{"report_id":"65779b07-1085-48c9-b269-e35a17acdc61","version":6,"status":"done","tags":["phishing","tycoon","aitm"],"date":"2025-10-02T07:43:59Z","url":{"schema":"http","addr":"overture.woohougoulive.com/LJ@XOLrswDX3yU/*Dallin.Pedersen@slurpmail.net","fqdn":"overture.woohougoulive.com","domain":"woohougoulive.com","tld":"com"},"ip":{"addr":"104.21.26.184","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"overture.woohougoulive.com/LJ@XOLrswDX3yU/*Dallin.Pedersen@slurpmail.net","fqdn":"overture.woohougoulive.com","domain":"woohougoulive.com","tld":"com"},"title":"​"},"submit":{"url":{"schema":"http","addr":"overture.woohougoulive.com/LJ@XOLrswDX3yU/*Dallin.Pedersen@slurpmail.net","fqdn":"overture.woohougoulive.com","domain":"woohougoulive.com","tld":"com"},"ip":{"addr":"104.21.26.184","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-06T07:43:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]},"summary":[{"fqdn":"overture.woohougoulive.com","ip":{"addr":"104.21.26.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-20","domain_rank":0,"first_seen":"2025-09-24T01:13:24.347553Z","last_seen":"2025-09-24T01:13:24.347553Z","alert_count":2,"request_count":2,"received_data":18618,"sent_data":1767,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"overture.woohougoulive.com/LJ@XOLrswDX3yU/*Dallin.Pedersen@slurpmail.net","fqdn":"overture.woohougoulive.com","domain":"woohougoulive.com","tld":"com"},"ip":{"addr":"104.21.26.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"984184d0bc1af41ecc77a8c631374454","sha1":"36f3e97965d4160320e4c0e038c14ab1f86663ac","sha256":"3ef515355cfdb9a5bf97fa7d1e083a7c759b89619a0903acea4b8f387ca7468b","sha512":"682164803a30055a67c911f58be47ef3f2648b5551496a5ac861bfbb9e6614cbddb774ca9618bd00d95ca371ef2046080af4fc92a86f6569ab9e24a478f7f6d0","ssdeep":"","tlshash":"e901d07731171c7a0cce9dbf94e5faa8791000813e40e881207c8c2dae67c82967f5d8","size":754,"data":"","first_seen":"2025-09-30T10:29:27.979603Z","last_seen":"2025-10-02T07:44:00.155859Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"overture.woohougoulive.com/LJ@XOLrswDX3yU/*Dallin.Pedersen@slurpmail.net","fqdn":"overture.woohougoulive.com","domain":"woohougoulive.com","tld":"com"},"ip":{"addr":"104.21.26.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-02T07:43:34.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"woohougoulive.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 20 Aug 2025 20:06:39 GMT","end":"Tue, 18 Nov 2025 21:05:07 GMT"},"fingerprint":{"sha1":"C5:D9:7E:60:94:D3:F1:FA:79:72:A5:BC:DA:1D:55:AF:A8:84:49:C6","sha256":"AF:39:67:3B:B9:AF:60:BD:92:F5:10:14:43:DD:09:D3:7D:D3:CE:3E:4E:53:47:3F:C5:B6:1B:5C:9C:DA:74:87"}}},"request":{"raw":"GET /LJ@XOLrswDX3yU/*Dallin.Pedersen@slurpmail.net HTTP/1.1\r\nHost: overture.woohougoulive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 02 Oct 2025 07:43:40 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nAJYHKGYA5MMH65ZRXLJk2pw4LrCPDJ1DPc%2Bam7a8ks00CLWR5eXE%2FrGc8f9wrX%2ByQOFB5PqzXgxDRMV94uQKhRlWrp%2BZLRm3qL6fjV0BSo%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IllBTVZWZjFZZ1NmcVdaanBkWm5TOFE9PSIsInZhbHVlIjoiUEQ4TEJlSmtINStZb25ZYWtKQUlIVllCcERuODFaQkNMbzlwTzZadHN6aG1IUm1iVUR6anVUWk9ja2hKNDhuL0UrSlhnbVNtMTdub1dkREMzVlJGMi9VbDRMMFhXZWs5SG9Hb253NEI4M1lIZjJXL3VRNkVDcitGWXUvS1IvVGUiLCJtYWMiOiIyMzllOThhMDhjOTMyNmRjNDk5ZDI3ZGY2NTgyOGZhMzI0Mzg5YWM4MTIzZjg1OTc5MDIzY2YzNjg4NzJhODI3IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 02 Oct 2025 09:43:40 GMT\nlaravel_session=eyJpdiI6ImRHK0tqNjJzdHdOSkEzb2xhcTZ3blE9PSIsInZhbHVlIjoiamNIVEk2N05INHl3Rng5cUhHeFFrRHlHcEdtRnJlR0VqQXhuVUc3NkYzZnJmRm9Gc2xmUnF2RWJ2SlhkVVR5TEhtMS9tZnlDNEZXUlFJa3QrdTFMTDdHeGE2TUVRb25EWk8zY01PMXd5dmlvT3pTc3N1ckczc2VnaGl1VHlvNVkiLCJtYWMiOiI5YWM4OGI3YmU1YTU4Mjg4MGM2YTViYmU4Nzg4MzgwMTY0NjY2YWMxOGQwMGQzNWVlMmMwODIxNjBhYjkwNGEwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 02 Oct 2025 09:43:40 GMT\r\ncf-ray: 988291f02ffe0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7229,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7227), with no line terminators","md5":"447cac4a9b697553e64e4874a853d18d","sha1":"2f06963a634ed37c8b0c4180e888c0a712517ab4","sha256":"3584896b13fb184bc68f9c3982ad426a405e856311797d2bf6f76b32dc7cddec","sha512":"19b437b4e491d6a2bf3ea6aac41692d4ae81c1298ef3ae92026e9c79850fa20cb07a3e1cda68f4bee110e75cb69835623bf390e22d7947a26273d513343d7a8a","ssdeep":"192:NikLC/tfH/vWqWFx2fBJeOOk+9TWKWo14eagcuIabvZi:Er+9HNVTo","tlshash":"94e1652322001039a913d3d9abe5975d2158804af7926cbfa3ac037d4bddeedd66b590","first_seen":"2025-10-02T07:44:00.154178Z","last_seen":"2025-10-02T07:44:00.154178Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10960,"timings":{"blocked":5170,"dns":5000,"connect":2,"send":0,"wait":620,"receive":0,"ssl":168},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"overture.woohougoulive.com/favicon.ico","fqdn":"overture.woohougoulive.com","domain":"woohougoulive.com","tld":"com"},"ip":{"addr":"104.21.26.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://overture.woohougoulive.com/LJ@XOLrswDX3yU/*Dallin.Pedersen@slurpmail.net","date":"2025-10-02T07:43:40.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"woohougoulive.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 20 Aug 2025 20:06:39 GMT","end":"Tue, 18 Nov 2025 21:05:07 GMT"},"fingerprint":{"sha1":"C5:D9:7E:60:94:D3:F1:FA:79:72:A5:BC:DA:1D:55:AF:A8:84:49:C6","sha256":"AF:39:67:3B:B9:AF:60:BD:92:F5:10:14:43:DD:09:D3:7D:D3:CE:3E:4E:53:47:3F:C5:B6:1B:5C:9C:DA:74:87"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: overture.woohougoulive.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://overture.woohougoulive.com/LJ@XOLrswDX3yU/*Dallin.Pedersen@slurpmail.net\r\nCookie: XSRF-TOKEN=eyJpdiI6IllBTVZWZjFZZ1NmcVdaanBkWm5TOFE9PSIsInZhbHVlIjoiUEQ4TEJlSmtINStZb25ZYWtKQUlIVllCcERuODFaQkNMbzlwTzZadHN6aG1IUm1iVUR6anVUWk9ja2hKNDhuL0UrSlhnbVNtMTdub1dkREMzVlJGMi9VbDRMMFhXZWs5SG9Hb253NEI4M1lIZjJXL3VRNkVDcitGWXUvS1IvVGUiLCJtYWMiOiIyMzllOThhMDhjOTMyNmRjNDk5ZDI3ZGY2NTgyOGZhMzI0Mzg5YWM4MTIzZjg1OTc5MDIzY2YzNjg4NzJhODI3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImRHK0tqNjJzdHdOSkEzb2xhcTZ3blE9PSIsInZhbHVlIjoiamNIVEk2N05INHl3Rng5cUhHeFFrRHlHcEdtRnJlR0VqQXhuVUc3NkYzZnJmRm9Gc2xmUnF2RWJ2SlhkVVR5TEhtMS9tZnlDNEZXUlFJa3QrdTFMTDdHeGE2TUVRb25EWk8zY01PMXd5dmlvT3pTc3N1ckczc2VnaGl1VHlvNVkiLCJtYWMiOiI5YWM4OGI3YmU1YTU4Mjg4MGM2YTViYmU4Nzg4MzgwMTY0NjY2YWMxOGQwMGQzNWVlMmMwODIxNjBhYjkwNGEwIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 02 Oct 2025 07:43:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: private, max-age=14400\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hDv5B%2Fs2oXaCE7MaZ4rdvVPaetr%2FZA4eMnHHr%2FtQQbKWlioNow8j64UneTHzuKYU8sew60IHGqh9h9UzT%2F%2Bf1hH2bsSXMa65OynoV8b7wh0%3D\"}]}\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ik9HUE0rMStpb2xoMm1mc2lOUkRYT3c9PSIsInZhbHVlIjoiL29ibXBoclZ2UEZxaExOTHd4djVPQVZSbmxzSnltSDhTRFdxZjVtNXBndDZOa3MvNzV3YWVYNXBsZnI4anZqY2pOR2h6cXRZM2d6em9GcWZRdGRmMWhKblN5UW1PMTk3aEFTOW1SM2xWNm12N1JPYzB5V0pqZkxueElPZFB0ZGsiLCJtYWMiOiI1NjU5NmFiZDY1NjY3ZGQwZjE0MjA4MjA4YzY0OGU3NWQ0NjY0MWZiMDQ0NzhmMjkxN2U5OGM2ZDQ2ZWU4Njk5IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 02 Oct 2025 09:43:41 GMT\nlaravel_session=eyJpdiI6IjRpS0Q5MVBnZXNzTUliUy9UY0pPa2c9PSIsInZhbHVlIjoieWVKRGU2b2VMb3p6Ti9WVFA4aE9xZExJMC94RzFzaU5MMmV6c3RBUGRNTlBRZDNtOFdMK1hteU8yTkNUWjUxazJYUmtmeER3WDAvZFRNK3NCN0NNam00aE1OTHo3NzRYcUdUYlFORW5OZWRaaExKY01iZHFSK2tKVUIzVnZoMFoiLCJtYWMiOiI1YzM3YzFlYWQ3YmFhY2M3MzFhYWUyZTJhZmUyYzczN2U0NzE3Y2E0ZjA5N2NjYWVmM2U5ZmI5ZGFmZWQwNjQwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 02 Oct 2025 09:43:41 GMT\r\ncf-ray: 988291f489e70883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8377,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (317)","md5":"a9c530e2c5a14b9a586ee9419a9d40aa","sha1":"a2496e730ab3a4202ead3e5d36daeb1dc6100ca6","sha256":"89b7bcfe4a3df577e9b269fc601361a40a3f6f04463e548ed0f337fe159cbad9","sha512":"621f6baeb80b5cadcf043207d99de6cec65de78fb089d6f3bf34547f6fc7e92efa4a9e35c1e2854ccf155b9f6f6773a561c1654bea38e005ad663cb8931732d8","ssdeep":"96:uaTh/yOBJjRN3KJ2PO4u3Bnr94xccYp6UNNfvPlYf+lc2:uaThqOBJjzI2P0pcoUfA","tlshash":"a602526112f224bb10ab89e3b5611f72ace1c107ca6bc10571bd42a63feac42adc331d","first_seen":"2025-09-22T02:30:39.560105Z","last_seen":"2025-10-14T15:18:58.000163Z","times_seen":693,"resource_available":false,"data":null}},"time_used":1056,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1056,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}}]}