www.s-publicservices.de
Open in
urlscan Pro
185.5.82.130
Malicious Activity!
Public Scan
Effective URL: https://www.s-publicservices.de/leistungen/epayment/girocode.html
Submission: On November 14 via api from US — Scanned from DE
Summary
TLS certificate: Issued by D-TRUST SSL Class 3 CA 1 2009 on March 14th 2024. Valid for: a year.
This is the only time www.s-publicservices.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 46.163.91.67 46.163.91.67 | () () | |
1 15 | 185.5.82.130 185.5.82.130 | () () | |
5 | 78.46.166.187 78.46.166.187 | () () | |
1 | 172.217.18.8 172.217.18.8 | 15169 (GOOGLE) (GOOGLE) | |
1 | 192.229.233.55 192.229.233.55 | 15133 (EDGECAST) (EDGECAST) | |
1 | 35.180.9.13 35.180.9.13 | 16509 (AMAZON-02) (AMAZON-02) | |
22 | 6 |
ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f8.1e100.net
www.googletagmanager.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-180-9-13.eu-west-3.compute.amazonaws.com
privacy.trustcommander.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
s-publicservices.de
1 redirects
www.s-publicservices.de |
673 KB |
5 |
sparkasse.de
webfonts.sparkasse.de |
131 KB |
2 |
trustcommander.net
cdn.trustcommander.net — Cisco Umbrella Rank: 48937 privacy.trustcommander.net — Cisco Umbrella Rank: 81085 |
23 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64 |
94 KB |
1 |
girocode.de
1 redirects
girocode.de |
412 B |
22 | 5 |
Domain | Requested by | |
---|---|---|
15 | www.s-publicservices.de |
1 redirects
www.s-publicservices.de
|
5 | webfonts.sparkasse.de |
www.s-publicservices.de
|
1 | privacy.trustcommander.net |
cdn.trustcommander.net
|
1 | cdn.trustcommander.net |
www.googletagmanager.com
|
1 | www.googletagmanager.com |
www.s-publicservices.de
|
1 | girocode.de | 1 redirects |
22 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.girocockpit.de |
portal.dsv-gruppe.de |
www.girocode.de |
www.linkedin.com |
www.facebook.com |
twitter.com |
prod.osapiens.cloud |
Subject Issuer | Validity | Valid | |
---|---|---|---|
s-publicservices.de D-TRUST SSL Class 3 CA 1 2009 |
2024-03-14 - 2025-03-17 |
a year | crt.sh |
webfonts.sparkasse.de D-TRUST SSL Class 3 CA 1 2009 |
2024-10-08 - 2025-10-10 |
a year | crt.sh |
*.google-analytics.com WR2 |
2024-10-21 - 2025-01-13 |
3 months | crt.sh |
cdn.tagcommander.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-02-23 - 2025-03-25 |
a year | crt.sh |
*.trustcommander.net Thawte TLS RSA CA G1 |
2024-02-14 - 2025-03-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.s-publicservices.de/leistungen/epayment/girocode.html
Frame ID: 50AC3E597987631E5DF2ABA28714B0FE
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
GiroCode: schnelles & einfaches Bezahlen mit QR-Code - S-Public ServicesPage URL History Show full URLs
-
http://girocode.de/
HTTP 307
https://girocode.de/ HTTP 301
https://www.s-publicservices.de/leistungen/girocode HTTP 301
http://www.s-publicservices.de/leistungen/epayment/girocode.html HTTP 307
https://www.s-publicservices.de/leistungen/epayment/girocode.html Page URL
Detected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- /etc/designs/
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: GiroCockpit
Search URL Search Domain Scan URL
Title: Sparkassen-Login
Search URL Search Domain Scan URL
Title: Zum GiroCode Generator
Search URL Search Domain Scan URL
Title: LinkedIn
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Meldestelle
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://girocode.de/
HTTP 307
https://girocode.de/ HTTP 301
https://www.s-publicservices.de/leistungen/girocode HTTP 301
http://www.s-publicservices.de/leistungen/epayment/girocode.html HTTP 307
https://www.s-publicservices.de/leistungen/epayment/girocode.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
girocode.html
www.s-publicservices.de/leistungen/epayment/ Redirect Chain
|
78 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibs_vendor.5b5ed128618b5643458bb9a3bccb8802.css
www.s-publicservices.de/etc/designs/shared/ |
29 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibs_standard.91a7959b1002599e07519c8a703ed3ae.css
www.s-publicservices.de/etc/designs/shared/ |
534 KB 66 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibs_vendor.8c29d40571162d165aa9c39f9fb795ca.js
www.s-publicservices.de/etc/designs/shared/ |
1 KB 890 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibs_standard.048c6eeff3c3f442ff059b4954c2be81.js
www.s-publicservices.de/etc/designs/shared/ |
978 KB 269 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sparkasse_web_Rg.woff2
webfonts.sparkasse.de/ |
31 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sparkasse_web_It.woff2
webfonts.sparkasse.de/ |
24 KB 24 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SparkasseHead_web_Rg.woff2
webfonts.sparkasse.de/ |
24 KB 25 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sparkasse_web_Bd.woff2
webfonts.sparkasse.de/ |
27 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sparkasse_web_Lt.woff2
webfonts.sparkasse.de/ |
23 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1688651575000.png
www.s-publicservices.de/content/s-publicservices/de/hauptnavigation/_jcr_content/meta-navigation/image.img.png/ |
21 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
296 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1646219970066.png
www.s-publicservices.de/content/s-publicservices/de/hauptnavigation/jcr:content/meta-navigation/link_logo/image.img.png/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1667553804803.jpg
www.s-publicservices.de/content/s-publicservices/de/startseite/leistungen/epayment/girocode/jcr:content/opener/slides/slide1/image.img.original.jpg/ |
188 KB 189 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite-6825441c.svg
www.s-publicservices.de/etc/designs/shared/static/images/svg/sparkasse/ |
71 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1667395152211.jpg
www.s-publicservices.de/content/s-publicservices/de/startseite/leistungen/epayment/girocode/_jcr_content/top/text_and_image_copy/image.img.jpg/ |
47 KB 47 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1668006217788.png
www.s-publicservices.de/content/s-publicservices/de/startseite/leistungen/epayment/girocode/jcr:content/center/columns_copy_copy/col2/teaser_full_copy_cop_1425814763/image.img.original.png/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
component.77.b284d89c5138570ccd34.chunk.js
www.s-publicservices.de/etc/designs/shared/static/scripts/application/components/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
component.28.f70391492e7300351a94.chunk.js
www.s-publicservices.de/etc/designs/shared/static/scripts/application/components/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
privacy_v2_127.js
cdn.trustcommander.net/privacy/5394/ |
83 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
privacy.trustcommander.net/privacy-consent/ |
43 B 540 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
www.s-publicservices.de/etc/designs/shared/ |
4 KB 5 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| dataLayerGTM object| dataLayer object| webpackJsonp function| $ function| jQuery function| SearchIndex function| ComponentLoader object| fastdom object| google_tag_manager object| google_tag_data object| caReady function| cact string| tCPrivacyTagManager number| tc_privacy_used function| tC string| tcCategoriesConsent function| onOptOut function| tc_closePrivacyCenter1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.s-publicservices.de/ | Name: TCPID Value: 124114756165346887376 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.trustcommander.net
girocode.de
privacy.trustcommander.net
webfonts.sparkasse.de
www.googletagmanager.com
www.s-publicservices.de
172.217.18.8
185.5.82.130
192.229.233.55
35.180.9.13
46.163.91.67
78.46.166.187
00f1f6f272de1a6947746cd87c93d8a7bf5bee47a7f8d1d91da1c586544dec40
096f7f4e1114967f2e7102e883edebe113db4cb492889621dc120ffa4d60a256
2346f39094c06b30b671b406ac46742eb12d05dbf42c773e802853388393af31
31b837eb97fe55c6259999f9d99a9324d32db833fa1367b23a305c1d9d3e6ef1
3451eb34600e39c76e675fa00ccdd2114ad79b8dd8f90969eb9099c7979b9266
372882d973bb4af9445e2c4283b653db5701d2e21496c09229997093f4774fda
46b0f7e2ec93a3c28d807cd32c9ffb183b576706d6b4ab7d2d29f9efb2f1d95c
47f1f090a6096e54becd0fca9522b3bf82918dbbe73ffc1fb226c6c5d710cda1
489457bd142e708c03236d71f4aee3739fa5d7ecf6d6c9db2a61417b0ce0aadd
547acff31e762851c76731f8a2e6515efe212f14de4b929faea84f6efbed278e
58e3373e1ab408cd2b4d4ba115401eb14a15d939b5f14e8f91228c7c50273e4c
73312b97cb58541027a0d3b6809a26efee2c5d9e9a5c57ce08fe85c6042a3f02
76ae60b25983a4ae5b995a5c9d3ff40c4705e5d3232611702db9a339142c6e77
7a387150e2d9734a4c0a0ee83a213fd7f2ac416bffe55507afa176c85ba06ed5
8db41fe3da9ce118ee335b135c4f0a1dce27ad3374f3591acf3b28b6528f5653
a1526819ed10b3c4d9a1f6e956e673b47f295e58ac66e27391777e58e870331d
a3b6421bb0aa00df79bfade7561031c424e62cf04817cd8c4b081da6c9d793fd
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4484c288f64d42f31b756fc449d1bf11cccace94f205cb8d3ab0b79e9b7cbef
b5ce74891ea34c4687be470ebb88065558648d50a7df7fd25452645d001f32e6
dacb847661ec4d4ef564998290ddde9f616bc6cf92565f1cd5b486d419786596
dec024cebaed470ad1918073a11c9e2390b5b4976f6687304cb29a22c46fd8ec
ec3c703a5c513a5d8bc6c16a50f0e926ae46ed0dae8a3071366a71df2a3f9e87