IOC Report
https://auth.wetransfer.com/u/email-verification?ticket=UMfLRteVQF69UfcpnPNcqr1zYCapKJ2R

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:33:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:33:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:33:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:33:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:33:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 142
gzip compressed data, from Unix, original size modulo 2^32 43236
downloaded
Chrome Cache Entry: 145
ASCII text, with very long lines (55308), with no line terminators
downloaded
Chrome Cache Entry: 146
ASCII text, with very long lines (600), with no line terminators
downloaded
Chrome Cache Entry: 147
ASCII text, with very long lines (65089)
downloaded
Chrome Cache Entry: 148
Web Open Font Format, TrueType, length 31120, version 1.6554
downloaded
Chrome Cache Entry: 149
ASCII text, with very long lines (9711), with no line terminators
downloaded
Chrome Cache Entry: 150
ASCII text, with very long lines (46383)
downloaded
Chrome Cache Entry: 152
ASCII text, with very long lines (799)
dropped
Chrome Cache Entry: 153
ASCII text, with very long lines (4103), with no line terminators
downloaded
Chrome Cache Entry: 154
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
downloaded
Chrome Cache Entry: 155
Unicode text, UTF-8 text, with very long lines (46429), with no line terminators
downloaded
Chrome Cache Entry: 156
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 157
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
downloaded
Chrome Cache Entry: 158
MS Windows icon resource - 4 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48, 32 bits/pixel
dropped
Chrome Cache Entry: 159
ASCII text, with very long lines (753), with no line terminators
downloaded
Chrome Cache Entry: 160
ASCII text, with very long lines (65470)
downloaded
Chrome Cache Entry: 162
ASCII text, with very long lines (10158)
downloaded
Chrome Cache Entry: 163
Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
downloaded
Chrome Cache Entry: 164
ASCII text, with very long lines (26464), with no line terminators
downloaded
Chrome Cache Entry: 165
ASCII text, with very long lines (799)
downloaded
Chrome Cache Entry: 166
PNG image data, 152 x 168, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 168
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 169
ASCII text, with very long lines (3210), with no line terminators
downloaded
Chrome Cache Entry: 170
Unicode text, UTF-8 text, with very long lines (35384), with CRLF line terminators
downloaded
Chrome Cache Entry: 172
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 173
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 176
Web Open Font Format (Version 2), TrueType, length 35884, version 1.0
downloaded
Chrome Cache Entry: 177
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 178
ASCII text, with very long lines (2343)
downloaded
Chrome Cache Entry: 179
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 180
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 181
Unicode text, UTF-8 text, with very long lines (7044), with no line terminators
downloaded
Chrome Cache Entry: 182
ASCII text
downloaded
Chrome Cache Entry: 183
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 184
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 185
ASCII text, with very long lines (3920)
dropped
Chrome Cache Entry: 187
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 188
ASCII text, with very long lines (24348), with no line terminators
downloaded
Chrome Cache Entry: 189
Web Open Font Format, TrueType, length 43796, version 0.0
downloaded
Chrome Cache Entry: 190
JSON data
dropped
Chrome Cache Entry: 192
ASCII text, with very long lines (5955)
downloaded
Chrome Cache Entry: 194
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 195
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 197
ASCII text, with very long lines (25404)
downloaded
Chrome Cache Entry: 198
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 199
ASCII text, with very long lines (8617), with no line terminators
downloaded
Chrome Cache Entry: 201
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 204
JSON data
downloaded
Chrome Cache Entry: 205
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 206
ASCII text, with very long lines (44642), with no line terminators
downloaded
Chrome Cache Entry: 207
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 208
Web Open Font Format (Version 2), TrueType, length 27984, version 1.0
downloaded
Chrome Cache Entry: 209
ASCII text
downloaded
Chrome Cache Entry: 210
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 212
ASCII text, with very long lines (34592)
downloaded
Chrome Cache Entry: 214
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 216
ASCII text, with very long lines (1601), with no line terminators
downloaded
Chrome Cache Entry: 217
ASCII text, with very long lines (32064)
downloaded
Chrome Cache Entry: 219
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 220
ASCII text, with very long lines (590)
downloaded
Chrome Cache Entry: 221
Unicode text, UTF-8 text, with very long lines (4848), with no line terminators
downloaded
Chrome Cache Entry: 224
ASCII text, with very long lines (15111), with no line terminators
downloaded
Chrome Cache Entry: 225
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 226
Web Open Font Format, TrueType, length 32124, version 1.6554
downloaded
Chrome Cache Entry: 227
HTML document, ASCII text, with very long lines (565), with no line terminators
downloaded
Chrome Cache Entry: 228
ASCII text, with very long lines (64350)
downloaded
Chrome Cache Entry: 229
ASCII text, with very long lines (5140)
downloaded
Chrome Cache Entry: 231
JSON data
downloaded
Chrome Cache Entry: 232
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 234
ASCII text, with very long lines (4779), with no line terminators
downloaded
Chrome Cache Entry: 235
ASCII text, with very long lines (58253), with no line terminators
downloaded
Chrome Cache Entry: 236
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 237
gzip compressed data, was "main.2bdc3040.js", last modified: Wed May 1 18:11:28 2024, from Unix, original size modulo 2^32 70611
downloaded
Chrome Cache Entry: 238
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 239
PNG image data, 1064 x 728, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 242
ASCII text, with very long lines (520), with no line terminators
downloaded
Chrome Cache Entry: 243
ASCII text
dropped
Chrome Cache Entry: 244
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 245
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
downloaded
Chrome Cache Entry: 246
JSON data
downloaded
Chrome Cache Entry: 247
ASCII text, with very long lines (13094)
downloaded
Chrome Cache Entry: 249
HTML document, Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 253
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 254
ASCII text, with very long lines (65536), with no line terminators
downloaded
There are 81 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://auth.wetransfer.com/u/email-verification?ticket=UMfLRteVQF69UfcpnPNcqr1zYCapKJ2R
https://wetransfer.com/log-in?message=This%20URL%20can%20be%20used%20only%20once&success=false
https://match.adsrvr.org/track/upb/?adv=81c3jgn&ref=https%3A%2F%2Fauth.wetransfer.com%2Flogin%3Fstate%3DhKFo2SBXYVVhOUtzVkpnZlZRZ1ZZTUZ5RDdKWlRsdVBlZkZiTKFupWxvZ2luo3RpZNkgcjdDdjlDR1JvRDh3NGVSMFUtUW0yNGVKcjd4SDUtVEOjY2lk2SBkWFdGUWppVzFqeFdDRkcwaE9WcHFyazRoOXZHZWFuYw%26client%3DdXWFQjiW1jxWCFG0hOVpqrk4h9vGeanc%26protocol%3Doauth2%26audience%3Daud%253A%252F%252Ftransfer-api-prod.wetransfer%252F%26redirect_uri%3Dhttps%253A%252F%252Fwetransfer.com%252Faccount%252Fcallback%253Fmessage%253DThis%252BURL%252Bcan%252Bbe%252Bused%252Bonly%252Bonce%2526success%253Dfalse%2526finalizeSSOAuth%253D1%2526login%253D1%26cache%3D%255Bobject%2520Object%255D%26initialScreen%3Dlogin%26lang%3Den%26scope%3Dopenid%2520profile%2520email%2520offline_access%26response_type%3Dcode%26response_mode%3Dquery%26nonce%3DOEVQT05vMGJ1dG9YdjhXZHFIaU9zSE5lUzVQOWtveX5NZWpfU3BvS0xwRA%253D%253D%26code_challenge%3DNmZ3UkV9N2f2wg3DG3Aw78nbv5j2hh4WZrzCIyiYwdI%26code_challenge_method%3DS256%26auth0Client%3DeyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMyJ9&upid=re36kbe&upv=1.1.0
https://auth.wetransfer.com/login?state=hKFo2SBXYVVhOUtzVkpnZlZRZ1ZZTUZ5RDdKWlRsdVBlZkZiTKFupWxvZ2luo3RpZNkgcjdDdjlDR1JvRDh3NGVSMFUtUW0yNGVKcjd4SDUtVEOjY2lk2SBkWFdGUWppVzFqeFdDRkcwaE9WcHFyazRoOXZHZWFuYw&client=dXWFQjiW1jxWCFG0hOVpqrk4h9vGeanc&protocol=oauth2&audience=aud%3A%2F%2Ftransfer-api-prod.wetransfer%2F&redirect_uri=https%3A%2F%2Fwetransfer.com%2Faccount%2Fcallback%3Fmessage%3DThis%2BURL%2Bcan%2Bbe%2Bused%2Bonly%2Bonce%26success%3Dfalse%26finalizeSSOAuth%3D1%26login%3D1&cache=%5Bobject%20Object%5D&initialScreen=login&lang=en&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&nonce=OEVQT05vMGJ1dG9YdjhXZHFIaU9zSE5lUzVQOWtveX5NZWpfU3BvS0xwRA%3D%3D&code_challenge=NmZ3UkV9N2f2wg3DG3Aw78nbv5j2hh4WZrzCIyiYwdI&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMyJ9
about:blank

Domains

Name
IP
Malicious
jsdelivr.map.fastly.net
151.101.129.229
d3orhvfyxudxxq.cloudfront.net
13.224.14.68
eu01.in.treasuredata.com
3.123.206.73
sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com
52.51.67.217
analytics.wetransfer.com
18.172.170.84
auth.wetransfer.com
52.84.162.120
dg2iu7dxxehbo.cloudfront.net
13.224.0.51
adservice.google.com
142.251.33.98
auth-cdn.wetransfer.com
3.163.158.54
stats.g.doubleclick.net
74.125.135.154
insight.adsrvr.org
15.197.193.217
scontent.xx.fbcdn.net
157.240.3.29
cdnjs.cloudflare.com
104.17.24.14
www.google.com
142.251.215.228
ara.paa-reporting-advertising.amazon
108.138.94.68
dp0wn1kjwhg75.cloudfront.net
3.163.179.42
match.adsrvr.org
35.71.131.137
star-mini.c10r.facebook.com
157.240.3.35
s.amazon-adsystem.com
52.46.130.91
ad.doubleclick.net
142.251.33.70
e-prod-alb-s105-us-east-1-01.adzerk.net
34.206.101.223
cdn.treasuredata.com
13.224.14.80
dna8twue3dlxq.cloudfront.net
3.163.158.96
d1ykf07e75w7ss.cloudfront.net
3.162.29.237
dualstack.reddit.map.fastly.net
151.101.129.140
prod.pinterest.global.map.fastly.net
151.101.128.84
di.rlcdn.com
34.49.212.111
googleads.g.doubleclick.net
142.250.69.194
reddit.map.fastly.net
151.101.65.140
dualstack.pinterest.map.fastly.net
151.101.200.84
www.datadoghq-browser-agent.com
13.224.0.72
www.google.co.uk
142.251.33.99
cdn.wetransfer.com
13.224.14.17
wetransfer.com
13.224.14.122
auth-session-caching.wetransfer.net
176.34.201.149
experiments.wetransfer.com
3.163.165.2
tagging.wetransfer.com
18.172.170.9
alb.reddit.com
unknown
cdn.jsdelivr.net
unknown
snowplow.wetransfer.com
unknown
ct.pinterest.com
unknown
www.facebook.com
unknown
www.redditstatic.com
unknown
js.adsrvr.org
unknown
c.amazon-adsystem.com
unknown
images.ctfassets.net
unknown
connect.facebook.net
unknown
public.profitwell.com
unknown
s.pinimg.com
unknown
e-10220.adzerk.net
unknown
cdn.auth0.com
unknown
There are 41 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
108.138.94.68
ara.paa-reporting-advertising.amazon
United States
142.250.217.99
unknown
United States
52.84.162.120
auth.wetransfer.com
United States
173.194.202.155
unknown
United States
157.240.3.35
star-mini.c10r.facebook.com
United States
142.251.211.232
unknown
United States
13.224.14.68
d3orhvfyxudxxq.cloudfront.net
United States
142.251.211.230
unknown
United States
151.101.128.84
prod.pinterest.global.map.fastly.net
United States
151.101.193.140
unknown
United States
151.101.65.140
reddit.map.fastly.net
United States
52.29.24.158
unknown
United States
18.172.170.9
tagging.wetransfer.com
United States
3.123.206.73
eu01.in.treasuredata.com
United States
13.224.14.122
wetransfer.com
United States
35.71.131.137
match.adsrvr.org
United States
13.224.14.124
unknown
United States
172.217.14.238
unknown
United States
151.101.200.84
dualstack.pinterest.map.fastly.net
United States
13.224.0.51
dg2iu7dxxehbo.cloudfront.net
United States
1.1.1.1
unknown
Australia
13.224.14.17
cdn.wetransfer.com
United States
142.251.33.104
unknown
United States
52.51.67.217
sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com
United States
3.163.179.42
dp0wn1kjwhg75.cloudfront.net
United States
157.240.3.29
scontent.xx.fbcdn.net
United States
131.253.33.237
unknown
United States
74.125.135.154
stats.g.doubleclick.net
United States
142.251.33.70
ad.doubleclick.net
United States
52.84.162.118
unknown
United States
239.255.255.250
unknown
Reserved
3.162.29.237
d1ykf07e75w7ss.cloudfront.net
United States
3.163.165.2
experiments.wetransfer.com
United States
3.163.165.112
unknown
United States
3.163.158.54
auth-cdn.wetransfer.com
United States
3.163.158.96
dna8twue3dlxq.cloudfront.net
United States
151.101.129.229
jsdelivr.map.fastly.net
United States
151.101.64.84
unknown
United States
192.168.2.16
unknown
unknown
74.125.142.84
unknown
United States
15.197.193.217
insight.adsrvr.org
United States
142.251.215.228
www.google.com
United States
142.251.215.227
unknown
United States
142.250.69.194
googleads.g.doubleclick.net
United States
142.251.33.66
unknown
United States
172.217.14.198
unknown
United States
176.34.201.149
auth-session-caching.wetransfer.net
Ireland
13.224.0.72
www.datadoghq-browser-agent.com
United States
142.251.211.226
unknown
United States
104.17.24.14
cdnjs.cloudflare.com
United States
34.49.212.111
di.rlcdn.com
United States
151.101.1.140
unknown
United States
108.138.94.75
unknown
United States
142.251.215.238
unknown
United States
13.224.14.80
cdn.treasuredata.com
United States
18.172.170.41
unknown
United States
142.251.33.99
www.google.co.uk
United States
18.172.170.84
analytics.wetransfer.com
United States
142.251.33.98
adservice.google.com
United States
52.46.130.91
s.amazon-adsystem.com
United States
151.101.129.140
dualstack.reddit.map.fastly.net
United States
34.206.101.223
e-prod-alb-s105-us-east-1-01.adzerk.net
United States
209.54.182.161
unknown
United States
142.250.69.202
unknown
United States
There are 54 hidden IPs, click here to show them.