{"report_id":"9c571333-5b81-4a69-b99f-cf05ddd319b4","version":6,"status":"done","tags":[],"date":"2025-06-05T08:16:04Z","url":{"schema":"http","addr":"rovno.xyz","fqdn":"rovno.xyz","domain":"rovno.xyz","tld":"xyz"},"ip":{"addr":"104.248.255.79","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"rovno.xyz/","fqdn":"rovno.xyz","domain":"rovno.xyz","tld":"xyz"},"title":"rovno.xyz/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-14T08:16:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"rovno.xyz","ip":{"addr":"104.248.255.79","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"domain_registered":"2022-08-01","domain_rank":0,"first_seen":"2019-12-26T13:32:49Z","last_seen":"2025-05-26T21:32:59.734619Z","alert_count":0,"request_count":2,"received_data":503,"sent_data":903,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-06-05T08:15:43Z","timestamp":1749111343,"ip_dst":{"addr":"172.18.0.11","port":42252,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.248.255.79","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2025-06-05T08:15:43.292355+0000\",\"flow_id\":1228271831205670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.248.255.79\",\"src_port\":443,\"dest_ip\":\"172.18.0.11\",\"dest_port\":42252,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=rovno.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R10\",\"serial\":\"06:17:5B:E4:9D:E6:A8:E3:A0:98:EC:20:55:7D:52:30:71:B3\",\"fingerprint\":\"8b:60:dc:9b:57:20:a5:f6:2b:fd:98:57:af:86:c6:e0:e4:22:89:95\",\"sni\":\"rovno.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-05-21T23:03:49\",\"notafter\":\"2025-08-19T23:03:48\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"c4b2785a87896e19d37eee932070cb22\",\"string\":\"771,49199,0-65281-11-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1235,\"bytes_toclient\":3487,\"start\":\"2025-06-05T08:15:43.182054+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"rovno.xyz/","fqdn":"rovno.xyz","domain":"rovno.xyz","tld":"xyz"},"ip":{"addr":"104.248.255.79","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-06-05T08:15:43.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rovno.xyz","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 21 May 2025 23:03:49 GMT","end":"Tue, 19 Aug 2025 23:03:48 GMT"},"fingerprint":{"sha1":"8B:60:DC:9B:57:20:A5:F6:2B:FD:98:57:AF:86:C6:E0:E4:22:89:95","sha256":"7D:E2:52:2F:C2:FA:F9:73:AF:FC:E2:A2:FF:3A:29:F6:83:82:48:90:67:57:7A:74:65:32:BF:0B:41:6C:62:04"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rovno.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":883,"data":"{\"actionId\":\"3\",\"actionWayDictionaryId\":\"1\",\"trafficSource\":\"int\",\"referer\":\"\",\"currentUrl\":\"https://www.askme4date.com/aff.php?dci=a083f3fa8ab5d556351602f4a5cbda55c1baf46b\u0026utm_content=k65eq97i6nfi\u0026dynamicpage=all_wlp_1st_roulette_a\u0026tds_reason=direct\u0026tdsId=b6623koz_lp_a_1620983722190_am4d\u0026utm_source=int\u0026tds_ao=1\u0026gf=1662\u0026utm_sub=opnfnl\u0026utm_funnel=tds\u0026_disAL=true\u0026s1=int\u0026tds_ps=a\u0026tds_path=/tds/ae\u0026utm_ex=a\u0026tds_campaign=b6623koz\u0026h=1\u0026tds_oid=32899707\u0026p_tds_cid=\u0026tds_id=b6623koz_lp_a_1620983722190_am4d\u0026btUrl=aHR0cHM6Ly9jb29sZGF0ZXNmaW5kZXIuY29tL3Rkcy9hZS9jYi9zLzFhMmZmYWI3Mjc3Y2ZlNTVmMWQ4ZmMxMTI5MmRjZDNmP19fdD0xNzQ5MDkyOTYzOTQ1Jl9fbD0zNjAwJl9fYz03NTNmOGJkYTQ0Yjc3M2UxOTA3MWI3NWRkNTUyNGRmYzU3NTQ2Mjgy\u0026tds_host=cooldatesfinder.com\u0026data2=k65eq97i6nfi\u0026tds_ac_id=s6341sid\u0026data3={data3}\u0026utm_term=7\u0026utm_campaign=82cf5df0\u0026s3=topshortnews.co\u0026tds_cid=753f8bda44b773e19071b75dd5524dfc57546282/\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.15.3\r\nDate: Thu, 05 Jun 2025 08:15:43 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 16\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"6ac752d4d7fb7c81e9aee46286f3ad04","sha1":"94fb7a22390306b860c6dbc5457cc0f290d0c35a","sha256":"b5cc48332fc1239045e787a2b202b8bab0d8aa8a0a0ca01e33ed58272bba59a0","sha512":"b0bc6959b317e59fb48969d64a6b77caa8c0ff3aa754af735acfa236f765f4f186db8d49dbddb246a543910901545e1424250654c913dc845c120f518466baa1","ssdeep":"","tlshash":"2e600008000800020a802800000888282aa00a80002a0080000e00200a080c08008000","first_seen":"2023-04-18T00:48:51Z","last_seen":"2026-03-25T21:41:58.805189Z","times_seen":21,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":113,"dns":2,"connect":34,"send":0,"wait":34,"receive":1,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rovno.xyz/favicon.ico","fqdn":"rovno.xyz","domain":"rovno.xyz","tld":"xyz"},"ip":{"addr":"104.248.255.79","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"https://rovno.xyz/","date":"2025-06-05T08:15:43.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rovno.xyz","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 21 May 2025 23:03:49 GMT","end":"Tue, 19 Aug 2025 23:03:48 GMT"},"fingerprint":{"sha1":"8B:60:DC:9B:57:20:A5:F6:2B:FD:98:57:AF:86:C6:E0:E4:22:89:95","sha256":"7D:E2:52:2F:C2:FA:F9:73:AF:FC:E2:A2:FF:3A:29:F6:83:82:48:90:67:57:7A:74:65:32:BF:0B:41:6C:62:04"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rovno.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rovno.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":966,"data":"{\"csp-report\":{\"blocked-uri\":\"https://udc.yahoo.com/v2/public/yql?yhlVer=2\u0026yhlClient=rapid\u0026yhlS=1197812781\u0026yhlCT=2\u0026yhlBTMS=1749111299577\u0026yhlClientVer=3.53.30\u0026yhlRnd=MmgwQlTwojgebGhB\u0026yhlCompressed=0\",\"column-number\":13260,\"disposition\":\"report\",\"document-uri\":\"https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_7b45f3cd-fe9d-4d63-bb13-d64d7df260f4\",\"effective-directive\":\"connect-src\",\"line-number\":1,\"original-policy\":\"default-src 'none'; block-all-mixed-content; connect-src 'self'; frame-ancestors 'none'; img-src 'self' https://s.yimg.com; media-src 'none'; script-src 'self' 'nonce-yhsYUgFSA62zDiJ3nhrAjpoOAoOL2+mV' https://s.yimg.com; style-src 'self' 'nonce-yhsYUgFSA62zDiJ3nhrAjpoOAoOL2+mV' https://s.yimg.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce\",\"referrer\":\"\",\"source-file\":\"https://s.yimg.com/ss/rapid-3.53.30.js\",\"status-code\":200,\"violated-directive\":\"connect-src\"}}"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.15.3\r\nDate: Thu, 05 Jun 2025 08:15:43 GMT\r\nContent-Type: text/html\r\nContent-Length: 169\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":169,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"ce6289dd9a4010a711492f88f9cea71b","sha1":"464067510f1ac6b7e11115e33e05f4f01cb678ad","sha256":"0b8493bc43b48386d9e1e064b05a38e62d239e8194d839269ac1137279c6e081","sha512":"623ce88c7dbde0f0b2264782170c5e98d5f358f8dc4b8f4a329b026762d90d1f0987f3a860265eb33af0bdfb067bd7865d53c32a1c1691ced9f6fbc040e85ebc","ssdeep":"","tlshash":"5fc08cad7613fc9dca93227826c3a080c196933baaee85110580914370cb2998ac239a","first_seen":"2023-04-18T00:48:51Z","last_seen":"2026-01-17T17:53:06.901188Z","times_seen":60,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}