{"report_id":"a99d0220-4ada-4ed3-8b65-5e08fe3ca546","version":6,"status":"done","tags":[],"date":"2024-01-31T03:01:04Z","url":{"schema":"http","addr":"pkgs.tailscale.com/stable/tailscale-setup-1.44.3-x86.msi","fqdn":"pkgs.tailscale.com","domain":"tailscale.com","tld":"com"},"ip":{"addr":"199.38.181.239","port":0,"asn":36236,"as":"NETACTUATE","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T01:23:01Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pkgs.tailscale.com","ip":{"addr":"199.38.181.239","port":443,"asn":36236,"as":"NETACTUATE","country":"United States","country_code":"US"},"domain_registered":"2017-08-15","domain_rank":406879,"first_seen":"2020-03-16 08:33:43","last_seen":"2024-01-30 12:20:02","alert_count":0,"request_count":1,"received_data":358,"sent_data":510,"comment":"","tags":null,"fingerprints":null},{"fqdn":"dl.tailscale.com","ip":{"addr":"109.105.218.17","port":443,"asn":40509,"as":"FLY","country":"United States","country_code":"US"},"domain_registered":"2017-08-15","domain_rank":0,"first_seen":"2023-08-25 21:01:16","last_seen":"2024-01-30 12:20:02","alert_count":1,"request_count":1,"received_data":19735337,"sent_data":508,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"b7143d5782405d8b8bbc562e89a76a1c","sha1":"bc44843984be78521a791b11feac93efc4e292f7","sha256":"6d718e2979846b3452992a565babdbd0736aa45fd073c68dfb932631402e8a5d","sha512":"8301229e1f9e0e267c5c09765731671d8197acca53c125e77836dabe79f6e690abc51f5125141a08ad8c6dba9a61d24b090a3d50ac3352cbe14d090f7fdea310","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Tailscale is a zero config VPN for building secure networks. Install on any device in minutes. Remote access from any network or physical location. Built on WireGuard.WireGuard is a registered trademark of Jason A. Donenfeld., Author: Tailscale Inc., Keywords: Installer;Tailscale;vpn;security;privacy;wireguard;networking, Comments: This installer database contains the logic and data required to install Tailscale., Template: Intel;1033, Revision Number: {CFA1C6B0-EBFB-4F8A-9E01-32D6AE3876CE}, Create Time/Date: Mon Jan  8 20:27:48 2024, Last Saved Time/Date: Mon Jan  8 20:27:48 2024, Number of Pages: 500, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (), Security: 2","size":19735040,"url":{"schema":"https","addr":"dl.tailscale.com/stable/tailscale-setup-1.44.3-x86.msi","fqdn":"dl.tailscale.com","domain":"tailscale.com","tld":"com"},"ip":{"addr":"109.105.218.17","port":443,"asn":40509,"as":"FLY","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-01-31","alert":"Detect files is `SliverFox` malware","trigger":"dl.tailscale.com/stable/tailscale-setup-1.44.3-x86.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-01-31","alert":"Detect files is `SliverFox` malware","trigger":"dl.tailscale.com/stable/tailscale-setup-1.44.3-x86.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"pkgs.tailscale.com/stable/tailscale-setup-1.44.3-x86.msi","fqdn":"pkgs.tailscale.com","domain":"tailscale.com","tld":"com"},"ip":{"addr":"199.38.181.239","port":443,"asn":36236,"as":"NETACTUATE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-01-31T03:00:37.524Z","timestamp":1706670037524,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pkgs.tailscale.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Jan 2024 13:16:26 GMT","end":"Wed, 17 Apr 2024 13:16:25 GMT"},"fingerprint":{"sha1":"E2:F8:6D:AD:13:E2:23:10:79:F9:A3:58:F3:BC:B3:AF:67:8E:0E:A3","sha256":"05:6A:90:9F:C6:32:7A:ED:3A:A2:F0:03:84:8A:B0:6A:87:68:75:BF:39:50:CD:7E:7B:DD:4A:C5:EE:F5:4F:C6"}}},"request":{"raw":"GET /stable/tailscale-setup-1.44.3-x86.msi HTTP/1.1\r\nHost: pkgs.tailscale.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://dl.tailscale.com/stable/tailscale-setup-1.44.3-x86.msi\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\ncontent-length: 85\r\ndate: Wed, 31 Jan 2024 03:00:37 GMT\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":85,"size_decoded":85,"mime_type":"application/x-msi","magic":"HTML document, ASCII text","md5":"27f5647e72e3e81f5275d4c3a51f9ccd","sha1":"c1a47a9fd686ebd87fedf7cdf930a7e22e9c2650","sha256":"5d88096fd9e3305ee570588bd1806d847edc68a04a4cad93944063c7e2ce5bc4","sha512":"cf9b9848419c6c754bce803a69f9589e08ec57a0306efa2990a68dadb5060a7971e612106557ba481264c32bd8f915c02d84580b320e61196de4e59dfeeacfd7","ssdeep":"","tlshash":"82a012170483244d3e14c1d51000702c188a0015709388960152404d10805a410ce80f","first_seen":"2024-01-30T12:20:30Z","last_seen":"2024-08-20T10:40:31.485578Z","times_seen":2,"resource_available":false,"data":null}},"time_used":522,"timings":{"blocked":210,"dns":0,"connect":101,"send":0,"wait":102,"receive":0,"ssl":107},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dl.tailscale.com/stable/tailscale-setup-1.44.3-x86.msi","fqdn":"dl.tailscale.com","domain":"tailscale.com","tld":"com"},"ip":{"addr":"109.105.218.17","port":443,"asn":40509,"as":"FLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-01-31T03:00:37.842Z","timestamp":1706670037842,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dl.tailscale.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 23 Dec 2023 23:45:55 GMT","end":"Fri, 22 Mar 2024 23:45:54 GMT"},"fingerprint":{"sha1":"F5:77:D9:57:F8:F5:43:86:26:27:DF:C0:9D:42:35:AF:45:E7:5E:B7","sha256":"5A:80:D6:B9:D7:40:F7:4B:69:E7:F6:78:6C:F1:2E:A9:26:4D:9F:BF:E9:27:D0:F1:3B:FC:92:D5:95:A3:6A:C2"}}},"request":{"raw":"GET /stable/tailscale-setup-1.44.3-x86.msi HTTP/1.1\r\nHost: dl.tailscale.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-length: 19735040\r\ncontent-type: application/x-msi\r\nlast-modified: Mon, 08 Jan 2024 20:28:15 GMT\r\ndate: Wed, 31 Jan 2024 03:00:37 GMT\r\nserver: Fly/ba9e227a (2024-01-26)\r\nvia: 2 fly.io\r\nfly-request-id: 01HNEQC65WY2WM10YKAN1FBP3K-arn\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19735040,"size_decoded":19735040,"mime_type":"application/x-msi","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Tailscale is a zero config VPN for building secure networks. Install on any device in minutes. Remote access from any network or physical location. Built on WireGuard.WireGuard is a registered trademark of Jason A. Donenfeld., Author: Tailscale Inc., Keywords: Installer;Tailscale;vpn;security;privacy;wireguard;networking, Comments: This installer database contains the logic and data required to install Tailscale., Template: Intel;1033, Revision Number: {CFA1C6B0-EBFB-4F8A-9E01-32D6AE3876CE}, Create Time/Date: Mon Jan  8 20:27:48 2024, Last Saved Time/Date: Mon Jan  8 20:27:48 2024, Number of Pages: 500, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (), Security: 2","md5":"b7143d5782405d8b8bbc562e89a76a1c","sha1":"bc44843984be78521a791b11feac93efc4e292f7","sha256":"6d718e2979846b3452992a565babdbd0736aa45fd073c68dfb932631402e8a5d","sha512":"8301229e1f9e0e267c5c09765731671d8197acca53c125e77836dabe79f6e690abc51f5125141a08ad8c6dba9a61d24b090a3d50ac3352cbe14d090f7fdea310","ssdeep":"393216:qe676gLlGvGLKr+yWflnEhMLDWVsSjSLiKTyuWzXXMJ:qeKDGu2QlENV9SL6uV","tlshash":"5517ef1e544d822ee2a4143401bd96e68d29ad6f19b047de13833d6ffc7ea8201f9dde","first_seen":"2024-01-30T12:20:31Z","last_seen":"2025-01-14T09:09:34.593417Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1329,"timings":{"blocked":21,"dns":0,"connect":7,"send":0,"wait":37,"receive":1250,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-01-31","alert":"Detect files is `SliverFox` malware","trigger":"dl.tailscale.com/stable/tailscale-setup-1.44.3-x86.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null}}]}