protected-forms.com
Open in
urlscan Pro
34.235.94.46
Malicious Activity!
Public Scan
Effective URL: https://protected-forms.com/pages/b2229a823f9cdf6065ad0708664d4cd9/XTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4dlNXaHVNVzFYZUc1UlZH...
Submission: On November 02 via api from IE — Scanned from DE
Summary
TLS certificate: Issued by Amazon RSA 2048 M02 on March 20th 2023. Valid for: a year.
This is the only time protected-forms.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 34.235.94.46 34.235.94.46 | 14618 (AMAZON-AES) (AMAZON-AES) | |
7 | 2a02:26f0:f70... 2a02:26f0:f700:380::25cb | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:f70... 2a02:26f0:f700:695::11a6 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a02:26f0:f70... 2a02:26f0:f700:4af::11a6 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 2 | 193.108.153.20 193.108.153.20 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 2 | 2a02:26f0:310... 2a02:26f0:3100::1735:2a3b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
26 | 7 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-94-46.compute-1.amazonaws.com
science.farenheit.net | |
protected-forms.com | |
https.protected-forms.com |
ASN20940 (AKAMAI-ASN1, NL)
s.go-mpulse.net | |
684dd330.akstat.io |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a193-108-153-20.deploy.static.akamaitechnologies.com
trial-eum-clientnsv4-s.akamaihd.net | |
wkrndc6bnsmrizkdhupq-p3yzbk-41d52b18f-clientnsv4-s.akamaihd.net |
ASN20940 (AKAMAI-ASN1, NL)
trial-eum-clienttons-s.akamaihd.net | |
fiaazgbakcqaokqce3ydcaaaabsugpi7-p3yzbk-a1d79c9cd-clienttons-s.akamaihd.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
mydhli.com
keycloak.mydhli.com — Cisco Umbrella Rank: 553847 |
158 KB |
6 |
protected-forms.com
protected-forms.com — Cisco Umbrella Rank: 112711 https.protected-forms.com — Cisco Umbrella Rank: 241663 |
783 KB |
4 |
akamaihd.net
2 redirects
trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 2589 wkrndc6bnsmrizkdhupq-p3yzbk-41d52b18f-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 2588 fiaazgbakcqaokqce3ydcaaaabsugpi7-p3yzbk-a1d79c9cd-clienttons-s.akamaihd.net |
1 KB |
2 |
go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1444 c.go-mpulse.net — Cisco Umbrella Rank: 654 |
52 KB |
1 |
akstat.io
684dd330.akstat.io — Cisco Umbrella Rank: 73595 |
204 B |
1 |
farenheit.net
science.farenheit.net |
1 KB |
0 |
knowbe4.com
Failed
training.knowbe4.com Failed |
|
26 | 7 |
Domain | Requested by | |
---|---|---|
7 | keycloak.mydhli.com |
protected-forms.com
keycloak.mydhli.com |
5 | protected-forms.com |
science.farenheit.net
|
1 | fiaazgbakcqaokqce3ydcaaaabsugpi7-p3yzbk-a1d79c9cd-clienttons-s.akamaihd.net | |
1 | trial-eum-clienttons-s.akamaihd.net | 1 redirects |
1 | wkrndc6bnsmrizkdhupq-p3yzbk-41d52b18f-clientnsv4-s.akamaihd.net | |
1 | trial-eum-clientnsv4-s.akamaihd.net | 1 redirects |
1 | 684dd330.akstat.io |
s.go-mpulse.net
|
1 | c.go-mpulse.net |
s.go-mpulse.net
|
1 | s.go-mpulse.net |
protected-forms.com
|
1 | https.protected-forms.com |
protected-forms.com
|
1 | science.farenheit.net | |
0 | training.knowbe4.com Failed | |
26 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
https.protected-forms.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
authentlcation.com Amazon RSA 2048 M02 |
2023-03-20 - 2024-04-18 |
a year | crt.sh |
logistics.dhl DPDHL Global TLS CA - I5 |
2023-07-04 - 2024-07-03 |
a year | crt.sh |
akstat.io DigiCert TLS RSA SHA256 2020 CA1 |
2023-04-05 - 2024-04-04 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://protected-forms.com/pages/b2229a823f9cdf6065ad0708664d4cd9/XTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4dlNXaHVNVzFYZUc1UlZHWkljVTlYWVdjeVdIbE5jWHBvZDJwRFZWcFFRMU4wV1daV056UmxNV05LZERrek9Xd3JjazVDYWs1MFlXaGtObTB2UjNWS1FtcFpXVXRJVUhkVVFWbEJPRWw0VHpaUmNreDZOamhGTDFSeVN5dHpiVVZYY0VOeWRrbHBjbWN3VFVoSGNHMVVkakV4TjJWcWIxQnRja3huVXpaVVp6VTJaaXRqV2pkbE0zcEhiVVkxVGtaNlVqbFNOVVZLVDFCc2FuWmxlbk40TVhSck1saElabFpYUW1KbkszaG1jbVZoU21GaFVXTmhSelJPVmxGaWMxRXdOR2hTVW1acE5WWkpibmhWT1c1bmJXZEdlRmg0VFQwdExXeHVVemxqWW1wRWRsSjRVRUZSV2xsWE1HTXJSRkU5UFE9PS0tYzVmZTljMTgxNzM5NmQ1NjU2MTYwMDI0NzdlNTYwMTM4NTQ1MThhNw==
Frame ID: 64DF9AF8A94776F133EE06F639695BDE
Requests: 22 HTTP requests in this frame
Frame:
https://s.go-mpulse.net/boomerang/8N65B-V34HM-7R529-35BPF-EYR2P
Frame ID: CAA5E1D67DAFA259B7A6BF122FE1061A
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://science.farenheit.net/XTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4dlNXaHVNVzFYZUc1UlZHWkljVTlYWVdjeVdIbE5... Page URL
- https://protected-forms.com/pages/b2229a823f9cdf6065ad0708664d4cd9/XTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4... Page URL
Detected technologies
Modernizr (JavaScript Libraries) ExpandDetected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: DHL Global Forwarding
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://science.farenheit.net/XTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4dlNXaHVNVzFYZUc1UlZHWkljVTlYWVdjeVdIbE5jWHBvZDJwRFZWcFFRMU4wV1daV056UmxNV05LZERrek9Xd3JjazVDYWs1MFlXaGtObTB2UjNWS1FtcFpXVXRJVUhkVVFWbEJPRWw0VHpaUmNreDZOamhGTDFSeVN5dHpiVVZYY0VOeWRrbHBjbWN3VFVoSGNHMVVkakV4TjJWcWIxQnRja3huVXpaVVp6VTJaaXRqV2pkbE0zcEhiVVkxVGtaNlVqbFNOVVZLVDFCc2FuWmxlbk40TVhSck1saElabFpYUW1KbkszaG1jbVZoU21GaFVXTmhSelJPVmxGaWMxRXdOR2hTVW1acE5WWkpibmhWT1c1bmJXZEdlRmg0VFQwdExXeHVVemxqWW1wRWRsSjRVRUZSV2xsWE1HTXJSRkU5UFE9PS0tYzVmZTljMTgxNzM5NmQ1NjU2MTYwMDI0NzdlNTYwMTM4NTQ1MThhNw==?cid=1785526305/ Page URL
- https://protected-forms.com/pages/b2229a823f9cdf6065ad0708664d4cd9/XTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4dlNXaHVNVzFYZUc1UlZHWkljVTlYWVdjeVdIbE5jWHBvZDJwRFZWcFFRMU4wV1daV056UmxNV05LZERrek9Xd3JjazVDYWs1MFlXaGtObTB2UjNWS1FtcFpXVXRJVUhkVVFWbEJPRWw0VHpaUmNreDZOamhGTDFSeVN5dHpiVVZYY0VOeWRrbHBjbWN3VFVoSGNHMVVkakV4TjJWcWIxQnRja3huVXpaVVp6VTJaaXRqV2pkbE0zcEhiVVkxVGtaNlVqbFNOVVZLVDFCc2FuWmxlbk40TVhSck1saElabFpYUW1KbkszaG1jbVZoU21GaFVXTmhSelJPVmxGaWMxRXdOR2hTVW1acE5WWkpibmhWT1c1bmJXZEdlRmg0VFQwdExXeHVVemxqWW1wRWRsSjRVRUZSV2xsWE1HTXJSRkU5UFE9PS0tYzVmZTljMTgxNzM5NmQ1NjU2MTYwMDI0NzdlNTYwMTM4NTQ1MThhNw== Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 21- https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p3yzbkdxj HTTP 302
- https://wkrndc6bnsmrizkdhupq-p3yzbk-41d52b18f-clientnsv4-s.akamaihd.net/eum/results.txt
- https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p3yzbkdxj HTTP 302
- https://fiaazgbakcqaokqce3ydcaaaabsugpi7-p3yzbk-a1d79c9cd-clienttons-s.akamaihd.net/eum/results.txt
- https://protected-forms.com/auth/rb_f4be62ab-e5f3-4754-bb9a-f2b22103e0ae?type=js3&sn=v_4_srv_-2D67_sn_L1MB73V2V01HLR3AORV2ITECE8TARK44&svrid=-67&flavor=post&vi=CORDAMMBWBJASKJBCTRJFPJOAMPJGMTQ-0&modifiedSince=1697499231475&rf=https%3A%2F%2Fprotected-forms.com%2Fpages%2Fb2229a823f9cdf6065ad0708664d4cd9%2FXTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4dlNXaHVNVzFYZUc1UlZHWkljVTlYWVdjeVdIbE5jWHBvZDJwRFZWcFFRMU4wV1daV056UmxNV05LZERrek9Xd3JjazVDYWs1MFlXaGtObTB2UjNWS1FtcFpXVXRJVUhkVVFWbEJPRWw0VHpaUmNreDZOamhGTDFSeVN5dHpiVVZYY0VOeWRrbHBjbWN3VFVoSGNHMVVkakV4TjJWcWIxQnRja3huVXpaVVp6VTJaaXRqV2pkbE0zcEhiVVkxVGtaNlVqbFNOVVZLVDFCc2FuWmxlbk40TVhSck1saElabFpYUW1KbkszaG1jbVZoU21GaFVXTmhSelJPVmxGaWMxRXdOR2hTVW1acE5WWkpibmhWT1c1bmJXZEdlRmg0VFQwdExXeHVVemxqWW1wRWRsSjRVRUZSV2xsWE1HTXJSRkU5UFE9PS0tYzVmZTljMTgxNzM5NmQ1NjU2MTYwMDI0NzdlNTYwMTM4NTQ1MThhNw%3D%3D&bp=3&app=81de07ed5659ab10&crc=4285541066&en=wg76cekz&end=1 HTTP 302
- https://protected-forms.com/ HTTP 301
- https://training.knowbe4.com/ui/login
- https://protected-forms.com/auth/rb_f4be62ab-e5f3-4754-bb9a-f2b22103e0ae?type=js3&sn=v_4_srv_-2D67_sn_L1MB73V2V01HLR3AORV2ITECE8TARK44&svrid=-67&flavor=post&vi=CORDAMMBWBJASKJBCTRJFPJOAMPJGMTQ-0&modifiedSince=1697499231475&rf=https%3A%2F%2Fprotected-forms.com%2Fpages%2Fb2229a823f9cdf6065ad0708664d4cd9%2FXTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4dlNXaHVNVzFYZUc1UlZHWkljVTlYWVdjeVdIbE5jWHBvZDJwRFZWcFFRMU4wV1daV056UmxNV05LZERrek9Xd3JjazVDYWs1MFlXaGtObTB2UjNWS1FtcFpXVXRJVUhkVVFWbEJPRWw0VHpaUmNreDZOamhGTDFSeVN5dHpiVVZYY0VOeWRrbHBjbWN3VFVoSGNHMVVkakV4TjJWcWIxQnRja3huVXpaVVp6VTJaaXRqV2pkbE0zcEhiVVkxVGtaNlVqbFNOVVZLVDFCc2FuWmxlbk40TVhSck1saElabFpYUW1KbkszaG1jbVZoU21GaFVXTmhSelJPVmxGaWMxRXdOR2hTVW1acE5WWkpibmhWT1c1bmJXZEdlRmg0VFQwdExXeHVVemxqWW1wRWRsSjRVRUZSV2xsWE1HTXJSRkU5UFE9PS0tYzVmZTljMTgxNzM5NmQ1NjU2MTYwMDI0NzdlNTYwMTM4NTQ1MThhNw%3D%3D&bp=3&app=81de07ed5659ab10&crc=1390465296&en=wg76cekz&end=1 HTTP 302
- https://protected-forms.com/ HTTP 301
- https://training.knowbe4.com/ui/login
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
XTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4dlNXaHVNVzFYZUc1UlZHWkljVTlYWVdjeVdIbE5jWHBvZDJwRFZWcFFRMU4wV1daV056UmxNV05LZERrek9Xd3JjazVDYWs1MFlXaGtObTB2UjNWS1FtcFpXVXRJVUhkVVFWbEJPRWw0VHpaUmNreDZOamhGTDFS...
science.farenheit.net/ |
699 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
XTjJFdlNVdFBiM3BTVGt0aVdVWkhlR0pSWlM4dlNXaHVNVzFYZUc1UlZHWkljVTlYWVdjeVdIbE5jWHBvZDJwRFZWcFFRMU4wV1daV056UmxNV05LZERrek9Xd3JjazVDYWs1MFlXaGtObTB2UjNWS1FtcFpXVXRJVUhkVVFWbEJPRWw0VHpaUmNreDZOamhGTDFS...
protected-forms.com/pages/b2229a823f9cdf6065ad0708664d4cd9/ |
14 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
protected-forms.com/assets/ |
1 KB 601 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application-32eba8d1d470acc7319d23b321f10ae9953965421df0d218f9d63a35925345db.js
protected-forms.com/assets/ |
3 MB 746 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-22ab86fa99157ec8b388.js
protected-forms.com/packs/js/ |
18 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-79e0181ec91aff04bb01d87cba546535ede843f75d19f5c60f66b8dd6546971f.js
protected-forms.com/assets/ |
50 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA27NVfjqrux_10275230919171419.js
keycloak.mydhli.com/auth/ |
209 KB 80 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
patternfly.css
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/node_modules/patternfly/dist/css/ |
217 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
patternfly-additions.css
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/node_modules/patternfly/dist/css/ |
257 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
zocial.css
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/lib/zocial/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/css/ |
19 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form.js
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/js/ |
8 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7d50991489dabcffa84b4107542a0893
https.protected-forms.com/pages/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eye-icon.svg
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/img/icons/ |
359 B 673 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
zocial.css
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/lib/zocial/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8N65B-V34HM-7R529-35BPF-EYR2P
s.go-mpulse.net/boomerang/ Frame CAA5 |
202 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl-logo.svg
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Delivery_W_Rg.woff
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Delivery_W_Bd.woff
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Delivery_W_CdBlk.woff
keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
config.json
c.go-mpulse.net/api/ Frame CAA5 |
1 KB 934 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
684dd330.akstat.io/ |
0 204 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
results.txt
wkrndc6bnsmrizkdhupq-p3yzbk-41d52b18f-clientnsv4-s.akamaihd.net/eum/ Frame CAA5 Redirect Chain
|
8 B 312 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
results.txt
fiaazgbakcqaokqce3ydcaaaabsugpi7-p3yzbk-a1d79c9cd-clienttons-s.akamaihd.net/eum/ Frame CAA5 Redirect Chain
|
8 B 312 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
login
training.knowbe4.com/ui/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
login
training.knowbe4.com/ui/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- keycloak.mydhli.com
- URL
- https://keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/lib/zocial/zocial.css?v=2.29.0
- Domain
- keycloak.mydhli.com
- URL
- https://keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/lib/zocial/zocial.css?v=2.29.0
- Domain
- keycloak.mydhli.com
- URL
- https://keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/fonts/Delivery_W_Rg.woff
- Domain
- keycloak.mydhli.com
- URL
- https://keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/fonts/Delivery_W_Bd.woff
- Domain
- keycloak.mydhli.com
- URL
- https://keycloak.mydhli.com/auth/resources/qa8cs/login/mydhli-portal/fonts/Delivery_W_CdBlk.woff
- Domain
- training.knowbe4.com
- URL
- https://training.knowbe4.com/ui/login
- Domain
- training.knowbe4.com
- URL
- https://training.knowbe4.com/ui/login
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture function| _extends function| _typeof function| FlatpickrInstance function| _flatpickr function| flatpickr function| updateQueryStringParameter function| getParam function| colSort function| $ function| jQuery object| jQuery112407249639662806924 function| proj4 object| Routes function| moment object| FullCalendar function| _ object| ZeroClipboard_TableTools object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime object| html5 object| Modernizr object| gon object| dT_ object| dtrum object| dynatrace boolean| isEmployee function| validateEmail function| disableInputs function| showPassword function| isEmailInternal function| validEmailForResetPassword function| onSubmitResetPassword function| onSubmitLogin string| BOOMR_API_key object| BOOMR number| BOOMR_lstart object| kb4 number| BOOMR_onload object| BOOMR_mq number| BOOMR_configt7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
keycloak.mydhli.com/ | Name: 9098e0d51d5c006aa714420aaf766a52 Value: 79c74934d767eebcc01041e613ad8297 |
|
.protected-forms.com/ | Name: dtCookie Value: v_4_srv_-2D67_sn_L1MB73V2V01HLR3AORV2ITECE8TARK44 |
|
.protected-forms.com/ | Name: rxVisitor Value: 16989053750092N8V4N3PPA8S37SU2URUIOGSEKQMV016 |
|
.protected-forms.com/ | Name: dtSa Value: - |
|
.protected-forms.com/ | Name: rxvt Value: 1698907175221|1698905375010 |
|
.protected-forms.com/ | Name: dtPC Value: -67$305375006_80h-vCORDAMMBWBJASKJBCTRJFPJOAMPJGMTQ-0e0 |
|
.protected-forms.com/ | Name: RT Value: "z=1&dm=protected-forms.com&si=b9j5pbdgrpe&ss=logse92m&sl=0&tt=0" |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | |
Strict-Transport-Security | max-age=63113904; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
684dd330.akstat.io
c.go-mpulse.net
fiaazgbakcqaokqce3ydcaaaabsugpi7-p3yzbk-a1d79c9cd-clienttons-s.akamaihd.net
https.protected-forms.com
keycloak.mydhli.com
protected-forms.com
s.go-mpulse.net
science.farenheit.net
training.knowbe4.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
wkrndc6bnsmrizkdhupq-p3yzbk-41d52b18f-clientnsv4-s.akamaihd.net
keycloak.mydhli.com
training.knowbe4.com
193.108.153.20
2a02:26f0:3100::1735:2a3b
2a02:26f0:f700:380::25cb
2a02:26f0:f700:4af::11a6
2a02:26f0:f700:695::11a6
34.235.94.46
16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f
2d1a385e98a7ed423b016472290eed31aca521035a10452de872d5de51841559
58432124809c56abedf7b34f7f3455afbd8f9e9cb6e941f30ee81a86ca1732e2
6274e97588ea24e54010c6657bf49ef9f1b40858bcde5e2338afb79a7546e667
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
7e8ae77504119ce993c0c852a8d3c2c17a25fc916f464bf46a5ff01cc5f786dd
83576e5ab7f2149f458560580ce632595b8f2908dd0a26e859d0699d24c9ed7d
95a439c4e11ace2484e8d42c30ff56cf7db5ea7c6463df9ce2fdafa7f6ccbf54
96181ee7c3977ca0effdd2540b4c6755441c1cf10d451e96fa07040ac0f78c48
9d72391364406b17c2c6620be9b7147139cc34d78f9cfe0724762cd05a994ac5
a37cc011d5d4eb4ec4ee37b3507595e48ccf788e4f56a71dd2560cdcc8ac7c76
d4ecb4f4a9ab6772fe97c914cb558dee1cf9bdcb69303c1e6d030a1ae0f5a303
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4865ce18b13387c13ec16fa4451599fad148f48a5ff7f3e9e33eac026807674
ee94dda0af1fc5c5045741b39e54136015365eedca34095f1d3c666998bb442d
fcd38d5a7a80e615486852d7ff39fc3e430b598c061e6ff31190ccffbd560410