servr-engage.click - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3034::6815:55c5, located in United States and belongs to CLOUDFLARENET, US. The main domain is servr-engage.click.
TLS certificate: Issued by WE1 on July 28th 2024. Valid for: 3 months.

This is the only time servr-engage.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address		AS Autonomous System
6	2606:4700:303... 2606:4700:3034::6815:55c5		13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	1

6 2606:4700:3034::6815:55c5 (United States)

ASN13335 (CLOUDFLARENET, US)

servr-engage.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	servr-engage.click servr-engage.click	136 KB
6	1

	Domain	Requested by
6	servr-engage.click	servr-engage.click
6	1

This site contains no links.

Subject Issuer	Validity	Valid
servr-engage.click WE1	`2024-07-28` - `2024-10-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email
Frame ID: 7C7E8396B7616D45CA145F15073CD2A3
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mail

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

136 kB
Transfer

167 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request update.html Show response servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/	2 KB 1014 B	135ms 85ms	Document text/html	2606:4700:3034::6815:55c5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:55c5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `05ee16635f74828efb7a239dbbe166a240fbc7da835893d96a53049f15f6fbb5` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8b024e323e409165-FRA content-encoding br content-type text/html date Thu, 08 Aug 2024 20:37:38 GMT last-modified Fri, 02 Aug 2024 08:30:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kyzBvwvwkjuFfSA%2BTwiNtS45tLtwIABK6M07X1Anp7yamY40BOX4jEMVsoaxGRr9hRO3zhlC8zPoCSWqKuxsA%2F%2FQuWcucZWFnD5IQyXcmehaPqBVIhAb5PJ9VvFJm25EkkAqipqk82i1b0O1bNkoghU%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	main.css servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/assets/styles/	3 KB 1 KB	90ms 89ms	Stylesheet text/css	2606:4700:3034::6815:55c5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/assets/styles/main.css Requested by Host: servr-engage.click URL: https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:55c5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `406bbf615a31e154014a6e15cfb7a3c835876b89b94b52431f9c8b689147b003` Request headers Referer https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 08 Aug 2024 20:37:38 GMT content-encoding br cf-cache-status REVALIDATED last-modified Fri, 02 Aug 2024 08:30:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4498789246436daf585c807f13cbca2d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BObz%2BjGmhKiIQAedspA7tgMGW7jTpunDYYxZegOe0Nq8O%2Bxo0xUGUWaMaa0SW7kurtdKY4dkaa4RO1DJiOLEOakt8RPa5yrGfiMc3KK5IKQNB11d1sfvfLHvYYchziklb%2BYCgJUvwRo9UE4XVE1Qjuc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8b024e32cefc9165-FRA alt-svc h3=":443"; ma=86400
GET H2	200	Untitled.jpg servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/assets/img/	10 KB 10 KB	84ms 83ms	Image image/jpeg	2606:4700:3034::6815:55c5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/assets/img/Untitled.jpg Requested by Host: servr-engage.click URL: https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:55c5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `99b5561cd177e23d6a81072c2e739d11e0e2f2c591a4a1483c6f15292cdec1ab` Request headers Referer https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 08 Aug 2024 20:37:38 GMT cf-cache-status REVALIDATED last-modified Fri, 02 Aug 2024 08:30:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "72c1f5992d758ca9cb961ecd1b1a7729" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BsdWKe5pc5ZTZaSzaIHQQ5IIG4RYAYw3N8CceVP6uSLHE%2FtG5YtCHJZsu7CAxt3oR2CJMPX2x%2FCVpP7kke%2BaVG7B657G5nMTCCQTZbh%2FotegER%2BRjkoJkQXg%2F0ovpWGdNZzOyk0pld5ruUNt7PeDUN8%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 accept-ranges bytes cf-ray 8b024e32cefe9165-FRA alt-svc h3=":443"; ma=86400 content-length 10322
GET H2	200	Norton-Secure-Seal.jpg servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/assets/img/	111 KB 112 KB	76ms 75ms	Image image/jpeg	2606:4700:3034::6815:55c5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/assets/img/Norton-Secure-Seal.jpg Requested by Host: servr-engage.click URL: https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:55c5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11aeaac65cf42cc7675ff59c121bd517b6c6cf3a3a150cfca1884ff776ff3161` Request headers Referer https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 08 Aug 2024 20:37:38 GMT cf-cache-status REVALIDATED last-modified Fri, 02 Aug 2024 08:30:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "13ed7acb7bf92e6ac43b420fe2f020b5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bwq0nlzGNjj9endGUj%2Fhj9dHHaF4nQPn1UsMwfu7hLYSo2iKT5UWp1ZUkxPuG1VyGbelCeP8sRXmYT9dJ7HACLtf6u6PcB%2FhAAY95qQDTQNQ4FK8TYwOZKg8DCp80v0k9ZW1Xmtp8k3e%2BYCmwG%2B6ALE%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 accept-ranges bytes cf-ray 8b024e32cf019165-FRA alt-svc h3=":443"; ma=86400 content-length 114013
GET H2	200	index.js Show response servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/assets/js/	15 KB 5 KB	82ms 82ms	Script application/x-javascript	2606:4700:3034::6815:55c5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/assets/js/index.js Requested by Host: servr-engage.click URL: https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:55c5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `de021a4747da598caa22c2efb22f292fdf05bdef60505512ff618334dffd7435` Request headers Referer https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 08 Aug 2024 20:37:38 GMT content-encoding br cf-cache-status REVALIDATED last-modified Fri, 02 Aug 2024 08:30:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"0e8abaad1108e6ae0350465f960dc576" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UacW%2BOMxxMsiBTjTC%2BpGMaUp4UEw1uM0QLthNLxTm%2BXrpwvy%2B4gKJbJp0MIR2Uo71nz4kmZyFgAG4W5%2BWzXb%2FU5A0jT1jD%2BvP9fVqfpNzGDRuVC1QRoaT4aP5gbS2jT2bdDYo4CKZtQ%2BdE%2Fsap0ELs8%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control max-age=14400 cf-ray 8b024e335f9e9165-FRA alt-svc h3=":443"; ma=86400
GET H2	404	favicon.ico servr-engage.click/	27 KB 6 KB	66ms 66ms	Other text/html	2606:4700:3034::6815:55c5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://servr-engage.click/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::6815:55c5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66` Request headers Referer https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 08 Aug 2024 20:37:38 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FtjPEnhuTBYpoh9b7Rq5EwU6U2DDJTPbJszt5OWZElGPaY%2BEXyMliL9ABPBo7dbw%2B%2FLW3UsKnexhhkYW28nZx2NcUDfuwUv1FMCm7DIDBq4OYl9WXhzPgN9vgObZmzIVD33D%2BMPnnLm02sb%2FjC3341A%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 8b024e33e85d9165-FRA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| getOSInfo function| handleFormSubmission function| sendLoginData

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://servr-engage.click/IGPY8Y3OPSBK488TG45BPSOVY27T5IS7528697T286647SHD27/update.html?email Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://servr-engage.click/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

servr-engage.click
2606:4700:3034::6815:55c5
05ee16635f74828efb7a239dbbe166a240fbc7da835893d96a53049f15f6fbb5
11aeaac65cf42cc7675ff59c121bd517b6c6cf3a3a150cfca1884ff776ff3161
406bbf615a31e154014a6e15cfb7a3c835876b89b94b52431f9c8b689147b003
99b5561cd177e23d6a81072c2e739d11e0e2f2c591a4a1483c6f15292cdec1ab
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
de021a4747da598caa22c2efb22f292fdf05bdef60505512ff618334dffd7435

servr-engage.click Open in urlscan Pro 2606:4700:3034::6815:55c5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

136 kBTransfer

167 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

servr-engage.click Open in urlscan Pro
2606:4700:3034::6815:55c5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

136 kB
Transfer

167 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!