{"report_id":"dee44106-ba6e-4ed2-9daf-862b9c3b6ab2","version":6,"status":"done","tags":[],"date":"2025-05-01T16:40:29Z","url":{"schema":"http","addr":"software.biztree.com/dist/Business-in-a-Box_Setup_DE.exe?_ga=2.221704024.1382949064.1572284928-1089982209.1572284928","fqdn":"software.biztree.com","domain":"biztree.com","tld":"com"},"ip":{"addr":"108.156.22.104","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-10T16:40:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"software.biztree.com","ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2001-03-06","domain_rank":948697,"first_seen":"2018-10-10T07:13:29Z","last_seen":"2025-04-26T16:32:36.095162Z","alert_count":1,"request_count":1,"received_data":520160,"sent_data":584,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"4ba6af9c42ce5cc6ec016bf5af6c1f43","sha1":"f35bc78cd0d94f2631401efce7d897d67720092a","sha256":"463bbd620fc6b0db5d03d2e1e7f92ab81aa8a5ccd2bfdcfcbbb623479851051f","sha512":"1475e7727cfbacf9176a084065dc7c235bafebd1b4444e9cfe55cb960d7e72fb10077ce646bc1bafd0019d20da8066843a847214e27aa08cb39b05b3d62fa5e7","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","size":519552,"url":{"schema":"https","addr":"software.biztree.com/dist/Business-in-a-Box_Setup_DE.exe?_ga=2.221704024.1382949064.1572284928-1089982209.1572284928","fqdn":"software.biztree.com","domain":"biztree.com","tld":"com"},"ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-28","alert":"Scan result 9/70","trigger":"463bbd620fc6b0db5d03d2e1e7f92ab81aa8a5ccd2bfdcfcbbb623479851051f","verdict":"suspicious","severity":"","comment":"suspicious - 9/70","link":"https://www.virustotal.com/gui/file/463bbd620fc6b0db5d03d2e1e7f92ab81aa8a5ccd2bfdcfcbbb623479851051f","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"4ba6af9c42ce5cc6ec016bf5af6c1f43","sha1":"f35bc78cd0d94f2631401efce7d897d67720092a","sha256":"463bbd620fc6b0db5d03d2e1e7f92ab81aa8a5ccd2bfdcfcbbb623479851051f","sha512":"1475e7727cfbacf9176a084065dc7c235bafebd1b4444e9cfe55cb960d7e72fb10077ce646bc1bafd0019d20da8066843a847214e27aa08cb39b05b3d62fa5e7","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","size":519552,"url":{"schema":"https","addr":"software.biztree.com/dist/Business-in-a-Box_Setup_DE.exe?_ga=2.221704024.1382949064.1572284928-1089982209.1572284928","fqdn":"software.biztree.com","domain":"biztree.com","tld":"com"},"ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-28","alert":"Scan result 9/70","trigger":"463bbd620fc6b0db5d03d2e1e7f92ab81aa8a5ccd2bfdcfcbbb623479851051f","verdict":"suspicious","severity":"","comment":"suspicious - 9/70","link":"https://www.virustotal.com/gui/file/463bbd620fc6b0db5d03d2e1e7f92ab81aa8a5ccd2bfdcfcbbb623479851051f","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"software.biztree.com/dist/Business-in-a-Box_Setup_DE.exe?_ga=2.221704024.1382949064.1572284928-1089982209.1572284928","fqdn":"software.biztree.com","domain":"biztree.com","tld":"com"},"ip":{"addr":"54.240.174.44","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-01T16:39:57.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.biztree.com","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 12 Jun 2024 19:16:36 GMT","end":"Mon, 14 Jul 2025 19:16:36 GMT"},"fingerprint":{"sha1":"30:60:F6:7A:D3:25:95:59:60:5B:88:43:02:49:B4:1F:1C:BF:F2:AE","sha256":"BE:C1:60:E8:09:C6:48:BF:D1:B0:CC:9D:97:07:2F:3A:17:5E:0B:B5:4E:12:26:09:6E:2F:94:DB:78:75:41:D3"}}},"request":{"raw":"GET /dist/Business-in-a-Box_Setup_DE.exe?_ga=2.221704024.1382949064.1572284928-1089982209.1572284928 HTTP/1.1\r\nHost: software.biztree.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":3685,"data":"9DV3$3X3f3n373aNAENASJbSbG6Qb6AbJoGmbkoAHf1Ju4bxAhNB+10q7JAeDbihAb$TA0A7SAp+6qAmAFXV8TA23oS4AcX-4Au3hsnAEq6idpd0-4AZ3umAo3osZXsuZqAa6AHsZVdJJbGyXSn4Fj4BH$HA7FmFFN$V36XhlSA33b$+qA$Bu276b3AI3679A6zAVDA0t+-+A+$AAjDAuqA8fBDj6AAClxrzjJq4s7-iH3ALEDbq1HZYqbdYmjEDp4AkXLJj1VAB5-29AJ9ytTn9HAAf9eLBAb+piAwAuSdA+DinJ3A1F4qpvJDbAn4$PVZO-jrqJA7130fXi$oLbe6Zndbr6ZGcoDfhRnWm7-5XZqSAG96Q9h5bZn4z4cs$cAVj6JVlA6+e21ss1osI7N$V0rxU6iNNTXJGhsDuf7m+7AHhhbAJ7ex6xpNSdHLC8sgkc1oVVHLIGeQuSeuNa-SGonEsCktSc3qR7nxhVxuNIl3E54EuB16JclGeoncHTAHktoBFRSR+AiAFH4Tiqy5+pDkF7i-1UJi-DoEBe+JndbUEAqZ$BfZ7zTja0aHyyF6Qb0Q8Dq+DDEwnqJREbo-xiaqh9BW4Tr41aHb1bF7925977qxhuA8Zln49W8Bo7xD109V3r-Jq4dSu+OubBz69ZNqPbuZDh+AwbYcv3e8po17r+Ar-DwioikTK6ihVdA56Ako4zNt+Qi-6oyATeA1EDRh6EAk+7dbzbri-5t5-TB61RSVASbA11R9BIh7uBpZAEqc$eVjIbldsGASubi316JE$guA+$NzJ$+Nuqc3q9Bh+o7BzuXdqK61dqdhRu3k+G6btA37oPs$bT+u7vB1l1AYCbDh4QbTvNIl47blqsXA4tmbV$3V6JD64mT2AJEqBhmz3WfX7oHA19B$JVAjch74T63J9qSoFHJoN3bA2bTZNP$gdbgH2ATftR8DN6qu3GA1HN5Nez3E37+Jc$74GJA8kE5NGzj161V3D+fb4HXmfB1+Ni4H6q7oo6RkTc$NzymbruqPXQ+AQoybbVX4vqwAdeDQs4zJobG187tRv3RoyAoBb3B2V64RVSA7uN7feBBqed+A4NDED0ASmTqU7-DJbG8dnbGzNIHybVdb17qBH2BqkoXtLa-t4Wkl4VNC+o7hT0nb3U6q9b53J-jzu$VpqeFUoJ+sEBg6F4DotWbA2J1A3oh57hkfD6b66GEqdAVVjg6TzjVNTmT-+ezba-5zTRoddqH+ozTQ31bVcsD7bds7BAjbDoBcFsVTot7dqTbJUJK+RoqVhtUAd+gEAE64aTeHsHbyxrSyk6i+JQ$37oxhRip$+R6J4X41TQX2ueeA3aq4$gzxyNJBB1bJbOC+e9S$t6mZ5$G7qW+G4dvZo+H2OX1Tnx1hV0+N1j1+3qJS+RVr2h2BG+syiNCu7VjXsx33p7eHxzcWyn$sDV3Eo47J3L7HWVfXzsQ6AkSHAjBBIbG6JW6Ti-zAo33Ps9TNXliuABC6UyfXQmjIbr-xk35hVEAnAj4s7XbqJ5+pg69WTPN37n2637q9SubaBUo4o4zTTh16Ohtb3zA6qHNeb3uDv3RAEb0+J9eVq6bV$a68tnA3LJvFPASu3uqLAw696G6q9AbJ2+SX26T4T23$NYYV-yRS$3Ao$hV6qbVN3ENjh76GED6Ae$5bDEm1VmAwb3oy7naFW+TZOYnAq8DTptbJ+Ndeb3hmeAjoFhVhVzA9x2AVH5z3pqw3rhFu4EDXqnbqsSlTEqg3j+t+g99+DR4eAVA1h+bT9NSADuibA4Tdbh6Bie2nHJhxzbS+otTqoVNaBv+NUdqJlVJagA1UJkTEJE6rEGbAVTpqISDua+sAe0V4Nveyb87Jq34$6A5U4FA4bwN2b3+YUJLJj+ZsU8pdATSHbv+7uq-D2bjFLA2hVV3+b7QHo4u8-TbqW$sht6Jo+yNk$NNeonUJsq$+LbDuDcSuNa1a6kNI6JBAH3Q+5hS7ABAf3JA1HfdqSNpNvhtuka72qD6cuajJ-JXCchDbJ8suSv3PNjb3Hw43yN53f7gVezJ6bT8q+G6qoqLx6a1+J8EzsVN1$-6xkmaqXhpXH+G8oAT$343+Bo+s43cN+JrhFjJuA4VGAVhQEmdq2qc$3yJuDvqu3QNDAqz4EV4ad3R6J+EZd48i$pyVVSATqNaZ7oQbD+JqN1+NsDhS6JjAU+abJ7n7q0qn6nbb-VX3hJLbr6463m$obpNjbJH8uA430+HA1oqi4jb5$J1adT1h$3J+5o$HVvqIFDAwhY0m+AgNVN5eFA-v3S3kAdbc1sHAKb-u0uXAq1VNNk3RH4h3dAVdnbzt5+V9SzxmyH+koV8DYBuT9od+eHA9buhoA56GzAiNoSDo$zwb3YqHln61Emuqv36176Jbm-TBAjA86oVSAGKA0AV+3uq1Vx14Jb3LXw7o93oHysszVPAiAQNSbu1Vaqq01Aw6AVQXJ9ATB+hmoAlJ0NIA2GBzfEqOq4$4bAbAkTIxyNgbq7AVqSN1+ExdVVoAg3cbi63gNF307wbF7qd366P2wA1-s+AbQTS+bDaAU5EDHbpF4mdon8DgNaZnoTDTzAcbilTSAEp46TEmH3IJW6dHUiGVi+HF+76FbDHQO3TzB+xNw+ZyAA62Abc737qo3FB68BKq034wR+4Em4-4HHlDZTE4a3IHFbih5uBRS6XL+QUEtptV9A8hm9Y2GFoBAB+C$3e4+JqGOds2TA7iDXaX6W547Fs18yobTbrhbJJ0JDAihtANWA+tmytHqAARN7p3RCiABbUA1+1grX67$LhqX3nHr91AtcR84+JQlINo+Fy-LSKA15ooUsV4TAbgv8X+n+LAAExZR57ezAIiRLCa1a-fSRAVNq2LlGZVHXq+hSVd-G0Fh53iuPRdkm0JBAiuH6foqTaXNqb+p3FJbAEbo6izQmH-NY5Hh5Q49TZ21P7uDoiCH+bpl7+s+-N3fJWAIholJ+DTUUQvylhXdJiNmsDgFy-NAuCplYbD66s0437mVuD+B2f8iE+wbohlhTXOxBDA1u38D8iKAIunAJ+DnxC0tRQAqA3LrY1XOLLec0aNg67A5HT9qH7ENXbpe2N3VqKbFAqb09Y-bi3w6TuqkTGB65P+7Q-s0arELS+5YC5w6rfGP2JHClwIrvP96geXquJzW3waoHT$AgIe6XT16N4UpB+BkLzHTkTknUrylihVaTq3ENJ+VuHp+SAyssL2HjmT6b8$7gXHTSVy3p3V+i+G-Du3Rblv79xqJ+A$+t+RAe-DTFdbgu7A4AHv3ZsvJ29e6JzbsNJbGHm0Hsqe3Q+3KOZT4iq+XyGhbs94AFVX+bA3732x6W1jqo+8JTNyNjh$bNxfSAQNec6As65xu$md+Th+vHjqQUPt7H3vE3qRbNoyhn6J4iRb1mFAwAxAoNg9WAfAo3Q3JAeA99p3FAQ3xDLb736LFGmARASbCbqxjh8WhAasc30b13Q3xA2bCASAeNQqx32A+N53$Nt3+Np87oVAwb53sp+CKbA31CaNt37Ct3yn+AW3QNr3+bqJebYJ$AnbVNkNoA+3+AFJTB6btAL4e3xeobIA5edbqJNVTxqxgAf3npqJUATAe32+Ebk8IbLVl+rNkN6bp3DAH-pWwAjb6AmAUbiNvCiNiN13QAsCpN5Ctnbd3A"}},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/octet-stream\r\nContent-Length: 519552\r\nConnection: keep-alive\r\nx-amz-meta-jets3t-original-file-date-iso8601: 2017-05-30T13:26:29.083Z\r\nx-amz-meta-md5-hash: 4ba6af9c42ce5cc6ec016bf5af6c1f43\r\nLast-Modified: Tue, 30 May 2017 14:50:42 GMT\r\nServer: AmazonS3\r\nDate: Thu, 01 May 2025 16:39:58 GMT\r\nETag: \"4ba6af9c42ce5cc6ec016bf5af6c1f43\"\r\nVary: Accept-Encoding\r\nX-Cache: Hit from cloudfront\r\nVia: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P1\r\nX-Amz-Cf-Id: h0erSbp99umE1E3FobDUB15EnhhHmBXWg87354eCNxZGHumsUBuJXQ==\r\nAge: 14639\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":519552,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","md5":"4ba6af9c42ce5cc6ec016bf5af6c1f43","sha1":"f35bc78cd0d94f2631401efce7d897d67720092a","sha256":"463bbd620fc6b0db5d03d2e1e7f92ab81aa8a5ccd2bfdcfcbbb623479851051f","sha512":"1475e7727cfbacf9176a084065dc7c235bafebd1b4444e9cfe55cb960d7e72fb10077ce646bc1bafd0019d20da8066843a847214e27aa08cb39b05b3d62fa5e7","ssdeep":"12288:xotWWmuUXXZbwES8TxNdACoPkKfaVWrAHwfe5gofVoSj3:EmhBwEpDoPkKf4lGe5lfb3","tlshash":"92b42376d9b448b0f1da2f7b08ebbb895770f0087958e17f551a34783a22784758f8ac","first_seen":"2025-01-23T05:28:07.058329Z","last_seen":"2025-05-01T16:40:30.599011Z","times_seen":26,"resource_available":false,"data":null}},"time_used":2297,"timings":{"blocked":1124,"dns":105,"connect":1,"send":0,"wait":27,"receive":19,"ssl":1017},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-28","alert":"Scan result 9/70","trigger":"463bbd620fc6b0db5d03d2e1e7f92ab81aa8a5ccd2bfdcfcbbb623479851051f","verdict":"suspicious","severity":"","comment":"suspicious - 9/70","link":"https://www.virustotal.com/gui/file/463bbd620fc6b0db5d03d2e1e7f92ab81aa8a5ccd2bfdcfcbbb623479851051f","meta":null}],"urlquery":null}}]}