userpermissions.com
Open in
urlscan Pro
107.180.56.145
Malicious Activity!
Public Scan
Submission: On June 06 via automatic, source phishtank
Summary
This is the only time userpermissions.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 107.180.56.145 107.180.56.145 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 209.197.3.15 209.197.3.15 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 | 216.58.208.42 216.58.208.42 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 151.101.12.193 151.101.12.193 | 54113 (FASTLY) (FASTLY - Fastly) | |
1 | 184.25.158.226 184.25.158.226 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 172.217.22.74 172.217.22.74 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
3 | 157.240.20.19 157.240.20.19 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
1 | 46.105.201.240 46.105.201.240 | 16276 (OVH) (OVH) | |
1 | 208.43.241.181 208.43.241.181 | 36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.) | |
2 | 185.31.40.161 185.31.40.161 | 60362 (ALWAYSDATA) (ALWAYSDATA) | |
1 | 45.40.130.22 45.40.130.22 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
16 | 11 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-107-180-56-145.ip.secureserver.net
userpermissions.com |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
netdna.bootstrapcdn.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s12-in-f42.1e100.net
ajax.googleapis.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a184-25-158-226.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s17-in-f74.1e100.net
fonts.googleapis.com |
ASN32934 (FACEBOOK - Facebook, Inc., US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net
connect.facebook.net | |
staticxx.facebook.com |
ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: b5.f1.2bd0.ip4.static.sl-reverse.com
s4.histats.com |
ASN60362 (ALWAYSDATA, FR)
PTR: innocraft-cloud-jupiter.alwaysdata.net
userpermissions.innocraft.cloud |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-45-40-130-22.ip.secureserver.net
img.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
userpermissions.com
userpermissions.com |
23 KB |
2 |
facebook.com
staticxx.facebook.com |
|
2 |
innocraft.cloud
userpermissions.innocraft.cloud |
37 KB |
2 |
histats.com
s10.histats.com s4.histats.com |
5 KB |
2 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
34 KB |
1 |
secureserver.net
img.secureserver.net |
590 B |
1 |
facebook.net
connect.facebook.net |
64 KB |
1 |
wsimg.com
img1.wsimg.com |
5 KB |
1 |
imgur.com
i.imgur.com |
803 B |
1 |
bootstrapcdn.com
netdna.bootstrapcdn.com |
5 KB |
16 | 10 |
Domain | Requested by | |
---|---|---|
3 | userpermissions.com |
userpermissions.com
|
2 | staticxx.facebook.com |
connect.facebook.net
|
2 | userpermissions.innocraft.cloud |
userpermissions.com
|
1 | img.secureserver.net | |
1 | s4.histats.com |
s10.histats.com
|
1 | s10.histats.com |
userpermissions.com
|
1 | connect.facebook.net |
userpermissions.com
|
1 | fonts.googleapis.com |
userpermissions.com
|
1 | img1.wsimg.com |
userpermissions.com
|
1 | i.imgur.com |
userpermissions.com
|
1 | ajax.googleapis.com |
userpermissions.com
|
1 | netdna.bootstrapcdn.com |
userpermissions.com
|
16 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.histats.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2017-12-15 - 2019-03-22 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://userpermissions.com/b/fb/app/facebook.com/?lang=en&key=vxFgXF2XjPA52zt2ApfoWorT1BPDLerc2B1i8zfPbFhcooicv7YISQNPBe4ANDpZOhWPcg6hdRfk56knilkgeHRJJL5s2N8pee9YAl6oUqvh068WwhuMH6dJA1HKbzG5Jicl5d1wY8U0ALLa8DXK1QeLtNzACXzxlrL5Gfl2wXBxaRvVmewpY26AgvDsKkpm62Nh0LAx
Frame ID: 917098E176CB86B544513E6D093C7AB6
Requests: 14 HTTP requests in this frame
Frame:
http://staticxx.facebook.com/connect/xd_arbiter/r/EIL5DcDc3Zh.js?version=42
Frame ID: 4596BA20E1B0227E45AA50CACCB99EDF
Requests: 1 HTTP requests in this frame
Frame:
https://staticxx.facebook.com/connect/xd_arbiter/r/EIL5DcDc3Zh.js?version=42
Frame ID: 48A25B7DDBC64318EBB4466EC4EB6677
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Facebook (Widgets) Expand
Detected patterns
- script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Piwik () Expand
Detected patterns
- script /piwik\.js|piwik\.php/i
- env /^Piwik$/i
- env /^_paq$/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: try {Histats.start(1,3205176,4,0,0,0,""); Histats.track_hits();} catch(err){};
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- http://connect.facebook.net/en_US/sdk.js HTTP 307
- https://connect.facebook.net/en_US/sdk.js
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
userpermissions.com/b/fb/app/facebook.com/ |
7 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
userpermissions.com/b/fb/app/facebook.com/css/ |
107 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
netdna.bootstrapcdn.com/font-awesome/3.2.1/css/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
userpermissions.com/b/fb/app/facebook.com/css/ |
3 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.7.2/ |
93 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LE87vI1.png
i.imgur.com/ |
282 B 803 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css
fonts.googleapis.com/ |
729 B 635 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
sdk.js
connect.facebook.net/en_US/ Redirect Chain
|
211 KB 64 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js15.js
s10.histats.com/ |
10 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.php
s4.histats.com/stats/ |
49 B 320 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
piwik.js
userpermissions.innocraft.cloud/ |
120 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EIL5DcDc3Zh.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 4596 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EIL5DcDc3Zh.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 48A2 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
piwik.php
userpermissions.innocraft.cloud/ |
43 B 214 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event
img.secureserver.net/t/1/tl/ |
43 B 590 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| nobackbutton function| $ function| jQuery function| chfh function| chfh2 string| _HST_cntval object| Histats object| _paq object| _trfd function| tcg function| tcp object| perfhandler object| TCCTracker object| _trfq object| true object| FB object| JSON_PIWIK object| Piwik object| AnalyticsTracker function| piwik_log object| _HistatsCounterGraphics_0_setValues10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.userpermissions.com/ | Name: _pk_id.1.7aff Value: 8c5441a2183536f7.1528254858.1.1528254858.1528254858. |
|
userpermissions.com/ | Name: HstCns3205176 Value: 1 |
|
userpermissions.com/ | Name: HstCnv3205176 Value: 1 |
|
userpermissions.com/ | Name: HstPt3205176 Value: 1 |
|
.userpermissions.com/ | Name: _pk_ses.1.7aff Value: * |
|
userpermissions.com/ | Name: PHPSESSID Value: 63aa24ad73c36976fde259958724b937 |
|
userpermissions.com/ | Name: HstCla3205176 Value: 1528254858073 |
|
userpermissions.com/ | Name: HstPn3205176 Value: 1 |
|
userpermissions.com/ | Name: HstCmu3205176 Value: 1528254858073 |
|
userpermissions.com/ | Name: HstCfa3205176 Value: 1528254858073 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
connect.facebook.net
fonts.googleapis.com
i.imgur.com
img.secureserver.net
img1.wsimg.com
netdna.bootstrapcdn.com
s10.histats.com
s4.histats.com
staticxx.facebook.com
userpermissions.com
userpermissions.innocraft.cloud
107.180.56.145
151.101.12.193
157.240.20.19
172.217.22.74
184.25.158.226
185.31.40.161
208.43.241.181
209.197.3.15
216.58.208.42
45.40.130.22
46.105.201.240
0120e77cb4349901e77ba8f52a043fe09c04887b406150daf19fb111becbe657
2167ec24b1df2cbe8ce6f8a4236462bbfacb19b178845efc5e0b33bf094f2fd4
326b994ec59c7334f52211fbd5aa909a36b98d1717cb798bfcd3af8d4cbdb6ca
326ffedb17cf069bdc342759a21bf78461179b48fe9047d0e4636e3c6115ad9d
4132c44014d20bedcdf34fcf09cdab06674de680d0041dd15a3869ca5bc028d0
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
56e6d0e14a7b5b85d62e298104de552e2f127eed996cf4a9fe6a92714237f1b9
6f9d40a946e1c2027989d2fb7286e5bd2fe7dc2f97c1d33ed2a6336719da0e56
7bd0e544125e9dac992c3bfe497175429c2c60228f223ae29dc2883c25142ab2
8dbc1319a982873c00a5e5530801207c7b9d8196fcbd01af1cb49ba6a3d1eb2c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350
b2a9c99239fa0a487f1dc690afab1585a4ea7e79751e60d59d709f496ead4fc5