Submitted URL: http://www.rewired.org/wp-content/uploads/avatars/redir.php
Effective URL: http://moodle.irtk.ru/course/zimbra.htm
Submission: On November 05 via automatic, source phishtank

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 92.127.158.64, located in Russian Federation and belongs to ROSTELECOM-AS, RU. The main domain is moodle.irtk.ru.
This is the only time moodle.irtk.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 72.47.208.155 31815 (MEDIATEMPLE)
1 92.127.158.64 12389 (ROSTELECO...)
2 159.28.1.89 1767 (ILIGHT-NET)
4 3
Apex Domain
Subdomains
Transfer
2 earlham.edu
zimbra.earlham.edu
15 KB
1 irtk.ru
moodle.irtk.ru
5 KB
1 rewired.org
www.rewired.org
278 B
4 3
Domain Requested by
2 zimbra.earlham.edu moodle.irtk.ru
1 moodle.irtk.ru www.rewired.org
1 www.rewired.org
4 3

This site contains links to these domains. Also see Links.

Domain
www.earlham.edu
www.zimbra.com
blog.zimbra.com
wiki.zimbra.com
Subject Issuer Validity Valid
*.earlham.edu
COMODO RSA Organization Validation Secure Server CA
2015-02-04 -
2020-02-03
5 years crt.sh

This page contains 1 frames:

Primary Page: http://moodle.irtk.ru/course/zimbra.htm
Frame ID: 5E062DC5D05A628E70F528412926E82F
Requests: 4 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://www.rewired.org/wp-content/uploads/avatars/redir.php Page URL
  2. http://moodle.irtk.ru/course/zimbra.htm Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

4
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

21 kB
Transfer

74 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.rewired.org/wp-content/uploads/avatars/redir.php Page URL
  2. http://moodle.irtk.ru/course/zimbra.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
redir.php
www.rewired.org/wp-content/uploads/avatars/
117 B
278 B
Document
General
Full URL
http://www.rewired.org/wp-content/uploads/avatars/redir.php
Protocol
HTTP/1.1
Server
72.47.208.155 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
kingstonhosting.com.au
Software
Apache / PleskLin
Resource Hash

Request headers

Host
www.rewired.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 05 Nov 2018 15:13:58 GMT
Server
Apache
X-Powered-By
PleskLin
Content-Length
117
Connection
close
Content-Type
text/html
Primary Request zimbra.htm
moodle.irtk.ru/course/
12 KB
5 KB
Document
General
Full URL
http://moodle.irtk.ru/course/zimbra.htm
Requested by
Host: www.rewired.org
URL: http://www.rewired.org/wp-content/uploads/avatars/redir.php
Protocol
HTTP/1.1
Server
92.127.158.64 , Russian Federation, ASN12389 (ROSTELECOM-AS, RU),
Reverse DNS
v4.sibdc.ru
Software
nginx /
Resource Hash
228f17386c7a146fbdd7af41798a06b4c3ad47928336d3255ddac6579a122c18

Request headers

Host
moodle.irtk.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.rewired.org/wp-content/uploads/avatars/redir.php
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://www.rewired.org/wp-content/uploads/avatars/redir.php

Response headers

Server
nginx
Date
Mon, 05 Nov 2018 15:13:59 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip
common,login,zhtml,skin.css
zimbra.earlham.edu/zimbra/css/
58 KB
12 KB
Stylesheet
General
Full URL
https://zimbra.earlham.edu/zimbra/css/common,login,zhtml,skin.css?skin=harmony&v=141215153641
Requested by
Host: moodle.irtk.ru
URL: http://moodle.irtk.ru/course/zimbra.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.28.1.89 Richmond, United States, ASN1767 (ILIGHT-NET - Indiana Higher Education Telecommunication System, US),
Reverse DNS
paco.earlham.edu
Software
nginx /
Resource Hash
6539c92ba10ab8aa2c9f37de99b494ba4bdfdd85a6b0a32a213c9c05b9ff789f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://moodle.irtk.ru/course/zimbra.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 05 Nov 2018 15:14:00 GMT
Content-Encoding
gzip
Server
nginx
X-Frame-Options
SAMEORIGIN
Vary
User-Agent, Accept-Encoding, User-Agent
Content-Type
text/css
Cache-Control
public, max-age=2595600
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Wed, 5 Dec 2018 16:14:00 GMT
LoginBanner_white.png
zimbra.earlham.edu/zimbra/skins/_base/logos/
3 KB
4 KB
Image
General
Full URL
https://zimbra.earlham.edu/zimbra/skins/_base/logos/LoginBanner_white.png?v=170531142844
Requested by
Host: moodle.irtk.ru
URL: http://moodle.irtk.ru/course/zimbra.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.28.1.89 Richmond, United States, ASN1767 (ILIGHT-NET - Indiana Higher Education Telecommunication System, US),
Reverse DNS
paco.earlham.edu
Software
nginx /
Resource Hash
8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://zimbra.earlham.edu/zimbra/css/common,login,zhtml,skin.css?skin=harmony&v=141215153641
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 05 Nov 2018 15:14:00 GMT
Last-Modified
Wed, 31 May 2017 19:21:22 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public, max-age=2595600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3299
Expires
Wed, 5 Dec 2018 16:14:00 GMT

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| ZmSkin object| link function| clientChange function| showWhatsThis function| onLoad function| BaseSkin object| skin

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

moodle.irtk.ru
www.rewired.org
zimbra.earlham.edu
159.28.1.89
72.47.208.155
92.127.158.64
228f17386c7a146fbdd7af41798a06b4c3ad47928336d3255ddac6579a122c18
6539c92ba10ab8aa2c9f37de99b494ba4bdfdd85a6b0a32a213c9c05b9ff789f
8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1