
Wed, 03 May 2017 13:15:20 GMT
Server
Apache
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
34181
vdl-base.min.css
static.adp.com/static/redbox/vendor/vdl-base/dist/css/ Frame 2243 		72 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.adp.com/static/redbox/vendor/vdl-base/dist/css/vdl-base.min.css?2.1.0.61&1491930674398
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.193.47.54 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-193-47-54.deploy.static.akamaitechnologies.com
Software
Server /
Resource Hash
0800884ce7992c1a9ad2d6add520dc5b6888f51c7ef49c3632356d4b6f5abaa3
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

date
Fri, 18 Aug 2017 12:25:33 GMT
content-encoding
gzip
access-control-allow-origin
*
status
200
x-raas-route
dc1prjassvjs049
content-length
14352
pragma
public
last-modified
Sat, 22 Jul 2017 02:25:16 GMT
server
Server
x-frame-options
DENY
etag
"5972b78c-3810"
vary
Accept-Encoding
content-type
text/css
x-upstream
127.0.0.50:9016
cache-control
public, max-age=31467338
x-raas-cache-status
BYPASS
expires
Fri, 17 Aug 2018 17:21:11 GMT
login.min.css
static.adp.com/static/redbox/login/ Frame 2243 		71 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.adp.com/static/redbox/login/login.min.css?2.1.0.61&1491930674398
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.193.47.54 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-193-47-54.deploy.static.akamaitechnologies.com
Software
Server /
Resource Hash
97fbe45f28a7adc94a26a7bb79e83c2a52c2bc8c0285a7e0a0201e52961e6103
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

date
Fri, 18 Aug 2017 12:25:33 GMT
content-encoding
gzip
access-control-allow-origin
*
status
200
x-raas-route
dc1prjassvjs052
content-length
14416
pragma
public
last-modified
Tue, 11 Jul 2017 20:13:52 GMT
server
Server
x-frame-options
DENY
etag
"59653180-3850"
vary
Accept-Encoding
content-type
text/css
x-upstream
127.0.0.50:9016
cache-control
public, max-age=31456028
x-raas-cache-status
BYPASS
expires
Fri, 17 Aug 2018 14:12:41 GMT
sp.pl
sp.analytics.yahoo.com/ Frame 2243 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=1000955916811&jsonp=YAHOO.ywa.I13N.handleJSONResponse&d=Wed%2C%2003%20May%202017%2013%3A48%3A26%20GMT&n=-1&b=Login%20to%20MyADP&.yp=440887&f=https%3A%2F%2Fmy.adp.com%2Fstatic%2Fredbox%2Flogin.html&enc=UTF-8
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.125.66.33 , Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2017 12:25:34 GMT
via
http/1.1 spdc0014.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
content-type
application/x-javascript
status
200
cache-control
no-cache, private, must-revalidate
accept-ranges
bytes
content-length
0
expires
Fri, 18 Aug 2017 12:25:34 GMT
0
bat.bing.com/action/ Frame 2243 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5105257&Ver=2&mid=efeac4d0-8350-a69c-6114-bfd3cb9415f0&evt=pageLoad&sid=5cbcce81-1&lt=8932&pi=-1898162245&lg=en-US&sw=1366&sh=768&sc=24&tl=Login%20to%20MyADP&p=https%3A%2F%2Fmy.adp.com%2Fstatic%2Fredbox%2Flogin.html&r=&rn=426684
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
a-0001.a-msedge.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Fri, 18 Aug 2017 12:25:33 GMT
Cache-Control
no-cache, must-revalidate
X-MSEdge-Ref
Ref A: 85E34C48CB3A454999287448501D64FF Ref B: FRAEDGE0113 Ref C: 2017-08-18T12:25:34Z
Expires
Fri, 01 Jan 1990 00:00:00 GMT
gtm.js
www.googletagmanager.com/ Frame 2243 		111 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KH3TMH
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::2008 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
bce858f8ffe6f53889decc3877743addc825becd4a1f217da3ce8c6779e68042
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

date
Fri, 18 Aug 2017 12:25:34 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
36253
x-xss-protection
1; mode=block
expires
Fri, 18 Aug 2017 12:25:34 GMT
login-background.jpg
static.adp.com/static/redbox/ext/branding/default/img/ Frame 2243 		88 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.adp.com/static/redbox/ext/branding/default/img/login-background.jpg
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.193.47.54 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-193-47-54.deploy.static.akamaitechnologies.com
Software
Server /
Resource Hash
88f6d5721640f988d73b7c754170fc9767c42433ead2fed06b89a643a86c9df5
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

date
Fri, 18 Aug 2017 12:25:34 GMT
content-encoding
gzip
access-control-allow-origin
*
status
200
x-raas-route
dc1prjassvjs050
content-length
82187
pragma
public
last-modified
Sat, 22 Jul 2017 02:25:18 GMT
server
Server
x-frame-options
DENY
etag
"5972b78e-1410b"
vary
Accept-Encoding
content-type
image/jpeg
x-upstream
127.0.0.50:9016
cache-control
public, max-age=29170272
x-raas-cache-status
BYPASS
expires
Sun, 22 Jul 2018 03:16:46 GMT
adp-font-awesome.woff
static.adp.com/static/redbox/vendor/redbox-webfonts/fonts/ Frame 2243 		48 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.adp.com/static/redbox/vendor/redbox-webfonts/fonts/adp-font-awesome.woff?sfmlg2
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.193.47.54 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-193-47-54.deploy.static.akamaitechnologies.com
Software
Server /
Resource Hash
6fab4d538d685a8253d90698f380948b91dbc8398f8ae93ce734a01656071bce
Security Headers
Name Value
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36
Referer
https://static.adp.com/static/redbox/login/login.min.css?2.1.0.61&1491930674398
Origin
https://kuma.lk

Response headers

date
Fri, 18 Aug 2017 12:25:34 GMT
content-encoding
gzip
access-control-allow-origin
*
status
200
x-raas-route
dc2prjassvjs050
content-length
32161
pragma
public
last-modified
Sat, 22 Apr 2017 02:33:59 GMT
server
Server
x-frame-options
DENY
etag
"58fac117-7da1"
vary
Accept-Encoding
content-type
application/font-woff
x-upstream
127.0.0.50:9016
cache-control
public, max-age=21356101
x-raas-cache-status
BYPASS
expires
Sun, 22 Apr 2018 16:40:35 GMT
ProximaNova-Light.otf
static.adp.com/static/redbox/vendor/proxima-nova/fonts/ Frame 2243 		61 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.adp.com/static/redbox/vendor/proxima-nova/fonts/ProximaNova-Light.otf
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.193.47.54 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-193-47-54.deploy.static.akamaitechnologies.com
Software
Server /
Resource Hash
0f77660e06a5f61a45c4dbdab511722357cf29e7f5ba1b2cf097550afdb0ed20
Security Headers
Name Value
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36
Referer
https://static.adp.com/static/redbox/login/login.min.css?2.1.0.61&1491930674398
Origin
https://kuma.lk

Response headers

date
Fri, 18 Aug 2017 12:25:34 GMT
content-encoding
gzip
access-control-allow-origin
*
status
200
x-raas-route
dc1prjassvjs051
content-length
41172
pragma
public
last-modified
Sat, 22 Apr 2017 02:20:02 GMT
server
Server
x-frame-options
DENY
etag
"58fabdd2-a0d4"
vary
Accept-Encoding
content-type
font/opentype
x-upstream
127.0.0.50:9016
cache-control
public, max-age=21738001
x-raas-cache-status
BYPASS
expires
Fri, 27 Apr 2018 02:45:35 GMT
fontawesome-webfont.woff2
static.adp.com/static/redbox/vendor/font-awesome/fonts/ Frame 2243 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.adp.com/static/redbox/vendor/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.193.47.54 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-193-47-54.deploy.static.akamaitechnologies.com
Software
Server /
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36
Referer
https://static.adp.com/static/redbox/login/login.min.css?2.1.0.61&1491930674398
Origin
https://kuma.lk

Response headers

date
Fri, 18 Aug 2017 12:25:34 GMT
content-encoding
gzip
last-modified
Sat, 22 Jul 2017 02:25:17 GMT
server
Server
status
200
etag
"5972b78d-118df"
vary
Accept-Encoding
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
private, max-age=1417
x-raas-route
dc2prjassvjs049
x-upstream
127.0.0.50:9016
content-length
71903
x-raas-cache-status
BYPASS
expires
Fri, 18 Aug 2017 12:49:11 GMT
ProximaNova-Regular.otf
static.adp.com/static/redbox/vendor/proxima-nova/fonts/ Frame 2243 		61 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.adp.com/static/redbox/vendor/proxima-nova/fonts/ProximaNova-Regular.otf
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.193.47.54 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-193-47-54.deploy.static.akamaitechnologies.com
Software
Server /
Resource Hash
2b80fbe521e07e4e84eb52e707b364c3e6c05c57e483276dc4b3be93a9794ba9
Security Headers
Name Value
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36
Referer
https://static.adp.com/static/redbox/login/login.min.css?2.1.0.61&1491930674398
Origin
https://kuma.lk

Response headers

date
Fri, 18 Aug 2017 12:25:34 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sat, 22 Apr 2017 02:34:14 GMT
server
Server
status
200
etag
"58fac126-a08d"
x-frame-options
DENY
content-type
font/opentype
access-control-allow-origin
*
x-raas-route
dc2prjassvjs049
x-upstream
127.0.0.50:9016
content-length
41101
x-raas-cache-status
BYPASS
expires
Fri, 27 Apr 2018 02:45:22 GMT
login.en-US.js
static.adp.com/static/redbox/login/ Frame 2243 		629 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adp.com/static/redbox/login/login.en-US.js?2.1.0.61&1491930674398
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.193.47.54 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-193-47-54.deploy.static.akamaitechnologies.com
Software
Server /
Resource Hash
d0446b821d0b99f9830ddc41db59d60cd2baf748e6efa8ff36ade57df8662d6a
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

date
Fri, 18 Aug 2017 12:25:34 GMT
content-encoding
gzip
access-control-allow-origin
*
status
200
x-raas-route
dc2prjassvjs047
content-length
138562
pragma
public
last-modified
Sat, 22 Jul 2017 02:38:12 GMT
server
Server
x-frame-options
DENY
etag
"5972ba94-21d42"
vary
Accept-Encoding
content-type
application/javascript
x-upstream
127.0.0.50:9016
cache-control
public, max-age=31456028
x-raas-cache-status
BYPASS
expires
Fri, 17 Aug 2018 14:12:42 GMT
bat.js
bat.bing.com/ Frame 2243 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
a-0001.a-msedge.net
Software
/
Resource Hash
1e616b6c247a49d421851c467056873dd9aaa9e1cf3900bb161ae1b1889f84ac

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Date
Fri, 18 Aug 2017 12:25:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 17 Aug 2017 20:46:03 GMT
X-MSEdge-Ref
Ref A: C56F54BB28314E07991BFF13E232EE78 Ref B: FRAEDGE0409 Ref C: 2017-08-18T12:25:34Z
ETag
"803718d79917d31:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
private,max-age=1800
Accept-Ranges
bytes
Content-Length
3324
ytc.js
s.yimg.com/wi/ Frame 2243 		13 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, DE),
Reverse DNS
Software
ATS /
Resource Hash
0f555567ee537c345c8e656dad04d4a44625825816d7f3fa26ede0a4d102b8d1

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

date
Fri, 18 Aug 2017 12:25:34 GMT
content-encoding
gzip
last-modified
Tue, 28 Feb 2017 16:52:46 GMT
server
ATS
age
0
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
3552
via
http/1.1 spdc0024.pbp.ir2.yahoo.com (ApacheTrafficServer), https/1.1 e14.ycpi.deb.yahoo.com (ApacheTrafficServer [cMsSf ])
sp.pl
sp.analytics.yahoo.com/ Frame 2243 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=1000955916811&jsonp=YAHOO.ywa.I13N.handleJSONResponse&d=Fri%2C%2018%20Aug%202017%2012%3A25%3A34%20GMT&n=0&b=Login%20to%20MyADP&.yp=440887&f=https%3A%2F%2Fkuma.lk%2Fmy.adp.com%2Fstatic%2Fredbox%2Flogin.html&e=http%3A%2F%2Fmiitbd.com%2Fsilcated.php%3Fx%3Df&enc=UTF-8
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.125.66.33 , Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2017 12:25:34 GMT
via
http/1.1 spdc0014.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
content-type
application/x-javascript
status
200
cache-control
no-cache, private, must-revalidate
accept-ranges
bytes
content-length
0
expires
Fri, 18 Aug 2017 12:25:34 GMT
0
bat.bing.com/action/ Frame 2243 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5105257&Ver=2&mid=6ba76a62-60dc-a248-89d5-955ced190d0a&evt=pageLoad&sid=ca339ae9-1&lt=334&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&r=http%3A%2F%2Fmiitbd.com%2Fsilcated.php&tl=Login%20to%20MyADP&p=https%3A%2F%2Fkuma.lk%2Fmy.adp.com%2Fstatic%2Fredbox%2Flogin.html&rn=521652
Requested by
Host: kuma.lk
URL: https://kuma.lk/my.adp.com/static/redbox/login.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
a-0001.a-msedge.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Fri, 18 Aug 2017 12:25:33 GMT
Cache-Control
no-cache, must-revalidate
X-MSEdge-Ref
Ref A: 32A4EA25EA5346E49959BA032FC25066 Ref B: FRAEDGE0409 Ref C: 2017-08-18T12:25:34Z
Expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ Frame 2243 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KH3TMH
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.22.34 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
a7e7b8de3eb298a6c38c8a802e0c35feda1f0495d1729dacbcbfe7681a5420f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

date
Fri, 18 Aug 2017 12:25:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
889438253356072931
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=86400
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
content-length
4763
x-xss-protection
1; mode=block
expires
Fri, 18 Aug 2017 12:25:34 GMT
sp.pl
sp.analytics.yahoo.com/ Frame 2243 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=1000955916811&jsonp=YAHOO.ywa.I13N.handleJSONResponse&b=Login%20to%20MyADP&.yp=440887&f=https%3A%2F%2Fkuma.lk%2Fmy.adp.com%2Fstatic%2Fredbox%2Flogin.html&e=http%3A%2F%2Fmiitbd.com%2Fsilcated.php%3Fx%3Df&enc=UTF-8
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.125.66.33 , Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2017 12:25:34 GMT
via
http/1.1 spdc0014.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
content-type
application/x-javascript
status
200
cache-control
no-cache, private, must-revalidate
accept-ranges
bytes
content-length
0
expires
Fri, 18 Aug 2017 12:25:34 GMT
0
bat.bing.com/action/ Frame 2243 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5105257&Ver=2&mid=0007a703-b75f-e2b1-85c3-72c96b6dd0d6&evt=pageLoad&sid=ca339ae9-0&lt=403&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&r=http%3A%2F%2Fmiitbd.com%2Fsilcated.php&tl=Login%20to%20MyADP&p=https%3A%2F%2Fkuma.lk%2Fmy.adp.com%2Fstatic%2Fredbox%2Flogin.html&rn=238791
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
a-0001.a-msedge.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Fri, 18 Aug 2017 12:25:33 GMT
Cache-Control
no-cache, must-revalidate
X-MSEdge-Ref
Ref A: 39EC96656984414FA46544A483947153 Ref B: FRAEDGE0409 Ref C: 2017-08-18T12:25:34Z
Expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
bid.g.doubleclick.net/xbbe/ Frame 2243 		0
0
/
www.google.de/ads/user-lists/1062739562/ Frame 2243
Redirect Chain
  • https://www.google.com/ads/user-lists/1062739562/?random=1503059134249&cv=8&fst=1503057600000&num=1&fmt=3&label=IwQUCMSbtWgQ6rzg-gM&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=...
  • https://www.google.de/ads/user-lists/1062739562/?random=1503059134249&cv=8&fst=1503057600000&num=1&fmt=3&label=IwQUCMSbtWgQ6rzg-gM&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=2...
 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/user-lists/1062739562/?random=1503059134249&cv=8&fst=1503057600000&num=1&fmt=3&label=IwQUCMSbtWgQ6rzg-gM&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=https%3A%2F%2Fkuma.lk%2Fmy.adp.com%2Fstatic%2Fredbox%2Flogin.html&ref=http%3A%2F%2Fmiitbd.com%2Fsilcated.php%3Fx%3Df&tiba=Login%20to%20MyADP&async=1&cdct=2&is_vtc=1&random=4034871754&fpvtc=/1062739562/%3Frandom%3D1538304623%26cv%3D8%26fst%3D1503057600000%26num%3D1%26fmt%3D3%26label%3DIwQUCMSbtWgQ6rzg-gM%26guid%3DON%26eid%3D376635471%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_his%3D2%26u_tz%3D0%26u_java%3Dfalse%26u_nplug%3D0%26u_nmime%3D0%26frm%3D0%26url%3Dhttps%253A%252F%252Fkuma.lk%252Fmy.adp.com%252Fstatic%252Fredbox%252Flogin.html%26ref%3Dhttp%253A%252F%252Fmiitbd.com%252Fsilcated.php%253Fx%253Df%26tiba%3DLogin%2520to%2520MyADP%26async%3D1%26cdct%3D2%26is_vtc%3D1&ipr=y&ulfeg=n
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:401b:801::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
adclick_server /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://kuma.lk/my.adp.com/static/redbox/login.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2017 12:25:34 GMT
x-content-type-options
nosniff
server
adclick_server
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 18 Aug 2017 12:25:34 GMT
x-content-type-options
nosniff
server
adclick_server
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/user-lists/1062739562/?random=1503059134249&cv=8&fst=1503057600000&num=1&fmt=3&label=IwQUCMSbtWgQ6rzg-gM&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=https%3A%2F%2Fkuma.lk%2Fmy.adp.com%2Fstatic%2Fredbox%2Flogin.html&ref=http%3A%2F%2Fmiitbd.com%2Fsilcated.php%3Fx%3Df&tiba=Login%20to%20MyADP&async=1&cdct=2&is_vtc=1&random=4034871754&fpvtc=/1062739562/%3Frandom%3D1538304623%26cv%3D8%26fst%3D1503057600000%26num%3D1%26fmt%3D3%26label%3DIwQUCMSbtWgQ6rzg-gM%26guid%3DON%26eid%3D376635471%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_his%3D2%26u_tz%3D0%26u_java%3Dfalse%26u_nplug%3D0%26u_nmime%3D0%26frm%3D0%26url%3Dhttps%253A%252F%252Fkuma.lk%252Fmy.adp.com%252Fstatic%252Fredbox%252Flogin.html%26ref%3Dhttp%253A%252F%252Fmiitbd.com%252Fsilcated.php%253Fx%253Df%26tiba%3DLogin%2520to%2520MyADP%26async%3D1%26cdct%3D2%26is_vtc%3D1&ipr=y&ulfeg=n
cache-control
private, max-age=43200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
1281
x-xss-protection
1; mode=block
expires
Fri, 18 Aug 2017 12:25:34 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
kuma.lk
URL
https://kuma.lk/my.adp.com/static/redbox/login.html
Domain
bid.g.doubleclick.net
URL
https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ADP (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
.kuma.lk/ Name: _uetsid
Value: _uetca339ae9

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
bid.g.doubleclick.net
kuma.lk
miitbd.com
s.yimg.com
sp.analytics.yahoo.com
static.adp.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
bid.g.doubleclick.net
kuma.lk
172.217.22.34
188.125.66.33
192.227.128.150
204.79.197.200
23.193.47.54
2a00:1288:80:800::7001
2a00:1450:4001:816::2008
2a00:1450:401b:801::2003
78.128.76.163
0800884ce7992c1a9ad2d6add520dc5b6888f51c7ef49c3632356d4b6f5abaa3
0f555567ee537c345c8e656dad04d4a44625825816d7f3fa26ede0a4d102b8d1
0f77660e06a5f61a45c4dbdab511722357cf29e7f5ba1b2cf097550afdb0ed20
1e616b6c247a49d421851c467056873dd9aaa9e1cf3900bb161ae1b1889f84ac
2b80fbe521e07e4e84eb52e707b364c3e6c05c57e483276dc4b3be93a9794ba9
6fab4d538d685a8253d90698f380948b91dbc8398f8ae93ce734a01656071bce
7693b7e98263c1846dc04dbeb9bc5f7f088fc911d7b56ae9b7c44aa301fa50c6
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
808892c2bb8209eec9d84bf6ffdb5a438dac3054771c8bd7dc9fd413ca044cf3
88f6d5721640f988d73b7c754170fc9767c42433ead2fed06b89a643a86c9df5
97fbe45f28a7adc94a26a7bb79e83c2a52c2bc8c0285a7e0a0201e52961e6103
a7e7b8de3eb298a6c38c8a802e0c35feda1f0495d1729dacbcbfe7681a5420f6
bce858f8ffe6f53889decc3877743addc825becd4a1f217da3ce8c6779e68042
d0446b821d0b99f9830ddc41db59d60cd2baf748e6efa8ff36ade57df8662d6a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629