{"report_id":"36b1f6fd-f0ff-4a95-912b-c20d2bfe97f6","version":6,"status":"done","tags":["microsoft","phishing"],"date":"2026-02-09T12:59:54Z","url":{"schema":"http","addr":"mail.volgatermy.key4day.ru","fqdn":"mail.volgatermy.key4day.ru","domain":"key4day.ru","tld":"ru"},"ip":{"addr":"92.53.96.117","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"mail.volgatermy.key4day.ru/","fqdn":"mail.volgatermy.key4day.ru","domain":"key4day.ru","tld":"ru"},"title":"Outlook","dom":{"size":22337,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10408)","md5":"0e7d55070714cb1d36e0cd4c9ea52ab7","sha1":"b383ccd02e1ec0de2d29fb7dbb9c78993ccc0e74","sha256":"f9e93c0cafd35f4990e1cbe08cb611e4d89a68b4e13fab1edaf8e94facb38855","sha512":"547978661a6bc6bfc3382e07f37cf2e343753ba2e0bf369aa6c27ddb4f6b0a7b07d4bdf7390e72db927b04f4c8536e27a28e6a8c75d4f0790f2318d71b038345","ssdeep":"384:dDTQ1Pzlh/DgohPz75EPlJFfggvNc4XIb2Squz62iL2/DyOfgFJ7sYA:5y8ktoJmgK4e2FuzSncCsn","tlshash":"82a2bf3ba0eb780708219158a1a267057e45f8ab0d5d6ec6b49c3bd61fdff3088d319d","dom_hash":"domhash0c296daab137227df2c3867ff34a734a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mail.volgatermy.key4day.ru","fqdn":"mail.volgatermy.key4day.ru","domain":"key4day.ru","tld":"ru"},"ip":{"addr":"92.53.96.117","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-16T12:59:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"mail.volgatermy.key4day.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-09","alert":"Phishing Block","trigger":"mail.volgatermy.key4day.ru","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"mail.volgatermy.key4day.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"mail.volgatermy.key4day.ru","ip":{"addr":"92.53.96.117","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"domain_registered":"2021-11-08","domain_rank":0,"first_seen":"2026-02-09T12:33:27.755073Z","last_seen":"2026-02-09T12:33:27.755073Z","alert_count":12,"request_count":3,"received_data":33849,"sent_data":1404,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"mail.volgatermy.key4day.ru/","fqdn":"mail.volgatermy.key4day.ru","domain":"key4day.ru","tld":"ru"},"ip":{"addr":"92.53.96.117","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"530e254056eb2b0c08e33d042ca74ac0","sha1":"aade6a94f19965542c6bcd14171cd0cecc598e8c","sha256":"302ac59c39f939d6eba91ca899d66a70f2391a4484dbea33ea020df9c268ca90","sha512":"5277a7acbba7f7efd47dc9da5970e7bbad2f5e8637d253bbbeb8cbb67b6176b6005a6323cee3e9e21557bba8a15fed92b8b34a6a8186e0023ccd695d3b60d578","ssdeep":"","tlshash":"0f3129d794eb081a1a23f42c064642257a5ef0535f85e8e1bc2df11a5f1c822dee57dd","size":1544,"data":"","first_seen":"2026-02-09T12:33:30.674602Z","last_seen":"2026-02-09T22:32:52.716233Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mail.volgatermy.key4day.ru/favicon.ico","fqdn":"mail.volgatermy.key4day.ru","domain":"key4day.ru","tld":"ru"},"ip":{"addr":"92.53.96.117","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mail.volgatermy.key4day.ru/","date":"2026-02-09T12:59:33.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mail.volgatermy.key4day.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Feb 2026 10:59:25 GMT","end":"Wed, 06 May 2026 10:59:24 GMT"},"fingerprint":{"sha1":"77:01:21:A9:73:DC:71:C5:19:E9:37:E9:2B:2A:E2:4D:28:B8:82:66","sha256":"60:87:B4:02:CF:2D:07:B2:3E:24:DC:79:88:D7:A8:2E:BD:66:FC:19:B2:55:61:BD:57:C8:67:64:A1:58:3E:4A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mail.volgatermy.key4day.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.volgatermy.key4day.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Mon, 09 Feb 2026 12:59:33 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 7886\r\nlast-modified: Thu, 05 Feb 2026 12:21:27 GMT\r\netag: \"1ece-64a12b636be2a\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7886,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"759fade9033aa298629e4b000dcd6dde","sha1":"34a1adf5c7326d7bde5b5735471b5d81e611c189","sha256":"cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e","sha512":"e96e93b13d70420d4d509d89a6337651440ae049b2a23d57c6250987003c46512c40c85c41bfa1c473a704801c961ffbe421522b89a1c34ba3b9e82a6d0769ed","ssdeep":"48:g8KokgDQoxTP0Vh0jV/H2kPxL6GUEtcrCOmgfzQumtGCzYoITin0iarrWtwVWsiw:97DdTGhGW6yS7Kvs/WjiUKqWmNQOWY","tlshash":"0cf130334afb6800e6171df04556f774c16a2d16394e58c3d88c3a6ae037be6706a9ef","first_seen":"2023-05-01T18:01:52Z","last_seen":"2026-06-07T23:40:58.891234Z","times_seen":5577,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":52,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"mail.volgatermy.key4day.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-09","alert":"Phishing Block","trigger":"mail.volgatermy.key4day.ru","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"mail.volgatermy.key4day.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.volgatermy.key4day.ru/","fqdn":"mail.volgatermy.key4day.ru","domain":"key4day.ru","tld":"ru"},"ip":{"addr":"92.53.96.117","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-09T12:59:32.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mail.volgatermy.key4day.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Feb 2026 10:59:25 GMT","end":"Wed, 06 May 2026 10:59:24 GMT"},"fingerprint":{"sha1":"77:01:21:A9:73:DC:71:C5:19:E9:37:E9:2B:2A:E2:4D:28:B8:82:66","sha256":"60:87:B4:02:CF:2D:07:B2:3E:24:DC:79:88:D7:A8:2E:BD:66:FC:19:B2:55:61:BD:57:C8:67:64:A1:58:3E:4A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mail.volgatermy.key4day.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Mon, 09 Feb 2026 12:59:32 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 05 Feb 2026 12:25:11 GMT\r\netag: W/\"5873-64a12c38f3547\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22643,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10408)","md5":"46533c89fc4eb8e02674eee9d13aa6be","sha1":"31800de3f82c70331d9be195da62b9b84299ea83","sha256":"de0ebcf9e2383c8855a329a08c5aca77ad773c2afc985eaf9f787d9f83859fcb","sha512":"4a1fc75abc0be8898a6756501029a5ca9494cff74bb9838d2aab063de56a028fd42b458ed37a8561e7eb66c78218c681238401f44ed75a37e4505401beb84af6","ssdeep":"384:1DTQ1Pzlh/DgohPz75EPlJFfggvNc4XIb2Squz62i+N/DyOfgSJ7sYA:hy8ktoJmgK4e2Fuzfwctsr","tlshash":"daa2b03ba0ebb8070821915865a273157e45f89b0d5d2ecab89c3bd61fdff3089d3199","first_seen":"2026-02-09T12:33:30.672272Z","last_seen":"2026-02-09T22:32:52.714008Z","times_seen":4,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":174,"dns":82,"connect":39,"send":0,"wait":77,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"mail.volgatermy.key4day.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"mail.volgatermy.key4day.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-09","alert":"Phishing Block","trigger":"mail.volgatermy.key4day.ru","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.volgatermy.key4day.ru/style.css","fqdn":"mail.volgatermy.key4day.ru","domain":"key4day.ru","tld":"ru"},"ip":{"addr":"92.53.96.117","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mail.volgatermy.key4day.ru/","date":"2026-02-09T12:59:33.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mail.volgatermy.key4day.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Feb 2026 10:59:25 GMT","end":"Wed, 06 May 2026 10:59:24 GMT"},"fingerprint":{"sha1":"77:01:21:A9:73:DC:71:C5:19:E9:37:E9:2B:2A:E2:4D:28:B8:82:66","sha256":"60:87:B4:02:CF:2D:07:B2:3E:24:DC:79:88:D7:A8:2E:BD:66:FC:19:B2:55:61:BD:57:C8:67:64:A1:58:3E:4A"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: mail.volgatermy.key4day.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.volgatermy.key4day.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.26.3\r\ndate: Mon, 09 Feb 2026 12:59:33 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 05 Feb 2026 12:14:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698489b6-9cd\"\r\nexpires: Tue, 09 Feb 2027 12:59:33 GMT\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2509,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"68ee627eb943adef59a9b6d32e0e07c3","sha1":"157a6962d816334cf44b7c4da7257c302c66c2d6","sha256":"117b45730eb72899d104a83415e741b66f800c9dfe2f036e02dabb5dbf8e82bd","sha512":"45969fc2b4ece7e081762c10875f55c989c5e2fa475d666454865edc2c73a0515475c807f10e9760b3ec9946373ea4fbe1a0ca8b486924634a5249c18177d4e1","ssdeep":"","tlshash":"6f511ecb2bb11615a80ff2d4b852d761335905434acfdd756ef4242cfe846e15a23b9c","first_seen":"2026-02-09T12:33:30.673161Z","last_seen":"2026-02-09T22:32:52.714963Z","times_seen":4,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-09","alert":"Phishing Block","trigger":"mail.volgatermy.key4day.ru","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"mail.volgatermy.key4day.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"mail.volgatermy.key4day.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}