0.followpractice.com
Open in
urlscan Pro
104.248.199.158
Malicious Activity!
Public Scan
Effective URL: https://0.followpractice.com/index.php?p=gbqtomzrgq5domjxgi&sub1=spacy&sub2=bricks
Submission: On May 27 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 25th 2022. Valid for: 3 months.
This is the only time 0.followpractice.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 162.241.203.140 162.241.203.140 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
21 | 2606:2800:233... 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 | 15133 (EDGECAST) (EDGECAST) | |
1 | 45.9.149.181 45.9.149.181 | 49447 (NICEIT) (NICEIT) | |
3 | 111.90.143.157 111.90.143.157 | 45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd) | |
2 | 104.248.199.158 104.248.199.158 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
29 | 6 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-203-140.unifiedlayer.com
refaelcoffee.com.nalvasales.com |
ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
PTR: server1.kamon.la
links.greengoplatform.com |
ASN14061 (DIGITALOCEAN-ASN, US)
followpractice.com | |
0.followpractice.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
licdn.com
static.licdn.com — Cisco Umbrella Rank: 9010 |
238 KB |
3 |
greengoplatform.com
links.greengoplatform.com — Cisco Umbrella Rank: 415399 |
4 KB |
2 |
followpractice.com
followpractice.com 0.followpractice.com |
51 KB |
1 |
transportgoline.com
track.transportgoline.com — Cisco Umbrella Rank: 593902 |
825 B |
1 |
nalvasales.com
refaelcoffee.com.nalvasales.com |
15 KB |
29 | 5 |
Domain | Requested by | |
---|---|---|
21 | static.licdn.com |
refaelcoffee.com.nalvasales.com
static.licdn.com |
3 | links.greengoplatform.com |
track.transportgoline.com
refaelcoffee.com.nalvasales.com |
1 | 0.followpractice.com |
refaelcoffee.com.nalvasales.com
|
1 | followpractice.com | |
1 | track.transportgoline.com |
refaelcoffee.com.nalvasales.com
|
1 | refaelcoffee.com.nalvasales.com | |
29 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.licdn.com DigiCert SHA2 Secure Server CA |
2021-09-16 - 2022-09-15 |
a year | crt.sh |
links.greengoplatform.com R3 |
2022-05-16 - 2022-08-14 |
3 months | crt.sh |
followpractice.social R3 |
2022-05-25 - 2022-08-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://0.followpractice.com/index.php?p=gbqtomzrgq5domjxgi&sub1=spacy&sub2=bricks
Frame ID: 95C2FB689374C1B2199160CB3859AE44
Requests: 32 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://refaelcoffee.com.nalvasales.com/aa/uas/login/?email= Page URL
- https://links.greengoplatform.com/4zY36Y Page URL
- https://links.greengoplatform.com/Kx5KFqDJ Page URL
- https://followpractice.com/go/gbqtomzrgq5domjxgi?sub1=spacy&sub2=bricks Page URL
- https://0.followpractice.com/index.php?p=gbqtomzrgq5domjxgi&sub1=spacy&sub2=bricks Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://refaelcoffee.com.nalvasales.com/aa/uas/login/?email= Page URL
- https://links.greengoplatform.com/4zY36Y Page URL
- https://links.greengoplatform.com/Kx5KFqDJ Page URL
- https://followpractice.com/go/gbqtomzrgq5domjxgi?sub1=spacy&sub2=bricks Page URL
- https://0.followpractice.com/index.php?p=gbqtomzrgq5domjxgi&sub1=spacy&sub2=bricks Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
refaelcoffee.com.nalvasales.com/aa/uas/login/ |
43 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fz-1.3.8-min.js
static.licdn.com/scds/common/u/lib/fizzy/ |
27 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
static.licdn.com/scds/concat/common/ |
77 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
298 KB 89 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
71 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
6 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
52 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
static.licdn.com/scds/concat/common/ |
42 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
static.licdn.com/scds/concat/common/ |
42 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
30 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
static.licdn.com/scds/concat/common/ |
68 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
photo_splash_signin_1141x759_v4.jpg
static.licdn.com/images/apps/uas/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
29 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
19 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
604 B 478 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
1020 B 652 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
27 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_linkedin_242x59_v1.png
static.licdn.com/images/logos/linkedin/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_linkedin_white_trans_64x16_v1.png
static.licdn.com/images/logos/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
store.js
track.transportgoline.com/ |
507 B 825 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
static.licdn.com/scds/concat/common/ |
41 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GVCKPs
links.greengoplatform.com/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
4zY36Y
links.greengoplatform.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4zY36Y
links.greengoplatform.com/ |
208 B 975 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Kx5KFqDJ
links.greengoplatform.com/ |
237 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gbqtomzrgq5domjxgi
followpractice.com/go/ |
50 KB 51 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.php
0.followpractice.com/ |
20 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- links.greengoplatform.com
- URL
- https://links.greengoplatform.com/4zY36Y
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
links.greengoplatform.com/ | Name: _subid Value: 1m9mjtj6290a9aa4d31f |
|
links.greengoplatform.com/ | Name: a7498 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM2XCI6MTY1MzY0Nzc4NixcIjM0XCI6MTY1MzY0Nzc4Nn0sXCJjYW1wYWlnbnNcIjp7XCI5XCI6MTY1MzY0Nzc4NixcIjEyXCI6MTY1MzY0Nzc4Nn0sXCJ0aW1lXCI6MTY1MzY0Nzc4Nn0ifQ.NHBcKeIaN0onFZAw0bAdAAuwMmSN-kJ7rUpDe0mudi4 |
|
.followpractice.com/ | Name: uuid Value: 29e9a3d2-6493-4891-a234-4811e18d5aab |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
0.followpractice.com
followpractice.com
links.greengoplatform.com
refaelcoffee.com.nalvasales.com
static.licdn.com
track.transportgoline.com
links.greengoplatform.com
104.248.199.158
111.90.143.157
162.241.203.140
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
45.9.149.181
0d3e7467b46cf1ac6bc5cbddf7a501572fb50d34ae1a747363d2ef0751b0b4fd
13d3ba91c7e2e40def6def8ba3d283f37b9e19ab1609c3dd87ead68a99454a87
1b645c9f3ff1c0394ae37e1de083ac69f4a17699f818ef3e6652bfffd50c172b
1bf43414cb1f093b7260d887a1e088cbec7211192f35ddb30b01d8ddc3e077c2
1dbd0b36155bd59fca1ba0c170402f8ce56fd7b6bfeefc9e124484ebf7527573
1dc6d8f41d63b88072c76f56fa4fa0610eb69cad246bee4c0327ade5415672d9
2ed885aac35b47a58e5ee5bdfed8428bb07579ed9b4b9a1e24087a14f25a1ec1
382146a6f85b78217e3a87e8bec53ffe97b8780d26f19498902305c32346bf1f
5b68565e999491a224764403b334034570b279154c6d6ff8595b912e0d96a319
6861d6be9d773dff10259b0ece53152da5f5ed78df44fe6943dea926b5dcb950
6af8ffc78c18f3c2f3b986a11fb5f0855c182df0f3c014b9f3071d1f16656b2e
6c66517000417fab138f43b9926bcad36afdc0422c9331b7b8935d89714105d1
78563a21bea8f7b81cc45c7f6644fd0f4e753bf5f6413ddca530a5fecb86f42c
998b9f5b3adfa0cc16c5ad6319b76fc252d4b46da61d932189c50ad779193493
b44aae5610217ab48a4f0305e00a96f7049816def515457bdce429a189a69366
d96c5a0172f4bfc84a453b763ee5854b4ca8801e2e02b12ca9f8a253f6a60751
db04e92ea545ec70121e7664aaa1b34da2ba494909351ba98a6cd9215dde1313
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f16a1016de9401ea5428247ee96e54a12718a4664e3dd3b94bd0bb265953743b
f631b61ea9fe9d4af1eda144c4a892db240baed830ac89425a80e0f638868dae
fb23253dd07efe5ca2777259e8e07a88cc25c0b7069fc57635f6f3bdf6e38667
fd827c17f516f6a466dae05029a5cae177ee6965494dc742ab29a13dafc6f33f