Report - itefix.net/download/free/cwrsync_6.3.0_x64

Report Overview

Visited public
2024-09-27 04:55:22
Tags
URL
itefix.net/download/free/cwrsync_6.3.0_x64_free.zip
Finishing URL
itefix.net/download/free/cwrsync_6.3.0_x64_free.zip
IP / ASN
136.243.133.44
#24940 Hetzner Online GmbH
Title
itefix.net/download/free/cwrsync_6.3.0_x64_free.zip

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-26 18:37:25	1.6 kB	4.4 kB	23.36.76.226
itefix.net	unknown	2014-03-25	2017-02-01 12:40:12	2023-01-07 02:24:19	505 B	4.4 MB	136.243.133.44
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-26 18:37:24	981 B	2.7 kB	23.33.119.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
itefix.net/download/free/cwrsync_6.3.0_x64_free.zip
IP
136.243.133.44
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
4.4 MB (4392447 bytes)
Hash
404c1123ceab9f6fc2f3202e055859ff
ae8f8cdb269c6663eb6186492160423303fc1310
d1a0622f9c4dc50b661b9114945eaf4f9deda7187130284e15acfe8299d788ca

Archive (21)

Filename

Md5

File type

cygz.dll

f6c0621e420d590cb982da9c44c617ee

PE32+ executable (DLL) (console) x86-64, for MS Windows, 12 sections

cygzstd-1.dll

375cb9459ebf2c59f36c0b729ae164f1

PE32+ executable (DLL) (console) x86-64, for MS Windows, 11 sections

cygintl-8.dll

ad70ae8a2d10815bc0052b1a20d3ae67

PE32+ executable (DLL) (console) x86-64, for MS Windows, 12 sections

ssh.exe

b498dcec818c8d4baf7c7f634d45a9a3

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

ssh-keygen.exe

42dc050dbded224691ee32614b9949c4

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

rsync.exe

dee8973d9fc45e7d9341e7032788510b

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

cyggcc_s-seh-1.dll

64342fb1055fcad95b7b9ebb4e6668db

PE32+ executable (DLL) (console) x86-64, for MS Windows, 11 sections

cygpopt-0.dll

76e32b71a1372849d216150d464840b4

PE32+ executable (DLL) (console) x86-64, for MS Windows, 11 sections

ssh-add.exe

3c4e55abe309aec74a2c22be7c238775

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

cygwin1.dll

a1c82ed072dc079dd7851f82d9aa7678

PE32+ executable (DLL) (console) x86-64, for MS Windows, 14 sections

cygcrypto-53.dll

4ee1b09f2cb9b3b8cfaca2da9815f8de

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

ssh-agent.exe

f79aadd890184e9cfc722be09a4bd197

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

cyglz4-1.dll

9ba7aa6d4794b7d99f78c1c3b7057a2e

PE32+ executable (DLL) (console) x86-64, for MS Windows, 12 sections

cygiconv-2.dll

a697051a2c45a5f42ea80e2b4c39e84b

PE32+ executable (DLL) (console) x86-64, for MS Windows, 12 sections

cwrsync.cmd

7167c0e5c632a02db5b5f7c3ffceaa24

DOS batch file, ASCII text, with CRLF line terminators

ssh_config

b9b048e8ab3db79095591944d12c9d4b

ASCII text, with no line terminators

nsswitch.conf

0beae3372af688446331d813e5228045

ASCII text, with no line terminators

README.cwrsync.txt

cc3e590ad17462e34f49948529e92587

ASCII text, with CRLF line terminators

README.rsync.txt

43c5583be00f8aaed32345776ff6241f

ASCII text

rsyncd.conf.html

e05060746cb8db4fe040e286b6ff300a

HTML document text HTML document, ASCII text

rsync.html

5b7abbbd3da5e3a70932e48bfb518ec4

HTML document text HTML document, ASCII text

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/66

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b6ecb6018a51380d08a47460236a395c
1ce7fe77c21188624302a660a289fe1ce6e7a9e4
ec876edd163ea26b47c9b862c795844f5dd01452095287ea5cd920e3b512672a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EC876EDD163EA26B47C9B862C795844F5DD01452095287EA5CD920E3B512672A"
Last-Modified: Wed, 25 Sep 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4082
Expires: Fri, 27 Sep 2024 06:02:56 GMT
Date: Fri, 27 Sep 2024 04:54:54 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d7d2c93c05c23af00bdd2de1aa8def8
5d690fe96336335097f6edc39f269282fc0c03d5
ad3bf98d190e8a00b304b608273e81b0d73805059020c0e08e318194738dbe08

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "AD3BF98D190E8A00B304B608273E81B0D73805059020C0E08E318194738DBE08"
Last-Modified: Wed, 25 Sep 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17336
Expires: Fri, 27 Sep 2024 09:43:50 GMT
Date: Fri, 27 Sep 2024 04:54:54 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c43e2541e37815678381469c9e5da2d7
8826a1dacc67c90e98c00b0b34736b52cc7724ad
e3a32ce3cf72d63e19b8798f97958504386b93f037f1b1c0ee9b1bacef7b7ab7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E3A32CE3CF72D63E19B8798F97958504386B93F037F1B1C0EE9B1BACEF7B7AB7"
Last-Modified: Wed, 25 Sep 2024 02:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3900
Expires: Fri, 27 Sep 2024 05:59:55 GMT
Date: Fri, 27 Sep 2024 04:54:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4309fe1d4c467e23c778ce8fdd122fb4
74e107d2cbe70870f25ce8ef97b029382891a222
30c2859d04a3ec55022d7dd5dc93c4db6cc4228b87917714ef51f135904931ac

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "30C2859D04A3EC55022D7DD5DC93C4DB6CC4228B87917714EF51F135904931AC"
Last-Modified: Wed, 25 Sep 2024 11:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21548
Expires: Fri, 27 Sep 2024 10:54:03 GMT
Date: Fri, 27 Sep 2024 04:54:55 GMT
Connection: keep-alive

itefix.net/download/free/cwrsync_6.3.0_x64_free.zip

136.243.133.44

200 OK

4.4 MB

URL User Request GET HTTP/1.1
itefix.net/download/free/cwrsync_6.3.0_x64_free.zip
IP
136.243.133.44:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectitefix.no
Fingerprint97:29:5C:3F:AE:AF:CB:8E:CC:E8:66:77:61:45:52:F6:CA:D7:A2:D3
ValiditySat, 10 Aug 2024 02:04:44 GMT - Fri, 08 Nov 2024 02:04:43 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
4.4 MB (4392447 bytes)
Hash
404c1123ceab9f6fc2f3202e055859ff
ae8f8cdb269c6663eb6186492160423303fc1310
d1a0622f9c4dc50b661b9114945eaf4f9deda7187130284e15acfe8299d788ca

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/66

HTTP Headers

GET /download/free/cwrsync_6.3.0_x64_free.zip HTTP/1.1
Host: itefix.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 27 Sep 2024 04:54:55 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Drupal-Cache: HIT
Etag: "1727412879-1"
Content-Language: en
X-Frame-Options: DENY, SAMEORIGIN
Cache-Control: public, max-age=0
Last-Modified: Fri, 27 Sep 2024 04:54:39 GMT
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Vary: Cookie,Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c56ad8f187bab174c38e26d598c6aa0a
29826babc65a845692a857af04aeeb939efd9935
b6710c289ff4da1da6b1f806831b07467e01453a6aeae5c6a8d927943715e76c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B6710C289FF4DA1DA6B1F806831B07467E01453A6AEAE5C6A8D927943715E76C"
Last-Modified: Thu, 26 Sep 2024 17:06:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3334
Expires: Fri, 27 Sep 2024 05:50:30 GMT
Date: Fri, 27 Sep 2024 04:54:56 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3002
Expires: Fri, 27 Sep 2024 05:45:00 GMT
Date: Fri, 27 Sep 2024 04:54:58 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3002
Expires: Fri, 27 Sep 2024 05:45:00 GMT
Date: Fri, 27 Sep 2024 04:54:58 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
64108df12984593f36170f27e6fb80f2
6754152a60740508014d3d1f98750e881548eaa8
32226a3dd41116178dae22f6632d404aa1f57d0e87e6a8da6c16c82ac41884d0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32226A3DD41116178DAE22F6632D404AA1F57D0E87E6A8DA6C16C82AC41884D0"
Last-Modified: Thu, 26 Sep 2024 16:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3002
Expires: Fri, 27 Sep 2024 05:45:00 GMT
Date: Fri, 27 Sep 2024 04:54:58 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (21)

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash