{"report_id":"fbfd769b-4a59-4103-9328-9cbe68cecb3a","version":6,"status":"done","tags":[],"date":"2025-10-23T20:41:56Z","url":{"schema":"http","addr":"boys-hdrezka-ua.net/375-cikava-ideya-ukrainskiy/4-season","fqdn":"boys-hdrezka-ua.net","domain":"boys-hdrezka-ua.net","tld":"net"},"ip":{"addr":"91.132.188.158","port":0,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"boys-hdrezka-ua.net/375-cikava-ideya-ukrainskiy/4-season","fqdn":"boys-hdrezka-ua.net","domain":"boys-hdrezka-ua.net","tld":"net"},"title":"Ошибка доступа (403)"},"submit":{"url":{"schema":"http","addr":"boys-hdrezka-ua.net/375-cikava-ideya-ukrainskiy/4-season","fqdn":"boys-hdrezka-ua.net","domain":"boys-hdrezka-ua.net","tld":"net"},"ip":{"addr":"91.132.188.158","port":0,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-27T20:41:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T20:41:33Z","timestamp":1761252093,"ip_dst":{"addr":"172.18.0.2","port":34188,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"91.132.188.158","port":443,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-10-23T20:41:33.926185+0000\",\"flow_id\":799085426471221,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"91.132.188.158\",\"src_port\":443,\"dest_ip\":\"172.18.0.2\",\"dest_port\":34188,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=boys-hdrezka-ua.net\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"76:92:CA:0B:65:19:CC:A4:7C:24:33:C0:55:EA:C8:F5\",\"fingerprint\":\"9e:ce:e3:e4:9c:63:19:74:ca:bd:80:9e:e5:e9:6c:53:fc:99:d9:0d\",\"sni\":\"boys-hdrezka-ua.net\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-10-17T00:00:00\",\"notafter\":\"2026-01-15T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"263c859c5391203d774bc0599793d915\",\"string\":\"771,49200,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1211,\"bytes_toclient\":5873,\"start\":\"2025-10-23T20:41:33.749877+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"boys-hdrezka-ua.net","ip":{"addr":"91.132.188.158","port":443,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"domain_registered":"2023-06-26","domain_rank":0,"first_seen":"2025-10-23T20:41:56.508344Z","last_seen":"2025-10-23T20:41:56.508344Z","alert_count":0,"request_count":3,"received_data":81149,"sent_data":1580,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T20:41:33Z","timestamp":1761252093,"ip_dst":{"addr":"172.18.0.2","port":34188,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"91.132.188.158","port":443,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-10-23T20:41:33.926185+0000\",\"flow_id\":799085426471221,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"91.132.188.158\",\"src_port\":443,\"dest_ip\":\"172.18.0.2\",\"dest_port\":34188,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=boys-hdrezka-ua.net\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"76:92:CA:0B:65:19:CC:A4:7C:24:33:C0:55:EA:C8:F5\",\"fingerprint\":\"9e:ce:e3:e4:9c:63:19:74:ca:bd:80:9e:e5:e9:6c:53:fc:99:d9:0d\",\"sni\":\"boys-hdrezka-ua.net\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-10-17T00:00:00\",\"notafter\":\"2026-01-15T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"263c859c5391203d774bc0599793d915\",\"string\":\"771,49200,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1211,\"bytes_toclient\":5873,\"start\":\"2025-10-23T20:41:33.749877+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"boys-hdrezka-ua.net/375-cikava-ideya-ukrainskiy/4-season","fqdn":"boys-hdrezka-ua.net","domain":"boys-hdrezka-ua.net","tld":"net"},"ip":{"addr":"91.132.188.158","port":443,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-23T20:41:33.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"boys-hdrezka-ua.net","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 17 Oct 2025 00:00:00 GMT","end":"Thu, 15 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9E:CE:E3:E4:9C:63:19:74:CA:BD:80:9E:E5:E9:6C:53:FC:99:D9:0D","sha256":"E4:3B:11:16:27:FC:08:D0:4E:1E:94:D4:1E:70:57:12:EC:26:BB:B7:4F:F3:AC:66:9E:7A:31:48:D5:19:BB:A7"}}},"request":{"raw":"GET /375-cikava-ideya-ukrainskiy/4-season HTTP/1.1\r\nHost: boys-hdrezka-ua.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Thu, 23 Oct 2025 20:41:34 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: PHPSESSID=tqaclq6dfjndrfg4fj2ugi3p0h; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nX-Frame-Options: DENY\r\nContent-Encoding: gzip\r\nX-Hdrezka-Dmn: boys-hdrezka-ua.net\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":26711,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (23738)","md5":"8a3317f0866e5220c78f577d345b7804","sha1":"594f416305540ec022f4f8558f6957ee7940b671","sha256":"344869e99322941a4186a53346d5fc89b854ef36592798d756d32a9d4d767909","sha512":"903eaba9a0f057f3453c363e66ff4baabba4df1bd6f1e5870c92c6e076ce0c6d9e89220555e70e205885b1bea92cb27810fbed422c0c6844dfda572c59fcfe1a","ssdeep":"768:vof0Cx5E1yQivpF5OZPx+DHm2y8qOoNROCP0:vSz2qvS+DHry8qOoNRTP0","tlshash":"63c25b41772242fdb4039f6951b228047875bcaf379122c9fe8e0f41ef167e646caa79","first_seen":"2025-04-16T06:32:54.999515Z","last_seen":"2026-03-21T02:59:39.483879Z","times_seen":21,"resource_available":true,"data":null}},"time_used":1007,"timings":{"blocked":416,"dns":54,"connect":53,"send":0,"wait":172,"receive":1,"ssl":307},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"boys-hdrezka-ua.net/375-cikava-ideya-ukrainskiy/4-season","fqdn":"boys-hdrezka-ua.net","domain":"boys-hdrezka-ua.net","tld":"net"},"ip":{"addr":"91.132.188.158","port":80,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-23T20:41:34.369Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /375-cikava-ideya-ukrainskiy/4-season HTTP/1.1\r\nHost: boys-hdrezka-ua.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=tqaclq6dfjndrfg4fj2ugi3p0h\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Thu, 23 Oct 2025 20:41:34 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://boys-hdrezka-ua.net/375-cikava-ideya-ukrainskiy/4-season\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26711,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":51,"dns":0,"connect":55,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"boys-hdrezka-ua.net/375-cikava-ideya-ukrainskiy/4-season","fqdn":"boys-hdrezka-ua.net","domain":"boys-hdrezka-ua.net","tld":"net"},"ip":{"addr":"91.132.188.158","port":443,"asn":200019,"as":"Alexhost Srl","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-23T20:41:34.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"boys-hdrezka-ua.net","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 17 Oct 2025 00:00:00 GMT","end":"Thu, 15 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9E:CE:E3:E4:9C:63:19:74:CA:BD:80:9E:E5:E9:6C:53:FC:99:D9:0D","sha256":"E4:3B:11:16:27:FC:08:D0:4E:1E:94:D4:1E:70:57:12:EC:26:BB:B7:4F:F3:AC:66:9E:7A:31:48:D5:19:BB:A7"}}},"request":{"raw":"GET /375-cikava-ideya-ukrainskiy/4-season HTTP/1.1\r\nHost: boys-hdrezka-ua.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=tqaclq6dfjndrfg4fj2ugi3p0h\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Thu, 23 Oct 2025 20:41:34 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nX-Frame-Options: DENY\r\nContent-Encoding: gzip\r\nX-Hdrezka-Dmn: boys-hdrezka-ua.net\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26711,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (23738)","md5":"8a3317f0866e5220c78f577d345b7804","sha1":"594f416305540ec022f4f8558f6957ee7940b671","sha256":"344869e99322941a4186a53346d5fc89b854ef36592798d756d32a9d4d767909","sha512":"903eaba9a0f057f3453c363e66ff4baabba4df1bd6f1e5870c92c6e076ce0c6d9e89220555e70e205885b1bea92cb27810fbed422c0c6844dfda572c59fcfe1a","ssdeep":"768:vof0Cx5E1yQivpF5OZPx+DHm2y8qOoNROCP0:vSz2qvS+DHry8qOoNRTP0","tlshash":"63c25b41772242fdb4039f6951b228047875bcaf379122c9fe8e0f41ef167e646caa79","first_seen":"2025-04-16T06:32:54.999515Z","last_seen":"2026-03-21T02:59:39.483879Z","times_seen":21,"resource_available":true,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}