# wetransfer.appwrite.network — MALICIOUS

> wetransfer.appwrite.network is a high-risk phishing site mimicking WeTransfer. Avoid interaction and protect your data. Stay vigilant with PhishDestroy.

## Summary
PhishDestroy identifies wetransfer.appwrite.network as a high-risk phishing domain impersonating the legitimate WeTransfer file-sharing service. The domain is currently active and aims to deceive users into divulging sensitive information under the guise of a trusted brand. Such generic phishing threats pose significant risks including identity theft, credential compromise, and potential financial loss.

Technically, wetransfer.appwrite.network resolves to IP address 151.101.131.52 and was registered recently on March 12, 2026, indicating a newly created infrastructure likely intended for short-term malicious use. The domain is listed on one security blocklist and flagged by 21 out of 95 security vendors on VirusTotal, confirming its recognized threat status among cybersecurity communities. The page title simply states "WeTransfer," further reinforcing its attempt to appear legitimate and lure unsuspecting users.

The domain remains active and should be avoided. PhishDestroy recommends immediate blocking of wetransfer.appwrite.network on network and endpoint security solutions. Users are urged not to engage with this domain or provide any personal information. Continuous monitoring and updating of phishing filters are essential to mitigate risks associated with this and similar emerging threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: WeTransfer

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- IP: 151.101.131.52
- IP Org: Cloudflare CDN
- Nameservers: ["fastly.appwrite.systems"]
- SSL Issuer: Certainly / Certainly Intermediate R1

## Detection Status
- VirusTotal: 21 vendors flagged
  Vendors: ["Abusix", "ADMINUSLabs", "alphaMountain.ai", "Cluster25", "CRDF", "CyRadar", "DNS8", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Netcraft", "OpenPhish", "SOCRadar", "Sophos", "URLQuery", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ceb4f-d210-7413-8697-bca65425ecd5.png
- PhishDestroy: https://phishdestroy.io/domain/wetransfer.appwrite.network/
- LLM endpoint: https://phishdestroy.io/domain/wetransfer.appwrite.network/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wetransfer.appwrite.network/
Last updated: 2026-03-19