MalwareTips
Security Review

Is uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com legit or a scam?

Our verdict:Suspicious· 55/100

Dropbox CDN subdomain with documented history of hosting phishing PDFs and malware; current URL shows 404 but the host is flagged in threat databases.

Top reasons
The dl.dropboxusercontent.com subdomain is documented in threat-intelligence databases as a common vector for hosting malicious PDFs and phishing links.Darktrace security research confirms phishing attacks using Dropbox file links to deliver credential-harvesting PDFs.URLhaus maintains a dedicated tracking page for malicious URLs on this exact host, indicating sustained abuse.
uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.comScanned 1h ago
Post Facebook
0
Trust score
SUSPICIOUS
Heuristics 90·MT 40
Category tags
malware-distributionphishing-infrastructure#Phishing#Malware#Data Harvester72% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
14 years old
Registered Jan 13, 2012
MT Intelligence
Suspicious
High likelihood · 72% confidence
SUSPICIOUS

Warning signs detected

Dropbox CDN subdomain with documented history of hosting phishing PDFs and malware; current URL shows 404 but the host is flagged in threat databases. Several risk indicators suggest caution. This site might be legitimate — but treat it as unverified until you can independently confirm.

Website Preview

Screenshot of uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com
LIVE RENDER
uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com
1Page renders a 404 error with Dropbox-branded navigation links (Home, Help center, Sign in, Get a free account, Dropbox Plus, Dropbox Business)

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

50
/ 100
High visual risk

Visual red flags detected in the screenshot

The page displays a standard Dropbox 404 error; the specific URL that was scanned could not be evaluated as no functional content is present.

Visual risk50/100

What our vision model saw

1 signal

Page renders a 404 error with Dropbox-branded navigation links (Home, Help center, Sign in, Get a free account, Dropbox Plus, Dropbox Business)

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The URL points to Dropbox's official file-delivery infrastructure (dl.dropboxusercontent.com), which is legitimate in itself. However, our research found that this subdomain is heavily abused by threat actors to distribute malicious files and phishing content. Security researchers at Darktrace documented phishing attacks using Dropbox links to deliver malicious PDFs, and URLhaus maintains a dedicated tracking page for malicious URLs on this exact host. The specific file UUID in this URL (uc22c3efb2b7cda38b98d4582582) has no public mentions or scam reports, suggesting it may be a one-off or recently-created payload. The 404 error means the file is either no longer hosted or was never accessible at this path. Our antivirus network and browser blocklists show no flags for this specific URL, but the hosting infrastructure itself carries significant abuse history.
Full dossier
Analysis complete

Page Content

The page displays a standard Dropbox 404 error with branded navigation (Home, Help center, Sign in, Get a free account, Dropbox Plus, Dropbox Business). No functional content is present at this specific URL path.

Infrastructure

Hosted on Dropbox's official content-delivery network (dl.dropboxusercontent.com) with valid SSL from DigiCert. The hosting IP (162.125.4.15) has zero abuse reports and a clean reputation score. However, the subdomain itself is documented in threat-intelligence databases as a vector for malware and phishing distribution.

Domain History

The dl.dropboxusercontent.com domain has been in operation for 5266 days, consistent with Dropbox's infrastructure timeline. This is a legitimate Dropbox service, not a registered domain under attacker control. The specific file path (UUID-based filename) appears to be a one-off payload URL.

Web Reputation

Security researchers including Darktrace have documented phishing campaigns abusing Dropbox file links. URLhaus maintains active tracking of malicious URLs hosted on this subdomain. Sandbox services have flagged various dl.dropboxusercontent.com links as malicious. The specific UUID in this URL has no public scam reports or mentions.

Risk Factors
5
  • The dl.dropboxusercontent.com subdomain is documented in threat-intelligence databases as a common vector for hosting malicious PDFs and phishing links.
  • Darktrace security research confirms phishing attacks using Dropbox file links to deliver credential-harvesting PDFs.
  • URLhaus maintains a dedicated tracking page for malicious URLs on this exact host, indicating sustained abuse.
  • The file UUID (uc22c3efb2b7cda38b98d4582582) is not indexed or publicly mentioned, suggesting a newly-created or ephemeral payload.
  • The current 404 error prevents verification of what file was or is hosted at this path.
Positive Signals
5
  • The domain is Dropbox's legitimate, long-established infrastructure (5266 days old).
  • SSL certificate is valid and issued by DigiCert, a trusted certificate authority.
  • Hosting IP has zero abuse reports and a clean reputation score.
  • Our antivirus network and browser blocklists do not flag this specific URL.
  • The specific file UUID has no public scam reports or documented malicious activity.
AI Recommendation
Do not download or open any files from this URL. If you received a link to this URL in an email or message, treat it as a phishing attempt. Report the link to Dropbox's abuse team and to your email provider.
Scam network detected
1 linked domain correlated

The dl.dropboxusercontent.com subdomain is a known abuse vector for phishing and malware distribution. Threat actors frequently host malicious PDFs and credential-harvesting links on this legitimate Dropbox infrastructure to exploit user trust in the Dropbox brand.

dl.dropboxusercontent.com
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
14 yrs
Registered Jan 2012
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
3 scam reports · 1 complaint
Key findings
7 headline facts from open-web research
  • The full URL is a direct link to a specific file (likely with UUID-based filename uc22c3efb2b7cda38b98d4582582) hosted on Dropbox's official content delivery network dl.dropboxusercontent.com.
  • Dropbox's dl.dropboxusercontent.com is a verified domain used for direct file downloads and is listed in Dropbox's official domains documentation.
  • This subdomain and similar paths are frequently abused by threat actors to host phishing PDFs, malware, or links to credential-harvesting sites, as documented in multiple security reports.
  • Specific searches for the exact UUID "uc22c3efb2b7cda38b98d4582582" returned no public mentions, scam reports, or analysis pages.
  • URLhaus.abuse.ch maintains a dedicated page tracking malicious URLs hosted on dl.dropboxusercontent.com.
  • Sandbox services like ANY.RUN and JoeSandbox have flagged various dl.dropboxusercontent.com links as malicious in the past.
  • Domain age of 5266 days aligns with Dropbox's long-standing infrastructure (launched years ago).
Scam reports (3)
Direct quotes from public scam databases, forums, and news.
  • Darktraceopen

    "Darktrace detected a malicious attempt to use Dropbox in a phishing attack... link that would lead a user to a PDF file hosted on Dropbox, that was seemingly named after a partner of the organization. Although the email and the Dropbox endp"

  • URLhausopen

    "URLhaus tracks malicious URLs hosted on dl.dropboxusercontent.com for malware distribution. Database includes multiple entries of malware URLs on this host."

  • ANY.RUNopen

    "Online sandbox report for dl.dropboxusercontent.com, verdict: Malicious activity."

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research found three key findings: (1) Darktrace security researchers documented phishing campaigns abusing Dropbox file links to deliver credential-harvesting PDFs; (2) URLhaus maintains active tracking of malicious URLs hosted on dl.dropboxusercontent.com, confirming sustained abuse of this infrastructure; (3) Sandbox services have flagged various URLs on this subdomain as malicious. The specific file UUID (uc22c3efb2b7cda38b98d4582582) has no public scam reports, complaints, or documented malicious activity, suggesting it may be a newly-created or one-off payload.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious59Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Domain & Encryption

Domain History
Age14 years old
RegistrarMarkMonitor Inc.
RegisteredJan 13, 2012
ExpiresJan 13, 2028
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerDigiCert Inc · DigiCert Global G3 TLS ECC SHA384 2020 CA1
ExpiresSep 16, 2026 (93d)
Self-signedNo
Hosting & Technology
HostingDropbox, Inc.
Server locationUS

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com/
  • 2404https://uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPDropbox, Inc.
Usage typeCommercial

Proceed with caution

Our automated review flagged enough risk that you should treat this site as unverified.

  • Treat uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com currently scores 55/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • Yes. uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com presents a valid TLSv1.3 certificate issued by DigiCert Inc · DigiCert Global G3 TLS ECC SHA384 2020 CA1, expiring in 93 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com is 14.4 years old, registered on 1/13/2012 through MarkMonitor Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com as clean.
  • No. uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com resolves to an IP operated by Dropbox, Inc. in US (usage type: Commercial). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 15, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·uc22c3efb2b7cda38b98d4582582.dl.dropboxusercontent.com
SUSPICIOUS

This is a Dropbox content-delivery URL that returns a 404 error. The dl.dropboxusercontent.com subdomain is frequently abused by attackers to host malicious PDFs and phishing links, and security researchers have documented multiple malware campaigns using this infrastructure.

Do not download or open any files from this URL. If you received a link to this URL in an email or message, treat it as a phishing attempt. Report the link to Dropbox's abuse team and to your email provider.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Suspicious reports

Browse all reports
Suspicioustrust59
missav.ws
33m ago
Read the review
Suspicioustrust65
venusfactor.com
46m ago
Read the review
Suspicioustrust65
moviebox.com
46m ago
Read the review
Suspicioustrust50
blastleadgeneration.com
47m ago
Read the review
Suspicioustrust65
xhaccess.com
50m ago
Read the review
Suspicioustrust56
omnitherapyrooms.co.uk
57m ago
Read the review
Suspicioustrust63
playbox.com
57m ago
Read the review
Suspicioustrust62
labelladepilacion.com
2h ago
Read the review
Suspicioustrust63
parivahanbharat.com
2h ago
Read the review
Suspicioustrust50
deepnsfw.app
2h ago
Read the review
Suspicioustrust54
sbox.watch
2h ago
Read the review
Suspicioustrust56
juicymolt.com
2h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.