wetransfer-files.surge.sh
Open in
urlscan Pro
138.197.235.123
Malicious Activity!
Public Scan
Effective URL: https://wetransfer-files.surge.sh/index_files/a.html
Submission: On July 14 via api from US — Scanned from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 19th 2024. Valid for: a year.
This is the only time wetransfer-files.surge.sh was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WeTransfer (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 138.197.235.123 138.197.235.123 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 18.245.86.107 18.245.86.107 | 16509 (AMAZON-02) (AMAZON-02) | |
16 | 3 |
ASN14061 (DIGITALOCEAN-ASN, US)
wetransfer-files.surge.sh |
ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-107.fra60.r.cloudfront.net
backgrounds.wetransfer.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
surge.sh
wetransfer-files.surge.sh |
2 MB |
1 |
wetransfer.net
backgrounds.wetransfer.net — Cisco Umbrella Rank: 28336 |
|
16 | 2 |
Domain | Requested by | |
---|---|---|
14 | wetransfer-files.surge.sh |
wetransfer-files.surge.sh
|
1 | backgrounds.wetransfer.net |
wetransfer-files.surge.sh
|
16 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.surge.sh Sectigo RSA Domain Validation Secure Server CA |
2024-04-19 - 2025-05-18 |
a year | crt.sh |
wetransfer.net Amazon RSA 2048 M02 |
2024-06-30 - 2025-07-29 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://wetransfer-files.surge.sh/index_files/a.html
Frame ID: 4951D5BE492CFE54F2051CC7DEF88BDA
Requests: 4 HTTP requests in this frame
Frame:
https://wetransfer-files.surge.sh/index_files/a_data/index.html
Frame ID: F6381912F1530F13D45981CB02CACDF8
Requests: 11 HTTP requests in this frame
Frame:
https://backgrounds.wetransfer.net/newplus/1903/platinum/get_the_job_done_a_v1/index.html?_origin=https://wetransfer.com
Frame ID: 39C69BC5AFF8EA21715EAD1B86599EDB
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://wetransfer-files.surge.sh/index_files/a.html
HTTP 307
https://wetransfer-files.surge.sh/index_files/a.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://wetransfer-files.surge.sh/index_files/a.html
HTTP 307
https://wetransfer-files.surge.sh/index_files/a.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
a.html
wetransfer-files.surge.sh/index_files/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ri.gif
wetransfer-files.surge.sh/index_files/a_data/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
B20062813.gif
wetransfer-files.surge.sh/index_files/a_data/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.html
wetransfer-files.surge.sh/index_files/a_data/ Frame F638 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.html
backgrounds.wetransfer.net/newplus/1903/platinum/get_the_job_done_a_v1/ Frame 39C6 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallpaper-toolbox-2.css
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_white.svg
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dom4.js
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
anime.js
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallpaper-api-2.js
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wallpaper-toolbox-2.js
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
2 MB 2 MB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
4 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-04.mp4
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
1 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
video-04.mp4
wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
wetransfer-files.surge.sh/ |
8 KB 8 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- wetransfer-files.surge.sh
- URL
- https://wetransfer-files.surge.sh/index_files/a_data/index_data/video-04.mp4
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WeTransfer (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
backgrounds.wetransfer.net
wetransfer-files.surge.sh
wetransfer-files.surge.sh
138.197.235.123
18.245.86.107
2c5968a107e4fdbb9a3ae3d67c10780c8a644e8d4d1e73dacc32ec78b5712038
37162e89aebecee55d26beaf8ec19f7ef9d371d323730ff3db74d5b17506c901
39520e24532d7867bef1ae3b4e9057838bceaaa0bef70b7e8ba8891c6d9497b3
55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595
5d37f9379291a60f698c2ed035bf47041f32a53251424774300f079e73d33468
cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9
de4caaa18a57b872b102767ff787c3e4919a41b2c54839cb57a09bc159df1c31
f8fbeab7e63018a94401b9863ee8b6b42d638dd44160ccc7cccfbf21f0c03c58