wetransfer-files.surge.sh Open in urlscan Pro
138.197.235.123 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://wetransfer-files.surge.sh/index_files/a.html
Effective URL:
https://wetransfer-files.surge.sh/index_files/a.html
Submission: On July 14 via api (July 14th 2024, 1:18:38 am UTC) from US — Scanned from GB

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 16 HTTP transactions. The main IP is 138.197.235.123, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is wetransfer-files.surge.sh.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 19th 2024. Valid for: a year.

This is the only time wetransfer-files.surge.sh was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
14	138.197.235.123 138.197.235.123	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	18.245.86.107 18.245.86.107	16509 (AMAZON-02) (AMAZON-02)
16	3

14 138.197.235.123 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

wetransfer-files.surge.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-107.fra60.r.cloudfront.net

backgrounds.wetransfer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	surge.sh wetransfer-files.surge.sh	2 MB
1	wetransfer.net backgrounds.wetransfer.net — Cisco Umbrella Rank: 28336
16	2

	Domain	Requested by
14	wetransfer-files.surge.sh	wetransfer-files.surge.sh
1	backgrounds.wetransfer.net	wetransfer-files.surge.sh
16	2

This site contains no links.

Subject Issuer	Validity	Valid
*.surge.sh Sectigo RSA Domain Validation Secure Server CA	`2024-04-19` - `2025-05-18`	a year	crt.sh
wetransfer.net Amazon RSA 2048 M02	`2024-06-30` - `2025-07-29`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://wetransfer-files.surge.sh/index_files/a.html
Frame ID: 4951D5BE492CFE54F2051CC7DEF88BDA
Requests: 4 HTTP requests in this frame

Frame: https://wetransfer-files.surge.sh/index_files/a_data/index.html
Frame ID: F6381912F1530F13D45981CB02CACDF8
Requests: 11 HTTP requests in this frame

Frame: https://backgrounds.wetransfer.net/newplus/1903/platinum/get_the_job_done_a_v1/index.html?_origin=https://wetransfer.com
Frame ID: 39C69BC5AFF8EA21715EAD1B86599EDB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://wetransfer-files.surge.sh/index_files/a.html HTTP 307
https://wetransfer-files.surge.sh/index_files/a.html Page URL

Page Statistics

16
Requests

94 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

1864 kB
Transfer

1898 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://wetransfer-files.surge.sh/index_files/a.html HTTP 307
https://wetransfer-files.surge.sh/index_files/a.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request a.html Show response wetransfer-files.surge.sh/index_files/ Redirect Chain http://wetransfer-files.surge.sh/index_files/a.html https://wetransfer-files.surge.sh/index_files/a.html	1 KB 1 KB	944ms 323ms	Document text/html	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `de4caaa18a57b872b102767ff787c3e4919a41b2c54839cb57a09bc159df1c31` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Age 397263 Cache-Control public, max-age=0, must-revalidate Connection close Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sun, 14 Jul 2024 01:18:32 GMT ETag "de4caaa18a57b872b102767ff787c3e4919a41b2c54839cb57a09bc159df1c31" Response-Time 2ms Server Surge Surge-Cache HIT Surge-Stamp 30845::1718277100756-a32903ce991371b233bd5bb53fecb053 Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Location https://wetransfer-files.surge.sh/index_files/a.html Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	404 Not Found	ri.gif wetransfer-files.surge.sh/index_files/a_data/	8 KB 8 KB	743ms 321ms	Image text/html	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://wetransfer-files.surge.sh/index_files/a_data/ri.gif Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `5d37f9379291a60f698c2ed035bf47041f32a53251424774300f079e73d33468` Request headers Referer https://wetransfer-files.surge.sh/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Sun, 14 Jul 2024 01:18:33 GMT Surge-Stamp 31159::1718277100756 Server Surge ETag W/"2037-Bpq88syl4OLNTwUiR08il4/lN+0" Content-Type text/html; charset=utf-8 Connection close Content-Length 8247 Surge-Cache HIT
GET H/1.1	404 Not Found	B20062813.gif wetransfer-files.surge.sh/index_files/a_data/	8 KB 8 KB	879ms 314ms	Image text/html	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://wetransfer-files.surge.sh/index_files/a_data/B20062813.gif Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `5d37f9379291a60f698c2ed035bf47041f32a53251424774300f079e73d33468` Request headers Referer https://wetransfer-files.surge.sh/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Sun, 14 Jul 2024 01:18:33 GMT Surge-Stamp 30845::1718277100756 Server Surge ETag W/"2037-Bpq88syl4OLNTwUiR08il4/lN+0" Content-Type text/html; charset=utf-8 Connection close Content-Length 8247 Surge-Cache HIT
GET H/1.1	200 OK	index.html Show response wetransfer-files.surge.sh/index_files/a_data/ Frame F638	7 KB 3 KB	523ms 166ms	Document text/html	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a_data/index.html Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `f8fbeab7e63018a94401b9863ee8b6b42d638dd44160ccc7cccfbf21f0c03c58` Request headers Referer https://wetransfer-files.surge.sh/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Age 397263 Cache-Control public, max-age=0, must-revalidate Connection close Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sun, 14 Jul 2024 01:18:33 GMT ETag "f8fbeab7e63018a94401b9863ee8b6b42d638dd44160ccc7cccfbf21f0c03c58" Response-Time 1ms Server Surge Surge-Cache HIT Surge-Stamp 30845::1718277100756-be1083ad57bf5411c8e92d41bcdec988 Transfer-Encoding chunked Vary Accept-Encoding
GET H2	200	index.html backgrounds.wetransfer.net/newplus/1903/platinum/get_the_job_done_a_v1/ Frame 39C6	0 0	295ms 157ms	Document text/html	18.245.86.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://backgrounds.wetransfer.net/newplus/1903/platinum/get_the_job_done_a_v1/index.html?_origin=https://wetransfer.com Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.86.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-86-107.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash Request headers Referer https://wetransfer-files.surge.sh/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers content-encoding gzip content-type text/html date Sun, 14 Jul 2024 01:18:34 GMT etag W/"6783d710ae386ccdeb56f0c8bc9c7c5e" last-modified Mon, 04 Mar 2019 11:56:54 GMT server AmazonS3 vary Accept-Encoding via 1.1 e0bdfd4f00aaa5b927cf38c4eda059ca.cloudfront.net (CloudFront) x-amz-cf-id j9z3XEZrrZABIhIrA1t_54Q0KNjn50mpGcWU9n3unBwfs8hf-HaHPg== x-amz-cf-pop FRA60-P6 x-cache RefreshHit from cloudfront
GET H/1.1	200 OK	wallpaper-toolbox-2.css wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	5 KB 2 KB	656ms 292ms	Stylesheet text/css	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a_data/index_data/wallpaper-toolbox-2.css Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a_data/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `2c5968a107e4fdbb9a3ae3d67c10780c8a644e8d4d1e73dacc32ec78b5712038` Request headers Referer https://wetransfer-files.surge.sh/index_files/a_data/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Sun, 14 Jul 2024 01:18:34 GMT Content-Encoding gzip Surge-Stamp 30845::1718277100756-b90314c49e899fb3edec053f6429c324 Server Surge Age 397263 ETag "2c5968a107e4fdbb9a3ae3d67c10780c8a644e8d4d1e73dacc32ec78b5712038" Vary Accept-Encoding Transfer-Encoding chunked Content-Type text/css; charset=UTF-8 Response-Time 1ms Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Surge-Cache HIT
GET H/1.1	200 OK	logo_white.svg wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	4 KB 2 KB	539ms 166ms	Image image/svg+xml	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://wetransfer-files.surge.sh/index_files/a_data/index_data/logo_white.svg Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a_data/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9` Request headers Referer https://wetransfer-files.surge.sh/index_files/a_data/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Sun, 14 Jul 2024 01:18:33 GMT Content-Encoding gzip Surge-Stamp 30901::1718277100756-958a412f868b36f4c646746cad3e1e3f Server Surge Age 397263 ETag "cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9" Vary Accept-Encoding Transfer-Encoding chunked Content-Type image/svg+xml Response-Time 2ms Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Surge-Cache HIT
GET H/1.1	200 OK	dom4.js Show response wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	17 KB 5 KB	541ms 169ms	Script application/javascript	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a_data/index_data/dom4.js Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a_data/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `39520e24532d7867bef1ae3b4e9057838bceaaa0bef70b7e8ba8891c6d9497b3` Request headers Referer https://wetransfer-files.surge.sh/index_files/a_data/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Sun, 14 Jul 2024 01:18:33 GMT Content-Encoding gzip Surge-Stamp 30901::1718277100756-7aed538ecf52769f8158ab06262475e6 Server Surge Age 397263 ETag "39520e24532d7867bef1ae3b4e9057838bceaaa0bef70b7e8ba8891c6d9497b3" Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript; charset=UTF-8 Response-Time 1ms Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Surge-Cache HIT
GET H/1.1	200 OK	anime.js Show response wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	17 KB 7 KB	591ms 185ms	Script application/javascript	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a_data/index_data/anime.js Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a_data/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `37162e89aebecee55d26beaf8ec19f7ef9d371d323730ff3db74d5b17506c901` Request headers Referer https://wetransfer-files.surge.sh/index_files/a_data/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Sun, 14 Jul 2024 01:18:34 GMT Content-Encoding gzip Surge-Stamp 30901::1718277100756-6e9259150ac746768869a8b1c765f642 Server Surge Age 397263 ETag "37162e89aebecee55d26beaf8ec19f7ef9d371d323730ff3db74d5b17506c901" Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript; charset=UTF-8 Response-Time 1ms Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Surge-Cache HIT
GET H/1.1	404 Not Found	wallpaper-api-2.js wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	0 0	817ms 157ms	Script text/html	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a_data/index_data/wallpaper-api-2.js Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a_data/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash Request headers Referer https://wetransfer-files.surge.sh/index_files/a_data/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Sun, 14 Jul 2024 01:18:34 GMT Surge-Stamp 30845::1718277100756 Server Surge ETag W/"2037-Bpq88syl4OLNTwUiR08il4/lN+0" Content-Type text/html; charset=utf-8 Connection close Content-Length 8247 Surge-Cache HIT
GET H/1.1	404 Not Found	wallpaper-toolbox-2.js wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	0 0	976ms 287ms	Script text/html	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a_data/index_data/wallpaper-toolbox-2.js Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a_data/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash Request headers Referer https://wetransfer-files.surge.sh/index_files/a_data/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Sun, 14 Jul 2024 01:18:34 GMT Surge-Stamp 30975::1718277100756 Server Surge ETag W/"2037-Bpq88syl4OLNTwUiR08il4/lN+0" Content-Type text/html; charset=utf-8 Connection close Content-Length 8247 Surge-Cache HIT
GET H/1.1	206 Partial Content	video-04.mp4 wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	2 MB 2 MB	692ms 310ms	Media video/mp4	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a_data/index_data/video-04.mp4 Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a_data/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595` Request headers Referer https://wetransfer-files.surge.sh/index_files/a_data/index.html Accept-Encoding identity;q=1, ;q=0 User-Agent* Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Range bytes=0- Response headers Date Sun, 14 Jul 2024 01:18:34 GMT Surge-Stamp 30901::1718277100756-6fd59cf63aa3165809a31a4e64187c8a Server Surge Age 487993 ETag "55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595" Content-Type video/mp4 Response-Time 1ms Content-Range bytes 0-1862641/1862642 Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Content-Length 1862642 Surge-Cache HIT
GET H/1.1	206 Partial Content	video-04.mp4 wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	4 KB 0	2240ms 317ms	Media video/mp4	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a_data/index_data/video-04.mp4 Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a_data/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash Request headers Referer https://wetransfer-files.surge.sh/index_files/a_data/index.html Accept-Encoding identity;q=1, ;q=0 User-Agent* Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Range bytes=0- Response headers Date Sun, 14 Jul 2024 01:18:36 GMT Surge-Stamp 30975::1718277100756-6fd59cf63aa3165809a31a4e64187c8a Server Surge Age 487994 ETag "55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595" Content-Type video/mp4 Response-Time 0ms Content-Range bytes 0-1862641/1862642 Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Content-Length 1862642 Surge-Cache HIT
GET H/1.1	206 Partial Content	video-04.mp4 wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	1 KB 0	1466ms 446ms	Media video/mp4	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/index_files/a_data/index_data/video-04.mp4 Requested by Host: wetransfer-files.surge.sh URL: https://wetransfer-files.surge.sh/index_files/a_data/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash Request headers Referer https://wetransfer-files.surge.sh/index_files/a_data/index.html Accept-Encoding identity;q=1, ;q=0 User-Agent* Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Range bytes=0- Response headers Date Sun, 14 Jul 2024 01:18:35 GMT Surge-Stamp 31159::1718277100756-6fd59cf63aa3165809a31a4e64187c8a Server Surge Age 487994 ETag "55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595" Content-Type video/mp4 Response-Time 1ms Content-Range bytes 0-1862641/1862642 Cache-Control public, max-age=0, must-revalidate Connection close Accept-Ranges bytes Content-Length 1862642 Surge-Cache HIT
GET		video-04.mp4 wetransfer-files.surge.sh/index_files/a_data/index_data/ Frame F638	0 0

GET H/1.1	404 Not Found	favicon.ico wetransfer-files.surge.sh/	8 KB 8 KB	235ms 171ms	Other text/html	138.197.235.123 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://wetransfer-files.surge.sh/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Surge / Resource Hash `5d37f9379291a60f698c2ed035bf47041f32a53251424774300f079e73d33468` Request headers Referer https://wetransfer-files.surge.sh/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Sun, 14 Jul 2024 01:18:36 GMT Surge-Stamp 30845::1718277100756 Server Surge ETag W/"2037-Bpq88syl4OLNTwUiR08il4/lN+0" Content-Type text/html; charset=utf-8 Connection close Content-Length 8247 Surge-Cache HIT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: wetransfer-files.surge.sh
URL: https://wetransfer-files.surge.sh/index_files/a_data/index_data/video-04.mp4

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://wetransfer-files.surge.sh/index_files/a_data/ri.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://wetransfer-files.surge.sh/index_files/a_data/B20062813.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://wetransfer-files.surge.sh/index_files/a_data/index_data/wallpaper-api-2.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://wetransfer-files.surge.sh/index_files/a_data/index_data/wallpaper-toolbox-2.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://wetransfer-files.surge.sh/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

backgrounds.wetransfer.net
wetransfer-files.surge.sh
wetransfer-files.surge.sh
138.197.235.123
18.245.86.107
2c5968a107e4fdbb9a3ae3d67c10780c8a644e8d4d1e73dacc32ec78b5712038
37162e89aebecee55d26beaf8ec19f7ef9d371d323730ff3db74d5b17506c901
39520e24532d7867bef1ae3b4e9057838bceaaa0bef70b7e8ba8891c6d9497b3
55698987600e1a53ecc16853bb344c4a374db9f1e824ecd43e95a6f544de9595
5d37f9379291a60f698c2ed035bf47041f32a53251424774300f079e73d33468
cb03f92c07b692ce08005daa5f69a374b6bc2f65e0f5bde64aa1e18499b6e8f9
de4caaa18a57b872b102767ff787c3e4919a41b2c54839cb57a09bc159df1c31
f8fbeab7e63018a94401b9863ee8b6b42d638dd44160ccc7cccfbf21f0c03c58

wetransfer-files.surge.sh Open in urlscan Pro 138.197.235.123 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

16 Requests

94 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

1864 kBTransfer

1898 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

wetransfer-files.surge.sh Open in urlscan Pro
138.197.235.123 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

94 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

1864 kB
Transfer

1898 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!