preview.training.knowbe4.com Open in urlscan Pro
18.66.147.107 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://preview.training.knowbe4.com/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1J...
Effective URL:
https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndR...
Submission: On August 29 via manual (August 29th 2022, 11:46:18 am UTC) from US — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 18.66.147.107, located in United States and belongs to AMAZON-02, US. The main domain is preview.training.knowbe4.com.
TLS certificate: Issued by Amazon on June 15th 2022. Valid for: a year.

This is the only time preview.training.knowbe4.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
6	18.66.147.107 18.66.147.107	16509 (AMAZON-02) (AMAZON-02)
3	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	3

6 18.66.147.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-107.fra60.r.cloudfront.net

preview.training.knowbe4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

static.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	knowbe4.com preview.training.knowbe4.com	924 KB
3	licdn.com static.licdn.com — Cisco Umbrella Rank: 9462	144 KB
0	googleapis.com Failed ajax.googleapis.com Failed
10	3

	Domain	Requested by
6	preview.training.knowbe4.com	preview.training.knowbe4.com
3	static.licdn.com	preview.training.knowbe4.com
0	ajax.googleapis.com Failed	preview.training.knowbe4.com
10	3

This site contains no links.

Subject Issuer	Validity	Valid
training.knowbe4.com Amazon	`2022-06-15` - `2023-07-14`	a year	crt.sh
static-exp1.licdn.com DigiCert SHA2 Secure Server CA	`2022-04-13` - `2023-04-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
Frame ID: 105C0DA69A5173E838EB3D68C4C9A534
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://preview.training.knowbe4.com/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQnd... Page URL
https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1Y... Page URL

Detected technologies

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

10
Requests

90 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1068 kB
Transfer

3772 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://preview.training.knowbe4.com/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh Page URL
https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFw...
preview.training.knowbe4.com/ 568 B
1 KB 517ms
437ms Document
text/html 18.66.147.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://preview.training.knowbe4.com/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-107.fra60.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0, private, must-revalidate
content-security-policy
content-type: text/html; charset=utf-8
date: Mon, 29 Aug 2022 11:46:02 GMT
etag: W/"74de5820c333f967779d3daeb3c3f950"
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=63113904; includeSubDomains; preload
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-id: k6Y-qYwGHiDKuRTqQU8wXprWCE2TnAsnH2Locd1jtK3P_lcYWZWlfg==
x-amz-cf-pop: FRA60-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-protected-by: Sqreen
x-request-id: abb83dc5-97db-4641-9314-fd6eb13c0319
x-runtime: 0.052875
x-xss-protection: 1; mode=block

GET
H2 200 Primary Request XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFw... Show response
preview.training.knowbe4.com/pages/b8b2254bed52/ 7 KB
7 KB 1486ms
1485ms Document
text/html 18.66.147.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh

Requested by

Host: preview.training.knowbe4.com
URL: https://preview.training.knowbe4.com/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-107.fra60.r.cloudfront.net

Software

Resource Hash

0df9b2e7084b0d017d56188cd22a9572981a6e5c71e02696e9199e0d07766f95

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://preview.training.knowbe4.com/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0, private, must-revalidate
content-security-policy
content-type: text/html; charset=utf-8
date: Mon, 29 Aug 2022 11:46:04 GMT
etag: W/"0df9b2e7084b0d017d56188cd22a9572"
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=63113904; includeSubDomains; preload
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-id: Mg7dMthFZ5HMH9fNwT7-DaUNks-95XSRvB-VIAtV4aCnXmOXMGVWHA==
x-amz-cf-pop: FRA60-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-protected-by: Sqreen
x-request-id: 4ed5698d-e51c-47d0-b9f2-0f6f19c194c8
x-runtime: 1.104307
x-xss-protection: 1; mode=block

GET
H2 200 application-a2da001c10d028a658ee59866aae85329c0ac6a2a9a9fd20a8e2460097f9cc0f.js Show response
preview.training.knowbe4.com/assets/ 3 MB
774 KB 415ms
414ms Script
application/javascript 18.66.147.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://preview.training.knowbe4.com/assets/application-a2da001c10d028a658ee59866aae85329c0ac6a2a9a9fd20a8e2460097f9cc0f.js

Requested by

Host: preview.training.knowbe4.com
URL: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-107.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9dfc156eac0c8b5382b58a8a594c5f3466ef6e4e5153a6329d89f2ce54bcb89c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: Bq8jw2Ff70Oa3XL4ZIOSVMB4du0rr6Hv
content-encoding: gzip
vary: Accept-Encoding
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA60-P4
x-cache: RefreshHit from cloudfront
date: Mon, 29 Aug 2022 11:46:05 GMT
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 26 Aug 2022 13:35:29 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"54dbe9767e7dd22b2e9eb57d88adf279"
x-download-options: noopen
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: application/javascript
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-id: C2cNSjR9WjQq8kveFXG6zQlWSbRMn041EONmIiot9JEgqdwlMMVSIw==
x-content-type-options: nosniff

GET
H2 200 vendor-2207a81ec738c3300f3e.js Show response
preview.training.knowbe4.com/packs/js/ 363 KB
125 KB 377ms
376ms Script
application/javascript 18.66.147.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://preview.training.knowbe4.com/packs/js/vendor-2207a81ec738c3300f3e.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-107.fra60.r.cloudfront.net

Software

Resource Hash

be6858d07f2af4a905d878b9e6a2292cf11ea19e639850d54c18c464587319a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 11:46:04 GMT
content-encoding: gzip
last-modified: Fri, 26 Aug 2022 20:09:46 GMT
x-amz-cf-pop: FRA60-P4
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
strict-transport-security: max-age=63113904; includeSubDomains; preload
content-length: 126973
x-amz-cf-id: 7ChE-pH_zXP6cBEUk3MRK6ojhntAlj4K5ILjq_X7sGzR9TcHBHx7Sg==

GET
H2 200 modernizr-79e0181ec91aff04bb01d87cba546535ede843f75d19f5c60f66b8dd6546971f.js Show response
preview.training.knowbe4.com/assets/ 50 KB
16 KB 415ms
415ms Script
application/javascript 18.66.147.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://preview.training.knowbe4.com/assets/modernizr-79e0181ec91aff04bb01d87cba546535ede843f75d19f5c60f66b8dd6546971f.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-107.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ee94dda0af1fc5c5045741b39e54136015365eedca34095f1d3c666998bb442d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: dRXzWlx_vbKZe7hN_W_reaJTBcwMyFww
content-encoding: gzip
vary: Accept-Encoding
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA60-P4
x-cache: RefreshHit from cloudfront
date: Mon, 29 Aug 2022 11:46:05 GMT
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 26 Aug 2022 13:35:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"bf2f96e6233de3d8c0346085ac28248a"
x-download-options: noopen
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: application/javascript
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-id: 85UpIZ61x5LT351MWrhoqTyV8xW0CTIMi1ujSm7t8FJf4i2WMLvdcw==
x-content-type-options: nosniff

GET
H2 200 landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
preview.training.knowbe4.com/assets/ 1 KB
1014 B 442ms
442ms Stylesheet
text/css 18.66.147.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://preview.training.knowbe4.com/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-107.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: CWzu77bh.92yNq0sLPMUrkvm48EMAORj
content-encoding: gzip
vary: Accept-Encoding
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA60-P4
x-cache: RefreshHit from cloudfront
date: Mon, 29 Aug 2022 11:46:05 GMT
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 26 Aug 2022 13:35:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"15e89f9684b18ec43ee51f8d62a787c3"
x-download-options: noopen
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: text/css
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-id: 55gwf1Q_9RnU9Q_hv_vgmnMf2unQRz69xxVFfEDfR6Gf_dnbStnNUA==
x-content-type-options: nosniff

GET
H2 200 logo_linkedin_242x59_v1.png
static.licdn.com/scds/common/u/images/logos/linkedin/ 1 KB
2 KB 610ms
549ms Image
image/png 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.licdn.com/scds/common/u/images/logos/linkedin/logo_linkedin_242x59_v1.png
Requested by: Host: preview.training.knowbe4.com
URL: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: a752cd8b5059dda8f8c25786a2565f824c6a14db9f60204755ca4c49243f5bc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 535
date: Mon, 29 Aug 2022 11:46:05 GMT
x-li-static-content: 1
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-li-proto: http/1.1
x-edgeconnect-midmile-rtt: 0
x-li-fabric: prod-lva1
x-cdn-proto: HTTP2
content-length: 1070
x-li-uuid: AAXnX88HiN5L4OvEWU4uJQ==
server: Play
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
x-li-pop: prod-lva1-x
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
timing-allow-origin: *
x-fs-uuid: 0005e75fcf0788de4be0ebc4594e2e25
expires: Tue, 29 Aug 2023 11:46:05 GMT

GET
H2 200 logo_linkedin_white_trans_64x16_v1.png
static.licdn.com/scds/common/u/images/logos/ 761 B
1 KB 465ms
464ms Image
image/png 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.licdn.com/scds/common/u/images/logos/logo_linkedin_white_trans_64x16_v1.png
Requested by: Host: preview.training.knowbe4.com
URL: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 3b212ee3e0509a0088d1cd6d364a613c36ca079ccaf73a26c54ebbf5fe2f3239

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 453
date: Mon, 29 Aug 2022 11:46:05 GMT
x-li-static-content: 1
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-li-proto: http/1.1
x-edgeconnect-midmile-rtt: 0
x-li-fabric: prod-ltx1
x-cdn-proto: HTTP2
content-length: 761
x-li-uuid: AAXnX88JvWMHauee31/ZUw==
server: Play
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
x-li-pop: prod-ltx1-x
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
timing-allow-origin: *
x-fs-uuid: 0005e75fcf09bd63076ae79edf5fd953
expires: Tue, 29 Aug 2023 11:46:05 GMT

GET jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1/ 0
0

GET
H2 200 photo_splash_signin_1141x759_v4.jpg
static.licdn.com/scds/common/u/images/apps/uas/ 140 KB
141 KB 645ms
645ms Image
image/jpeg 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.licdn.com/scds/common/u/images/apps/uas/photo_splash_signin_1141x759_v4.jpg
Requested by: Host: preview.training.knowbe4.com
URL: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 30052f65174a9e2d75f3ac731c71c6dc14f48a4585a29b176401df4051d64ece

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://preview.training.knowbe4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 471
date: Mon, 29 Aug 2022 11:46:05 GMT
x-li-static-content: 1
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-li-proto: http/1.1
x-edgeconnect-midmile-rtt: 0
x-li-fabric: prod-lor1
x-cdn-proto: HTTP2
x-li-uuid: AAXnX88Kl8avIUa6xBDBQw==
server: Play
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
x-li-pop: prod-lor1-x
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
timing-allow-origin: *
x-fs-uuid: 0005e75fcf0a97c6af2146bac410c143
expires: Tue, 29 Aug 2023 11:46:05 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh Message: Mixed Content: The page at 'https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh' was loaded over HTTPS, but requested an insecure script 'http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js'. This request has been blocked; the content must be served over HTTPS.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
preview.training.knowbe4.com
static.licdn.com
ajax.googleapis.com
18.66.147.107
2a02:26f0:3500:16::215:149b
0df9b2e7084b0d017d56188cd22a9572981a6e5c71e02696e9199e0d07766f95
16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f
30052f65174a9e2d75f3ac731c71c6dc14f48a4585a29b176401df4051d64ece
3b212ee3e0509a0088d1cd6d364a613c36ca079ccaf73a26c54ebbf5fe2f3239
9dfc156eac0c8b5382b58a8a594c5f3466ef6e4e5153a6329d89f2ce54bcb89c
a752cd8b5059dda8f8c25786a2565f824c6a14db9f60204755ca4c49243f5bc9
be6858d07f2af4a905d878b9e6a2292cf11ea19e639850d54c18c464587319a4
ee94dda0af1fc5c5045741b39e54136015365eedca34095f1d3c666998bb442d

preview.training.knowbe4.com Open in urlscan Pro 18.66.147.107 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

90 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1068 kBTransfer

3772 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

35 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

preview.training.knowbe4.com Open in urlscan Pro
18.66.147.107 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1068 kB
Transfer

3772 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!