predict.vision
Open in
urlscan Pro
107.154.174.43
Malicious Activity!
Public Scan
Effective URL: http://predict.vision/wp-content/upgrade/office/mpbj7kovjxug59dzpqyhklg5.php?rand=13InboxLightaspxn.1774256418&fid.4.1...
Submission: On July 02 via api from US
Summary
This is the only time predict.vision was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 192.185.131.44 192.185.131.44 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
1 | 107.154.160.43 107.154.160.43 | 19551 (INCAPSULA) (INCAPSULA - Incapsula Inc) | |
1 5 | 107.154.174.43 107.154.174.43 | 19551 (INCAPSULA) (INCAPSULA - Incapsula Inc) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:283::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
8 | 5 |
ASN19551 (INCAPSULA - Incapsula Inc, US)
PTR: 107.154.160.43.ip.incapdns.net
predict.vision |
ASN19551 (INCAPSULA - Incapsula Inc, US)
PTR: 107.154.174.43.ip.incapdns.net
predict.vision |
ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
predict.vision
1 redirects
predict.vision |
238 KB |
1 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
1 KB |
1 |
proextech.com
proextech.com |
332 B |
8 | 3 |
Domain | Requested by | |
---|---|---|
6 | predict.vision |
1 redirects
proextech.com
predict.vision |
1 | secure.aadcdn.microsoftonline-p.com |
predict.vision
|
1 | proextech.com | |
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://predict.vision/wp-content/upgrade/office/mpbj7kovjxug59dzpqyhklg5.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: D7C8ABB71DB101C8947A8736357AB5C8
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://proextech.com/index.php?email\=customercare@gexaenergy.com Page URL
- http://predict.vision/wp-content/upgrade/office/?email= Page URL
-
http://predict.vision/wp-content/upgrade/office/?email=
HTTP 302
http://predict.vision/wp-content/upgrade/office/mpbj7kovjxug59dzpqyhklg5.php?rand=13InboxLightaspx... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://proextech.com/index.php?email\=customercare@gexaenergy.com Page URL
- http://predict.vision/wp-content/upgrade/office/?email= Page URL
-
http://predict.vision/wp-content/upgrade/office/?email=
HTTP 302
http://predict.vision/wp-content/upgrade/office/mpbj7kovjxug59dzpqyhklg5.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.php
proextech.com/ |
115 B 332 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
predict.vision/wp-content/upgrade/office/ |
210 B 717 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
_Incapsula_Resource
predict.vision/ |
139 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_Incapsula_Resource
predict.vision/ |
29 B 131 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_Incapsula_Resource
predict.vision/ |
1 B 90 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
mpbj7kovjxug59dzpqyhklg5.php
predict.vision/wp-content/upgrade/office/ Redirect Chain
|
293 KB 215 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
_Incapsula_Resource
predict.vision/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.4276.9/content/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
199 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- predict.vision
- URL
- http://predict.vision/_Incapsula_Resource?ES2LURCT=67&t=78&d=complete%20(s%3A2%2Cc%3A198%2Cr%3A2549)
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| LoginErrors function| InputUtil function| SelectOption function| Login undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
predict.vision/ | Name: PHPSESSID Value: 44e06c940cdbc796b4c4090b2afb273a |
|
.predict.vision/ | Name: incap_ses_297_1720281 Value: BhmKOQq97XSYChr77ksfBJQROlsAAAAA+EndnS5IoTWvLWxeLwYbUQ== |
|
.predict.vision/ | Name: incap_ses_485_1720281 Value: K5K1QfKF1m/fHJdW5xG7BpMROlsAAAAAMAAFbvWkgpyceMnU1JGXTg== |
|
.predict.vision/ | Name: visid_incap_1720281 Value: CLjKJNTXSQynCPF6nZhUu5MROlsAAAAAQUIPAAAAAACBU9DkbWCR4uw1/FWlf099 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
predict.vision
proextech.com
secure.aadcdn.microsoftonline-p.com
predict.vision
107.154.160.43
107.154.174.43
192.185.131.44
2a02:26f0:6c00:283::35c1
0b7eb8f5061b27c5f006aea6a734c525e72c5f030fed5257115dcb71ac4bf958
558a8ed81355f3cdfc69e59973acfc8550afd2f57c7c0edd91e1375b605bc15b
77d0ae983cdf8d5857584087b664a4ce356509c28f0c85efce172cb0a407f847
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
d2f3e642df0b6c754c71f80502056d952f874ef92da84205a158c21c012f616d
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603
fd0117f0db484584aada7df5230c885bf60cbcc22a560b88c0b33bf79320c253