URL: https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Submission Tags: https://phish.report @phish_report Search All
Submission: On June 21 via api from FI — Scanned from IT

Summary

This website contacted 5 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 217.29.53.217, located in Russian Federation and belongs to OKBPROGRESS Moscow, Russia, RU. The main domain is etalon-it.stalmokas.ru.
TLS certificate: Issued by R3 on April 10th 2023. Valid for: 3 months.
This is the only time etalon-it.stalmokas.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 217.29.53.217 39238 (OKBPROGRE...)
3 132.187.1.110 680 (DFN Verei...)
2 132.187.1.114 680 (DFN Verei...)
2 132.187.1.113 680 (DFN Verei...)
9 5
Domain Requested by
3 webmail.uni-wuerzburg.de etalon-it.stalmokas.ru
2 webstats.uni-wuerzburg.de etalon-it.stalmokas.ru
webstats.uni-wuerzburg.de
2 www.uni-wuerzburg.de etalon-it.stalmokas.ru
2 etalon-it.stalmokas.ru etalon-it.stalmokas.ru
9 4

This site contains links to these domains. Also see Links.

Domain
www.rz.uni-wuerzburg.de
www.uni-wuerzburg.de
Subject Issuer Validity Valid
etalon-it.stalmokas.ru
R3
2023-04-10 -
2023-07-09
3 months crt.sh
webmail.uni-wuerzburg.de
DFN-Verein Global Issuing CA
2022-12-06 -
2024-01-06
a year crt.sh
www.uni-wuerzburg.de
DFN-Verein Global Issuing CA
2022-11-17 -
2023-12-18
a year crt.sh
webstats.uni-wuerzburg.de
DFN-Verein Global Issuing CA
2022-12-06 -
2024-01-06
a year crt.sh

This page contains 1 frames:

Primary Page: https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Frame ID: EF4231949079D025492FC270B1E2195A
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Horde :: Log in

Detected technologies

Overall confidence: 100%
Detected patterns
  • piwik\.js|piwik\.php

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

5
IPs

2
Countries

126 kB
Transfer

263 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request webmail.uni-wuerzburg.de.html
etalon-it.stalmokas.ru/service/
7 KB
8 KB
Document
General
Full URL
https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.29.53.217 , Russian Federation, ASN39238 (OKBPROGRESS Moscow, Russia, RU),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
a53a5f62f88be5687dacf9c6f5cfd3451e355d23b2274e27f5f1658702544ff3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/html
Date
Wed, 21 Jun 2023 05:42:44 GMT
Server
nginx/1.20.2
Strict-Transport-Security
max-age=31536000;
Transfer-Encoding
chunked
0240546eb40a42a7.css
webmail.uni-wuerzburg.de/static/
176 KB
81 KB
Stylesheet
General
Full URL
https://webmail.uni-wuerzburg.de/static/0240546eb40a42a7.css
Requested by
Host: etalon-it.stalmokas.ru
URL: https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
132.187.1.110 Gerbrunn, Germany, ASN680 (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE),
Reverse DNS
wrz1110.rz.uni-wuerzburg.de
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
e442f983460f23fdcb6fb8ea413d9e27e52116b9463f3c285eb5423cef255fa5
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://etalon-it.stalmokas.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 21 Jun 2023 05:42:44 GMT
Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Last-Modified
Mon, 19 Jun 2023 11:38:17 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"2c0e5-5fe79f8845569-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
uniwue4c.png
webmail.uni-wuerzburg.de/themes/uniwue/graphics/
9 KB
10 KB
Image
General
Full URL
https://webmail.uni-wuerzburg.de/themes/uniwue/graphics/uniwue4c.png
Requested by
Host: etalon-it.stalmokas.ru
URL: https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
132.187.1.110 Gerbrunn, Germany, ASN680 (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE),
Reverse DNS
wrz1110.rz.uni-wuerzburg.de
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
248130a41c3ff2c4c99340c5e26a429bd980821751c5dd03d0fe8fb8b002e2dd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://etalon-it.stalmokas.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 21 Jun 2023 05:42:44 GMT
Strict-Transport-Security
max-age=15768000
Last-Modified
Fri, 11 Oct 2019 08:50:41 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"24a8-5949e9ceb06ad"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
9384
rzlogo.png
webmail.uni-wuerzburg.de/themes/uniwue/graphics/
5 KB
6 KB
Image
General
Full URL
https://webmail.uni-wuerzburg.de/themes/uniwue/graphics/rzlogo.png
Requested by
Host: etalon-it.stalmokas.ru
URL: https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
132.187.1.110 Gerbrunn, Germany, ASN680 (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE),
Reverse DNS
wrz1110.rz.uni-wuerzburg.de
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
b3345b954b3dd9d5cc903cbd7c86e0e892631d79989de6949c15b32230ea8871
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://etalon-it.stalmokas.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 21 Jun 2023 05:42:44 GMT
Strict-Transport-Security
max-age=15768000
Last-Modified
Fri, 11 Oct 2019 08:50:41 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"15e5-5949e9ceaf70d"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
5605
horde-power1.png
www.uni-wuerzburg.de/themes/uniwue/graphics/
0
0
Image
General
Full URL
https://www.uni-wuerzburg.de/themes/uniwue/graphics/horde-power1.png
Requested by
Host: etalon-it.stalmokas.ru
URL: https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
132.187.1.114 Gerbrunn, Germany, ASN680 (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE),
Reverse DNS
wrz1114.rz.uni-wuerzburg.de
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://etalon-it.stalmokas.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

1f1183f16a13e338.js
www.uni-wuerzburg.de/static/
0
0
Script
General
Full URL
https://www.uni-wuerzburg.de/static/1f1183f16a13e338.js
Requested by
Host: etalon-it.stalmokas.ru
URL: https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
132.187.1.114 Gerbrunn, Germany, ASN680 (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE),
Reverse DNS
wrz1114.rz.uni-wuerzburg.de
Software
/
Resource Hash

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://etalon-it.stalmokas.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

d83ac945bf63a09b.js
etalon-it.stalmokas.ru/static/
0
0
Script
General
Full URL
https://etalon-it.stalmokas.ru/static/d83ac945bf63a09b.js
Requested by
Host: etalon-it.stalmokas.ru
URL: https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.29.53.217 , Russian Federation, ASN39238 (OKBPROGRESS Moscow, Russia, RU),
Reverse DNS
Software
nginx/1.20.2 / PHP/7.3.33
Resource Hash

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 21 Jun 2023 05:42:44 GMT
Server
nginx/1.20.2
X-Powered-By
PHP/7.3.33
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
keep-alive
Link
<https://etalon-it.stalmokas.ru/wp-json/>; rel="https://api.w.org/"
Expires
Wed, 11 Jan 1984 05:00:00 GMT
piwik.js
webstats.uni-wuerzburg.de/
64 KB
21 KB
Script
General
Full URL
https://webstats.uni-wuerzburg.de/piwik.js
Requested by
Host: etalon-it.stalmokas.ru
URL: https://etalon-it.stalmokas.ru/service/webmail.uni-wuerzburg.de.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
132.187.1.113 Gerbrunn, Germany, ASN680 (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE),
Reverse DNS
wrz1113.rz.uni-wuerzburg.de
Software
Apache /
Resource Hash
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693
Security Headers
Name Value
Content-Security-Policy default-src: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://uni-wuerzburg.de https://*.uni-wuerzburg.de
Strict-Transport-Security max-age=15768000

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://etalon-it.stalmokas.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 21 Jun 2023 05:42:45 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000
Last-Modified
Tue, 18 Apr 2023 09:33:05 GMT
Server
Apache
Content-Security-Policy
default-src: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://uni-wuerzburg.de https://*.uni-wuerzburg.de
ETag
"10132-5f998fe93d640-gzip"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
21441
truncated
/
87 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
66d26930f75f18c4c1880eef974e444857e7ff1e9e74fb34860fa2e7f7d3ba13

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
piwik.php
webstats.uni-wuerzburg.de/
0
422 B
Ping
General
Full URL
https://webstats.uni-wuerzburg.de/piwik.php?action_name=Horde%20%3A%3A%20Log%20in&idsite=319&rec=1&r=525553&h=5&m=42&s=45&url=https%3A%2F%2Fetalon-it.stalmokas.ru%2Fservice%2Fwebmail.uni-wuerzburg.de.html&_id=c1060196b80981f4&_idn=1&cs=windows-1251&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=TZEaXA&pf_net=364&pf_srv=87&pf_tfr=1&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D
Requested by
Host: webstats.uni-wuerzburg.de
URL: https://webstats.uni-wuerzburg.de/piwik.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
132.187.1.113 Gerbrunn, Germany, ASN680 (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE),
Reverse DNS
wrz1113.rz.uni-wuerzburg.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://uni-wuerzburg.de https://*.uni-wuerzburg.de
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://etalon-it.stalmokas.ru/
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

Date
Wed, 21 Jun 2023 05:42:45 GMT
Strict-Transport-Security
max-age=15768000
Content-Security-Policy
default-src: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://uni-wuerzburg.de https://*.uni-wuerzburg.de
Server
Apache
Access-Control-Allow-Origin
https://etalon-it.stalmokas.ru
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| _paq object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log

2 Cookies

Domain/Path Name / Value
etalon-it.stalmokas.ru/ Name: _pk_id.319.d844
Value: c1060196b80981f4.1687326165.
etalon-it.stalmokas.ru/ Name: _pk_ses.319.d844
Value: 1

3 Console Messages

Source Level URL
Text
network error URL: https://www.uni-wuerzburg.de/static/1f1183f16a13e338.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://www.uni-wuerzburg.de/themes/uniwue/graphics/horde-power1.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://etalon-it.stalmokas.ru/static/d83ac945bf63a09b.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;