kareleaa.talentlms.com
Open in
urlscan Pro
3.217.205.239
Malicious Activity!
Public Scan
Effective URL: https://kareleaa.talentlms.com/unit/view/id:2048
Submission: On April 12 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 21st 2020. Valid for: 2 years.
This is the only time kareleaa.talentlms.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 2 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 13 | 3.217.205.239 3.217.205.239 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 | 54.192.230.88 54.192.230.88 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 18.66.242.17 18.66.242.17 | 16509 (AMAZON-02) (AMAZON-02) | |
15 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-205-239.compute-1.amazonaws.com
kareleaa.talentlms.com |
ASN16509 (AMAZON-02, US)
PTR: server-54-192-230-88.waw50.r.cloudfront.net
cdn.talentlms.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-242-17.dus51.r.cloudfront.net
d3j0t7vrtr92dk.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
talentlms.com
2 redirects
kareleaa.talentlms.com cdn.talentlms.com — Cisco Umbrella Rank: 211358 |
513 KB |
2 |
cloudfront.net
d3j0t7vrtr92dk.cloudfront.net |
140 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
13 | kareleaa.talentlms.com |
2 redirects
kareleaa.talentlms.com
|
2 | d3j0t7vrtr92dk.cloudfront.net |
kareleaa.talentlms.com
|
2 | cdn.talentlms.com |
kareleaa.talentlms.com
|
15 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
heady-sturdy-cent.glitch.me |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.talentlms.com Sectigo RSA Domain Validation Secure Server CA |
2020-04-21 - 2022-07-24 |
2 years | crt.sh |
*.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://kareleaa.talentlms.com/unit/view/id:2048
Frame ID: D82AD279497952657EE13F4D735D8965
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
kareleaa | RFP | PORTALPage URL History Show full URLs
-
https://kareleaa.talentlms.com/shared/start/key:LZGIDNHR
HTTP 302
https://kareleaa.talentlms.com/learner/course/id:126 HTTP 302
https://kareleaa.talentlms.com/unit/view/id:2048 Page URL
Detected technologies
animate.css (Web Frameworks) ExpandDetected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: VIEW DOCUMENT
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://kareleaa.talentlms.com/shared/start/key:LZGIDNHR
HTTP 302
https://kareleaa.talentlms.com/learner/course/id:126 HTTP 302
https://kareleaa.talentlms.com/unit/view/id:2048 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
id:2048
kareleaa.talentlms.com/unit/view/ Redirect Chain
|
71 KB 73 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
animate.min.css
kareleaa.talentlms.com/pages/themes/default/css/ |
41 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fmt:1649684864,tn:41,tv:0,ct:1,rtl:0
kareleaa.talentlms.com/index/css/ |
584 KB 92 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wysiwyg-fonts.css
kareleaa.talentlms.com/pages/themes/default/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-530.min.js
kareleaa.talentlms.com/pages/scripts/lib/ |
918 KB 235 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
toastr.min.css
kareleaa.talentlms.com/pages/themes/default/css/ |
7 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading-small.gif
kareleaa.talentlms.com/pages/images/ |
34 KB 35 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unknown_big.png
kareleaa.talentlms.com/pages/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1649653713_mw1920_PDF.jpg
cdn.talentlms.com/kareleaa/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1649653739_mw1920_PDF2.png
cdn.talentlms.com/kareleaa/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
course_completed.jpg
d3j0t7vrtr92dk.cloudfront.net/images/ |
52 KB 53 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
course_failed.png
d3j0t7vrtr92dk.cloudfront.net/images/ |
86 KB 87 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Open_Sans_700.woff
kareleaa.talentlms.com/pages/themes/default/css/font/ |
20 KB 21 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Open_Sans_400.woff
kareleaa.talentlms.com/pages/themes/default/css/font/ |
20 KB 21 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id:157
kareleaa.talentlms.com/unit/enter/ |
16 B 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
task.url
Submitted on
May 16th 2022, 5:44:48 am
UTC —
From Australia
Threats:
Phishing
Brands:
Microsoft
US
Comment: Links to Microsoft credential harvesting site
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
183 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| $jscomp function| $jscomp$lookupPolyfilledValue boolean| _canLog function| _log function| logMsg function| getDynaTreePersistData number| DTNodeStatus_Error number| DTNodeStatus_Loading number| DTNodeStatus_Ok function| countUp function| makeIframesElastic object| helpVideoItemTemplate function| getHelpVideoItemTemplate function| createHelpVideoItem function| getHelpVideos function| openHelpVideo function| strip_tags function| htmlspecialchars_decode function| initToolTip function| debounce function| isTouchDevice function| toggleOperationsActions function| hasAttribute undefined| longtouch undefined| timeoutOperation function| touchToggleOperationsActions function| calculateLoadMoreHeight string| loadMoreContainerClass string| loadMoreContainerActiveClass string| loadMorePreLoadClass string| loadMorePreLoadEndedClass string| loadMoreWrapHiddenClass function| loadMoreSetLabelAndHeight function| hideOuterElementsBeforeLoading function| showOuterElementsAfterLoading function| removeOuterElementsAfterLoading function| getListLoadMoreContainers function| loadMoreClickEvent object| radioInputsElements function| appendLabelElementAfterRadioInputs function| toggleExpanders function| encodeQueryData function| addParametersToAddressBar function| changeParametersValues function| cleanArray function| addValueToParam function| removeValueToParam function| getUrlParameterValues function| joinParameterValuesToString function| splitParameterValuesToArray object| urlArrayParameters function| getParamsAndValuesFromUrl function| findIndex function| findDuplicates function| getParamsFromUrlWhenPageLoads function| checkEventIsInitialized number| periodicallyCheckEventTimeOutMillisecond function| periodicallyCheckEventIsInitialized function| triggerEventsForUrlParametersValues function| loadMoreTriggerEvents function| triggerEventsForTypes function| removeUserActionsPreferencesBasedOnKey function| clearUserActionsPreferencesAndCookies function| expireCookiesFromPathIfSet function| setState function| expandCourseDescription function| showCourseDescriptionMore function| openAuthModalAt function| closeAuthModal function| signUpformReplaceWithAlertBox function| resetGrecaptcha function| invertColor function| showElement function| hideElement function| padZero function| invertNavbarInnerColors function| convertRgbToHex function| showSection function| hideSection function| fadeInSection function| initAllSections function| onChangeFocusedElement function| initFocusElement function| sectionStayOpen function| initHideSections function| initShowSection function| initSections function| setUpLabels function| setLabel function| hideLabel function| disableELement function| enableELement function| previewCertification function| populateCertificationDaysSelect function| loadAssignmentHistory function| fileTypesRegex function| generalImageCropOptions function| initCropModal function| getModalChangeButton function| generalImageUploadOptions function| getModalId function| initUploader boolean| scrollStateChanged string| editUnitPage number| noteToolbarOffset function| initStickyEditor function| manageEditorSticky function| editorEventScroll function| calculateEditorsToolbar function| removeEditorScroll function| preventEditorScroll function| resetScrollEmbededFile function| resetEditorScroll function| checkOverflow function| setTlmsCookie function| safeRegexString function| showFilesFromTag function| forceDownloadFile function| preventGridResetOnBack function| $ function| jQuery object| Select2 object| jQBrowser object| toastr object| myportal boolean| isLoggingOut number| tl_timer_id boolean| isCompleted object| unitEndDate function| tl_initTimerValue function| tl_startTimer function| tl_stopTimer function| tl_completeUnit number| heartbeatInterval boolean| enableVideoTimer boolean| isMobile boolean| isRtl string| general_css string| editorMaxUploadSize string| editorFormattedMaxUploadSize string| editorAcceptedFileTypes string| editorFormattedAcceptedFileTypes string| imageAcceptedFileTypes string| imageMaxUploadSize string| courseImageCanvasSizeWidth string| courseImageCanvasSizeHeight string| datepickerFormat boolean| showSelect2 string| currentUserId string| currentUserName string| currentUserEmail string| currentUserCreatedOn string| currentUserIntercomHash string| myToken string| myEffectiveDomain string| myAdminDomain number| gridExportChunkSize number| gridExportProgressThreshold boolean| isDummy number| sessionMaxLifeTime string| checkSessionExpirationUrl string| logourRedirectUrl boolean| enableRelogin string| currency function| getTestIdAttr function| printTestId string| current_filter function| onChangeView function| showStatusGradeModal function| showReplyModal function| updateProgress function| submitResults function| completeUnit function| completeAssignmentUnit string| start_time function| tl_setUpCounter function| tl_startCounter function| formatTimeInterval function| setUnitEndDate5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
kareleaa.talentlms.com/ | Name: PHPSESSID Value: elb~84p42uefuajh72q7fggfilt134 |
|
.talentlms.com/ | Name: CloudFront-Key-Pair-Id Value: APKAJDCWVQTW4P3KI3XA |
|
.talentlms.com/ | Name: CloudFront-Policy Value: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiKiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTY0OTc1NTI2MX19fV19 |
|
.talentlms.com/ | Name: CloudFront-Signature Value: IZ1CgkeK6TDTQVTZZcG-Uu2I5yrdlC5xdrou4ZSamxvOcWJDl1jouZCBuTS2F4afBji9hrCOV0SacE8p86CrD1EwO7B66NKJq9rG0EaKFm2Oez~9Crtp5sdlVqWe94sVp2F4HUGtKg6edJBjg0FyHLNkrlj9M6DuwLq2-LjsiSvjaMipoeKegY-NKwz0xCRbt4dcdsMsqpu5weUxP4H3oOx8tr1aHoBmdfJWags0HSO1ikkppdyv0BxO8vo0B9EFv3QxxHxoaF0KVKtj1gSRPcqkfrUowhhzUzBI0ulndQufbOxtWhFdbhiaAZKUk~rkqZXWsDBMlpKbH3svejxHcA__ |
|
kareleaa.talentlms.com/ | Name: AWSALB Value: c4i4dTSJcINMxD5xNjtzxXjwiWhXr8oo0f3cJGU/Ohp5cjZGABOQYj1qKA5amZAEjmHaaqYC17uPiLlsTLkgz21QlIzzzFFmQ3xFbzihhWVcYKirzyEZk6YCPY/K |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15768000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.talentlms.com
d3j0t7vrtr92dk.cloudfront.net
kareleaa.talentlms.com
18.66.242.17
3.217.205.239
54.192.230.88
10d159adb573ca535b8275f1d27dc8d60fffd9678ee3b5f1a0f7b4be4a77342f
2944acfdff85dc6308cf8a2766b6efce9ec63fc8356fd5118a98001b936e50dc
319fc5ed6acb8b0ccc26d41e0aa68e4625405a8d5fb1e527195189df15c08e67
3bbeb615364eac8ad39a4fe8b40466d464e1a4294963c8b589c1261f1e2961f6
42f5f72ee36927a602b8cc0809f593ec6e29a5b90d395b8d1fd378e3a60b126f
51632adce1118f293ff58385b14e0b9093ab8620d0d8902367498379ac9bace0
615494a93f61434c21c6a35e51b508950d66d7784b2f4deb10b7a904b4cca17c
9a3d8690540ecf3c10b29d3636e04d0cbf1817f1d16b9cfcfed7929562dbbec9
9cbd8f8a918fb74994193785913646a089d8a7948a49f0774c94ee1d76d840cb
aae1c90bb53a023e8454b9f3680b5c3132bea94a14c27c13da540a50f54e1292
acd4dcf96c8b5f8b2ff506897cbc8f07ba0d30248b6f19b58c66d5a70f132821
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
da0c0c4700ea85b9eb1398724e2cb45502acd441057d832d5449a60a405c7a16
f75867097f9cb41f58251ebcac64ee4ebdb84f8f08f1f395d217fe9832526c48
fb16421910d11124107ae7ffb5db730a6c39c7df9237132aade5514184839c92