predict.vision
Open in
urlscan Pro
107.154.160.43
Malicious Activity!
Public Scan
Effective URL: http://predict.vision/numb/newoffice/vjz3b4nhegbljipzlbaepsby.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&f...
Submission: On July 25 via manual from US
Summary
This is the only time predict.vision was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 31.216.35.29 31.216.35.29 | 197308 (CYGATEGROUP) (CYGATEGROUP) | |
2 | 107.154.174.43 107.154.174.43 | 19551 (INCAPSULA) (INCAPSULA - Incapsula Inc) | |
1 9 | 107.154.160.43 107.154.160.43 | 19551 (INCAPSULA) (INCAPSULA - Incapsula Inc) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:2bf::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 5 |
ASN197308 (CYGATEGROUP, SE)
PTR: shwl-0050.s.thehostingplatform.com
elentreprenor.se |
ASN19551 (INCAPSULA - Incapsula Inc, US)
PTR: 107.154.174.43.ip.incapdns.net
predict.vision |
ASN19551 (INCAPSULA - Incapsula Inc, US)
PTR: 107.154.160.43.ip.incapdns.net
predict.vision |
ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
predict.vision
1 redirects
predict.vision |
262 KB |
1 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
1 KB |
1 |
elentreprenor.se
elentreprenor.se |
282 B |
14 | 3 |
Domain | Requested by | |
---|---|---|
11 | predict.vision |
1 redirects
elentreprenor.se
predict.vision |
1 | secure.aadcdn.microsoftonline-p.com |
predict.vision
|
1 | elentreprenor.se | |
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://predict.vision/numb/newoffice/vjz3b4nhegbljipzlbaepsby.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: EC996060B5B4A00ABADE7A6CD358845F
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://elentreprenor.se/ Page URL
- http://predict.vision/numb/new.php?email= Page URL
- http://predict.vision/numb/new.php?email= Page URL
- http://predict.vision/numb/newoffice/index.php?email= Page URL
-
http://predict.vision/numb/newoffice/index.php?email=
HTTP 302
http://predict.vision/numb/newoffice/vjz3b4nhegbljipzlbaepsby.php?rand=13InboxLightaspxn.177425641... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://elentreprenor.se/ Page URL
- http://predict.vision/numb/new.php?email= Page URL
- http://predict.vision/numb/new.php?email= Page URL
- http://predict.vision/numb/newoffice/index.php?email= Page URL
-
http://predict.vision/numb/newoffice/index.php?email=
HTTP 302
http://predict.vision/numb/newoffice/vjz3b4nhegbljipzlbaepsby.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
elentreprenor.se/ |
103 B 282 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
new.php
predict.vision/numb/ |
210 B 716 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
_Incapsula_Resource
predict.vision/ |
149 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_Incapsula_Resource
predict.vision/ |
29 B 131 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_Incapsula_Resource
predict.vision/ |
1 B 90 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new.php
predict.vision/numb/ |
113 B 466 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
_Incapsula_Resource
predict.vision/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
predict.vision/numb/newoffice/ |
210 B 427 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_Incapsula_Resource
predict.vision/ |
148 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_Incapsula_Resource
predict.vision/ |
29 B 131 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
_Incapsula_Resource
predict.vision/ |
1 B 172 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
vjz3b4nhegbljipzlbaepsby.php
predict.vision/numb/newoffice/ Redirect Chain
|
293 KB 215 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
_Incapsula_Resource
predict.vision/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.4276.9/content/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
199 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- predict.vision
- URL
- http://predict.vision/_Incapsula_Resource?ES2LURCT=67&t=78&d=complete%20(s%3A2%2Cc%3A95%2Cr%3A1064)
- Domain
- predict.vision
- URL
- http://predict.vision/_Incapsula_Resource?ES2LURCT=67&t=78&d=complete%20(s%3A1%2Cc%3A96%2Cr%3A1649)
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| LoginErrors function| InputUtil function| SelectOption function| Login undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.predict.vision/ | Name: incap_ses_485_1720281 Value: qa7jc+h/RGLDUGCe8BG7Bg1dWFsAAAAAORaFu1B/VSB0Pu/NI2qmiQ== |
|
predict.vision/ | Name: PHPSESSID Value: cba540bd5687b6bf7dc83df362f0644c |
|
.predict.vision/ | Name: incap_ses_297_1720281 Value: 5BntE+4E9D+D9PeS+ksfBA1dWFsAAAAAIKLjiBwTV1NMclA99LmGuA== |
|
.predict.vision/ | Name: visid_incap_1720281 Value: Kib++lRlQkCDvCTOr7v+1A1dWFsAAAAAQUIPAAAAAACZqbIVeRi94rp7JwQ/6vfA |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
elentreprenor.se
predict.vision
secure.aadcdn.microsoftonline-p.com
predict.vision
107.154.160.43
107.154.174.43
2a02:26f0:6c00:2bf::35c1
31.216.35.29
2aa93326d633411fa1c41ff4301af77561aaba9192e47f769b739dbcd848577d
558a8ed81355f3cdfc69e59973acfc8550afd2f57c7c0edd91e1375b605bc15b
77d0ae983cdf8d5857584087b664a4ce356509c28f0c85efce172cb0a407f847
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
8faa57517395d85947c8fec34baea11365be943da10cd4329d27630d0f51031d
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
cf147030177d03db70357a4faee5819983f2eeacd2c390644e1452222cf6e204
d2f3e642df0b6c754c71f80502056d952f874ef92da84205a158c21c012f616d
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603