www.s-publicservices.de Open in urlscan Pro
185.5.82.130  Malicious Activity! Public Scan

Submitted URL: http://girocode.de/
Effective URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Submission: On November 14 via api from US — Scanned from DE

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 22 HTTP transactions. The main IP is 185.5.82.130, located in Germany and belongs to . The main domain is www.s-publicservices.de.
TLS certificate: Issued by D-TRUST SSL Class 3 CA 1 2009 on March 14th 2024. Valid for: a year.
This is the only time www.s-publicservices.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparkasse (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 46.163.91.67 ()
1 15 185.5.82.130 ()
5 78.46.166.187 ()
1 172.217.18.8 15169 (GOOGLE)
1 192.229.233.55 15133 (EDGECAST)
1 35.180.9.13 16509 (AMAZON-02)
22 6
Apex Domain
Subdomains
Transfer
15 s-publicservices.de
www.s-publicservices.de
673 KB
5 sparkasse.de
webfonts.sparkasse.de
131 KB
2 trustcommander.net
cdn.trustcommander.net — Cisco Umbrella Rank: 48937
privacy.trustcommander.net — Cisco Umbrella Rank: 81085
23 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
94 KB
1 girocode.de
girocode.de
412 B
22 5
Domain Requested by
15 www.s-publicservices.de 1 redirects www.s-publicservices.de
5 webfonts.sparkasse.de www.s-publicservices.de
1 privacy.trustcommander.net cdn.trustcommander.net
1 cdn.trustcommander.net www.googletagmanager.com
1 www.googletagmanager.com www.s-publicservices.de
1 girocode.de 1 redirects
22 6
Subject Issuer Validity Valid
s-publicservices.de
D-TRUST SSL Class 3 CA 1 2009
2024-03-14 -
2025-03-17
a year crt.sh
webfonts.sparkasse.de
D-TRUST SSL Class 3 CA 1 2009
2024-10-08 -
2025-10-10
a year crt.sh
*.google-analytics.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
cdn.tagcommander.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-23 -
2025-03-25
a year crt.sh
*.trustcommander.net
Thawte TLS RSA CA G1
2024-02-14 -
2025-03-16
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Frame ID: 50AC3E597987631E5DF2ABA28714B0FE
Requests: 23 HTTP requests in this frame

Screenshot

Page Title

GiroCode: schnelles & einfaches Bezahlen mit QR-Code - S-Public Services

Page URL History Show full URLs

  1. http://girocode.de/ HTTP 307
    https://girocode.de/ HTTP 301
    https://www.s-publicservices.de/leistungen/girocode HTTP 301
    http://www.s-publicservices.de/leistungen/epayment/girocode.html HTTP 307
    https://www.s-publicservices.de/leistungen/epayment/girocode.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

921 kB
Transfer

2512 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://girocode.de/ HTTP 307
    https://girocode.de/ HTTP 301
    https://www.s-publicservices.de/leistungen/girocode HTTP 301
    http://www.s-publicservices.de/leistungen/epayment/girocode.html HTTP 307
    https://www.s-publicservices.de/leistungen/epayment/girocode.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request girocode.html
www.s-publicservices.de/leistungen/epayment/
Redirect Chain
  • http://girocode.de/
  • https://girocode.de/
  • https://www.s-publicservices.de/leistungen/girocode
  • http://www.s-publicservices.de/leistungen/epayment/girocode.html
  • https://www.s-publicservices.de/leistungen/epayment/girocode.html
78 KB
12 KB
Document
General
Full URL
https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
31b837eb97fe55c6259999f9d99a9324d32db833fa1367b23a305c1d9d3e6ef1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=0
content-encoding
gzip
content-length
11479
content-type
text/html;charset=utf-8
date
Thu, 14 Nov 2024 06:56:15 GMT
etag
"myra-adaeb5f5"
expires
Thu, 14 Nov 2024 06:56:15 GMT
server
myracloud
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
accept-encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://www.s-publicservices.de/leistungen/epayment/girocode.html
Non-Authoritative-Reason
HSTS
clientlibs_vendor.5b5ed128618b5643458bb9a3bccb8802.css
www.s-publicservices.de/etc/designs/shared/
29 KB
5 KB
Stylesheet
General
Full URL
https://www.s-publicservices.de/etc/designs/shared/clientlibs_vendor.5b5ed128618b5643458bb9a3bccb8802.css
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
547acff31e762851c76731f8a2e6515efe212f14de4b929faea84f6efbed278e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
accept-encoding
cache-control
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:15 GMT
accept-ranges
bytes
content-length
5108
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
text/css;charset=utf-8
last-modified
Mon, 18 Jan 2021 07:31:29 GMT
server
myracloud
x-frame-options
SAMEORIGIN
clientlibs_standard.91a7959b1002599e07519c8a703ed3ae.css
www.s-publicservices.de/etc/designs/shared/
534 KB
66 KB
Stylesheet
General
Full URL
https://www.s-publicservices.de/etc/designs/shared/clientlibs_standard.91a7959b1002599e07519c8a703ed3ae.css
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
a3b6421bb0aa00df79bfade7561031c424e62cf04817cd8c4b081da6c9d793fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
accept-encoding
cache-control
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:15 GMT
accept-ranges
bytes
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
text/css;charset=utf-8
last-modified
Tue, 16 Jan 2024 11:03:11 GMT
server
myracloud
x-frame-options
SAMEORIGIN
clientlibs_vendor.8c29d40571162d165aa9c39f9fb795ca.js
www.s-publicservices.de/etc/designs/shared/
1 KB
890 B
Script
General
Full URL
https://www.s-publicservices.de/etc/designs/shared/clientlibs_vendor.8c29d40571162d165aa9c39f9fb795ca.js
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
7a387150e2d9734a4c0a0ee83a213fd7f2ac416bffe55507afa176c85ba06ed5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
accept-encoding
cache-control
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:15 GMT
accept-ranges
bytes
content-length
541
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
application/javascript;charset=utf-8
last-modified
Thu, 02 Nov 2023 12:32:13 GMT
server
myracloud
x-frame-options
SAMEORIGIN
clientlibs_standard.048c6eeff3c3f442ff059b4954c2be81.js
www.s-publicservices.de/etc/designs/shared/
978 KB
269 KB
Script
General
Full URL
https://www.s-publicservices.de/etc/designs/shared/clientlibs_standard.048c6eeff3c3f442ff059b4954c2be81.js
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
73312b97cb58541027a0d3b6809a26efee2c5d9e9a5c57ce08fe85c6042a3f02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
accept-encoding
cache-control
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:15 GMT
accept-ranges
bytes
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
application/javascript;charset=utf-8
last-modified
Mon, 01 Jul 2024 08:45:37 GMT
server
myracloud
x-frame-options
SAMEORIGIN
Sparkasse_web_Rg.woff2
webfonts.sparkasse.de/
31 KB
31 KB
Font
General
Full URL
https://webfonts.sparkasse.de/Sparkasse_web_Rg.woff2
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
78.46.166.187 , Germany, ASN (),
Reverse DNS
webfonts.sparkasse.de
Software
Apache /
Resource Hash
a1526819ed10b3c4d9a1f6e956e673b47f295e58ac66e27391777e58e870331d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.s-publicservices.de
Referer
https://www.s-publicservices.de/

Response headers

cache-control
max-age=31536000, public
etag
"7c14-607e9714e7a28"
expires
Fri, 14 Nov 2025 06:56:15 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
31764
date
Thu, 14 Nov 2024 06:56:15 GMT
last-modified
Tue, 17 Oct 2023 13:24:30 GMT
content-type
font/woff2
server
Apache
Sparkasse_web_It.woff2
webfonts.sparkasse.de/
24 KB
24 KB
Font
General
Full URL
https://webfonts.sparkasse.de/Sparkasse_web_It.woff2
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
78.46.166.187 , Germany, ASN (),
Reverse DNS
webfonts.sparkasse.de
Software
Apache /
Resource Hash
8db41fe3da9ce118ee335b135c4f0a1dce27ad3374f3591acf3b28b6528f5653

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.s-publicservices.de
Referer
https://www.s-publicservices.de/

Response headers

cache-control
max-age=31536000, public
etag
"6190-607e9714e7258"
expires
Fri, 14 Nov 2025 06:56:15 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
24976
date
Thu, 14 Nov 2024 06:56:15 GMT
last-modified
Tue, 17 Oct 2023 13:24:30 GMT
content-type
font/woff2
server
Apache
SparkasseHead_web_Rg.woff2
webfonts.sparkasse.de/
24 KB
25 KB
Font
General
Full URL
https://webfonts.sparkasse.de/SparkasseHead_web_Rg.woff2
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
78.46.166.187 , Germany, ASN (),
Reverse DNS
webfonts.sparkasse.de
Software
Apache /
Resource Hash
372882d973bb4af9445e2c4283b653db5701d2e21496c09229997093f4774fda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.s-publicservices.de
Referer
https://www.s-publicservices.de/

Response headers

cache-control
max-age=31536000, public
etag
"6174-607e9714e62b8"
expires
Fri, 14 Nov 2025 06:56:15 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
24948
date
Thu, 14 Nov 2024 06:56:15 GMT
last-modified
Tue, 17 Oct 2023 13:24:30 GMT
content-type
font/woff2
server
Apache
Sparkasse_web_Bd.woff2
webfonts.sparkasse.de/
27 KB
27 KB
Font
General
Full URL
https://webfonts.sparkasse.de/Sparkasse_web_Bd.woff2
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
78.46.166.187 , Germany, ASN (),
Reverse DNS
webfonts.sparkasse.de
Software
Apache /
Resource Hash
dacb847661ec4d4ef564998290ddde9f616bc6cf92565f1cd5b486d419786596

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.s-publicservices.de
Referer
https://www.s-publicservices.de/

Response headers

cache-control
max-age=31536000, public
etag
"6d8c-607e9714e6e70"
expires
Fri, 14 Nov 2025 06:56:15 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
28044
date
Thu, 14 Nov 2024 06:56:15 GMT
last-modified
Tue, 17 Oct 2023 13:24:30 GMT
content-type
font/woff2
server
Apache
Sparkasse_web_Lt.woff2
webfonts.sparkasse.de/
23 KB
23 KB
Font
General
Full URL
https://webfonts.sparkasse.de/Sparkasse_web_Lt.woff2
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
78.46.166.187 , Germany, ASN (),
Reverse DNS
webfonts.sparkasse.de
Software
Apache /
Resource Hash
ec3c703a5c513a5d8bc6c16a50f0e926ae46ed0dae8a3071366a71df2a3f9e87

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.s-publicservices.de
Referer
https://www.s-publicservices.de/

Response headers

cache-control
max-age=31536000, public
etag
"5d54-607e9714e7640"
expires
Fri, 14 Nov 2025 06:56:15 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
23892
date
Thu, 14 Nov 2024 06:56:15 GMT
last-modified
Tue, 17 Oct 2023 13:24:30 GMT
content-type
font/woff2
server
Apache
1688651575000.png
www.s-publicservices.de/content/s-publicservices/de/hauptnavigation/_jcr_content/meta-navigation/image.img.png/
21 KB
22 KB
Image
General
Full URL
https://www.s-publicservices.de/content/s-publicservices/de/hauptnavigation/_jcr_content/meta-navigation/image.img.png/1688651575000.png
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
b5ce74891ea34c4687be470ebb88065558648d50a7df7fd25452645d001f32e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:15 GMT
accept-ranges
bytes
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
image/png
last-modified
Thu, 06 Jul 2023 13:52:55 GMT
server
myracloud
x-frame-options
SAMEORIGIN
gtm.js
www.googletagmanager.com/
296 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M9ZCMJH&l=dataLayerGTM&gtm_auth=CtQVN6FtdXHs__1XRHziWw&gtm_preview=env-1&gtm_cookies_win=x
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.8 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
2346f39094c06b30b671b406ac46742eb12d05dbf42c773e802853388393af31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 06:56:16 GMT
content-type
application/javascript; charset=UTF-8
vary
*
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
96051
x-xss-protection
0
server
Google Tag Manager
1646219970066.png
www.s-publicservices.de/content/s-publicservices/de/hauptnavigation/jcr:content/meta-navigation/link_logo/image.img.png/
20 KB
20 KB
Image
General
Full URL
https://www.s-publicservices.de/content/s-publicservices/de/hauptnavigation/jcr:content/meta-navigation/link_logo/image.img.png/1646219970066.png
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
3451eb34600e39c76e675fa00ccdd2114ad79b8dd8f90969eb9099c7979b9266
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:15 GMT
accept-ranges
bytes
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
image/png
last-modified
Wed, 02 Mar 2022 11:19:30 GMT
server
myracloud
x-frame-options
SAMEORIGIN
1667553804803.jpg
www.s-publicservices.de/content/s-publicservices/de/startseite/leistungen/epayment/girocode/jcr:content/opener/slides/slide1/image.img.original.jpg/
188 KB
189 KB
Image
General
Full URL
https://www.s-publicservices.de/content/s-publicservices/de/startseite/leistungen/epayment/girocode/jcr:content/opener/slides/slide1/image.img.original.jpg/1667553804803.jpg
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
47f1f090a6096e54becd0fca9522b3bf82918dbbe73ffc1fb226c6c5d710cda1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=604800
x-content-type-options
nosniff
expires
Thu, 21 Nov 2024 06:56:15 GMT
accept-ranges
bytes
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
image/jpeg
last-modified
Fri, 04 Nov 2022 09:23:24 GMT
server
myracloud
x-frame-options
SAMEORIGIN
sprite-6825441c.svg
www.s-publicservices.de/etc/designs/shared/static/images/svg/sparkasse/
71 KB
16 KB
Image
General
Full URL
https://www.s-publicservices.de/etc/designs/shared/static/images/svg/sparkasse/sprite-6825441c.svg
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/etc/designs/shared/clientlibs_standard.91a7959b1002599e07519c8a703ed3ae.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
76ae60b25983a4ae5b995a5c9d3ff40c4705e5d3232611702db9a339142c6e77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/etc/designs/shared/clientlibs_standard.91a7959b1002599e07519c8a703ed3ae.css

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
accept-encoding
cache-control
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:15 GMT
accept-ranges
bytes
content-length
16195
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
image/svg+xml
content-disposition
attachment
server
myracloud
last-modified
Wed, 10 Feb 2021 11:52:12 GMT
x-frame-options
SAMEORIGIN
1667395152211.jpg
www.s-publicservices.de/content/s-publicservices/de/startseite/leistungen/epayment/girocode/_jcr_content/top/text_and_image_copy/image.img.jpg/
47 KB
47 KB
Image
General
Full URL
https://www.s-publicservices.de/content/s-publicservices/de/startseite/leistungen/epayment/girocode/_jcr_content/top/text_and_image_copy/image.img.jpg/1667395152211.jpg
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
58e3373e1ab408cd2b4d4ba115401eb14a15d939b5f14e8f91228c7c50273e4c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:15 GMT
accept-ranges
bytes
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
image/jpeg
last-modified
Wed, 02 Nov 2022 13:19:12 GMT
server
myracloud
x-frame-options
SAMEORIGIN
1668006217788.png
www.s-publicservices.de/content/s-publicservices/de/startseite/leistungen/epayment/girocode/jcr:content/center/columns_copy_copy/col2/teaser_full_copy_cop_1425814763/image.img.original.png/
15 KB
16 KB
Image
General
Full URL
https://www.s-publicservices.de/content/s-publicservices/de/startseite/leistungen/epayment/girocode/jcr:content/center/columns_copy_copy/col2/teaser_full_copy_cop_1425814763/image.img.original.png/1668006217788.png
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
dec024cebaed470ad1918073a11c9e2390b5b4976f6687304cb29a22c46fd8ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=604800
x-content-type-options
nosniff
expires
Thu, 21 Nov 2024 06:56:15 GMT
accept-ranges
bytes
date
Thu, 14 Nov 2024 06:56:15 GMT
x-xss-protection
1; mode=block
content-type
image/png
last-modified
Wed, 09 Nov 2022 15:03:37 GMT
server
myracloud
x-frame-options
SAMEORIGIN
component.77.b284d89c5138570ccd34.chunk.js
www.s-publicservices.de/etc/designs/shared/static/scripts/application/components/
9 KB
3 KB
Script
General
Full URL
https://www.s-publicservices.de/etc/designs/shared/static/scripts/application/components/component.77.b284d89c5138570ccd34.chunk.js
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/etc/designs/shared/clientlibs_standard.048c6eeff3c3f442ff059b4954c2be81.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
00f1f6f272de1a6947746cd87c93d8a7bf5bee47a7f8d1d91da1c586544dec40
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
accept-encoding
cache-control
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:16 GMT
accept-ranges
bytes
content-length
3007
date
Thu, 14 Nov 2024 06:56:16 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
content-disposition
attachment
server
myracloud
last-modified
Tue, 28 Nov 2023 10:33:09 GMT
x-frame-options
SAMEORIGIN
component.28.f70391492e7300351a94.chunk.js
www.s-publicservices.de/etc/designs/shared/static/scripts/application/components/
4 KB
2 KB
Script
General
Full URL
https://www.s-publicservices.de/etc/designs/shared/static/scripts/application/components/component.28.f70391492e7300351a94.chunk.js
Requested by
Host: www.s-publicservices.de
URL: https://www.s-publicservices.de/etc/designs/shared/clientlibs_standard.048c6eeff3c3f442ff059b4954c2be81.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
b4484c288f64d42f31b756fc449d1bf11cccace94f205cb8d3ab0b79e9b7cbef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
accept-encoding
cache-control
max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:16 GMT
accept-ranges
bytes
content-length
1714
date
Thu, 14 Nov 2024 06:56:16 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
content-disposition
attachment
server
myracloud
last-modified
Mon, 05 Feb 2024 10:13:39 GMT
x-frame-options
SAMEORIGIN
privacy_v2_127.js
cdn.trustcommander.net/privacy/5394/
83 KB
23 KB
Script
General
Full URL
https://cdn.trustcommander.net/privacy/5394/privacy_v2_127.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M9ZCMJH&l=dataLayerGTM&gtm_auth=CtQVN6FtdXHs__1XRHziWw&gtm_preview=env-1&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.55 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F2) /
Resource Hash
46b0f7e2ec93a3c28d807cd32c9ffb183b576706d6b4ab7d2d29f9efb2f1d95c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/

Response headers

access-control-max-age
31536000
content-encoding
gzip
etag
"8284f7eacf7e638dfc6c488144dace92+gzip"
age
78997
access-control-allow-methods
HEAD, GET
x-cache
HIT
date
Thu, 14 Nov 2024 06:56:16 GMT
content-type
application/javascript
last-modified
Wed, 27 Sep 2023 14:38:36 GMT
vary
Accept-Encoding
x-amz-id-2
IpAG2vtF/sLhPeGRlA56Ue1RwCbszNzSRT6gdGeQZUYPUEhyleZbJtTe424GAZ7eHVYRJE+A4xA=
cache-control
max-age=86400, must-revalidate
x-cdn
edgio
x-amz-request-id
EADC5X9ZPHWPXDB9
access-control-allow-origin
*
content-length
22687
server
ECS (frb/67F2)
/
privacy.trustcommander.net/privacy-consent/
43 B
540 B
Ping
General
Full URL
https://privacy.trustcommander.net/privacy-consent/
Requested by
Host: cdn.trustcommander.net
URL: https://cdn.trustcommander.net/privacy/5394/privacy_v2_127.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.180.9.13 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-180-9-13.eu-west-3.compute.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.s-publicservices.de/

Response headers

cache-control
private, max-age=486000, pre-check=486000
pragma
private
Connection
keep-alive
access-control-allow-credentials
true
expires
Wed, 12 Feb 2025 06:56:16 GMT
access-control-allow-origin
https://www.s-publicservices.de
Content-Length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date
Thu, 14 Nov 2024 06:56:16 GMT
Content-Type
image/gif
vary
Origin
access-control-allow-headers
Content-Type
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
096f7f4e1114967f2e7102e883edebe113db4cb492889621dc120ffa4d60a256

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
favicon.ico
www.s-publicservices.de/etc/designs/shared/
4 KB
5 KB
Other
General
Full URL
https://www.s-publicservices.de/etc/designs/shared/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.5.82.130 , Germany, ASN (),
Reverse DNS
xb9055282.host.myracloud.com
Software
myracloud /
Resource Hash
489457bd142e708c03236d71f4aee3739fa5d7ecf6d6c9db2a61417b0ce0aadd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.s-publicservices.de/leistungen/epayment/girocode.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 06:56:16 GMT
accept-ranges
bytes
content-length
4286
date
Thu, 14 Nov 2024 06:56:16 GMT
x-xss-protection
1; mode=block
content-type
image/vnd.microsoft.icon
content-disposition
attachment
server
myracloud
last-modified
Wed, 27 Jun 2018 07:55:23 GMT
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparkasse (Banking)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayerGTM object| dataLayer object| webpackJsonp function| $ function| jQuery function| SearchIndex function| ComponentLoader object| fastdom object| google_tag_manager object| google_tag_data object| caReady function| cact string| tCPrivacyTagManager number| tc_privacy_used function| tC string| tcCategoriesConsent function| onOptOut function| tc_closePrivacyCenter

1 Cookies

Domain/Path Name / Value
.s-publicservices.de/ Name: TCPID
Value: 124114756165346887376

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.trustcommander.net
girocode.de
privacy.trustcommander.net
webfonts.sparkasse.de
www.googletagmanager.com
www.s-publicservices.de
172.217.18.8
185.5.82.130
192.229.233.55
35.180.9.13
46.163.91.67
78.46.166.187
00f1f6f272de1a6947746cd87c93d8a7bf5bee47a7f8d1d91da1c586544dec40
096f7f4e1114967f2e7102e883edebe113db4cb492889621dc120ffa4d60a256
2346f39094c06b30b671b406ac46742eb12d05dbf42c773e802853388393af31
31b837eb97fe55c6259999f9d99a9324d32db833fa1367b23a305c1d9d3e6ef1
3451eb34600e39c76e675fa00ccdd2114ad79b8dd8f90969eb9099c7979b9266
372882d973bb4af9445e2c4283b653db5701d2e21496c09229997093f4774fda
46b0f7e2ec93a3c28d807cd32c9ffb183b576706d6b4ab7d2d29f9efb2f1d95c
47f1f090a6096e54becd0fca9522b3bf82918dbbe73ffc1fb226c6c5d710cda1
489457bd142e708c03236d71f4aee3739fa5d7ecf6d6c9db2a61417b0ce0aadd
547acff31e762851c76731f8a2e6515efe212f14de4b929faea84f6efbed278e
58e3373e1ab408cd2b4d4ba115401eb14a15d939b5f14e8f91228c7c50273e4c
73312b97cb58541027a0d3b6809a26efee2c5d9e9a5c57ce08fe85c6042a3f02
76ae60b25983a4ae5b995a5c9d3ff40c4705e5d3232611702db9a339142c6e77
7a387150e2d9734a4c0a0ee83a213fd7f2ac416bffe55507afa176c85ba06ed5
8db41fe3da9ce118ee335b135c4f0a1dce27ad3374f3591acf3b28b6528f5653
a1526819ed10b3c4d9a1f6e956e673b47f295e58ac66e27391777e58e870331d
a3b6421bb0aa00df79bfade7561031c424e62cf04817cd8c4b081da6c9d793fd
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4484c288f64d42f31b756fc449d1bf11cccace94f205cb8d3ab0b79e9b7cbef
b5ce74891ea34c4687be470ebb88065558648d50a7df7fd25452645d001f32e6
dacb847661ec4d4ef564998290ddde9f616bc6cf92565f1cd5b486d419786596
dec024cebaed470ad1918073a11c9e2390b5b4976f6687304cb29a22c46fd8ec
ec3c703a5c513a5d8bc6c16a50f0e926ae46ed0dae8a3071366a71df2a3f9e87