{"report_id":"91869936-0e3b-405a-a69c-2e8953e7a668","version":6,"status":"done","tags":[],"date":"2026-03-08T11:47:48Z","url":{"schema":"http","addr":"nk9956.craftum.io","fqdn":"nk9956.craftum.io","domain":"craftum.io","tld":"io"},"ip":{"addr":"92.255.111.71","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"nk9956.craftum.io/","fqdn":"nk9956.craftum.io","domain":"craftum.io","tld":"io"},"title":"SFR Mail – Retrouvez votre Webmail, boite mail et adresse mail","dom":{"size":15840,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1094)","md5":"709442db4cce03507c2fe5b1d1d7c80d","sha1":"18e0c2dd7457256bf7653993dbe88071dbf16a55","sha256":"43905e3126f44ce508d72d8d9ec9de9202edbaf20bb48710bd4b54c8cd0216dd","sha512":"1cff5910006295ac6fdc00e578e33bd2ffffae1fd7fd28405a729737b037c895edc394f0d538df1024dbc50a2a8a0eaea5f758ccbd8a93cd309f197e9771b25a","ssdeep":"192:E/+4w5Sdy1Iwuh8wwNWAwAUBCxFE/2e9jR/opGJiZ/7To1LYhAIT/9BR8h2Um4Fy:E/Men6T4O9d","tlshash":"2e62c8e656b761909407d7b8ebfb6a64215494a7d60ecd683bcc139ccfc90d8c892b4c","dom_hash":"domhash3c4f3128259206b84a0aa36d3d9abde8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"nk9956.craftum.io","fqdn":"nk9956.craftum.io","domain":"craftum.io","tld":"io"},"ip":{"addr":"92.255.111.71","port":0,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-12T11:47:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-08","alert":"Sinkholed","trigger":"274418.selcdn.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-08","alert":"Sinkholed","trigger":"nk9956.craftum.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-08","alert":"Phishing Block","trigger":"nk9956.craftum.io","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-08","alert":"Sinkholed","trigger":"nk9956.craftum.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-08","alert":"Sinkholed","trigger":"nk9956.craftum.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"cbea32cd-4cfe-41fa-8a8d-fd39f73d8b65.selstorage.ru","ip":{"addr":"92.53.68.17","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2021-07-29","domain_rank":0,"first_seen":"2025-08-19T01:11:33.282079Z","last_seen":"2026-03-08T10:39:58.238476Z","alert_count":0,"request_count":1,"received_data":9186,"sent_data":497,"comment":"","tags":null,"fingerprints":null},{"fqdn":"274418.selcdn.ru","ip":{"addr":"92.53.68.16","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2012-03-06","domain_rank":0,"first_seen":"2023-02-21T18:55:58Z","last_seen":"2026-03-01T09:11:58.543784Z","alert_count":1,"request_count":1,"received_data":157365,"sent_data":528,"comment":"","tags":null,"fingerprints":null},{"fqdn":"nk9956.craftum.io","ip":{"addr":"92.255.111.71","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":1,"received_data":16085,"sent_data":486,"comment":"","tags":null,"fingerprints":[{"name":"Google PageSpeed:1.13.35.2-0","description":"Google PageSpeed is a family of tools designed to help websites performance optimisations.","website":"https://developers.google.com/speed/pagespeed/mod","common_platform_enumeration":"","icon":"Google PageSpeed.svg","categories":["Caching","Web server extensions","Performance"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"nk9956.craftum.io/","fqdn":"nk9956.craftum.io","domain":"craftum.io","tld":"io"},"ip":{"addr":"92.255.111.71","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"8461928714ddacae491548120f5aa0e9","sha1":"1dfb6f0637fef10f3a5e83c5238d0d1bb84d45af","sha256":"e01cbc422db2e138f12a76131549bbd66d773a6f6506a33613b8ee8af11b6261","sha512":"d87f32332c57b08eb186f3205bd276e02409b104d7dbd30c526a64414b6f000b8c3271f30f40098657c0e9772f65334306cf47565ea2d9e13b3d1626888e12bc","ssdeep":"","tlshash":"d6e05b3e57746530417b7166e35ee7d43976005b5045542b3d6cc5c90fc0db583b159e","size":294,"data":"","first_seen":"2023-08-25T01:25:30Z","last_seen":"2026-05-30T15:46:31.443967Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cbea32cd-4cfe-41fa-8a8d-fd39f73d8b65.selstorage.ru/statics/pages/404/images/exclam.png","fqdn":"cbea32cd-4cfe-41fa-8a8d-fd39f73d8b65.selstorage.ru","domain":"selstorage.ru","tld":"ru"},"ip":{"addr":"92.53.68.17","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nk9956.craftum.io/","date":"2026-03-08T11:47:22.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.selstorage.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 16 Feb 2026 09:54:17 GMT","end":"Sat, 20 Mar 2027 09:54:16 GMT"},"fingerprint":{"sha1":"91:CE:72:30:AF:14:D4:91:E5:63:09:59:DB:D1:4F:93:05:FF:69:2F","sha256":"EA:15:8E:C4:91:84:B1:80:96:B0:F1:3B:83:6C:3B:6C:DC:0B:37:B5:DA:70:3A:56:77:EC:46:10:48:40:2D:C4"}}},"request":{"raw":"GET /statics/pages/404/images/exclam.png HTTP/1.1\r\nHost: cbea32cd-4cfe-41fa-8a8d-fd39f73d8b65.selstorage.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nk9956.craftum.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-length: 8774\r\ncontent-type: image/png\r\netag: \"97d39183c13c0a752bf9b1298d2e3eca\"\r\nlast-modified: Wed, 22 Mar 2023 13:09:25 GMT\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding\r\nx-container-storage-policy-index: 1\r\nx-container-storage-policy-name: cold\r\ndate: Sun, 08 Mar 2026 11:24:00 GMT\r\nage: 1404\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8774,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"97d39183c13c0a752bf9b1298d2e3eca","sha1":"488059bc64e4846c8083978424fe86ebea3a6150","sha256":"06de500377ee6082db5a41fcfa2dcfdfd18b16b4341a372f4cb2227f0a29f0c0","sha512":"e352488a75c77f9c17598a206dd44130495d0b061df397df71d933fa08be5b7ab89521a0ae9a75675b099eaa7d5ccf68221db2ccff83193ab93d5b6c8c411ca3","ssdeep":"192:/S5sAuVtryfIQP7w/N1YzvXobYaD4LSmvE9PqyRFi:q5QyfrsVOzvoFM6PqyRFi","tlshash":"a602bfe831b58f8c943dc7faf2fb7dec42a461322851eb2a26e8c531b402f29d066450","first_seen":"2023-08-25T01:25:30Z","last_seen":"2026-05-30T15:46:31.441166Z","times_seen":62,"resource_available":false,"data":null}},"time_used":4392,"timings":{"blocked":1884,"dns":1298,"connect":51,"send":0,"wait":622,"receive":0,"ssl":534},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"274418.selcdn.ru/cv08300-33250f0d-0664-43fc-9dbf-9d89738d114e/uploads/753322/bb42e1c6-a02a-44fc-93d1-89d64f4efa70.png","fqdn":"274418.selcdn.ru","domain":"selcdn.ru","tld":"ru"},"ip":{"addr":"92.53.68.16","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nk9956.craftum.io/","date":"2026-03-08T11:47:22.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.selcdn.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 12 Dec 2025 10:44:38 GMT","end":"Wed, 13 Jan 2027 10:44:37 GMT"},"fingerprint":{"sha1":"52:52:29:C1:CD:D4:2F:22:A5:11:72:21:58:09:B7:F8:5D:DB:C7:B6","sha256":"0A:C5:C3:9A:69:FE:A8:D6:CD:A8:E7:BE:34:7C:75:33:72:FA:86:80:B7:F6:22:2F:76:F8:29:04:61:A0:5B:80"}}},"request":{"raw":"GET /cv08300-33250f0d-0664-43fc-9dbf-9d89738d114e/uploads/753322/bb42e1c6-a02a-44fc-93d1-89d64f4efa70.png HTTP/1.1\r\nHost: 274418.selcdn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nk9956.craftum.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges\r\ncontent-length: 156736\r\ncontent-type: image/png\r\netag: \"d199893cf3fe9be9c76b488e940476ab\"\r\nlast-modified: Sat, 07 Mar 2026 14:14:42 GMT\r\nx-container-storage-policy-index: 1\r\nx-container-storage-policy-name: cold\r\nx-timestamp: 1772892881.30785\r\nx-trans-id: 4eddbc24-2d13-47db-8317-6c5a1a5b89ed\r\ndate: Sun, 08 Mar 2026 10:01:00 GMT\r\nage: 6383\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":156736,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 600, 8-bit/color RGB, non-interlaced","md5":"d199893cf3fe9be9c76b488e940476ab","sha1":"f451ed6e6eaf87fca8536be8c439ad377db0e797","sha256":"6ea6910b90c6012455f546bb0d68e8477c258d22da6f550c9a75ffcd3403df22","sha512":"631f201ae9e29dbe16e939ec3cba73b495bb95b81b9b87dc327224690f9bc7bc7b3afde5ab79c752fc1e43487b4151b1de5617dd11b6f6003b95decee94d0986","ssdeep":"3072:wpUlk2yLNLFAOl+CzgZNJLF4e2Ap9bJNi9AYZGoljGI6JUQACQzI0GOVfQLZ:gUlZyLHAFCzgZNJOebbJN6FZGEGIpG0+","tlshash":"d9e3239c512845c44ba8305ccd978612428c57be5a79bc3785cfbfd88c3a11f2ee6e8b","first_seen":"2026-03-08T10:40:01.600554Z","last_seen":"2026-05-11T14:16:17.88863Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1249,"timings":{"blocked":-1,"dns":117,"connect":50,"send":0,"wait":72,"receive":340,"ssl":670},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-08","alert":"Sinkholed","trigger":"274418.selcdn.ru","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nk9956.craftum.io/","fqdn":"nk9956.craftum.io","domain":"craftum.io","tld":"io"},"ip":{"addr":"92.255.111.71","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-08T11:47:21.462Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.craftum.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 17 Nov 2025 06:20:04 GMT","end":"Sat, 19 Dec 2026 06:20:03 GMT"},"fingerprint":{"sha1":"20:1C:E6:28:A0:C0:0E:A7:23:A5:2B:49:E6:04:A2:58:8E:47:C6:67","sha256":"28:99:7E:0B:A8:36:4B:91:A0:6F:74:50:37:C7:55:57:7B:12:21:1F:7C:D8:23:B7:CD:AA:A2:78:E7:33:4C:59"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: nk9956.craftum.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ndate: Sun, 08 Mar 2026 11:47:22 GMT\r\ncache-control: max-age=0, no-cache\r\nx-page-speed: 1.13.35.2-0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google PageSpeed:1.13.35.2-0","description":"Google PageSpeed is a family of tools designed to help websites performance optimisations.","website":"https://developers.google.com/speed/pagespeed/mod","common_platform_enumeration":"","icon":"Google PageSpeed.svg","categories":["Caching","Web server extensions","Performance"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15861,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1094)","md5":"b732f46a13544bc75874d7ac43f5f1c7","sha1":"5e905dcec08ad55cb6d87752ef0aa0060ee23364","sha256":"42a6d35699e58e8d34e8695a2c451c838b368a4b399efd90f030236741df953f","sha512":"29c5c1bbe9657351236f9c5d682bfed1cb08c3b9f8d659136c3ee051e54eec75180d38e768bb658f0a8cdb60dd8bd8f3359f676a3d43fd171f387bf53dd5332e","ssdeep":"192:yuzw5Sdy1Iwuh8wwNWAwAUBCxFE/2e9jR/opGJiZ/7To1LYhAIT/9BR8h2Um4Fne:yuSen6T4O9SM","tlshash":"4c62d8e656b761909407d7b8ebfb6a64215490a7d60ecd683bcc139ccfc90d8c8d2b8c","first_seen":"2026-03-08T10:40:01.598057Z","last_seen":"2026-05-11T14:16:17.886987Z","times_seen":5,"resource_available":true,"data":null}},"time_used":1292,"timings":{"blocked":575,"dns":127,"connect":70,"send":0,"wait":141,"receive":0,"ssl":376},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-08","alert":"Sinkholed","trigger":"nk9956.craftum.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-08","alert":"Phishing Block","trigger":"nk9956.craftum.io","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-08","alert":"Sinkholed","trigger":"nk9956.craftum.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-08","alert":"Sinkholed","trigger":"nk9956.craftum.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}