controlpanel.visi.com
Open in
urlscan Pro
185.64.215.78
Malicious Activity!
Public Scan
Effective URL: https://controlpanel.visi.com/Portal/ADUser/Login
Submission Tags: insec_govpress_testing wordpress Search All
Submission: On October 14 via api from US
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 26th 2020. Valid for: a year.
This is the only time controlpanel.visi.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 209.98.94.140 209.98.94.140 | 8015 (VISI-AS) (VISI-AS) | |
1 15 | 185.64.215.78 185.64.215.78 | 50152 (IMED) (IMED) | |
3 | 2a00:1450:400... 2a00:1450:4001:808::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c | 15133 (EDGECAST) (EDGECAST) | |
1 | 2a00:1450:400... 2a00:1450:400c:c00::9b | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:801::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 51.107.59.180 51.107.59.180 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
23 | 7 |
ASN8015 (VISI-AS, US)
PTR: v-209-98-94-140.ip.visi.com
mail.claytoncountyia.gov |
ASN50152 (IMED, GB)
PTR: sslproxy-lo-2.serverdata.net
controlpanel.visi.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15133 (EDGECAST, US)
az416426.vo.msecnd.net |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
dc.services.visualstudio.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
visi.com
1 redirects
controlpanel.visi.com |
351 KB |
3 |
google-analytics.com
www.google-analytics.com |
18 KB |
2 |
visualstudio.com
dc.services.visualstudio.com |
236 B |
1 |
google.de
www.google.de |
106 B |
1 |
google.com
www.google.com |
106 B |
1 |
doubleclick.net
stats.g.doubleclick.net |
92 B |
1 |
msecnd.net
az416426.vo.msecnd.net |
22 KB |
1 |
claytoncountyia.gov
1 redirects
mail.claytoncountyia.gov |
123 B |
23 | 8 |
Domain | Requested by | |
---|---|---|
15 | controlpanel.visi.com |
1 redirects
controlpanel.visi.com
|
3 | www.google-analytics.com |
controlpanel.visi.com
www.google-analytics.com |
2 | dc.services.visualstudio.com |
az416426.vo.msecnd.net
|
1 | www.google.de |
controlpanel.visi.com
|
1 | www.google.com |
controlpanel.visi.com
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | az416426.vo.msecnd.net |
controlpanel.visi.com
|
1 | mail.claytoncountyia.gov | 1 redirects |
23 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
www.google.com |
outdatedbrowser.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
controlpanel.visi.com Go Daddy Secure Certificate Authority - G2 |
2020-08-26 - 2021-09-11 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
sni1e6ffgl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA |
2020-04-16 - 2022-04-21 |
2 years | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
www.google.com GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
in.applicationinsights.azure.com Microsoft IT TLS CA 4 |
2020-04-30 - 2022-04-30 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://controlpanel.visi.com/Portal/ADUser/Login
Frame ID: 7254FA01EDE2014D321B2CAD03410832
Requests: 22 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://mail.claytoncountyia.gov/
HTTP 301
https://controlpanel.visi.com/asp/MManager/Login.asp?owa=1 HTTP 302
https://controlpanel.visi.com/Portal/ADUser/Login Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- html /<(?:div|html)[^>]+ng-app=/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Edge
Search URL Search Domain Scan URL
Title: Chrome
Search URL Search Domain Scan URL
Title: Update my browser
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://mail.claytoncountyia.gov/
HTTP 301
https://controlpanel.visi.com/asp/MManager/Login.asp?owa=1 HTTP 302
https://controlpanel.visi.com/Portal/ADUser/Login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login
controlpanel.visi.com/Portal/ADUser/ Redirect Chain
|
12 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shared
controlpanel.visi.com/Portal/scripts/ |
616 KB 213 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aduser
controlpanel.visi.com/Portal/bundles/styles/login/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8974f6aa-63fd-4221-aeea-fcad205312b0.js
controlpanel.visi.com/ |
1013 B 958 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
warning-orange_24.png
controlpanel.visi.com/Content/images/icons/24/ |
270 B 744 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Captcha
controlpanel.visi.com/Portal/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form
controlpanel.visi.com/Portal/bundles/scripts/login/ |
95 KB 39 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aduser
controlpanel.visi.com/Portal/bundles/scripts/login/form/ |
18 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aduser.svg
controlpanel.visi.com/content/images/icons/custom/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
info-white_16.svg
controlpanel.visi.com/Content/images/icons/16/ |
859 B 981 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dinot-webfont.woff
controlpanel.visi.com/content/font/ |
23 KB 23 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dinot-medium-webfont.woff
controlpanel.visi.com/content/font/ |
25 KB 25 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opensans-regular-webfont.woff
controlpanel.visi.com/content/font/ |
24 KB 25 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ai.0.js
az416426.vo.msecnd.net/scripts/a/ |
94 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
collect
www.google-analytics.com/j/ |
4 B 74 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 92 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 106 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 106 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
progress_new_48.gif
controlpanel.visi.com/content/images/icons/48/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
collect
www.google-analytics.com/ |
35 B 121 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
track
dc.services.visualstudio.com/v2/ |
0 0 |
Other
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
track
dc.services.visualstudio.com/v2/ |
96 B 236 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| ui function| $ function| jQuery object| angular object| appInsights string| GoogleAnalyticsObject function| ga function| trackUlpLoginAttempt function| trackUlpLoginFailed function| initClickTracking function| adUserloginCtrl function| getStorageManager function| validateInput function| setInputErrorStyle function| showMixedValidation function| submitToUrl function| disable function| googleAnalytics function| onLoginSuccess function| onLoginFailed object| validationRules object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| AI object| Microsoft function| __extends function| _endsWith function| getQueryParameterByName function| getClientTypeFromQuery function| setLoginTab function| isFontAvailable6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
controlpanel.visi.com/ | Name: MySessionID2 Value: sfjqjb32ajyskm2o0r3qhds3 |
|
.visi.com/ | Name: _ga Value: GA1.2.493073685.1602697748 |
|
controlpanel.visi.com/ | Name: ai_user Value: 2vNMv|2020-10-14T17:49:08.068Z |
|
.visi.com/ | Name: _gid Value: GA1.2.1246711301.1602697748 |
|
.visi.com/ | Name: _gat Value: 1 |
|
.controlpanel.visi.com/ | Name: ARRAffinity Value: cd8f7a564e9935338eea0e7898d2777bcde49a70ca460ba09300cbe93f428332 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
az416426.vo.msecnd.net
controlpanel.visi.com
dc.services.visualstudio.com
mail.claytoncountyia.gov
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
185.64.215.78
209.98.94.140
2606:2800:233:1cb7:261b:1f9c:2074:3c
2a00:1450:4001:801::2003
2a00:1450:4001:802::2004
2a00:1450:4001:808::200e
2a00:1450:400c:c00::9b
51.107.59.180
021552f50478176acb8b290389a5b4758927f7eea728b66142ca701eaaaa3f1a
0ccece35ee7114ffcdd228d46f2cf1dc63f08ab722d85bff081ac22ebd0b4363
0e34717792324335a11b0329be7eaef6c00566d090e71b745a43705ecd59b18c
36f53d513f4ade6962ea9b5342113dfb07037c5c22252338ebecc6d20d4dd11e
4d0ae714a36becfdb44141b5e04f6e7b8869d9f4a778c281fae28bf01a868afa
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
54cd0006ab5219d98a5c6d6e4ab7ac36444de6d41a99dd911cc6561157d1aadb
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
691b70f27d2782ca6efde281fc25c12277b75bc03782f6b7f2e0e3711a1948f1
75769c069372a5f8d8da31d6f20c102b919269ef27b876b2a56b3dd381321a26
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
862cafe255c0dd7466942361439b2c40c6c7f79760d90b65f64593fd719d3f14
ab8cae68ebe61082bc37a73e64f32ff481f88a7970abdf18dc8b1568b790d2de
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
c7ef041a2781e23b7cf5a49653b8acbde1c49ca7a5b363e8aecb2411326c0679
ca510e3ff10ec424392a2e5f5ff640c8059671b92fe8b42ae5911b6dc844e41b
cfdd68d84eb9a050383d2aa71e8298f8ceaef6b17b74fbc51b28d8fd4de6999f
dabaa427d9ee52f2de1b857230bf9c174df55a6ba25b24a49a3c95ac0e462a6f
e954ae1ddb505f8e8fbad2f1bbab6036287633051e969f09cf7b353589c1e3a4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629