tenarius-ro.com Open in urlscan Pro
2606:4700:3036::6815:32a5  Malicious Activity! Public Scan

URL: https://tenarius-ro.com/australiaa/taxation/services/index.php
Submission: On June 29 via automatic, source openphish — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3036::6815:32a5, located in United States and belongs to CLOUDFLARENET, US. The main domain is tenarius-ro.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 22nd 2022. Valid for: a year.
This is the only time tenarius-ro.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

IP Address AS Autonomous System
11 2606:4700:303... 13335 (CLOUDFLAR...)
12 2
Apex Domain
Subdomains
Transfer
11 tenarius-ro.com
tenarius-ro.com
134 KB
12 1
Domain Requested by
11 tenarius-ro.com tenarius-ro.com
12 1

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-04-22 -
2023-04-22
a year crt.sh

This page contains 1 frames:

Primary Page: https://tenarius-ro.com/australiaa/taxation/services/index.php
Frame ID: B9DDDBB9BFEF000864359FD023288311
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Sign-in - myGov

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

12
Requests

92 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

134 kB
Transfer

419 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.php
tenarius-ro.com/australiaa/taxation/services/
6 KB
3 KB
Document
General
Full URL
https://tenarius-ro.com/australiaa/taxation/services/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.33
Resource Hash
f1ed2a69766e0ed817906617c789fea87a936c60539091f9201cacadcd330e02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
722ed920ffcc9b9e-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 29 Jun 2022 13:00:59 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sYFvoe4p42AuoJKSZSz%2FCpkuYI8sSx565uJLPUamvIw740xWVmvaDYHy4ylZbJuQeDrdg1KuxV0jHNelszaxXHHf8mFZyl3l8G%2B0%2Bu8J8Doo2zmYv6RS1Bi5I72sFhYJan2Zl0SQ4l0248CDilI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.33
x-turbo-charged-by
LiteSpeed
dtagent_ICA23STVbjrx_7000100031020.js
tenarius-ro.com/australiaa/taxation/services/js/
100 KB
41 KB
Script
General
Full URL
https://tenarius-ro.com/australiaa/taxation/services/js/dtagent_ICA23STVbjrx_7000100031020.js
Requested by
Host: tenarius-ro.com
URL: https://tenarius-ro.com/australiaa/taxation/services/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4da13382bf6de23d6e0f53ea758a945c5550866f5c0590143053bd1c6f371dca
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:00:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
42290
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Jun 2022 21:48:06 GMT
server
cloudflare
etag
W/"191f3-62bb7716-c5916eaf9405655;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5yAiM1SHsPacBPMjhXbRGQYhokpMyq%2Bi9kGbDR9LdnL%2B1Hm93rkLelY5LKcdeFIKIoG09PjDsv65%2Bej%2B9dJmTLh3scU%2F5u8Ajpj7tGfg8vdworTWpUcGH9GjYOC0TC3NewEM%2FhSwB%2FzgF5SkGRY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
content-security-policy
upgrade-insecure-requests
cf-ray
722ed925984b9b9e-FRA
expires
Wed, 06 Jul 2022 01:16:09 GMT
mgv2-application.css
tenarius-ro.com/australiaa/taxation/services/css/
79 KB
15 KB
Stylesheet
General
Full URL
https://tenarius-ro.com/australiaa/taxation/services/css/mgv2-application.css
Requested by
Host: tenarius-ro.com
URL: https://tenarius-ro.com/australiaa/taxation/services/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
544d046a6d55109b5c84c23561d08fc9653e962a3d9e5744c807f142971b1fc9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:00:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
42290
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Jun 2022 21:48:06 GMT
server
cloudflare
etag
W/"13d4c-62bb7716-8fc177884e30da05;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EoOyVTw6%2B6vv4l4uyU95szlrmiNhmyrlObIdD46EUzaMd7ptb3mNRgr429MOb6it1RSHqeTJRegbLrzGULJIbUVhaFZgpQC9V512bQw1vuE3F3vhPWjcyqV9hdKTh4l4qOXDGXmqu%2FN3d%2BXnD3g%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
content-security-policy
upgrade-insecure-requests
cf-ray
722ed925984e9b9e-FRA
expires
Wed, 06 Jul 2022 01:16:09 GMT
austgovt-inline-white.svg
tenarius-ro.com/australiaa/taxation/services/
113 KB
34 KB
Image
General
Full URL
https://tenarius-ro.com/australiaa/taxation/services/austgovt-inline-white.svg
Requested by
Host: tenarius-ro.com
URL: https://tenarius-ro.com/australiaa/taxation/services/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:00:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
42291
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Jun 2022 21:48:06 GMT
server
cloudflare
etag
W/"1c460-62bb7716-5ac96fe067e8ccb;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Be0zFyglR0WzQX8pfHLDdLz8jttDmi1iHO%2FKL17YCZuO8AFmveCde3kGRESyfy2Uu1j4kdiLNklaF%2BMUViZOriZ27ZuwZ%2FBVGqFonx%2Brk2pGYFCqQQySxZ4ulUq8x48kzDhiPbYD94EwwbrZf0s%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
content-security-policy
upgrade-insecure-requests
cf-ray
722ed925fcdf8fda-FRA
expires
Wed, 06 Jul 2022 01:16:07 GMT
mygov-logo.svg
tenarius-ro.com/australiaa/taxation/services/
2 KB
2 KB
Image
General
Full URL
https://tenarius-ro.com/australiaa/taxation/services/mygov-logo.svg
Requested by
Host: tenarius-ro.com
URL: https://tenarius-ro.com/australiaa/taxation/services/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:00:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
42291
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Jun 2022 21:48:06 GMT
server
cloudflare
etag
W/"8a1-62bb7716-62011d36cbce8bef;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U3sPMTFlPYJGJ7BDN29MVza0LgVIQKOLFL%2BIbWXJ%2FRDPJIfucOYoZy95Gn9%2FC8nmQfUBUDCwOGcQKB%2BjwzmgTNTfJHULF6tUNG2GHsEnMkBiZAqabIahihML6r5Q3fgBVPnfZVBUriEisM4dR8Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
content-security-policy
upgrade-insecure-requests
cf-ray
722ed925fce08fda-FRA
expires
Wed, 06 Jul 2022 01:16:07 GMT
austgovt-inline.svg
tenarius-ro.com/australiaa/taxation/services/
113 KB
34 KB
Image
General
Full URL
https://tenarius-ro.com/australiaa/taxation/services/austgovt-inline.svg
Requested by
Host: tenarius-ro.com
URL: https://tenarius-ro.com/australiaa/taxation/services/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f123bda4af8b57bf1a683920703c7841ba38aa4a98c02ef01b92d2b1d2696132
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:00:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
42291
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Jun 2022 21:48:06 GMT
server
cloudflare
etag
W/"1c45e-62bb7716-c23a73484122dfaf;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pspl7amxdxmw5myPjTsVoOFZQTb%2FLHPQA6etFj5xAdd%2B1aq80uiB%2BHODfkQ8oNhfqpa78MoPKw7KBEENuNlnA6OmVZr%2ByZsisyAtJUojxlans16NQvng03m5PkLsBB1N4zUxvFxOPsdB8KcywLY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
content-security-policy
upgrade-insecure-requests
cf-ray
722ed925fce18fda-FRA
expires
Wed, 06 Jul 2022 01:16:07 GMT
mgv2-vendor.js
tenarius-ro.com/mygov/content/mgv2/js/
0
0
Script
General
Full URL
https://tenarius-ro.com/mygov/content/mgv2/js/mgv2-vendor.js
Requested by
Host: tenarius-ro.com
URL: https://tenarius-ro.com/australiaa/taxation/services/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:00:59 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Fri, 29 Apr 2022 18:50:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2BJsKZfGz%2FTJl0slMJV0CI%2BU18Tlb8PXx%2BMO7IzxJjVxZI%2BaBfLvIe0pS1l5rzvFc7pzqqAmVrUhE3DJnLHVJjVDkw%2BZiItD2RhIDROLGHyB23K3m4OaovTiokXmkdyYOkSJPgvISs6AwgskJ8c%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-turbo-charged-by
LiteSpeed
cf-ray
722ed925dcbf8fda-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
mgv2-application.js
tenarius-ro.com/mygov/content/mgv2/js/
0
0
Script
General
Full URL
https://tenarius-ro.com/mygov/content/mgv2/js/mgv2-application.js
Requested by
Host: tenarius-ro.com
URL: https://tenarius-ro.com/australiaa/taxation/services/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:00:59 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Fri, 29 Apr 2022 18:50:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uq8mwJ6HFgGzY%2BOBsN90XnXANkxAi0vHDIE74Ay03foh%2Bmm1sDCjy%2FPWRNaxqVhXV6ka5pwsPk9mZ94bjo4xjBX%2BwH%2Ftfk4tuSK%2FFir63HsU3KdEHxTDU7Z3vgaMcMQZ6WXqMvIqZ002fhfa22c%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-turbo-charged-by
LiteSpeed
cf-ray
722ed925ecc88fda-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
login.js
tenarius-ro.com/mygov/content/mgv2/js/
0
0
Script
General
Full URL
https://tenarius-ro.com/mygov/content/mgv2/js/login.js
Requested by
Host: tenarius-ro.com
URL: https://tenarius-ro.com/australiaa/taxation/services/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:00:59 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Fri, 29 Apr 2022 18:50:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kL1Sh1nWM%2BRFVoTkYXkWrleNS1B2MKYUXGCYJfKLGErXOOHhaXBKrxcu%2BriK8EsTaxf47ARIyfggqYNb3cW9ajyFmoeCsz4Fl7gYFxm4%2FNwvM71TeNy6sIX9Wxv6%2BETdyKCczjmY77BL1yNqSj4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-turbo-charged-by
LiteSpeed
cf-ray
722ed925fcde8fda-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
dynaTraceMonitor
tenarius-ro.com/LoginServices/main/
2 KB
2 KB
XHR
General
Full URL
https://tenarius-ro.com/LoginServices/main/dynaTraceMonitor?type=js&session=R8EU51BEN8M8UAI312M2E36RGFGD5DSP&flavor=post&referer=https%3A%2F%2Ftenarius-ro.com%2Faustraliaa%2Ftaxation%2Fservices%2Findex.php&app=MyGov&format=lzw
Requested by
Host: tenarius-ro.com
URL: https://tenarius-ro.com/australiaa/taxation/services/js/dtagent_ICA23STVbjrx_7000100031020.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e

Request headers

Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
application/octet-stream

Response headers

date
Wed, 29 Jun 2022 13:01:00 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Fri, 29 Apr 2022 18:50:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3uBm3drjAEi4e0Pci3cIUdUketvuPJnJpoeSispn8NC08z1YqLW2mjfOugPRLtEkX9dZW9d9CULXxBLwBy1oA6eOEEPYj57fZkijfmDBdr%2FvqTnxQVeNu9T15uwh9wRYHP6y1U5j6xbVGRqdhI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-turbo-charged-by
LiteSpeed
cf-ray
722ed92c6b298fda-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
dynaTraceMonitor
tenarius-ro.com/LoginServices/main/
2 KB
2 KB
Image
General
Full URL
https://tenarius-ro.com/LoginServices/main/dynaTraceMonitor?bwstate=0&unique=1656507661284&flavor=bandwidth
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:32a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tenarius-ro.com/australiaa/taxation/services/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 29 Jun 2022 13:01:01 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Fri, 29 Apr 2022 18:50:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fprJl48qlEoArKjeDd%2B%2FwkSqdcPXHj%2F8aj9RUXcdC%2F72li7SYiSkQBli97TUS%2B11JL1hSldaPeJi4S%2FbCyBGeLv7XwKmgGl5m3BI1GksdYxW1Pn5DFaIGNqDJsrBJ0pNJ39IuKue7hGB3B1%2FnYI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-turbo-charged-by
LiteSpeed
cf-ray
722ed93308bf8fda-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
dynaTraceMonitor
tenarius-ro.com/LoginServices/main/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
tenarius-ro.com
URL
https://tenarius-ro.com/LoginServices/main/dynaTraceMonitor?type=js&session=R8EU51BEN8M8UAI312M2E36RGFGD5DSP&flavor=post&referer=https%3A%2F%2Ftenarius-ro.com%2Faustraliaa%2Ftaxation%2Fservices%2Findex.php&app=MyGov&format=lzw

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| a object| dT_ object| dynaTrace

5 Cookies

Domain/Path Name / Value
tenarius-ro.com/ Name: PHPSESSID
Value: 845728b9d55255e06a1b96da8b952bce
tenarius-ro.com/ Name: dtSa
Value: -
tenarius-ro.com/ Name: dtLatC
Value: 37
tenarius-ro.com/ Name: dtPC
Value: -
tenarius-ro.com/ Name: dtCookie
Value: R8EU51BEN8M8UAI312M2E36RGFGD5DSP

5 Console Messages

Source Level URL
Text
network error URL: https://tenarius-ro.com/mygov/content/mgv2/js/mgv2-vendor.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://tenarius-ro.com/mygov/content/mgv2/js/mgv2-application.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://tenarius-ro.com/mygov/content/mgv2/js/login.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://tenarius-ro.com/LoginServices/main/dynaTraceMonitor?type=js&session=R8EU51BEN8M8UAI312M2E36RGFGD5DSP&flavor=post&referer=https%3A%2F%2Ftenarius-ro.com%2Faustraliaa%2Ftaxation%2Fservices%2Findex.php&app=MyGov&format=lzw
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://tenarius-ro.com/LoginServices/main/dynaTraceMonitor?bwstate=0&unique=1656507661284&flavor=bandwidth
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests