online-finanzministerium.com
Open in
urlscan Pro
104.21.7.247
Malicious Activity!
Public Scan
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On March 19 via api from IT — Scanned from IT
Summary
This is the only time online-finanzministerium.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ELSTER (Tax)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
26 | 104.21.7.247 104.21.7.247 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
online-finanzministerium.com
online-finanzministerium.com |
850 KB |
26 | 1 |
Domain | Requested by | |
---|---|---|
26 | online-finanzministerium.com |
online-finanzministerium.com
|
26 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
elster.de |
testen.bitv-test.de |
www.elster.de |
forum.elster.de |
twitter.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://online-finanzministerium.com/
Frame ID: DF08FBBD94B9B9028AB425DA45E4A930
Requests: 26 HTTP requests in this frame
22 Outgoing links
These are links going to different origins than the main page.
Title: ELSTER Ihr Online-Finanzamt
Search URL Search Domain Scan URL
Title: Hilfe
Search URL Search Domain Scan URL
Title: Aktuelles
Search URL Search Domain Scan URL
Title: Rechtliches
Search URL Search Domain Scan URL
Title: Nutzen und Vorteile
Search URL Search Domain Scan URL
Title: Sicherheit
Search URL Search Domain Scan URL
Title: Inhalte in Leichter Sprache
Search URL Search Domain Scan URL
Title: Presse und Medien
Search URL Search Domain Scan URL
Title: Systemanforderungen
Search URL Search Domain Scan URL
Title: MeinELSTER+
Search URL Search Domain Scan URL
Title: ElsterSecure
Search URL Search Domain Scan URL
Title: ELSTER-Unternehmenskonto
Search URL Search Domain Scan URL
Title: ISO 27001 Sicherheit im Verfahren ELSTER
Search URL Search Domain Scan URL
Title: Sie verlassen die Seite Vom BIK geprüfter Webauftritt
Search URL Search Domain Scan URL
Title: Sie verlassen die Seite Von capito geprüfte Leichte Sprache
Search URL Search Domain Scan URL
Title: Forum Sie verlassen die Seite
Search URL Search Domain Scan URL
Title: Hilfe, FAQ
Search URL Search Domain Scan URL
Title: Kontakt
Search URL Search Domain Scan URL
Title: Twitter Sie verlassen die Seite
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Barrierefreiheit
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
online-finanzministerium.com/ |
236 KB 32 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eop.css
online-finanzministerium.com/eportal/styles/ |
572 KB 70 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
head.js
online-finanzministerium.com/eportal/scripts/ |
79 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
print.css
online-finanzministerium.com/eportal/styles/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frontend.js
online-finanzministerium.com/eportal/js/ |
32 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
forge.js
online-finanzministerium.com/eportal/js/ |
287 KB 77 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jeans.js
online-finanzministerium.com/eportal/js/ |
138 KB 34 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gunzip.min.js
online-finanzministerium.com/eportal/js/ |
13 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gzip.min.js
online-finanzministerium.com/eportal/js/ |
14 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jszip.min.js
online-finanzministerium.com/eportal/js/ |
95 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FileSaver.min.js
online-finanzministerium.com/eportal/js/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elsterSecurityUtil.js
online-finanzministerium.com/eportal/js/ |
14 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elsterAuthenticator.js
online-finanzministerium.com/eportal/js/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
keyHandlers.js
online-finanzministerium.com/eportal/js/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eol_regsoftpseeop_1_4.9.js
online-finanzministerium.com/eportal/er-js/ |
38 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustr-apply_edit_delete.png
online-finanzministerium.com/eportal/img/ |
585 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BSI-IGZ-0530-2022_RGB.png
online-finanzministerium.com/eportal/attachments/footer/ |
104 KB 105 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bik-95-plus-logo.png
online-finanzministerium.com/eportal/attachments/footer/ |
20 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LL_A1.jpg
online-finanzministerium.com/eportal/attachments/footer/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app-form.js
online-finanzministerium.com/eportal/scripts/ |
1 MB 251 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
link_extern.svg
online-finanzministerium.com/eportal/img/ |
244 B 998 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite_eop.svg
online-finanzministerium.com/eportal/styles/svg/ |
198 KB 29 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open-sans-v13-latin-600.woff2
online-finanzministerium.com/eportal/styles/fonts/opensans/ |
16 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open-sans-v13-latin-700.woff2
online-finanzministerium.com/eportal/styles/fonts/opensans/ |
16 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open-sans-v13-latin-regular.woff2
online-finanzministerium.com/eportal/styles/fonts/opensans/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
online-finanzministerium.com/ |
236 KB 32 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ELSTER (Tax)80 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| standaloneScriptsRegistry object| darkmode function| initEruValidation object| elster object| $jscomp function| $jscomp$lookupPolyfilledValue object| forge function| $L object| jeans object| Zlib function| setImmediate function| clearImmediate function| JSZip function| saveAs object| FileSaver function| checkEnter function| enterPressed function| selectEnter object| FEHLER_MELDUNGEN object| DEZIMAL_TRENNER number| MAX_WERT_LAENGE function| fehlerHandler function| trim function| normalize function| leer_eol_regsoftpseeop_1 function| wertZuLang_eol_regsoftpseeop_1 function| fuegeWertInFehlerText function| val_eol_regsoftpseeop_1_Predefined function| checkLaengeUndVorkomma_eol_regsoftpseeop_1 function| val_eol_regsoftpseeop_1_String function| val_eol_regsoftpseeop_1_StringMax function| val_eol_regsoftpseeop_1_StringMuster function| val_eol_regsoftpseeop_1_Datum function| val_eol_regsoftpseeop_1_DatumBereich function| eol_regsoftpseeop_1fehlerTextZahlUngueltigeZeichen function| eol_regsoftpseeop_1fehlerTextGBCUngueltigeZeichen function| eol_regsoftpseeop_1fehlerTextNullNichtErlaubt function| val_eol_regsoftpseeop_1_GBMitCent function| val_eol_regsoftpseeop_1_GBOhneCent function| val_eol_regsoftpseeop_1_Zahl function| val_eol_regsoftpseeop_1_keinePruefung function| eol_regsoftpseeop_1BenutzernameValidate_de_DE function| eol_regsoftpseeop_1BenutzernameValidate_en_US function| eol_regsoftpseeop_1EmailValidate_de_DE function| eol_regsoftpseeop_1EmailValidate_en_US function| eol_regsoftpseeop_1GeburtsdatumValidate_de_DE function| eol_regsoftpseeop_1GeburtsdatumValidate_en_US function| eol_regsoftpseeop_1IdentifikationsnummerValidate_de_DE function| eol_regsoftpseeop_1IdentifikationsnummerValidate_en_US function| eol_regsoftpseeop_1HinweisPostalischeZustellungValidate_de_DE function| eol_regsoftpseeop_1HinweisPostalischeZustellungValidate_en_US function| eol_regsoftpseeop_1SicherheitsabfrageValidate_de_DE function| eol_regsoftpseeop_1SicherheitsabfrageValidate_en_US function| eol_regsoftpseeop_1SicherheitsantwortValidate_de_DE function| eol_regsoftpseeop_1SicherheitsantwortValidate_en_US function| eol_regsoftpseeop_1DateninhaberIdNrValidate_de_DE function| eol_regsoftpseeop_1DateninhaberIdNrValidate_en_US function| eol_regsoftpseeop_1DateninhaberGeburtstagValidate_de_DE function| eol_regsoftpseeop_1DateninhaberGeburtstagValidate_en_US function| eol_regsoftpseeop_1GueltigBisValidate_de_DE function| eol_regsoftpseeop_1GueltigBisValidate_en_US function| eol_regsoftpseeop_1DateninhaberOrdnungsbegriffValidate_de_DE function| eol_regsoftpseeop_1DateninhaberOrdnungsbegriffValidate_en_US function| eol_regsoftpseeop_1VeranlagungszeitraumAuswahlValidate_de_DE function| eol_regsoftpseeop_1VeranlagungszeitraumAuswahlValidate_en_US function| eol_regsoftpseeop_1JahrValidate_de_DE function| eol_regsoftpseeop_1JahrValidate_en_US function| eol_regsoftpseeop_1VonValidate_de_DE function| eol_regsoftpseeop_1VonValidate_en_US function| eol_regsoftpseeop_1BisValidate_de_DE function| eol_regsoftpseeop_1BisValidate_en_US function| eol_regsoftpseeop_1TeilnahmeDatenabruferValidate_de_DE function| eol_regsoftpseeop_1TeilnahmeDatenabruferValidate_en_US function| eol_regsoftpseeop_1TageValidate_de_DE function| eol_regsoftpseeop_1TageValidate_en_US function| eol_regsoftpseeop_1StundenValidate_de_DE function| eol_regsoftpseeop_1StundenValidate_en_US function| eol_regsoftpseeop_1MinutenValidate_de_DE function| eol_regsoftpseeop_1MinutenValidate_en_US object| app0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
online-finanzministerium.com
104.21.7.247
017b56c659402227ab652b47326a0da92354f152b8df0c14a1a0c45202ed3b10
070795686302d9fb804a28a5d2c5623ee4d96562d9d492fbc3615ffd8ec3331d
22a97d4ddcc48fdfc1bb7b7ef7b7853723f90acd7d3ebb03c199b79f12c0c2e1
24a1bb703dc8db272c816b8f15d5bcffe37c24c73dd29df24731948ad274e4a5
2a0490a56f4ccf8ef628a1768992f5d9183ab205d80eee4d213b5651450b51a5
2ed41f7e484a545326b545fe8355955e915f652220992cc07aa2f94606a81f46
3a9d9455d3dc2792c0deee856f304a8b88f8f779ab8d5f862dafcd67470c44c1
3d60ba511e4d86fc1cf279a939c691e0b2492b626262f3906cf37949bc698127
45f6116ab5030ce2d7fcd7fe4bc39bcdd4a3b664628e8c730580bfeae67b25d1
48cf2f6cf886cf81124ec9f7d890d13a20b458366cc6023c529af82936bb060a
586ac2dc272c7e4c42360ffcf21c38f608ef00468e513296663d1f773ed48836
5b84e28989fe32c1ea94e868b243db374df2611682d6daaf94697cfe0930a07b
5e7ccd0775a3c14d92638768cd716e7fbe0c9104b1a9193d6ca44339a5e9da7c
60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5
63db77fbc069d3585be30b5f27c1b609d5e74cf7d1dcdd0baa2f739a9def5bfa
6802ffd054ee088af35ecc5b30a9091c6fcad6a047b08ecbe58b15ae1f6b275e
76b139d32dee6649d30981c833cf73de16c7fba4afab96d4b3cecb4b62ca1822
79fc161cd288d863df1a2f0dbc4311b8aeec7512fd8a70b24a374939a5e23005
8e275839daad26dd23389bb07c1571d927ea50eda3e6d035dabc0ab6212882ed
949c9e55b2f575775c51ccfd85f2c8df3c5a824c291cbe347030110c19867ff9
956309cced84eb6465eef93f2431642adf3d78cd523b392a42e718202c7f718e
ac6c8a9f2894e3142054e1bd77855fbb684eb7a2d5254d4d7787a57713b642ee
acc7e41455a80765b5fd9c7ee1b8078a6d160bbbca455aeae854de65c947d59e
efc029e0546f49ed87c043e09393a995468c2ab1a139332b3aca0fdbe93fe51e
f164941997fbc7f7ed7d2a7c3e86b997d647f1910d93fdc2462dd86fd5affa48