C2 Command and Control from the site transfer.sh #3

New Issue

Closed

opened 2026-01-19 18:28:36 +00:00 by michael · 1 comment

michael commented 2026-01-19 18:28:36 +00:00

Owner

Copy Link

Originally created by @chaosgmd3-wiss on GitHub.

Hi everyone,

I've noticed some unusual activity related to transfer.sh, and I'm wondering if the main domain itself (not the uploaded files or subdirectories) is possibly being abused.

Does anyone have more information or similar observations?
Is the site still actively maintained, or could it be compromised or misused?

For example, my endpoint protection flagged it as a "2C activity" just by visiting https://transfer.sh.
If you're planning to test this yourself, please use Windows Sandbox or an isolated virtual machine, just to be safe.

Looking forward to hearing your thoughts.

Best regards

Originally created by @chaosgmd3-wiss on GitHub. Hi everyone, I've noticed some unusual activity related to transfer.sh, and I'm wondering if the main domain itself (not the uploaded files or subdirectories) is possibly being abused. Does anyone have more information or similar observations? Is the site still actively maintained, or could it be compromised or misused? For example, my endpoint protection flagged it as a "2C activity" just by visiting https://transfer.sh. If you're planning to test this yourself, please use Windows Sandbox or an isolated virtual machine, just to be safe. Looking forward to hearing your thoughts. Best regards

michael closed this issue 2026-01-19 18:28:36 +00:00

michael commented 2026-01-19 18:28:36 +00:00

Author

Owner

Copy Link

@paolafrancesca commented on GitHub:

I've no idea, as written everywhere the repo has nothing to do with the website, @stefanbenten just happens to be as much a maintainer here (with very low involvement, even less than me) and the person hosting the website.

as soon as i will have some energy i will get rid of any reference to the website and write in bigger fonts that the repo has nothing to do with it.

;)

@paolafrancesca commented on GitHub: I've no idea, as written everywhere the repo has nothing to do with the website, @stefanbenten just happens to be as much a maintainer here (with very low involvement, even less than me) and the person hosting the website. as soon as i will have some energy i will get rid of any reference to the website and write in bigger fonts that the repo has nothing to do with it. ;)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/golang.org/x/net-0.38.0

revert-646-main

dependabot/go_modules/golang.org/x/oauth2-0.27.0

check-ci-20241026

aspacca-patch-1

seed-rand

fix-basic-auth

fix-header-map-change-after-writeheader-call

issue-503

issue-487

gpg-encryption-support

lint-accept-range

bump-min-go-version-and-include-tip

accept-range

local-google-fonts

parallel-range-requests

issue-485

sb/storj-bump

fix-perform-clamav-prescan

revert-389-clamav-prescan

clamav-prescan

changes-in-front-end

ISSUE-440

revert-422-main

master

golint

ISSUE-398

multiple-fixes

ISSUE-382-take2

ISSUE-382

fix-workflows

fixes-20210521

ISSUE-371

ISSUE-38-WEB

ISSUE-313

ISSUE-296

fuzz

BINARY-RELEASES

ISSUE-256

v1.6.1

v1.6.0

v1.5.0

v1.4.0

v1.3.1

v1.3.0

v1.2.6

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

Labels

Clear labels

bug

docker

enhancement

hacktoberfest

help wanted

invalid

question

storage provider

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

michael

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dutchcoders/transfer.sh#3