{"report_id":"16be1a59-eb68-4029-9899-4611fbd98ff4","version":6,"status":"done","tags":[],"date":"2025-04-16T06:33:34Z","url":{"schema":"http","addr":"xfiles-tv3.net/238-subtitles/10-season","fqdn":"xfiles-tv3.net","domain":"xfiles-tv3.net","tld":"net"},"ip":{"addr":"91.132.189.204","port":0,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"xfiles-tv3.net/238-subtitles/10-season","fqdn":"xfiles-tv3.net","domain":"xfiles-tv3.net","tld":"net"},"title":"Ошибка доступа (403)"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-25T06:33:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"xfiles-tv3.net","ip":{"addr":"91.132.189.204","port":443,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"domain_registered":"2022-11-30","domain_rank":0,"first_seen":"2025-04-16T06:33:34.922774Z","last_seen":"2025-04-16T06:33:34.922774Z","alert_count":0,"request_count":3,"received_data":81121,"sent_data":1526,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-16T06:33:12Z","timestamp":1744785192,"ip_dst":{"addr":"172.18.0.4","port":37858,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"91.132.189.204","port":443,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-04-16T06:33:12.678078+0000\",\"flow_id\":1577547110850851,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"91.132.189.204\",\"src_port\":443,\"dest_ip\":\"172.18.0.4\",\"dest_port\":37858,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=xfiles-tv3.net\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"00:B0:86:AE:39:07:EC:FD:1B:76:90:6B:90:BB:38:16:BD\",\"fingerprint\":\"b1:b1:ee:af:cd:e7:e4:80:bd:ae:15:d9:59:34:d2:60:83:93:7b:ed\",\"sni\":\"xfiles-tv3.net\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-03-19T00:00:00\",\"notafter\":\"2025-06-17T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"263c859c5391203d774bc0599793d915\",\"string\":\"771,49200,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1211,\"bytes_toclient\":5869,\"start\":\"2025-04-16T06:33:12.500003+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"xfiles-tv3.net/238-subtitles/10-season","fqdn":"xfiles-tv3.net","domain":"xfiles-tv3.net","tld":"net"},"ip":{"addr":"91.132.189.204","port":443,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-16T06:33:13.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xfiles-tv3.net","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Mar 2025 00:00:00 GMT","end":"Tue, 17 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B1:B1:EE:AF:CD:E7:E4:80:BD:AE:15:D9:59:34:D2:60:83:93:7B:ED","sha256":"3D:D7:8B:35:A7:87:9E:BE:E2:7E:F8:7F:AE:02:32:FB:96:53:A3:2A:BF:A8:9F:77:1C:40:6E:98:FF:AD:53:3A"}}},"request":{"raw":"GET /238-subtitles/10-season HTTP/1.1\r\nHost: xfiles-tv3.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=3pp21idtufkol9kvjgudf689k5\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":551,"data":"{\"vars\":{\"gtag_id\":\"G-4LJXB6XTLN\",\"config\":{\"G-4LJXB6XTLN\":{\"groups\":\"default\",\"send_page_view\":false}}},\"triggers\":{\"trackEvent\":{\"on\":\"click\",\"selector\":\"#trending_topic_0\",\"request\":\"event\",\"vars\":{\"event_name\":\"trending_topics_top_nav\",\"cta_name\":\"IPL 2025\",\"section\":\"opinion\",\"sub_section\":\"\",\"article_id\":\"\",\"type_of_article\":\"article\",\"domain\":\"https://www.news18.com\",\"local18_district\":\"\"}}},\"configRewriter\":{\"vars\":{\"st\":\"1744785195629\",\"ct\":\"1744785195669\",\"sc\":\"1\",\"gclsrc\":\"\",\"hasGcl\":\"0\",\"hasDcl\":\"0\",\"hasExtRef\":\"0\",\"hasDocRef\":\"0\"}}}"}},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Wed, 16 Apr 2025 06:33:13 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nX-Frame-Options: DENY\r\nContent-Encoding: gzip\r\nX-Hdrezka-Dmn: xfiles-tv3.net\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":26711,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (23738)","md5":"8a3317f0866e5220c78f577d345b7804","sha1":"594f416305540ec022f4f8558f6957ee7940b671","sha256":"344869e99322941a4186a53346d5fc89b854ef36592798d756d32a9d4d767909","sha512":"903eaba9a0f057f3453c363e66ff4baabba4df1bd6f1e5870c92c6e076ce0c6d9e89220555e70e205885b1bea92cb27810fbed422c0c6844dfda572c59fcfe1a","ssdeep":"768:vof0Cx5E1yQivpF5OZPx+DHm2y8qOoNROCP0:vSz2qvS+DHry8qOoNRTP0","tlshash":"63c25b41772242fdb4039f6951b228047875bcaf379122c9fe8e0f41ef167e646caa79","first_seen":"2025-04-16T06:32:54.999515Z","last_seen":"2026-03-21T02:59:39.483879Z","times_seen":21,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xfiles-tv3.net/238-subtitles/10-season","fqdn":"xfiles-tv3.net","domain":"xfiles-tv3.net","tld":"net"},"ip":{"addr":"91.132.189.204","port":443,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-16T06:33:12.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xfiles-tv3.net","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Mar 2025 00:00:00 GMT","end":"Tue, 17 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B1:B1:EE:AF:CD:E7:E4:80:BD:AE:15:D9:59:34:D2:60:83:93:7B:ED","sha256":"3D:D7:8B:35:A7:87:9E:BE:E2:7E:F8:7F:AE:02:32:FB:96:53:A3:2A:BF:A8:9F:77:1C:40:6E:98:FF:AD:53:3A"}}},"request":{"raw":"GET /238-subtitles/10-season HTTP/1.1\r\nHost: xfiles-tv3.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Wed, 16 Apr 2025 06:33:13 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: PHPSESSID=3pp21idtufkol9kvjgudf689k5; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nX-Frame-Options: DENY\r\nContent-Encoding: gzip\r\nX-Hdrezka-Dmn: xfiles-tv3.net\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":26711,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (23738)","md5":"8a3317f0866e5220c78f577d345b7804","sha1":"594f416305540ec022f4f8558f6957ee7940b671","sha256":"344869e99322941a4186a53346d5fc89b854ef36592798d756d32a9d4d767909","sha512":"903eaba9a0f057f3453c363e66ff4baabba4df1bd6f1e5870c92c6e076ce0c6d9e89220555e70e205885b1bea92cb27810fbed422c0c6844dfda572c59fcfe1a","ssdeep":"768:vof0Cx5E1yQivpF5OZPx+DHm2y8qOoNROCP0:vSz2qvS+DHry8qOoNRTP0","tlshash":"63c25b41772242fdb4039f6951b228047875bcaf379122c9fe8e0f41ef167e646caa79","first_seen":"2025-04-16T06:32:54.999515Z","last_seen":"2026-03-21T02:59:39.483879Z","times_seen":21,"resource_available":true,"data":null}},"time_used":923,"timings":{"blocked":378,"dns":1,"connect":52,"send":0,"wait":166,"receive":1,"ssl":322},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xfiles-tv3.net/238-subtitles/10-season","fqdn":"xfiles-tv3.net","domain":"xfiles-tv3.net","tld":"net"},"ip":{"addr":"91.132.189.204","port":80,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-16T06:33:13.208Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /238-subtitles/10-season HTTP/1.1\r\nHost: xfiles-tv3.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=3pp21idtufkol9kvjgudf689k5\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1046,"data":"browserInfo=%7B%22user_agent%22%3A%22Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0)+Gecko%2F20100101+Firefox%2F134.0%22%2C%22language%22%3A%22en-US%22%2C%22color_depth%22%3A%2224%22%2C%22pixel_ratio%22%3A%221%22%2C%22hardware_concurrency%22%3A%2248%22%2C%22resolution%22%3A%221280%2C1024%22%2C%22available_resolution%22%3A%221280%2C1024%22%2C%22timezone_offset%22%3A%220%22%2C%22session_storage%22%3A%221%22%2C%22local_storage%22%3A%221%22%2C%22indexed_db%22%3A%221%22%2C%22cpu_class%22%3A%22unknown%22%2C%22navigator_platform%22%3A%22Linux+x86_64%22%2C%22do_not_track%22%3A%221%22%2C%22adblock%22%3A%22false%22%2C%22has_lied_languages%22%3A%22false%22%2C%22has_lied_resolution%22%3A%22false%22%2C%22has_lied_os%22%3A%22true%22%2C%22has_lied_browser%22%3A%22false%22%2C%22touch_support%22%3A%220%2Cfalse%2Cfalse%22%2C%22js_fonts%22%3A%22Bitstream+Vera+Sans+Mono%2CBookman+Old+Style%2CCentury%2CCentury+Schoolbook%2CCourier%2CHelvetica%2CPalatino%2CPalatino+Linotype%2CTimes%22%2C%22fp%22%3A%227bf3eb9204ef23f7d19736fd4067c81c%22%7D"}},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Wed, 16 Apr 2025 06:33:13 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://xfiles-tv3.net/238-subtitles/10-season\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":26711,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":47,"dns":0,"connect":53,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}