marccure.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 182.50.132.50, located in Singapore and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is marccure.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 22nd 2021. Valid for: a year.

This is the only time marccure.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address		AS Autonomous System
7	182.50.132.50 182.50.132.50		26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
7	1

7 182.50.132.50 (Singapore)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: sg2nwvpweb015.shr.prod.sin2.secureserver.net

marccure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	marccure.com marccure.com	1 MB
7	1

	Domain	Requested by
7	marccure.com	marccure.com
7	1

This site contains no links.

Subject Issuer	Validity	Valid
marccure.com Go Daddy Secure Certificate Authority - G2	`2021-02-22` - `2022-03-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://marccure.com/packages/wt/
Frame ID: DF6763484D881BF4219B6C37C34DD6A8
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wetransfer- Continue

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1088 kB
Transfer

1086 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
marccure.com/packages/wt/ 2 KB
3 KB 1086ms
258ms Document
text/html 182.50.132.50
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://marccure.com/packages/wt/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

182.50.132.50 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

sg2nwvpweb015.shr.prod.sin2.secureserver.net

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

a04bc1416258d04140806f318f18ed330f5f2e1cab4c8628d6a14a91d9a9a27d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Content-Type: text/html
Last-Modified: Mon, 03 Jan 2022 04:44:49 GMT
Accept-Ranges: bytes
ETag: "8036a6a35c0d81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Strict-Transport-Security: max-age=31536000
Date: Tue, 04 Jan 2022 01:17:19 GMT
Content-Length: 2359

GET
H/1.1 200
OK bootstrap.min.css
marccure.com/packages/wt/assets/bootstrap/css/ 160 KB
160 KB 269ms
268ms Stylesheet
text/css 182.50.132.50
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://marccure.com/packages/wt/assets/bootstrap/css/bootstrap.min.css

Requested by

Host: marccure.com
URL: https://marccure.com/packages/wt/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

182.50.132.50 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

sg2nwvpweb015.shr.prod.sin2.secureserver.net

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

3f1c72e824c95f57cb3d13ad549f18e66485221a175a33877f346051a4d302c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marccure.com/packages/wt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Powered-By-Plesk: PleskWin
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 03 Jan 2022 04:45:06 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "035c8ad5c0d81:0"
Content-Type: text/css
Date: Tue, 04 Jan 2022 01:17:19 GMT
Accept-Ranges: bytes
Content-Length: 163828

GET
H/1.1 200
OK Login-Form-Clean.css
marccure.com/packages/wt/assets/css/ 1 KB
2 KB 268ms
267ms Stylesheet
text/css 182.50.132.50
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://marccure.com/packages/wt/assets/css/Login-Form-Clean.css

Requested by

Host: marccure.com
URL: https://marccure.com/packages/wt/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

182.50.132.50 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

sg2nwvpweb015.shr.prod.sin2.secureserver.net

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

ff262c58dd02a1d6eea589754c18d9d68c4b3e88c272d2dbe6cc354ee4658696

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marccure.com/packages/wt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Powered-By-Plesk: PleskWin
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 03 Jan 2022 04:45:02 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "0db65ab5c0d81:0"
Content-Type: text/css
Date: Tue, 04 Jan 2022 01:17:19 GMT
Accept-Ranges: bytes
Content-Length: 1247

GET
H/1.1 200
OK styles.css
marccure.com/packages/wt/assets/css/ 0
317 B 525ms
255ms Stylesheet
text/css 182.50.132.50
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://marccure.com/packages/wt/assets/css/styles.css

Requested by

Host: marccure.com
URL: https://marccure.com/packages/wt/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

182.50.132.50 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

sg2nwvpweb015.shr.prod.sin2.secureserver.net

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marccure.com/packages/wt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Powered-By-Plesk: PleskWin
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 03 Jan 2022 04:45:02 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "0db65ab5c0d81:0"
Content-Type: text/css
Date: Tue, 04 Jan 2022 01:17:20 GMT
Accept-Ranges: bytes
Content-Length: 0

GET
H/1.1 200
OK wetransfer_logo_we_transfer.png
marccure.com/packages/wt/assets/img/ 125 KB
126 KB 746ms
253ms Image
image/png 182.50.132.50
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://marccure.com/packages/wt/assets/img/wetransfer_logo_we_transfer.png

Requested by

Host: marccure.com
URL: https://marccure.com/packages/wt/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

182.50.132.50 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

sg2nwvpweb015.shr.prod.sin2.secureserver.net

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marccure.com/packages/wt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Powered-By-Plesk: PleskWin
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 03 Jan 2022 04:45:09 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "80f891af5c0d81:0"
Content-Type: image/png
Date: Tue, 04 Jan 2022 01:17:20 GMT
Accept-Ranges: bytes
Content-Length: 128338

GET
H/1.1 200
OK bootstrap.min.js Show response
marccure.com/packages/wt/assets/bootstrap/js/ 76 KB
77 KB 722ms
245ms Script
application/javascript 182.50.132.50
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://marccure.com/packages/wt/assets/bootstrap/js/bootstrap.min.js

Requested by

Host: marccure.com
URL: https://marccure.com/packages/wt/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

182.50.132.50 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

sg2nwvpweb015.shr.prod.sin2.secureserver.net

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marccure.com/packages/wt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Powered-By-Plesk: PleskWin
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 03 Jan 2022 04:45:06 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "035c8ad5c0d81:0"
Content-Type: application/javascript
Date: Tue, 04 Jan 2022 01:17:20 GMT
Accept-Ranges: bytes
Content-Length: 78129

GET
H/1.1 200
OK bg7.png
marccure.com/packages/wt/assets/img/ 721 KB
721 KB 297ms
297ms Image
image/png 182.50.132.50
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://marccure.com/packages/wt/assets/img/bg7.png

Requested by

Host: marccure.com
URL: https://marccure.com/packages/wt/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

182.50.132.50 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

sg2nwvpweb015.shr.prod.sin2.secureserver.net

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

c1e4ca8d14febe2eca37805c3d657d89a52f94af9d8742b21e1afd8ecf556429

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marccure.com/packages/wt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Powered-By-Plesk: PleskWin
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 03 Jan 2022 04:45:05 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "809e2fad5c0d81:0"
Content-Type: image/png
Date: Tue, 04 Jan 2022 01:17:20 GMT
Accept-Ranges: bytes
Content-Length: 738106

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| uidEvent object| bootstrap

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

marccure.com
182.50.132.50
3f1c72e824c95f57cb3d13ad549f18e66485221a175a33877f346051a4d302c2
a04bc1416258d04140806f318f18ed330f5f2e1cab4c8628d6a14a91d9a9a27d
baac93855451e14898a6b5aaf78da07ffa9b61bb4d75c3a5353b18bb6660eab5
c1e4ca8d14febe2eca37805c3d657d89a52f94af9d8742b21e1afd8ecf556429
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
ff262c58dd02a1d6eea589754c18d9d68c4b3e88c272d2dbe6cc354ee4658696

marccure.com Open in urlscan Pro 182.50.132.50 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1088 kBTransfer

1086 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

marccure.com Open in urlscan Pro
182.50.132.50 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1088 kB
Transfer

1086 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!