hillsongcph.owncube.com Open in urlscan Pro
46.166.151.51 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Submission: On April 10 via automatic, source phishtank (April 10th 2018, 9:02:01 pm UTC)

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 46.166.151.51, located in Netherlands and belongs to NFORCE, NL. The main domain is hillsongcph.owncube.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on March 14th 2018. Valid for: a year.

This is the only time hillsongcph.owncube.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Dropbox (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 10	46.166.151.51 46.166.151.51	43350 (NFORCE) (NFORCE)
2	172.217.22.35 172.217.22.35	15169 (GOOGLE) (GOOGLE - Google LLC)
12	3

10 46.166.151.51 (Netherlands) 1 redirects

ASN43350 (NFORCE, NL)
PTR: oc-nl30.owncube.com

hillsongcph.owncube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.22.35 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s16-in-f35.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	owncube.com 1 redirects hillsongcph.owncube.com	286 KB
2	gstatic.com fonts.gstatic.com	57 KB
0	jsdelivr.net Failed cdn.jsdelivr.net Failed
12	3

	Domain	Requested by
10	hillsongcph.owncube.com	1 redirects hillsongcph.owncube.com
2	fonts.gstatic.com	hillsongcph.owncube.com
0	cdn.jsdelivr.net Failed	hillsongcph.owncube.com
12	3

This site contains no links.

Subject Issuer	Validity	Valid
*.owncube.com COMODO RSA Domain Validation Secure Server CA	`2018-03-14` - `2019-04-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Frame ID: FDD75EFA7ECAE1A1CC060572B1EAE2F
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63 HTTP 301
https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i

Page Statistics

12
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

342 kB
Transfer

387 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63 HTTP 301
https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Redirect Chain

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63
https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/

4 KB
4 KB

43ms
42ms

Document
text/html

46.166.151.51
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.166.151.51 , Netherlands, ASN43350 (NFORCE, NL),

Reverse DNS

oc-nl30.owncube.com

Software

Apache /

Resource Hash

d15c26931ad75e64d7d1af6438c2b21f249f2ae7f7eb33eaf53c4979903ea4c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hillsongcph.owncube.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Tue, 10 Apr 2018 21:01:50 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Robots-Tag: none
Keep-Alive: timeout=5, max=99
X-XSS-Protection: 1; mode=block

Redirect headers

Date: Tue, 10 Apr 2018 21:01:50 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=iso-8859-1
Location: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Robots-Tag: none
Keep-Alive: timeout=5, max=100
Content-Length: 290
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.min.css
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/ 115 KB
115 KB 16ms
14ms Stylesheet
text/css 46.166.151.51
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/bootstrap.min.css

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.166.151.51 , Netherlands, ASN43350 (NFORCE, NL),

Reverse DNS

oc-nl30.owncube.com

Software

Apache /

Resource Hash

f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hillsongcph.owncube.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Tue, 10 Apr 2018 21:01:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 05 Apr 2018 18:47:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: text/css
Cache-Control: max-age=7200, public
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Robots-Tag: none
Keep-Alive: timeout=5, max=98
Content-Length: 117305
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK grayscale.css
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/ 9 KB
10 KB 61ms
13ms Stylesheet
text/css 46.166.151.51
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/grayscale.css

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.166.151.51 , Netherlands, ASN43350 (NFORCE, NL),

Reverse DNS

oc-nl30.owncube.com

Software

Apache /

Resource Hash

aab60e42eda8c95d43654d6fd93c2724b3c2a30ef25cd90a8a2b370ad1ac79a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hillsongcph.owncube.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Tue, 10 Apr 2018 21:01:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 05 Apr 2018 18:47:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: text/css
Cache-Control: max-age=7200, public
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Robots-Tag: none
Keep-Alive: timeout=5, max=100
Content-Length: 9358
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery.js Show response
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/ 94 KB
94 KB 60ms
13ms Script
application/javascript 46.166.151.51
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/jquery.js

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.166.151.51 , Netherlands, ASN43350 (NFORCE, NL),

Reverse DNS

oc-nl30.owncube.com

Software

Apache /

Resource Hash

24262baafef17092927c3dafe764aaa52a2a371b83ed2249cca7e414df99fac1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hillsongcph.owncube.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Tue, 10 Apr 2018 21:01:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 05 Apr 2018 18:47:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: application/javascript
Cache-Control: max-age=7200, public
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Robots-Tag: none
Keep-Alive: timeout=5, max=100
Content-Length: 95785
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.min.js Show response
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/ 35 KB
36 KB 60ms
14ms Script
application/javascript 46.166.151.51
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/bootstrap.min.js

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.166.151.51 , Netherlands, ASN43350 (NFORCE, NL),

Reverse DNS

oc-nl30.owncube.com

Software

Apache /

Resource Hash

d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hillsongcph.owncube.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Tue, 10 Apr 2018 21:01:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 05 Apr 2018 18:47:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: application/javascript
Cache-Control: max-age=7200, public
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Robots-Tag: none
Keep-Alive: timeout=5, max=100
Content-Length: 35951
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery.easing.min.js Show response
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/ 5 KB
6 KB 61ms
14ms Script
application/javascript 46.166.151.51
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/jquery.easing.min.js

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.166.151.51 , Netherlands, ASN43350 (NFORCE, NL),

Reverse DNS

oc-nl30.owncube.com

Software

Apache /

Resource Hash

ecfc183e33d25d24aa7c06218e0a413488fff8774e4b4b87543c766db9b0b8ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hillsongcph.owncube.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Tue, 10 Apr 2018 21:01:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 05 Apr 2018 18:47:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: application/javascript
Cache-Control: max-age=7200, public
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Robots-Tag: none
Keep-Alive: timeout=5, max=100
Content-Length: 5564
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK send-videos-quickly-vflhWvqHj.png
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/img/ 15 KB
15 KB 14ms
14ms Image
image/png 46.166.151.51
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/img/send-videos-quickly-vflhWvqHj.png

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.166.151.51 , Netherlands, ASN43350 (NFORCE, NL),

Reverse DNS

oc-nl30.owncube.com

Software

Apache /

Resource Hash

f17e56ed7bbea435b09866056ef90c2b4237e5832cb945863192b17357f5f9de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hillsongcph.owncube.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Connection: keep-alive
Cache-Control: no-cache
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Tue, 10 Apr 2018 21:01:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 05 Apr 2018 18:47:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Robots-Tag: none
Keep-Alive: timeout=5, max=99
Content-Length: 15004
X-XSS-Protection: 1; mode=block

GET jquery.validate.js
cdn.jsdelivr.net/jquery.validation/1.14.0/ 0
0

GET
H/1.1 200
OK logotext.png
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/img/ 3 KB
3 KB 15ms
15ms Image
image/png 46.166.151.51
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/img/logotext.png

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/jquery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.166.151.51 , Netherlands, ASN43350 (NFORCE, NL),

Reverse DNS

oc-nl30.owncube.com

Software

Apache /

Resource Hash

1d2938ef23ca692c628dfba4fbeaf906338b8a92a7446eb0578287c23c5a5ad6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hillsongcph.owncube.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/grayscale.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/grayscale.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Tue, 10 Apr 2018 21:01:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 05 Apr 2018 18:47:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Robots-Tag: none
Keep-Alive: timeout=5, max=98
Content-Length: 3038
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK logo.png
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/img/ 2 KB
2 KB 15ms
15ms Image
image/png 46.166.151.51
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/img/logo.png

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/jquery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.166.151.51 , Netherlands, ASN43350 (NFORCE, NL),

Reverse DNS

oc-nl30.owncube.com

Software

Apache /

Resource Hash

f23105737f8b4defc56d07346cc655cea221c205067ff5bf4711b1088d19fc5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hillsongcph.owncube.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/grayscale.css
Connection: keep-alive
Cache-Control: no-cache
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/grayscale.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Tue, 10 Apr 2018 21:01:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 05 Apr 2018 18:47:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Robots-Tag: none
Keep-Alive: timeout=5, max=99
Content-Length: 2050
X-XSS-Protection: 1; mode=block

GET
S 200 k3k702ZOKiLJc3WVjuplzI3LH2FgLjViKkqswU-xtII.ttf
fonts.gstatic.com/s/opensans/v13/ 53 KB
29 KB 7ms
6ms Font
font/ttf 172.217.22.35
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzI3LH2FgLjViKkqswU-xtII.ttf

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/jquery.js

Protocol

SPDY

Server

172.217.22.35 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f35.1e100.net

Software

sffe /

Resource Hash

e6cc59f65d8e48b5659483136152262936f6e8f2519d3f1e90f1397079768e80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/grayscale.css
Origin: https://hillsongcph.owncube.com

Response headers

date: Mon, 26 Feb 2018 14:14:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3739659
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length: 29106
x-xss-protection: 1; mode=block
last-modified: Mon, 27 Apr 2015 23:46:48 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Feb 2019 14:14:12 GMT

GET
S 200 u-WUoqrET9fUeobQW7jkRSZ2oysoEQEeKwjgmXLRnTc.ttf
fonts.gstatic.com/s/opensans/v13/ 53 KB
29 KB 8ms
8ms Font
font/ttf 172.217.22.35
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v13/u-WUoqrET9fUeobQW7jkRSZ2oysoEQEeKwjgmXLRnTc.ttf

Requested by

Host: hillsongcph.owncube.com
URL: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/jquery.js

Protocol

SPDY

Server

172.217.22.35 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f35.1e100.net

Software

sffe /

Resource Hash

0cabd88374e469234405061c78578a5aa77ed1d4fe371d024f09c2fd5762e3d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/grayscale.css
Origin: https://hillsongcph.owncube.com

Response headers

date: Thu, 01 Feb 2018 22:27:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5870047
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length: 29240
x-xss-protection: 1; mode=block
last-modified: Mon, 27 Apr 2015 23:45:13 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Feb 2019 22:27:44 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.jsdelivr.net
URL: http://cdn.jsdelivr.net/jquery.validation/1.14.0/jquery.validate.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Dropbox (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| jQuery1111024498636873730906

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.gstatic.com
hillsongcph.owncube.com
cdn.jsdelivr.net
172.217.22.35
46.166.151.51
0cabd88374e469234405061c78578a5aa77ed1d4fe371d024f09c2fd5762e3d1
1d2938ef23ca692c628dfba4fbeaf906338b8a92a7446eb0578287c23c5a5ad6
24262baafef17092927c3dafe764aaa52a2a371b83ed2249cca7e414df99fac1
aab60e42eda8c95d43654d6fd93c2724b3c2a30ef25cd90a8a2b370ad1ac79a2
d15c26931ad75e64d7d1af6438c2b21f249f2ae7f7eb33eaf53c4979903ea4c0
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
e6cc59f65d8e48b5659483136152262936f6e8f2519d3f1e90f1397079768e80
ecfc183e33d25d24aa7c06218e0a413488fff8774e4b4b87543c766db9b0b8ba
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f17e56ed7bbea435b09866056ef90c2b4237e5832cb945863192b17357f5f9de
f23105737f8b4defc56d07346cc655cea221c205067ff5bf4711b1088d19fc5b

hillsongcph.owncube.com Open in urlscan Pro 46.166.151.51 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

75 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

342 kBTransfer

387 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

hillsongcph.owncube.com Open in urlscan Pro
46.166.151.51 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

75 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

342 kB
Transfer

387 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!