hillsongcph.owncube.com
Open in
urlscan Pro
46.166.151.51
Malicious Activity!
Public Scan
Submission: On April 10 via automatic, source phishtank
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on March 14th 2018. Valid for: a year.
This is the only time hillsongcph.owncube.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 46.166.151.51 46.166.151.51 | 43350 (NFORCE) (NFORCE) | |
2 | 172.217.22.35 172.217.22.35 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
12 | 3 |
ASN43350 (NFORCE, NL)
PTR: oc-nl30.owncube.com
hillsongcph.owncube.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s16-in-f35.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
owncube.com
1 redirects
hillsongcph.owncube.com |
286 KB |
2 |
gstatic.com
fonts.gstatic.com |
57 KB |
0 |
jsdelivr.net
Failed
cdn.jsdelivr.net Failed |
|
12 | 3 |
Domain | Requested by | |
---|---|---|
10 | hillsongcph.owncube.com |
1 redirects
hillsongcph.owncube.com
|
2 | fonts.gstatic.com |
hillsongcph.owncube.com
|
0 | cdn.jsdelivr.net Failed |
hillsongcph.owncube.com
|
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.owncube.com COMODO RSA Domain Validation Secure Server CA |
2018-03-14 - 2019-04-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/
Frame ID: FDD75EFA7ECAE1A1CC060572B1EAE2F
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63
HTTP 301
https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
- script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63
HTTP 301
https://hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/ |
115 KB 115 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
grayscale.css
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/css/ |
9 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/ |
94 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/ |
35 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.easing.min.js
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/js/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
send-videos-quickly-vflhWvqHj.png
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/img/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.validate.js
cdn.jsdelivr.net/jquery.validation/1.14.0/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logotext.png
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
hillsongcph.owncube.com/ocs1/dropboxhtml/244e71a60ebd355ae4f0ed19af0b2f63/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
k3k702ZOKiLJc3WVjuplzI3LH2FgLjViKkqswU-xtII.ttf
fonts.gstatic.com/s/opensans/v13/ |
53 KB 29 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
u-WUoqrET9fUeobQW7jkRSZ2oysoEQEeKwjgmXLRnTc.ttf
fonts.gstatic.com/s/opensans/v13/ |
53 KB 29 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cdn.jsdelivr.net
- URL
- http://cdn.jsdelivr.net/jquery.validation/1.14.0/jquery.validate.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| jQuery11110244986368737309060 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubdomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
fonts.gstatic.com
hillsongcph.owncube.com
cdn.jsdelivr.net
172.217.22.35
46.166.151.51
0cabd88374e469234405061c78578a5aa77ed1d4fe371d024f09c2fd5762e3d1
1d2938ef23ca692c628dfba4fbeaf906338b8a92a7446eb0578287c23c5a5ad6
24262baafef17092927c3dafe764aaa52a2a371b83ed2249cca7e414df99fac1
aab60e42eda8c95d43654d6fd93c2724b3c2a30ef25cd90a8a2b370ad1ac79a2
d15c26931ad75e64d7d1af6438c2b21f249f2ae7f7eb33eaf53c4979903ea4c0
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
e6cc59f65d8e48b5659483136152262936f6e8f2519d3f1e90f1397079768e80
ecfc183e33d25d24aa7c06218e0a413488fff8774e4b4b87543c766db9b0b8ba
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f17e56ed7bbea435b09866056ef90c2b4237e5832cb945863192b17357f5f9de
f23105737f8b4defc56d07346cc655cea221c205067ff5bf4711b1088d19fc5b