{"report_id":"281740c6-432f-40ee-b706-31af699be392","version":0,"status":"done","tags":[],"date":"2026-06-20T07:56:34Z","url":{"schema":"http","addr":"houstontacolover.com/Mac/utility.php","fqdn":"houstontacolover.com","domain":"houstontacolover.com","tld":"com"},"ip":{"addr":"172.86.123.210","port":0,"asn":14956,"as":"ROUTERHOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"houstontacolover.com/Mac/utility.php","fqdn":"houstontacolover.com","domain":"houstontacolover.com","tld":"com"},"title":"e-sign","dom":{"size":302759,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65389)","md5":"9d8c66f674d9fa243e62b4511e96eff5","sha1":"4997c68a779ec75fa0a07b8bb029e91ae8091f25","sha256":"6a17ff95f449ffecc95e7b4e7a55d3d6d93f1fb915ba4584d1183379e6a15c7f","sha512":"1841e29655ee7894dfbc49dbe0ea528a3b6b9bd8bbe5227d44cb9d6b9853338d35ed082c87a3f5819150e17077f5bb9aee2a74b93732391ca748b26c8c70d076","ssdeep":"6144:6Edo2Cp6Edo2Cp9UNuO+L6qFnxw7Ap27rpZioq:6Edo2Cp6Edo2Cp9UNuODqFnqkp27rpZS","tlshash":"4854123157813dbb583cca8c71d13e842ed8decfc6b8524535f5a0e282ee752adb1259","dom_hash":"domhasha54d4d55d051a5234c8cada3651a2beb","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"houstontacolover.com/Mac/utility.php","fqdn":"houstontacolover.com","domain":"houstontacolover.com","tld":"com"},"ip":{"addr":"172.86.123.210","port":0,"asn":14956,"as":"ROUTERHOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-25T07:56:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"houstontacolover.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"houstontacolover.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"houstontacolover.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"houstontacolover.com","ip":{"addr":"172.86.123.210","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"United States","country_code":"US"},"domain_registered":"2013-04-22","domain_rank":0,"first_seen":"2025-10-09T14:41:49.889688Z","last_seen":"2026-06-19T16:08:27.588113Z","alert_count":6,"request_count":2,"received_data":6133637,"sent_data":1022,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"houstontacolover.com/Mac/utility.php","fqdn":"houstontacolover.com","domain":"houstontacolover.com","tld":"com"},"ip":{"addr":"172.86.123.210","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1cbb9abdf7f115c3a8680e26926a8eff","sha1":"a1044d634b6de6472a9d233d2002d7e40a73fe59","sha256":"fa3cb0eb2843ce441c0be861e48c4f8bf8b15200c924fce53ea55214db7f9fb6","sha512":"a920ba041db6e6a01cd98b76860d4a12dc18ed5efd870937a2136050590a55af1d9f0e8d51185358498222b225a869e533202254b71f0a2d5fb72a9a02c4c0b7","ssdeep":"","tlshash":"c2d0220e38a1660028656412142e25ca703b3572200c880c7c8e5ca81f0a34e401fed3","size":215,"data":"","first_seen":"2026-06-07T08:43:53.634316Z","last_seen":"2026-06-21T17:32:32.635416Z","times_seen":351,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"houstontacolover.com/Mac/download/index.php","fqdn":"houstontacolover.com","domain":"houstontacolover.com","tld":"com"},"ip":{"addr":"172.86.123.210","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T07:56:12.023Z","timestamp":1781942172023,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"houstontacolover.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Jun 2026 09:58:54 GMT","end":"Thu, 17 Sep 2026 09:58:53 GMT"},"fingerprint":{"sha1":"F9:2B:F7:91:78:D3:FA:42:43:E1:40:D8:20:26:C7:A6:B9:B0:13:F8","sha256":"E6:7B:C9:F4:EA:AE:D9:BE:E3:CF:A9:B3:C3:94:62:8F:DD:ED:A1:A5:B5:F7:77:43:73:C5:D7:75:62:5F:03:C3"}}},"request":{"raw":"GET /Mac/download/index.php HTTP/1.1\r\nHost: houstontacolover.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ncontent-description: File Transfer\r\ncontent-type: application/octet-stream\r\ncontent-disposition: attachment; filename=\"docusign.dmg\"\r\npragma: public\r\ncache-control: must-revalidate\r\nexpires: 0\r\ncontent-length: 5829950\r\ndate: Sat, 20 Jun 2026 07:56:12 GMT\r\nserver: LiteSpeed\r\nx-powered-by: CyberPanel-OLS/2.5.0\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nconnection: Keep-Alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5829950,"size_decoded":532,"mime_type":"application/octet-stream","magic":"zlib compressed data","md5":"2bb9197f59e9f58baf09efa5781df5e0","sha1":"9d54a3b3a53722417f109a54712f4c23f2225159","sha256":"c9c043f55f56d0bb810c2f18894406be5d39080dd079a6552e57c514481e7446","sha512":"7f0dd4537bc858e0e973871ac9a51521d45004eae0a492e17f81aad325354710dd2ceda084a17b34cfea51b86424b019c75e8e91dcb80e916ac2ffb514cc5f4d","ssdeep":"24576:JpZEEKuG0Inx+vc5uTyQrYKu6GY+LqURLG:vZEoGLnx+aQM/RLG","tlshash":"132533cb5ebfb7b8ef674fb640052ad6ad25870e5fde4861f88c8ca4e9d81508134427","first_seen":"2026-05-05T22:36:13.901746Z","last_seen":"2026-06-21T17:32:32.63072Z","times_seen":41,"resource_available":true,"data":null}},"time_used":1234,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":136,"receive":1098,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"houstontacolover.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"houstontacolover.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"houstontacolover.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"houstontacolover.com/Mac/utility.php","fqdn":"houstontacolover.com","domain":"houstontacolover.com","tld":"com"},"ip":{"addr":"172.86.123.210","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T07:56:07.872Z","timestamp":1781942167872,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"houstontacolover.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Jun 2026 09:58:54 GMT","end":"Thu, 17 Sep 2026 09:58:53 GMT"},"fingerprint":{"sha1":"F9:2B:F7:91:78:D3:FA:42:43:E1:40:D8:20:26:C7:A6:B9:B0:13:F8","sha256":"E6:7B:C9:F4:EA:AE:D9:BE:E3:CF:A9:B3:C3:94:62:8F:DD:ED:A1:A5:B5:F7:77:43:73:C5:D7:75:62:5F:03:C3"}}},"request":{"raw":"GET /Mac/utility.php HTTP/1.1\r\nHost: houstontacolover.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ntransfer-encoding: chunked\r\ndate: Sat, 20 Jun 2026 07:56:08 GMT\r\nserver: LiteSpeed\r\nx-powered-by: CyberPanel-OLS/2.5.0\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nconnection: Keep-Alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":302727,"size_decoded":219312,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65396), with CRLF line terminators","md5":"a4fad45bae1a2d71b2b81847cd09f90e","sha1":"c8907b421c7cb2666c1b1830b8375d8efa0b269c","sha256":"e9e6a6a564cf56c00a63b49feba06b479fa7538672afb503c6c3041677c4ba39","sha512":"cedfe21719372d4bb330035029aa0fdfe776650ddd33a7e10c32e7fc2b89f4069043147f915de9a3e9e6c3ad321a4e641ce278523ce91b3019aaae45d6cec56d","ssdeep":"6144:1Edo2Cp6Edo2Cp9lNuO+L6qFnxw7A+27rpZiow:1Edo2Cp6Edo2Cp9lNuODqFnqk+27rpZI","tlshash":"9654123157813dbb583cca8c72d13e842e98decfc6b8924535f5a0e382ee751adb1259","first_seen":"2026-01-31T21:22:59.958676Z","last_seen":"2026-06-20T21:41:10.469548Z","times_seen":368,"resource_available":true,"data":null}},"time_used":933,"timings":{"blocked":-1,"dns":3,"connect":131,"send":0,"wait":135,"receive":526,"ssl":137},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"houstontacolover.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"houstontacolover.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"houstontacolover.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}