preview.training.knowbe4.com
Open in
urlscan Pro
18.66.147.107
Malicious Activity!
Public Scan
Effective URL: https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndR...
Submission: On August 29 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Amazon on June 15th 2022. Valid for: a year.
This is the only time preview.training.knowbe4.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 18.66.147.107 18.66.147.107 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2a02:26f0:350... 2a02:26f0:3500:16::215:149b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
10 | 3 |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-107.fra60.r.cloudfront.net
preview.training.knowbe4.com |
ASN20940 (AKAMAI-ASN1, NL)
static.licdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
knowbe4.com
preview.training.knowbe4.com |
924 KB |
3 |
licdn.com
static.licdn.com — Cisco Umbrella Rank: 9462 |
144 KB |
0 |
googleapis.com
Failed
ajax.googleapis.com Failed |
|
10 | 3 |
Domain | Requested by | |
---|---|---|
6 | preview.training.knowbe4.com |
preview.training.knowbe4.com
|
3 | static.licdn.com |
preview.training.knowbe4.com
|
0 | ajax.googleapis.com Failed |
preview.training.knowbe4.com
|
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
training.knowbe4.com Amazon |
2022-06-15 - 2023-07-14 |
a year | crt.sh |
static-exp1.licdn.com DigiCert SHA2 Secure Server CA |
2022-04-13 - 2023-04-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh
Frame ID: 105C0DA69A5173E838EB3D68C4C9A534
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://preview.training.knowbe4.com/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQnd... Page URL
- https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1Y... Page URL
Detected technologies
Modernizr (JavaScript Libraries) ExpandDetected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://preview.training.knowbe4.com/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh Page URL
- https://preview.training.knowbe4.com/pages/b8b2254bed52/XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFwS1dVMU1hSFp1T1hJNVVXRXZhRmxCWlUxUVUyZHFWbFZGTkc5blZYUjJjakpFYmtaTFkxZ3JXaTh2ZFVKd1ZpOTNlWHBaWmxwUVFucEJUMmROUFMwdFNFbG5iM0ZPS3pWMlIzSXZiMnRMZFVsS2VpdHhVVDA5LS05NWIxZDY2N2I4MWUyZWE1NjgzODFjOTM5NTg2MmVhYzE0N2NmMTFh Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFw...
preview.training.knowbe4.com/ |
568 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
XUlRCamQxRlBMMDVYZG0xdE0yUXJkVFozYkhsS1FuY3hka05oV2tWdE1YUlJaMGxwYm01cGVEQndRbmhaWWtkcGMzQXlWa1JpU25aelpUUkRlaTkxTWpCb1ZrZEVNRzVyVlZsU1oxWjFPWEozT1hoaVRFOVNjM00xZWxod1QxWjZhVlIyTUdob1QxcHFlSE5wZDFw...
preview.training.knowbe4.com/pages/b8b2254bed52/ |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application-a2da001c10d028a658ee59866aae85329c0ac6a2a9a9fd20a8e2460097f9cc0f.js
preview.training.knowbe4.com/assets/ |
3 MB 774 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-2207a81ec738c3300f3e.js
preview.training.knowbe4.com/packs/js/ |
363 KB 125 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-79e0181ec91aff04bb01d87cba546535ede843f75d19f5c60f66b8dd6546971f.js
preview.training.knowbe4.com/assets/ |
50 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
preview.training.knowbe4.com/assets/ |
1 KB 1014 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_linkedin_242x59_v1.png
static.licdn.com/scds/common/u/images/logos/linkedin/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_linkedin_white_trans_64x16_v1.png
static.licdn.com/scds/common/u/images/logos/ |
761 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
photo_splash_signin_1141x759_v4.jpg
static.licdn.com/scds/common/u/images/apps/uas/ |
140 KB 141 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ajax.googleapis.com
- URL
- http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| _extends function| _typeof function| FlatpickrInstance function| _flatpickr function| flatpickr function| updateQueryStringParameter function| getParam function| colSort function| $ function| jQuery object| jQuery112405690574652359541 function| proj4 object| Routes function| moment object| FullCalendar function| _ object| ZeroClipboard_TableTools object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime object| Highcharts object| html5 object| Modernizr object| gon object| kb40 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | |
Strict-Transport-Security | max-age=63113904; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
preview.training.knowbe4.com
static.licdn.com
ajax.googleapis.com
18.66.147.107
2a02:26f0:3500:16::215:149b
0df9b2e7084b0d017d56188cd22a9572981a6e5c71e02696e9199e0d07766f95
16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f
30052f65174a9e2d75f3ac731c71c6dc14f48a4585a29b176401df4051d64ece
3b212ee3e0509a0088d1cd6d364a613c36ca079ccaf73a26c54ebbf5fe2f3239
9dfc156eac0c8b5382b58a8a594c5f3466ef6e4e5153a6329d89f2ce54bcb89c
a752cd8b5059dda8f8c25786a2565f824c6a14db9f60204755ca4c49243f5bc9
be6858d07f2af4a905d878b9e6a2292cf11ea19e639850d54c18c464587319a4
ee94dda0af1fc5c5045741b39e54136015365eedca34095f1d3c666998bb442d