{"report_id":"b44aef97-2c4a-430d-b7ac-be5983113195","version":6,"status":"done","tags":[],"date":"2026-03-01T01:30:54Z","url":{"schema":"http","addr":"sg.pintosoft.com/foni/1.9/FocusOnIV_1.9_en.exe?","fqdn":"sg.pintosoft.com","domain":"pintosoft.com","tld":"com"},"ip":{"addr":"185.199.110.153","port":0,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing","dom":{"size":3632,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"50c3beacf30e4c1c7780b57548093459","sha1":"48f6ce3535beef5f02c41506c1a51253fc7c68bf","sha256":"36989bcd2f84a675e8a91a9b27084f20ba142fb0b500e85ae8527c87fa3a5b4b","sha512":"4be4f628fcb17766cc07a49e80745099526e2887ff886d17ebebe2b823ee1f27aaa1837a125630c98498cce7af3d2a05eae1732645a961ddea04b6f4d170b94f","ssdeep":"","tlshash":"3b7146a514f1552b18a383a5de817b1bdf926a07cf8d6a807b9e00f22f97d54887f20d","dom_hash":"domhash03f850468cad29251ed949292c202f85","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"sg.pintosoft.com/foni/1.9/FocusOnIV_1.9_en.exe?","fqdn":"sg.pintosoft.com","domain":"pintosoft.com","tld":"com"},"ip":{"addr":"185.199.110.153","port":0,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-05T01:30:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-01","alert":"Detect files is `SliverFox` malware","trigger":"sg.pintosoft.com/foni/1.9/FocusOnIV_1.9_en.exe?","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null},"summary":[{"fqdn":"sg.pintosoft.com","ip":{"addr":"185.199.111.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2013-07-25","domain_rank":0,"first_seen":"2014-08-06T12:23:38Z","last_seen":"2026-01-29T01:41:22.123106Z","alert_count":1,"request_count":1,"received_data":4278196,"sent_data":515,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"440520ed5a798fa937062935376a7cb2","sha1":"d9e3926c91d4d48a6d550c56067b6cf7c5ad8068","sha256":"00391820343774803e5d3d60282d8a784ffcc39dc96da31e8a89bbede5eb6f65","sha512":"be730be5970c9a23bb39ff1b3173d8adcf2a8ceaad478aa2cfb0b865d8f92161f28fac05307c790e32f1302992df5a4aa7f8a5575bac8c8a2b28acfec5e7c300","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":4277520,"url":{"schema":"https","addr":"sg.pintosoft.com/foni/1.9/FocusOnIV_1.9_en.exe?","fqdn":"sg.pintosoft.com","domain":"pintosoft.com","tld":"com"},"ip":{"addr":"185.199.111.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-01","alert":"Detect files is `SliverFox` malware","trigger":"sg.pintosoft.com/foni/1.9/FocusOnIV_1.9_en.exe?","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"sg.pintosoft.com/foni/1.9/FocusOnIV_1.9_en.exe?","fqdn":"sg.pintosoft.com","domain":"pintosoft.com","tld":"com"},"ip":{"addr":"185.199.111.153","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-01T01:30:29.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sg.pintosoft.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Dec 2025 11:53:38 GMT","end":"Tue, 31 Mar 2026 11:53:37 GMT"},"fingerprint":{"sha1":"5C:5A:26:85:10:EF:A3:49:9F:2D:37:BA:8C:6F:3F:BD:21:0C:BB:FB","sha256":"1E:4A:76:82:1E:93:02:29:86:A4:5A:DB:A9:1E:93:B1:62:EB:61:6E:82:CC:BA:EF:2B:9B:3A:AF:73:64:00:36"}}},"request":{"raw":"GET /foni/1.9/FocusOnIV_1.9_en.exe? HTTP/1.1\r\nHost: sg.pintosoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: GitHub.com\r\ncontent-type: application/octet-stream\r\nlast-modified: Fri, 06 Feb 2026 08:50:04 GMT\r\naccess-control-allow-origin: *\r\netag: W/\"6985ab3c-414510\"\r\nexpires: Sun, 01 Mar 2026 01:40:30 GMT\r\ncache-control: max-age=600\r\ncontent-encoding: gzip\r\nx-proxy-cache: MISS\r\nx-github-request-id: CB78:2435B1:261965B:2671DA1:69A396B6\r\naccept-ranges: bytes\r\ndate: Sun, 01 Mar 2026 01:30:30 GMT\r\nvia: 1.1 varnish\r\nage: 0\r\nx-served-by: cache-hel1410024-HEL\r\nx-cache: MISS\r\nx-cache-hits: 0\r\nx-timer: S1772328630.360927,VS0,VE337\r\nvary: Accept-Encoding\r\nx-fastly-request-id: e8f5053fe69294410a780a8f0a70f6e288138f10\r\ncontent-length: 4254648\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]}],"data":{"size":4277520,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","md5":"440520ed5a798fa937062935376a7cb2","sha1":"d9e3926c91d4d48a6d550c56067b6cf7c5ad8068","sha256":"00391820343774803e5d3d60282d8a784ffcc39dc96da31e8a89bbede5eb6f65","sha512":"be730be5970c9a23bb39ff1b3173d8adcf2a8ceaad478aa2cfb0b865d8f92161f28fac05307c790e32f1302992df5a4aa7f8a5575bac8c8a2b28acfec5e7c300","ssdeep":"24576:TdRuIrQ3s9jKhPG3nPc7Bjm2ycNwJZ/glmPP8cpx3c:zuIrQir3PaFoYIX8QxM","tlshash":"ea252355b5a127faf39966711afc1ea251f4b93d060bc23b23f00f333421a898d66767","first_seen":"2025-12-26T01:29:10.409625Z","last_seen":"2026-03-19T01:50:57.511735Z","times_seen":5,"resource_available":true,"data":null}},"time_used":1547,"timings":{"blocked":436,"dns":401,"connect":13,"send":0,"wait":350,"receive":324,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-03-01","alert":"Detect files is `SliverFox` malware","trigger":"sg.pintosoft.com/foni/1.9/FocusOnIV_1.9_en.exe?","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null}}]}