www.wctessomails.swervmailauth.com

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 185.224.80.199, located in Netherlands and belongs to ABELOHOST, NL. The main domain is www.wctessomails.swervmailauth.com.
TLS certificate: Issued by R3 on July 26th 2022. Valid for: 3 months.

This is the only time www.wctessomails.swervmailauth.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	185.224.80.199 185.224.80.199	204196 (ABELOHOST) (ABELOHOST)
2	129.159.110.135 129.159.110.135	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	137.118.7.42 137.118.7.42	6250 (NEONOVA-NET) (NEONOVA-NET)
4	3

1 185.224.80.199 (Netherlands)

ASN204196 (ABELOHOST, NL)
PTR: onyeiwe.com

www.wctessomails.swervmailauth.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 129.159.110.135 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
PTR: client.av-mx.com

login.wctel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 137.118.7.42 (United States)

ASN6250 (NEONOVA-NET, US)
PTR: govweb.neonova.net

cas.neonova.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	wctel.net login.wctel.net	14 KB
1	neonova.net cas.neonova.net — Cisco Umbrella Rank: 592610	11 KB
1	swervmailauth.com www.wctessomails.swervmailauth.com	7 KB
4	3

	Domain	Requested by
2	login.wctel.net	www.wctessomails.swervmailauth.com
1	cas.neonova.net	login.wctel.net
1	www.wctessomails.swervmailauth.com
4	3

This site contains links to these domains. Also see Links.

Domain
www.zimbra.com
blog.zimbra.com
wiki.zimbra.com

Subject Issuer	Validity	Valid
*.swervmailauth.com R3	`2022-07-26` - `2022-10-24`	3 months	crt.sh
*.wctel.net R3	`2022-05-30` - `2022-08-28`	3 months	crt.sh
*.neonova.net Go Daddy Secure Certificate Authority - G2	`2021-12-18` - `2023-01-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.wctessomails.swervmailauth.com/
Frame ID: A9CF9794C2AAFBDD01256E3995810375
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Zimbra Web Client Sign In

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

32 kB
Transfer

78 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.zimbra.com/
Title: Zimbra

Search URL Search Domain Scan URL

URL: https://blog.zimbra.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://wiki.zimbra.com/
Title: Wiki

Search URL Search Domain Scan URL

URL: https://www.zimbra.com/forums
Title: Forums

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.wctessomails.swervmailauth.com/ 7 KB
7 KB 179ms
69ms Document
text/html 185.224.80.199
ABELOHOST

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wctessomails.swervmailauth.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.224.80.199 , Netherlands, ASN204196 (ABELOHOST, NL),
Reverse DNS: onyeiwe.com
Software: Apache / PHP/7.4.30
Resource Hash: 38470f84d4688ced6a10d5c98915b2139b953a5e329b7abc6e1fbd6e2d1bcb1f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Tue, 26 Jul 2022 18:42:32 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
x-powered-by: PHP/7.4.30

GET
H/1.1 200
OK common,login,zhtml,skin.css
login.wctel.net/css/ 58 KB
12 KB 1650ms
267ms Stylesheet
text/css 129.159.110.135
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://login.wctel.net/css/common,login,zhtml,skin.css?skin=harmony&v=211022134538

Requested by

Host: www.wctessomails.swervmailauth.com
URL: https://www.wctessomails.swervmailauth.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

129.159.110.135 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

client.av-mx.com

Software

nginx /

Resource Hash

21b13463bc9168f6f8299bfdaf8c0f83b1cba2baee97b066cac003acf93d48ee

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.wctessomails.swervmailauth.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 18:42:35 GMT
Content-Encoding: gzip
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: User-Agent, Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=2595600
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 25 Aug 2022 19:42:35 GMT

GET
H/1.1 200
OK ImgCritical_32.png
login.wctel.net/img/dwt/ 2 KB
2 KB 1502ms
116ms Image
image/png 129.159.110.135
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wctel.net/img/dwt/ImgCritical_32.png

Requested by

Host: www.wctessomails.swervmailauth.com
URL: https://www.wctessomails.swervmailauth.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

129.159.110.135 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

client.av-mx.com

Software

nginx /

Resource Hash

dbe2ddb68a1551e50afee8edce02b19f9f86a0f43643fac32f66616bd10e30cb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.wctessomails.swervmailauth.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 18:42:35 GMT
Last-Modified: Fri, 22 Oct 2021 17:03:04 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=2595600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1786
Expires: Thu, 25 Aug 2022 19:42:35 GMT

GET
H/1.1 200
OK wctel.net-large.png
cas.neonova.net/zimbra/ 11 KB
11 KB 1001ms
121ms Image
image/png 137.118.7.42
NEONOVA-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cas.neonova.net/zimbra/wctel.net-large.png
Requested by: Host: login.wctel.net
URL: https://login.wctel.net/css/common,login,zhtml,skin.css?skin=harmony&v=211022134538
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 137.118.7.42 , United States, ASN6250 (NEONOVA-NET, US),
Reverse DNS: govweb.neonova.net
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 7f49b63528131c4c606ab745f9710815b0e7df21d5522fc1f62f87d1fc786639

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://login.wctel.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 18:42:36 GMT
Last-Modified: Thu, 14 May 2015 13:43:53 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "a2459-2c60-5160aeb17aef1"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 11360

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.wctessomails.swervmailauth.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9f52e6cc9945ebdc6e9819e4e4d8e431

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cas.neonova.net
login.wctel.net
www.wctessomails.swervmailauth.com
129.159.110.135
137.118.7.42
185.224.80.199
21b13463bc9168f6f8299bfdaf8c0f83b1cba2baee97b066cac003acf93d48ee
38470f84d4688ced6a10d5c98915b2139b953a5e329b7abc6e1fbd6e2d1bcb1f
7f49b63528131c4c606ab745f9710815b0e7df21d5522fc1f62f87d1fc786639
dbe2ddb68a1551e50afee8edce02b19f9f86a0f43643fac32f66616bd10e30cb

www.wctessomails.swervmailauth.com Open in urlscan Pro 185.224.80.199 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

32 kBTransfer

78 kBSize

1 Cookies

4 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

1 Cookies

Indicators

www.wctessomails.swervmailauth.com Open in urlscan Pro
185.224.80.199 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

32 kB
Transfer

78 kB
Size

1
Cookies

4 HTTP transactions
0 data transactions