slver.de Open in urlscan Pro
69.49.234.65 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/3yMElRI
Effective URL:
https://slver.de/gy/Claimant_ma/uplink/
Submission: On May 29 via api (May 29th 2021, 7:21:05 am UTC) from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 69.49.234.65, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is slver.de.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 27th 2021. Valid for: 3 months.

This is the only time slver.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1 16	69.49.234.65 69.49.234.65	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
17	3

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 69.49.234.65 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 69-49-234-65.unifiedlayer.com

slver.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	slver.de 1 redirects slver.de	402 KB
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	googleapis.com ajax.googleapis.com	30 KB
1	bit.ly 1 redirects bit.ly	259 B
17	4

	Domain	Requested by
16	slver.de	1 redirects slver.de
1	cdn.jsdelivr.net	slver.de
1	ajax.googleapis.com	slver.de
1	bit.ly	1 redirects
17	4

This site contains no links.

Subject Issuer	Validity	Valid
slver.de cPanel, Inc. Certification Authority	`2021-05-27` - `2021-08-25`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-05-18` - `2022-03-26`	10 months	crt.sh

This page contains 1 frames:

Primary Page: https://slver.de/gy/Claimant_ma/uplink/
Frame ID: 487C5CF19BBA567FEE55BBA17DE64815
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bit.ly/3yMElRI HTTP 301
https://slver.de/gy/Claimant_ma/uplink HTTP 301
https://slver.de/gy/Claimant_ma/uplink/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

17
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

433 kB
Transfer

484 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/3yMElRI HTTP 301
https://slver.de/gy/Claimant_ma/uplink HTTP 301
https://slver.de/gy/Claimant_ma/uplink/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
slver.de/gy/Claimant_ma/uplink/
Redirect Chain

https://bit.ly/3yMElRI
https://slver.de/gy/Claimant_ma/uplink
https://slver.de/gy/Claimant_ma/uplink/

13 KB
13 KB

144ms
144ms

Document
text/html

69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: d46b08339ba8999a5690474c8d76a5474544c761094c02928f03d17e27a8259d

Request headers

Host: slver.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Server: Apache
Last-Modified: Sat, 15 May 2021 14:47:20 GMT
Accept-Ranges: bytes
Content-Length: 12902
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Sat, 29 May 2021 07:20:45 GMT
Server: Apache
Location: https://slver.de/gy/Claimant_ma/uplink/
Content-Length: 247
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK bootstrap.min.css
slver.de/gy/Claimant_ma/uplink/index_files/ 119 KB
119 KB 153ms
152ms Stylesheet
text/css 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/bootstrap.min.css
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: 6085c85b7cbfb5ba3703aca2b15e2501f8107d782280566d11e74bacd16431ce

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 122051

GET
H/1.1 200
OK bootstrap-theme.min.css
slver.de/gy/Claimant_ma/uplink/index_files/ 23 KB
23 KB 379ms
123ms Stylesheet
text/css 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/bootstrap-theme.min.css
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: a3b3d435fb2cc1ae4cb06a366ec6c10d7b770e4dfd7b91759e66cfb22d4addf7

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 23414

GET
H/1.1 200
OK datepicker.min.css
slver.de/gy/Claimant_ma/uplink/index_files/ 15 KB
16 KB 383ms
125ms Stylesheet
text/css 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/datepicker.min.css
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: 8b7036c83257e67ac93a449b4297b99041f931cc97ed9f72439d08572bb831dd

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 15803

GET
H/1.1 200
OK dwd_ui_2.css
slver.de/gy/Claimant_ma/uplink/index_files/ 14 KB
15 KB 391ms
127ms Stylesheet
text/css 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/dwd_ui_2.css
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: 9fa3fe177ef6ff34af0d8d846b61611f2a6db916fbf26442dfffbe9ac8902f3d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 14733

GET
H/1.1 200
OK dwd_ui_new_logon.css
slver.de/gy/Claimant_ma/uplink/index_files/ 9 KB
9 KB 411ms
124ms Stylesheet
text/css 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/dwd_ui_new_logon.css
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: 1f09cd720f3201e548a3378a81cd6516ec8c4467feabee4a6fa9e8f4d4f6aaae

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:43:28 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 8827

GET
H/1.1 200
OK top_banner_02-2.png
slver.de/gy/Claimant_ma/uplink/index_files/ 2 KB
2 KB 415ms
127ms Image
image/png 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/top_banner_02-2.png
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: be49d3c37d9a69304bc64f939549f1e23679538f8557f2e501c37aea9bc25efa

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1881

GET
H/1.1 200
OK dwd_logo_header.png
slver.de/gy/Claimant_ma/uplink/index_files/ 3 KB
3 KB 125ms
124ms Image
image/png 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/dwd_logo_header.png
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: 737583b7ef565d8ef3dac66402748b061252d53131b393f25d1a8ddace5c968b

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2931

GET
H/1.1 200
OK workone_logo.png
slver.de/gy/Claimant_ma/uplink/index_files/ 1 KB
2 KB 124ms
124ms Image
image/png 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/workone_logo.png
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: fc4889186113664ddba1a1289bfd7417da8d1a5a29196a5df5826452cd6a139a

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1517

GET
H/1.1 200
OK Get_Adobe_Acrobat_Reader_icon.png
slver.de/gy/Claimant_ma/uplink/index_files/ 60 KB
60 KB 127ms
127ms Image
image/png 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/Get_Adobe_Acrobat_Reader_icon.png
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: e9d799f426b22004c33e534cf0a63f1236f1a3c18a941e899ddcfabdddf8c846

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 61022

GET
H/1.1 200
OK DWD_sm2.png
slver.de/gy/Claimant_ma/uplink/index_files/ 7 KB
7 KB 122ms
122ms Image
image/png 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/DWD_sm2.png
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: c67742e3f99c6c6e527d2b1e59adc5e9770ce1dd0de9b936e06bbc9803e9f454

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 7140

GET
H/1.1 200
OK DWD_seal_sm2.png
slver.de/gy/Claimant_ma/uplink/index_files/ 5 KB
5 KB 124ms
124ms Image
image/png 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/DWD_seal_sm2.png
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: fe4996d9bc6553f63ff89bc7dab848b4d6251620a8bc70218c2f73a1a291326a

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 5312

GET
H/1.1 200
OK WO_sm2.png
slver.de/gy/Claimant_ma/uplink/index_files/ 4 KB
4 KB 124ms
124ms Image
image/png 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/WO_sm2.png
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: 02d752941b8287dbaffea39c3e85ede4fdd290c94d28007c6290d3f750579c70

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://slver.de/gy/Claimant_ma/uplink/
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:33:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 3958

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://slver.de/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 27 May 2021 15:23:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 143810
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 May 2022 15:23:56 GMT

GET
H2 200 jquery.session.min.js Show response
cdn.jsdelivr.net/npm/jquery.session@1.0.0/ 2 KB
1 KB 9ms
8ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js

Requested by

Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

76ad6584ac5bdd459939dc7532fae7c2bdd8e22d773ff16d2306f42a1ffc569c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://slver.de/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 2368602
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 933
etag: W/"91d-mUGbC+S4VCL/hIcOVNvYpS3G2rE"
x-served-by: cache-fra19144-FRA, cache-hhn4052-HHN
date: Sat, 29 May 2021 07:20:46 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK hp-hero-img-bkg-img-1.jpg
slver.de/gy/Claimant_ma/uplink/index_files/ 106 KB
106 KB 127ms
127ms Image
image/jpeg 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://slver.de/gy/Claimant_ma/uplink/index_files/hp-hero-img-bkg-img-1.jpg
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/index_files/dwd_ui_new_logon.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: 64cef246392cbcf778dc22da2a0b55cacfe3128edf47ceb7630b3dbdfdf70921

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://slver.de/gy/Claimant_ma/uplink/index_files/dwd_ui_new_logon.css
Cookie: __session:0.7275466117598013:=https:
Connection: keep-alive
Referer: https://slver.de/gy/Claimant_ma/uplink/index_files/dwd_ui_new_logon.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 18:40:02 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 108539

GET
H/1.1 200
OK glyphicons-halflings-regular.woff2
slver.de/gy/Claimant_ma/uplink/fonts/ 18 KB
18 KB 150ms
125ms Font
font/woff2 69.49.234.65
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://slver.de/gy/Claimant_ma/uplink/fonts/glyphicons-halflings-regular.woff2
Requested by: Host: slver.de
URL: https://slver.de/gy/Claimant_ma/uplink/index_files/bootstrap.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.49.234.65 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-234-65.unifiedlayer.com
Software: Apache /
Resource Hash: fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://slver.de
Accept-Encoding: gzip, deflate, br
Host: slver.de
Accept-Language: en-US
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://slver.de/gy/Claimant_ma/uplink/index_files/bootstrap.min.css
Cookie: __session:0.7275466117598013:=https:
Connection: keep-alive
Origin: https://slver.de
Referer: https://slver.de/gy/Claimant_ma/uplink/index_files/bootstrap.min.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/83.0.4103.88 Mobile/15E148 Safari/604.1

Response headers

Date: Sat, 29 May 2021 07:20:46 GMT
Last-Modified: Sat, 15 May 2021 14:14:00 GMT
Server: Apache
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 18028

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Government (Government)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			slver.de/	1970-01-19 18:37:52	Name: __session:0.7275466117598013: Value: https:

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bit.ly
cdn.jsdelivr.net
slver.de
2a00:1450:4001:831::200a
2a04:4e42:1b::621
67.199.248.10
69.49.234.65
02d752941b8287dbaffea39c3e85ede4fdd290c94d28007c6290d3f750579c70
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1f09cd720f3201e548a3378a81cd6516ec8c4467feabee4a6fa9e8f4d4f6aaae
6085c85b7cbfb5ba3703aca2b15e2501f8107d782280566d11e74bacd16431ce
64cef246392cbcf778dc22da2a0b55cacfe3128edf47ceb7630b3dbdfdf70921
737583b7ef565d8ef3dac66402748b061252d53131b393f25d1a8ddace5c968b
76ad6584ac5bdd459939dc7532fae7c2bdd8e22d773ff16d2306f42a1ffc569c
8b7036c83257e67ac93a449b4297b99041f931cc97ed9f72439d08572bb831dd
9fa3fe177ef6ff34af0d8d846b61611f2a6db916fbf26442dfffbe9ac8902f3d
a3b3d435fb2cc1ae4cb06a366ec6c10d7b770e4dfd7b91759e66cfb22d4addf7
be49d3c37d9a69304bc64f939549f1e23679538f8557f2e501c37aea9bc25efa
c67742e3f99c6c6e527d2b1e59adc5e9770ce1dd0de9b936e06bbc9803e9f454
d46b08339ba8999a5690474c8d76a5474544c761094c02928f03d17e27a8259d
e9d799f426b22004c33e534cf0a63f1236f1a3c18a941e899ddcfabdddf8c846
fc4889186113664ddba1a1289bfd7417da8d1a5a29196a5df5826452cd6a139a
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
fe4996d9bc6553f63ff89bc7dab848b4d6251620a8bc70218c2f73a1a291326a

slver.de Open in urlscan Pro 69.49.234.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

433 kBTransfer

484 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

Indicators

slver.de Open in urlscan Pro
69.49.234.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

433 kB
Transfer

484 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!