urlscan.io logo urlscan.io
SecurityTrails logo

www.finanz.online.at.miningmoney.xyz Open in urlscan Pro
198.54.126.79  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.finanz.online.at.miningmoney.xyz/
Effective URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Submission: On January 19 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 17 HTTP transactions. The main IP is 198.54.126.79, located in Los Angeles, United States and belongs to NAMECHEAP-NET, US. The main domain is www.finanz.online.at.miningmoney.xyz.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 7th 2020. Valid for: 2 years.
This is the only time www.finanz.online.at.miningmoney.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 198.54.126.79 22612 (NAMECHEAP...)
13 85.158.224.242 8692 (BRZ)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
17 4
Domain Requested by
13 finanzonline.bmf.gv.at www.finanz.online.at.miningmoney.xyz
2 www.gstatic.com www.finanz.online.at.miningmoney.xyz
translate.googleapis.com
2 www.finanz.online.at.miningmoney.xyz 1 redirects
1 translate.googleapis.com www.finanz.online.at.miningmoney.xyz
17 4

This site contains links to these domains. Also see Links.

Domain
finanzonline.bmf.gv.at
www.bmf.gv.at
Subject Issuer Validity Valid
*.web-hosting.com
Sectigo RSA Domain Validation Secure Server CA		 2020-05-07 -
2022-04-05		 2 years crt.sh
finanzonline.at
Thawte EV RSA CA G2		 2020-07-08 -
2021-09-17		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Frame ID: 8F0D8FAEEAF39B660D7E4866C6876C0F
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.finanz.online.at.miningmoney.xyz/ HTTP 302
    https://www.finanz.online.at.miningmoney.xyz/FINANZ/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

17
Requests

94 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

491 kB
Transfer

501 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.finanz.online.at.miningmoney.xyz/ HTTP 302
    https://www.finanz.online.at.miningmoney.xyz/FINANZ/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.finanz.online.at.miningmoney.xyz/FINANZ/
Redirect Chain
  • https://www.finanz.online.at.miningmoney.xyz/
  • https://www.finanz.online.at.miningmoney.xyz/FINANZ/
10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.54.126.79 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server33-5.web-hosting.com
Software
Apache /
Resource Hash
0b3dd707347c590a20b8c6853cfde5da0e3a9d259587096961e3298f1bb0b861

Request headers

:method
GET
:authority
www.finanz.online.at.miningmoney.xyz
:scheme
https
:path
/FINANZ/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=090875361890b60c75cecf58edfe2603
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 19 Jan 2021 19:09:12 GMT
server
Apache
last-modified
Tue, 14 Jul 2020 13:55:24 GMT
accept-ranges
none
vary
Accept-Encoding
content-encoding
gzip
content-length
2982
content-type
text/html

Redirect headers

date
Tue, 19 Jan 2021 19:09:09 GMT
server
Apache
x-powered-by
PHP/7.2.34
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
set-cookie
PHPSESSID=090875361890b60c75cecf58edfe2603; path=/
location
./FINANZ/
content-length
0
content-type
text/html; charset=UTF-8
bootstrap.min.css
finanzonline.bmf.gv.at/fon/css/ 		116 KB
117 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/css/bootstrap.min.css
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
a0c07d682a31e5111987c789fb50d4e078cb3c1c5a05f0264b8189dc2a053116
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
118647
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
text/css
Keep-Alive
timeout=5, max=100
X-Content-Type-Options
nosniff
intro.css
finanzonline.bmf.gv.at/fon/css/ 		13 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/css/intro.css
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
485f46a6012b93520c103b9e8139f9660d8ed62418a8deacc6d4f4921abe27e7
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
13748
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
text/css
Keep-Alive
timeout=5, max=100
X-Content-Type-Options
nosniff
style.css
finanzonline.bmf.gv.at/fon/css/ 		10 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/css/style.css?v=1.2
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
ee89210c6c67dd0aad5e424c2749e2a907e852dfa30d62f70bc0e3da4d2c957a
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
10683
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
text/css
Keep-Alive
timeout=5, max=100
X-Content-Type-Options
nosniff
main.css
finanzonline.bmf.gv.at/fon/css/ 		121 KB
122 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/css/main.css
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
0e3b64af1d41b91ad911190e2f648548f80086dfa057910a64e93f0adf1b5c94
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
124041
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 05 Jan 2021 13:06:06 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
text/css
Keep-Alive
timeout=5, max=100
X-Content-Type-Options
nosniff
font-awesome-all.min.css
finanzonline.bmf.gv.at/fon/css/ 		53 KB
54 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/css/font-awesome-all.min.css
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
54456
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
text/css
Keep-Alive
timeout=5, max=100
X-Content-Type-Options
nosniff
translateelement.css
translate.googleapis.com/translate_static/css/ 		18 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://translate.googleapis.com/translate_static/css/translateelement.css
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 19 Jan 2021 18:54:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
855
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3619
x-xss-protection
0
last-modified
Wed, 12 Feb 2020 21:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 19 Jan 2021 19:54:57 GMT
finanzonline_at_Logo.svg
finanzonline.bmf.gv.at/fon/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://finanzonline.bmf.gv.at/fon/img/finanzonline_at_Logo.svg
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
c7de9ed506bcde43e9c444cf93a04ede87545e2afc85d1510c891455b25a6bb0
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
3626
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
image/svg+xml
Keep-Alive
timeout=5, max=99
X-Content-Type-Options
nosniff
bmf_logo.svg
finanzonline.bmf.gv.at/fon/img/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://finanzonline.bmf.gv.at/fon/img/bmf_logo.svg
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
4ebefa0fd9138c913f8fd156236a9da50750a9886b07918ef27e9703aeea8218
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
5061
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
image/svg+xml
Keep-Alive
timeout=5, max=98
X-Content-Type-Options
nosniff
fred.png
finanzonline.bmf.gv.at/fon/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://finanzonline.bmf.gv.at/fon/img/fred.png
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
3936369636c4a8d975cfdb10c35dfe4113ca942a06a7e42744ca2f8a4430ba99
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
1549
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
image/png
Keep-Alive
timeout=5, max=99
X-Content-Type-Options
nosniff
jquery.min.js
finanzonline.bmf.gv.at/fon/script/jquery/ 		86 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/script/jquery/jquery.min.js
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
88145
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
application/javascript
Keep-Alive
timeout=5, max=100
X-Content-Type-Options
nosniff
bootstrap.min.js
finanzonline.bmf.gv.at/fon/script/jquery/ 		39 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/script/jquery/bootstrap.min.js
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
a915d483b99af421f4813e6b60599b4e39faff120e54b5e9838386d4ae1a4c60
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
39685
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
application/javascript
Keep-Alive
timeout=5, max=99
X-Content-Type-Options
nosniff
fon-utils_v2.js
finanzonline.bmf.gv.at/fon/script/ 		14 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/script/fon-utils_v2.js?v=2.4
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
cc51d9bef3cc11a72af025d3aa82243b7ec8d3e8c53a8bb9f2861740725d06a0
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
14442
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
application/javascript
Keep-Alive
timeout=5, max=99
X-Content-Type-Options
nosniff
pw-util.js
finanzonline.bmf.gv.at/fon/script/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/script/pw-util.js?v=1.0
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
ea509db0a294a8395969631a9b22412aa894619fa5b959c363024d6adda9f8e6
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
1696
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
application/javascript
Keep-Alive
timeout=5, max=99
X-Content-Type-Options
nosniff
translate_24dp.png
www.gstatic.com/images/branding/product/1x/ 		825 B
886 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/product/1x/translate_24dp.png
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 19 Jan 2021 17:39:04 GMT
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
5408
vary
Origin
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
825
x-xss-protection
0
expires
Wed, 19 Jan 2022 17:39:04 GMT
print.css
finanzonline.bmf.gv.at/fon/css/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://finanzonline.bmf.gv.at/fon/css/print.css?v=1.3
Requested by
Host: www.finanz.online.at.miningmoney.xyz
URL: https://www.finanz.online.at.miningmoney.xyz/FINANZ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.158.224.242 Vienna, Austria, ASN8692 (BRZ, AT),
Reverse DNS
finanzonline.bmf.gv.at
Software
Apache /
Resource Hash
496b128d85ee93081c238e50e38132dcdd374ae59544d08d4cc5604174445f61
Security Headers
Name Value
Content-Security-Policy default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.finanz.online.at.miningmoney.xyz/FINANZ/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 19 Jan 2021 19:09:12 GMT
Vary
Origin
Connection
Keep-Alive
Content-Length
6074
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 23 Jun 2020 10:59:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Language
en-US
Access-Control-Allow-Origin
https://sso.finanzonline.bmf.gv.at
Content-Security-Policy
default-src 'self' moa.brz.gv.at chat.bmf.gv.at www.youtube.com secure.oesterreich.gv.at 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://chat.bmf.gv.at/ https://www.youtube.com; frame-ancestors 'self'; form-action 'self' eidas.bmi.gv.at 127.0.0.1:3496 www.handy-signatur.at moa.brz.gv.at; upgrade-insecure-requests;
Content-Type
text/css
Keep-Alive
timeout=5, max=99
X-Content-Type-Options
nosniff
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/product/2x/translate_24dp.png
Requested by
Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/css/translateelement.css
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://translate.googleapis.com/translate_static/css/translateelement.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 19 Jan 2021 17:39:04 GMT
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
5408
vary
Origin
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1847
x-xss-protection
0
expires
Wed, 19 Jan 2022 17:39:04 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| FonUtil function| demo

1 Cookies

Domain/Path Name / Value
www.finanz.online.at.miningmoney.xyz/ Name: PHPSESSID
Value: 090875361890b60c75cecf58edfe2603