Report - itefix.net/download/free/cwrsync_5.5.0_x86

Report Overview

Visited public
2024-09-27 04:55:21
Tags
URL
itefix.net/download/free/cwrsync_5.5.0_x86_free.zip
Finishing URL
itefix.net/download/free/cwrsync_5.5.0_x86_free.zip
IP / ASN
136.243.133.44
#24940 Hetzner Online GmbH
Title
itefix.net/download/free/cwrsync_5.5.0_x86_free.zip

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-26 18:37:24	981 B	2.7 kB	23.33.119.27
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-26 18:37:25	1.6 kB	4.4 kB	23.33.119.57
itefix.net	unknown	2014-03-25	2017-02-01 12:40:12	2023-01-07 02:24:19	505 B	3.5 MB	136.243.133.44

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
itefix.net/download/free/cwrsync_5.5.0_x86_free.zip
IP
136.243.133.44
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.5 MB (3474219 bytes)
Hash
970256d0f548b970d5af4b9014916438
f9c78b13a7cbc037bdd874f5b4adc7457114ed1a
37e8ef21ac975d4ee86c9d3be40c8935e8b9d0ba84e9302fc106b9452296cb85

Archive (14)

Filename

Md5

File type

cygcrypto-1.0.0.dll

9fadd6dcf6802b32fb90a0af84a7314a

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 11 sections

cyggcc_s-1.dll

6663a80da58e7610d219c0b6d97a5b49

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 10 sections

cygiconv-2.dll

d9f1e51f181cab4988cfa5b936f9553a

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 11 sections

cygintl-8.dll

6482ee64bd6167ba624111303b684c5c

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 11 sections

cygpopt-0.dll

75cfa1e81ca103b0b753a70e06160c49

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 9 sections

cygssp-0.dll

2598bafc006873eb207d38bf2a435e97

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 10 sections

cygwin1.dll

23c7f511f6eec2154cc471745cc3a822

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 14 sections

cygz.dll

9fb185fb5ca0ed73f71b640508671088

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 11 sections

rsync.exe

e8c76dfec3c03e44eddff089dd85f489

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

ssh-keygen.exe

704434f1b59abc76fb29459f691e16c0

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

ssh.exe

01d7450357fee34e0b39696fb273904c

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

cwrsync.cmd

83713ec4e0fa1e5afb487d33da7746b1

DOS batch file, ASCII text, with CRLF line terminators

README.cwrsync.txt

69e8cb8a1cd8bd622303fdfb40ddfe33

ASCII text, with CRLF line terminators

README.rsync.txt

43c5583be00f8aaed32345776ff6241f

ASCII text

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (9)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash b6ecb6018a51380d08a47460236a395c 1ce7fe77c21188624302a660a289fe1ce6e7a9e4 ec876edd163ea26b47c9b862c795844f5dd01452095287ea5cd920e3b512672a HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "EC876EDD163EA26B47C9B862C795844F5DD01452095287EA5CD920E3B512672A" Last-Modified: Wed, 25 Sep 2024 21:19:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4032 Expires: Fri, 27 Sep 2024 06:02:06 GMT Date: Fri, 27 Sep 2024 04:54:54 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 4d7d2c93c05c23af00bdd2de1aa8def8 5d690fe96336335097f6edc39f269282fc0c03d5 ad3bf98d190e8a00b304b608273e81b0d73805059020c0e08e318194738dbe08 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "AD3BF98D190E8A00B304B608273E81B0D73805059020C0E08E318194738DBE08" Last-Modified: Wed, 25 Sep 2024 00:20:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=17302 Expires: Fri, 27 Sep 2024 09:43:16 GMT Date: Fri, 27 Sep 2024 04:54:54 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c43e2541e37815678381469c9e5da2d7 8826a1dacc67c90e98c00b0b34736b52cc7724ad e3a32ce3cf72d63e19b8798f97958504386b93f037f1b1c0ee9b1bacef7b7ab7 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "E3A32CE3CF72D63E19B8798F97958504386B93F037F1B1C0EE9B1BACEF7B7AB7" Last-Modified: Wed, 25 Sep 2024 02:37:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3807 Expires: Fri, 27 Sep 2024 05:58:21 GMT Date: Fri, 27 Sep 2024 04:54:54 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c56ad8f187bab174c38e26d598c6aa0a 29826babc65a845692a857af04aeeb939efd9935 b6710c289ff4da1da6b1f806831b07467e01453a6aeae5c6a8d927943715e76c HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "B6710C289FF4DA1DA6B1F806831B07467E01453A6AEAE5C6A8D927943715E76C" Last-Modified: Thu, 26 Sep 2024 17:06:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3334 Expires: Fri, 27 Sep 2024 05:50:28 GMT Date: Fri, 27 Sep 2024 04:54:54 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 4309fe1d4c467e23c778ce8fdd122fb4 74e107d2cbe70870f25ce8ef97b029382891a222 30c2859d04a3ec55022d7dd5dc93c4db6cc4228b87917714ef51f135904931ac HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "30C2859D04A3EC55022D7DD5DC93C4DB6CC4228B87917714EF51F135904931AC" Last-Modified: Wed, 25 Sep 2024 11:37:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=21572 Expires: Fri, 27 Sep 2024 10:54:27 GMT Date: Fri, 27 Sep 2024 04:54:55 GMT Connection: keep-alive`

	itefix.net/download/free/cwrsync_5.5.0_x86_free.zip	136.243.133.44	200 OK	3.5 MB
URL User Request GET HTTP/1.1 itefix.net/download/free/cwrsync_5.5.0_x86_free.zip IP 136.243.133.44:443 ASN #24940 Hetzner Online GmbH Certificate IssuerLet's Encrypt Subjectitefix.no Fingerprint97:29:5C:3F:AE:AF:CB:8E:CC:E8:66:77:61:45:52:F6:CA:D7:A2:D3 ValiditySat, 10 Aug 2024 02:04:44 GMT - Fri, 08 Nov 2024 02:04:43 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 3.5 MB (3474219 bytes) Hash 970256d0f548b970d5af4b9014916438 f9c78b13a7cbc037bdd874f5b4adc7457114ed1a 37e8ef21ac975d4ee86c9d3be40c8935e8b9d0ba84e9302fc106b9452296cb85 HTTP Headers `GET /download/free/cwrsync_5.5.0_x86_free.zip HTTP/1.1 Host: itefix.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 04:54:55 GMT Server: Apache Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Content-Type-Options: nosniff X-Drupal-Cache: HIT Etag: "1727412317-1" Content-Language: en X-Frame-Options: DENY, SAMEORIGIN Cache-Control: public, max-age=0 Last-Modified: Fri, 27 Sep 2024 04:45:17 GMT Expires: Sun, 19 Nov 1978 05:00:00 GMT Vary: Cookie,Accept-Encoding Content-Encoding: gzip Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

	r11.o.lencr.org/	23.33.119.27		504 B
URL r11.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 64108df12984593f36170f27e6fb80f2 6754152a60740508014d3d1f98750e881548eaa8 32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0 HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0" Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3040 Expires: Fri, 27 Sep 2024 05:45:36 GMT Date: Fri, 27 Sep 2024 04:54:56 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.33.119.27		504 B
URL r11.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 64108df12984593f36170f27e6fb80f2 6754152a60740508014d3d1f98750e881548eaa8 32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0 HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0" Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3040 Expires: Fri, 27 Sep 2024 05:45:36 GMT Date: Fri, 27 Sep 2024 04:54:56 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.33.119.27		504 B
URL r11.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 64108df12984593f36170f27e6fb80f2 6754152a60740508014d3d1f98750e881548eaa8 32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0 HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0" Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3040 Expires: Fri, 27 Sep 2024 05:45:36 GMT Date: Fri, 27 Sep 2024 04:54:56 GMT Connection: keep-alive`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (14)

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers