urlscan.io logo urlscan.io
SecurityTrails logo

sts.sainsburys.co.uk Open in urlscan Pro
109.94.138.132  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://igloo.nectar360.co.uk/
Effective URL: https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8...
Submission: On March 08 via manual from IL — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 109.94.138.132, located in Halling, United Kingdom and belongs to SAINSBURYS-NET, GB. The main domain is sts.sainsburys.co.uk.
TLS certificate: Issued by Entrust Certification Authority - L1K on December 29th 2021. Valid for: a year.
This is the only time sts.sainsburys.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 65.9.78.127 16509 (AMAZON-02)
2 5 20.190.159.138 8075 (MICROSOFT...)
4 109.94.138.132 39060 (SAINSBURY...)
11 3
Apex Domain
Subdomains		 Transfer
5 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 28
65 KB
4 sainsburys.co.uk
sts.sainsburys.co.uk
199 KB
4 nectar360.co.uk
igloo.nectar360.co.uk
2 MB
11 3
Domain Requested by
5 login.microsoftonline.com 2 redirects igloo.nectar360.co.uk
4 sts.sainsburys.co.uk igloo.nectar360.co.uk
sts.sainsburys.co.uk
4 igloo.nectar360.co.uk igloo.nectar360.co.uk
login.microsoftonline.com
11 3

This site contains links to these domains. Also see Links.

Domain
passwordreset.microsoftonline.com
Subject Issuer Validity Valid
igloo.nectar360.co.uk
Amazon		 2022-02-23 -
2023-03-24		 a year crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2022-03-03 -
2023-03-03		 a year crt.sh
sts.sainsburys.co.uk
Entrust Certification Authority - L1K		 2021-12-29 -
2023-01-27		 a year crt.sh

This page contains 2 frames:

Primary Page: https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAYWSTWjTYACGk6bLakFXJshEkYI9iJA0f02TwsDZdTVdk64_W11uyfd9aZM1PyQpLsXDQASPQxDEm4qXnWQelJ28CDovExTFqxcRBPG0oxXxqpf39PLA-5MlWVqg2dJlgqOZSoFjLBZKkkwJJcOgBA4iSuZlQJUtCQgAlhgIjHA-m2vMv8q_e36r9vQj9fh1Abu9h18YxnEQVYpFezDyfdpDIDZCXmRo4NPjreILHD_C8a84fjd11vGHHg19dCUybC8yx2ES_XHtpQomkKAlcTwFeYmjBARMSpbLgDJBWeSnONGQ-M-pudbSOB5yv8UP7Qn6mcpYoTFwkRc_IG6ipBHoVUVUXM3VeuuCtqzbzf7KlrasxFq9xqsJO9QmA6bZU5JWXXfU5U1Gd5Ttza4SKV5nojj-tua0OW3SFlRn60az2oj16x3f5Np2y24ker8TAHfDgbXRGNY3ks2-xhh9eax4zOIece5vEYPQCIa0a4PQj3wrnkZ094kCYlkLirxAcaJZooSyJVCSKQFKZiQkiCKSTWgdEsI_IMX1CIV0Bxkw7wfIs2E-CH3LHqFPBH6Uxr-lz2TwXHphLo9dmmeISiaTzWELWB47TuOPZqbbaRcPnnU_3Fvd2a8_WannsMOZYq1bXevVhmpSh0ujdb3aW22BttFzw6DbvtoK4Ep1rai6cb2sqotShd0lz--S5C55-pCcVbtLTbrR_UHid2axgxP_ucH9LP7yJHZ8auf92y9vHu58v_YL0
Frame ID: BCA9EB5577AC7221A58810A59823F7F0
Requests: 8 HTTP requests in this frame

Frame: https://igloo.nectar360.co.uk/
Frame ID: BA2CB6491E9F13F8DBAF612A1947713A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmelden

Page URL History Show full URLs

  1. https://igloo.nectar360.co.uk/ Page URL
  2. https://login.microsoftonline.com/e11fd634-26b5-47f4-8b8c-908e466e9bdf/oauth2/v2.0/authorize?response_type=id_... HTTP 302
    https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b... Page URL

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

2080 kB
Transfer

5567 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://igloo.nectar360.co.uk/ Page URL
  2. https://login.microsoftonline.com/e11fd634-26b5-47f4-8b8c-908e466e9bdf/oauth2/v2.0/authorize?response_type=id_token%20token&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read%20openid%20profile&client_id=20f1d889-45aa-42de-939c-7f8c4cd50dca&redirect_uri=https%3A%2F%2Figloo.nectar360.co.uk%2F&state=eyJpZCI6ImNmNTU4NDZiLWFkNDItNGE3My1hNzg0LTIyOGZjMDY0ZjIxYSIsInRzIjoxNjQ2NzQ4MjkwLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=bc8df823-d382-4ecb-997c-bc7633606a83&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.15&login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&response_mode=fragment HTTP 302
    https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAYWSTWjTYACGk6bLakFXJshEkYI9iJA0f02TwsDZdTVdk64_W11uyfd9aZM1PyQpLsXDQASPQxDEm4qXnWQelJ28CDovExTFqxcRBPG0oxXxqpf39PLA-5MlWVqg2dJlgqOZSoFjLBZKkkwJJcOgBA4iSuZlQJUtCQgAlhgIjHA-m2vMv8q_e36r9vQj9fh1Abu9h18YxnEQVYpFezDyfdpDIDZCXmRo4NPjreILHD_C8a84fjd11vGHHg19dCUybC8yx2ES_XHtpQomkKAlcTwFeYmjBARMSpbLgDJBWeSnONGQ-M-pudbSOB5yv8UP7Qn6mcpYoTFwkRc_IG6ipBHoVUVUXM3VeuuCtqzbzf7KlrasxFq9xqsJO9QmA6bZU5JWXXfU5U1Gd5Ttza4SKV5nojj-tua0OW3SFlRn60az2oj16x3f5Np2y24ker8TAHfDgbXRGNY3ks2-xhh9eax4zOIece5vEYPQCIa0a4PQj3wrnkZ094kCYlkLirxAcaJZooSyJVCSKQFKZiQkiCKSTWgdEsI_IMX1CIV0Bxkw7wfIs2E-CH3LHqFPBH6Uxr-lz2TwXHphLo9dmmeISiaTzWELWB47TuOPZqbbaRcPnnU_3Fvd2a8_WannsMOZYq1bXevVhmpSh0ujdb3aW22BttFzw6DbvtoK4Ep1rai6cb2sqotShd0lz--S5C55-pCcVbtLTbrR_UHid2axgxP_ucH9LP7yJHZ8auf92y9vHu58v_YL0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://login.microsoftonline.com/e11fd634-26b5-47f4-8b8c-908e466e9bdf/oauth2/v2.0/authorize?response_type=id_token%20token&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read%20openid%20profile&client_id=20f1d889-45aa-42de-939c-7f8c4cd50dca&redirect_uri=https%3A%2F%2Figloo.nectar360.co.uk%2F&state=eyJpZCI6IjI3NWQ1M2RkLTQ4YmQtNGQ2ZC05ZDU5LWNiMTIxMDRjYTBjMiIsInRzIjoxNjQ2NzQ4Mjg5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=e4020081-d63c-4b38-88bb-ce5435471674&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.15&login_hint=john.doe%40sainsburys.co.uk&client-request-id=3860ee7c-79d7-4752-b560-16c03ae318a9&prompt=none&response_mode=fragment&sso_reload=true HTTP 302
  • https://igloo.nectar360.co.uk/

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
igloo.nectar360.co.uk/ 		842 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://igloo.nectar360.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.78.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-78-127.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1a89fba808b3781910bc9e68cc401d8a0b2831a1c6860f135180af10b2beb804
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://stg.iglootool.co.uk/ https://prod.iglootool.co.uk https://*.microsoftonline.com/ https://graph.microsoft.com/ https://www.google-analytics.com/g/collect; frame-src 'self' https://*.microsoftonline.com; script-src 'self' https://www.googletagmanager.com/gtag/js; img-src 'self' data:; base-uri 'self'; font-src 'self' https: data:; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html
content-length
842
date
Tue, 08 Mar 2022 10:11:23 GMT
last-modified
Tue, 01 Mar 2022 17:11:47 GMT
etag
"1a01226b5d019adc74d1adde121ba74c"
accept-ranges
bytes
server
AmazonS3
via
1.1 043fc2faaa02eeb59193e3fa300adb6a.cloudfront.net (CloudFront)
age
14006
x-frame-options
DENY
permissions-policy
accelerometer=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()
x-content-type-options
nosniff
cross-origin-opener-policy
same-origin
cache-control
no-store, max-age=0
x-xss-protection
1; mode=block
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
content-security-policy
default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://stg.iglootool.co.uk/ https://prod.iglootool.co.uk https://*.microsoftonline.com/ https://graph.microsoft.com/ https://www.google-analytics.com/g/collect; frame-src 'self' https://*.microsoftonline.com; script-src 'self' https://www.googletagmanager.com/gtag/js; img-src 'self' data:; base-uri 'self'; font-src 'self' https: data:; style-src 'self' 'unsafe-inline';
strict-transport-security
max-age=31536000; includeSubdomains
referrer-policy
no-referrer
pragma
no-cache
x-cache
Hit from cloudfront
x-amz-cf-pop
AMS1-C1
x-amz-cf-id
dwlNExhVwKhR1_BLzI-R1EPjW2C0X_y-gttPejhECuohdHpRTe-RaA==
app.js
igloo.nectar360.co.uk/ 		5 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://igloo.nectar360.co.uk/app.js
Requested by
Host: igloo.nectar360.co.uk
URL: https://igloo.nectar360.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.78.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-78-127.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
13a394d5e2c89c79fd967690caa06209446a575adcc8a14a1255a83d2fa894ff
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://stg.iglootool.co.uk/ https://prod.iglootool.co.uk https://*.microsoftonline.com/ https://graph.microsoft.com/ https://www.google-analytics.com/g/collect; frame-src 'self' https://*.microsoftonline.com; script-src 'self' https://www.googletagmanager.com/gtag/js; img-src 'self' data:; base-uri 'self'; font-src 'self' https: data:; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 07 Mar 2022 15:50:46 GMT
via
1.1 043fc2faaa02eeb59193e3fa300adb6a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
age
80043
x-cache
Hit from cloudfront
cross-origin-resource-policy
same-origin
content-encoding
gzip
vary
Accept-Encoding
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Tue, 01 Mar 2022 17:11:47 GMT
server
AmazonS3
cross-origin-opener-policy
same-origin
x-frame-options
DENY
etag
W/"9ac124dad6f94322e7fe3bfad58cbb7b"
strict-transport-security
max-age=31536000; includeSubdomains
content-type
application/javascript
cache-control
no-store, max-age=0
permissions-policy
accelerometer=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()
content-security-policy
default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://stg.iglootool.co.uk/ https://prod.iglootool.co.uk https://*.microsoftonline.com/ https://graph.microsoft.com/ https://www.google-analytics.com/g/collect; frame-src 'self' https://*.microsoftonline.com; script-src 'self' https://www.googletagmanager.com/gtag/js; img-src 'self' data:; base-uri 'self'; font-src 'self' https: data:; style-src 'self' 'unsafe-inline';
x-amz-cf-pop
AMS1-C1
x-amz-cf-id
f1La46e1omyLDVErvIFTdDARY3s9mW_VCJ2jU9RPferHtcjtL-CG9g==
instance
login.microsoftonline.com/common//discovery/ 		970 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/common//discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/jsainsbury.onmicrosoft.com/oauth2/v2.0/authorize
Requested by
Host: igloo.nectar360.co.uk
URL: https://igloo.nectar360.co.uk/app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.138 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
581199de25606d6f50b6badeb6cb4459519d0d9d3b9affaaf9006f810395f7ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
strict-origin-when-cross-origin
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Date
Tue, 08 Mar 2022 14:04:48 GMT
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Access-Control-Allow-Origin
*
x-ms-request-id
3a226cd7-ebb4-49d8-9684-a541b9503b01
Cache-Control
max-age=86400, private
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server
2.1.12529.17 - WEULR2 ProdSlices
Content-Type
application/json; charset=utf-8
Content-Length
970
X-Content-Type-Options
nosniff
openid-configuration
login.microsoftonline.com/jsainsbury.onmicrosoft.com/v2.0/.well-known/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/jsainsbury.onmicrosoft.com/v2.0/.well-known/openid-configuration
Requested by
Host: igloo.nectar360.co.uk
URL: https://igloo.nectar360.co.uk/app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.138 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
67a4522b2da7d5fcc4a7531bae13a241f591661a330e435bf446ffdb925c3efc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
strict-origin-when-cross-origin
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Date
Tue, 08 Mar 2022 14:04:48 GMT
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Access-Control-Allow-Origin
*
x-ms-request-id
337c2bf3-74d1-4beb-88df-924250641000
Cache-Control
max-age=86400, private
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server
2.1.12529.17 - WEULR2 ProdSlices
Content-Type
application/json; charset=utf-8
Content-Length
1753
X-Content-Type-Options
nosniff
authorize
login.microsoftonline.com/e11fd634-26b5-47f4-8b8c-908e466e9bdf/oauth2/v2.0/ Frame BA2C 		149 KB
54 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/e11fd634-26b5-47f4-8b8c-908e466e9bdf/oauth2/v2.0/authorize?response_type=id_token%20token&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read%20openid%20profile&client_id=20f1d889-45aa-42de-939c-7f8c4cd50dca&redirect_uri=https%3A%2F%2Figloo.nectar360.co.uk%2F&state=eyJpZCI6IjI3NWQ1M2RkLTQ4YmQtNGQ2ZC05ZDU5LWNiMTIxMDRjYTBjMiIsInRzIjoxNjQ2NzQ4Mjg5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=e4020081-d63c-4b38-88bb-ce5435471674&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.15&login_hint=john.doe%40sainsburys.co.uk&client-request-id=3860ee7c-79d7-4752-b560-16c03ae318a9&prompt=none&response_mode=fragment
Requested by
Host: igloo.nectar360.co.uk
URL: https://igloo.nectar360.co.uk/app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.138 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2b1d7c0d53a0b4d7f18517bdd7592e78a3461f9e592a938279fc000b94ea34b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id
ff4d85e1-d28b-4768-99bc-e0c999771000
x-ms-ests-server
2.1.12529.17 - NEULR1 ProdSlices
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-clitelem
1,50168,0,,
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Referrer-Policy
strict-origin-when-cross-origin
Date
Tue, 08 Mar 2022 14:04:49 GMT
Content-Length
54461
/
igloo.nectar360.co.uk/ Frame BA2C
Redirect Chain
  • https://login.microsoftonline.com/e11fd634-26b5-47f4-8b8c-908e466e9bdf/oauth2/v2.0/authorize?response_type=id_token%20token&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read%20openid%20profile&cl...
  • https://igloo.nectar360.co.uk/
842 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://igloo.nectar360.co.uk/
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/e11fd634-26b5-47f4-8b8c-908e466e9bdf/oauth2/v2.0/authorize?response_type=id_token%20token&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read%20openid%20profile&client_id=20f1d889-45aa-42de-939c-7f8c4cd50dca&redirect_uri=https%3A%2F%2Figloo.nectar360.co.uk%2F&state=eyJpZCI6IjI3NWQ1M2RkLTQ4YmQtNGQ2ZC05ZDU5LWNiMTIxMDRjYTBjMiIsInRzIjoxNjQ2NzQ4Mjg5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=e4020081-d63c-4b38-88bb-ce5435471674&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.15&login_hint=john.doe%40sainsburys.co.uk&client-request-id=3860ee7c-79d7-4752-b560-16c03ae318a9&prompt=none&response_mode=fragment
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.78.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-78-127.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1a89fba808b3781910bc9e68cc401d8a0b2831a1c6860f135180af10b2beb804
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://stg.iglootool.co.uk/ https://prod.iglootool.co.uk https://*.microsoftonline.com/ https://graph.microsoft.com/ https://www.google-analytics.com/g/collect; frame-src 'self' https://*.microsoftonline.com; script-src 'self' https://www.googletagmanager.com/gtag/js; img-src 'self' data:; base-uri 'self'; font-src 'self' https: data:; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/e11fd634-26b5-47f4-8b8c-908e466e9bdf/oauth2/v2.0/authorize?response_type=id_token%20token&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read%20openid%20profile&client_id=20f1d889-45aa-42de-939c-7f8c4cd50dca&redirect_uri=https%3A%2F%2Figloo.nectar360.co.uk%2F&state=eyJpZCI6IjI3NWQ1M2RkLTQ4YmQtNGQ2ZC05ZDU5LWNiMTIxMDRjYTBjMiIsInRzIjoxNjQ2NzQ4Mjg5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=e4020081-d63c-4b38-88bb-ce5435471674&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.15&login_hint=john.doe%40sainsburys.co.uk&client-request-id=3860ee7c-79d7-4752-b560-16c03ae318a9&prompt=none&response_mode=fragment

Response headers

content-type
text/html
content-length
842
date
Tue, 08 Mar 2022 10:11:23 GMT
last-modified
Tue, 01 Mar 2022 17:11:47 GMT
etag
"1a01226b5d019adc74d1adde121ba74c"
accept-ranges
bytes
server
AmazonS3
via
1.1 043fc2faaa02eeb59193e3fa300adb6a.cloudfront.net (CloudFront)
age
14008
x-frame-options
DENY
permissions-policy
accelerometer=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()
x-content-type-options
nosniff
cross-origin-opener-policy
same-origin
cache-control
no-store, max-age=0
x-xss-protection
1; mode=block
x-permitted-cross-domain-policies
none
cross-origin-resource-policy
same-origin
content-security-policy
default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://stg.iglootool.co.uk/ https://prod.iglootool.co.uk https://*.microsoftonline.com/ https://graph.microsoft.com/ https://www.google-analytics.com/g/collect; frame-src 'self' https://*.microsoftonline.com; script-src 'self' https://www.googletagmanager.com/gtag/js; img-src 'self' data:; base-uri 'self'; font-src 'self' https: data:; style-src 'self' 'unsafe-inline';
strict-transport-security
max-age=31536000; includeSubdomains
referrer-policy
no-referrer
pragma
no-cache
x-cache
Hit from cloudfront
x-amz-cf-pop
AMS1-C1
x-amz-cf-id
oQ8oIRNY1HD9kKjccT_KqslUB7Beh21D5DnskCk3f0B0E39kKOOM4A==

Redirect headers

Cache-Control
no-store, no-cache
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Location
https://igloo.nectar360.co.uk/#error=login_required&error_description=AADSTS50058%3a+A+silent+sign-in+request+was+sent+but+no+user+is+signed+in.+The+cookies+used+to+represent+the+user%27s+session+were+not+sent+in+the+request+to+Azure+AD.+This+can+happen+if+the+user+is+using+Internet+Explorer+or+Edge%2c+and+the+web+app+sending+the+silent+sign-in+request+is+in+different+IE+security+zone+than+the+Azure+AD+endpoint+(login.microsoftonline.com).%0d%0aTrace+ID%3a+a22f30c4-dcd5-456d-ba3d-1fe11e241100%0d%0aCorrelation+ID%3a+3860ee7c-79d7-4752-b560-16c03ae318a9%0d%0aTimestamp%3a+2022-03-08+14%3a04%3a50Z&error_uri=https%3a%2f%2flogin.microsoftonline.com%2ferror%3fcode%3d50058&state=eyJpZCI6IjI3NWQ1M2RkLTQ4YmQtNGQ2ZC05ZDU5LWNiMTIxMDRjYTBjMiIsInRzIjoxNjQ2NzQ4Mjg5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id
a22f30c4-dcd5-456d-ba3d-1fe11e241100
x-ms-ests-server
2.1.12529.17 - NEULR2 ProdSlices
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-clitelem
1,0,0,,
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Referrer-Policy
strict-origin-when-cross-origin
Date
Tue, 08 Mar 2022 14:04:50 GMT
Content-Length
636
app.js
igloo.nectar360.co.uk/ Frame BA2C 		112 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://igloo.nectar360.co.uk/app.js
Requested by
Host: igloo.nectar360.co.uk
URL: https://igloo.nectar360.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.78.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-78-127.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://stg.iglootool.co.uk/ https://prod.iglootool.co.uk https://*.microsoftonline.com/ https://graph.microsoft.com/ https://www.google-analytics.com/g/collect; frame-src 'self' https://*.microsoftonline.com; script-src 'self' https://www.googletagmanager.com/gtag/js; img-src 'self' data:; base-uri 'self'; font-src 'self' https: data:; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 07 Mar 2022 15:50:46 GMT
via
1.1 043fc2faaa02eeb59193e3fa300adb6a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
age
80045
x-cache
Hit from cloudfront
cross-origin-resource-policy
same-origin
content-encoding
gzip
vary
Accept-Encoding
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Tue, 01 Mar 2022 17:11:47 GMT
server
AmazonS3
cross-origin-opener-policy
same-origin
x-frame-options
DENY
etag
W/"9ac124dad6f94322e7fe3bfad58cbb7b"
strict-transport-security
max-age=31536000; includeSubdomains
content-type
application/javascript
cache-control
no-store, max-age=0
permissions-policy
accelerometer=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()
content-security-policy
default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://stg.iglootool.co.uk/ https://prod.iglootool.co.uk https://*.microsoftonline.com/ https://graph.microsoft.com/ https://www.google-analytics.com/g/collect; frame-src 'self' https://*.microsoftonline.com; script-src 'self' https://www.googletagmanager.com/gtag/js; img-src 'self' data:; base-uri 'self'; font-src 'self' https: data:; style-src 'self' 'unsafe-inline';
x-amz-cf-pop
AMS1-C1
x-amz-cf-id
7B1KPy_BaZFIjYwsPzzWizD50AEmk8OtRRUqEAD2GJ_71svDc1gYMQ==
Primary Request /
sts.sainsburys.co.uk/adfs/ls/
Redirect Chain
  • https://login.microsoftonline.com/e11fd634-26b5-47f4-8b8c-908e466e9bdf/oauth2/v2.0/authorize?response_type=id_token%20token&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read%20openid%20profile&cl...
  • https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3a...
17 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAYWSTWjTYACGk6bLakFXJshEkYI9iJA0f02TwsDZdTVdk64_W11uyfd9aZM1PyQpLsXDQASPQxDEm4qXnWQelJ28CDovExTFqxcRBPG0oxXxqpf39PLA-5MlWVqg2dJlgqOZSoFjLBZKkkwJJcOgBA4iSuZlQJUtCQgAlhgIjHA-m2vMv8q_e36r9vQj9fh1Abu9h18YxnEQVYpFezDyfdpDIDZCXmRo4NPjreILHD_C8a84fjd11vGHHg19dCUybC8yx2ES_XHtpQomkKAlcTwFeYmjBARMSpbLgDJBWeSnONGQ-M-pudbSOB5yv8UP7Qn6mcpYoTFwkRc_IG6ipBHoVUVUXM3VeuuCtqzbzf7KlrasxFq9xqsJO9QmA6bZU5JWXXfU5U1Gd5Ttza4SKV5nojj-tua0OW3SFlRn60az2oj16x3f5Np2y24ker8TAHfDgbXRGNY3ks2-xhh9eax4zOIece5vEYPQCIa0a4PQj3wrnkZ094kCYlkLirxAcaJZooSyJVCSKQFKZiQkiCKSTWgdEsI_IMX1CIV0Bxkw7wfIs2E-CH3LHqFPBH6Uxr-lz2TwXHphLo9dmmeISiaTzWELWB47TuOPZqbbaRcPnnU_3Fvd2a8_WannsMOZYq1bXevVhmpSh0ujdb3aW22BttFzw6DbvtoK4Ep1rai6cb2sqotShd0lz--S5C55-pCcVbtLTbrR_UHid2axgxP_ucH9LP7yJHZ8auf92y9vHu58v_YL0
Requested by
Host: igloo.nectar360.co.uk
URL: https://igloo.nectar360.co.uk/app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
109.94.138.132 Halling, United Kingdom, ASN39060 (SAINSBURYS-NET, GB),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
ac04122701e35d7dc8259fe1e63e0f9e2569a220341b1572d0925b10ef452f05
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache,no-store
Pragma
no-cache
Content-Length
17580
Content-Type
text/html; charset=utf-8
Expires
-1
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
x-frame-options
DENY
Date
Tue, 08 Mar 2022 14:04:50 GMT

Redirect headers

Cache-Control
no-store, no-cache
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Location
https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAYWSTWjTYACGk6bLakFXJshEkYI9iJA0f02TwsDZdTVdk64_W11uyfd9aZM1PyQpLsXDQASPQxDEm4qXnWQelJ28CDovExTFqxcRBPG0oxXxqpf39PLA-5MlWVqg2dJlgqOZSoFjLBZKkkwJJcOgBA4iSuZlQJUtCQgAlhgIjHA-m2vMv8q_e36r9vQj9fh1Abu9h18YxnEQVYpFezDyfdpDIDZCXmRo4NPjreILHD_C8a84fjd11vGHHg19dCUybC8yx2ES_XHtpQomkKAlcTwFeYmjBARMSpbLgDJBWeSnONGQ-M-pudbSOB5yv8UP7Qn6mcpYoTFwkRc_IG6ipBHoVUVUXM3VeuuCtqzbzf7KlrasxFq9xqsJO9QmA6bZU5JWXXfU5U1Gd5Ttza4SKV5nojj-tua0OW3SFlRn60az2oj16x3f5Np2y24ker8TAHfDgbXRGNY3ks2-xhh9eax4zOIece5vEYPQCIa0a4PQj3wrnkZ094kCYlkLirxAcaJZooSyJVCSKQFKZiQkiCKSTWgdEsI_IMX1CIV0Bxkw7wfIs2E-CH3LHqFPBH6Uxr-lz2TwXHphLo9dmmeISiaTzWELWB47TuOPZqbbaRcPnnU_3Fvd2a8_WannsMOZYq1bXevVhmpSh0ujdb3aW22BttFzw6DbvtoK4Ep1rai6cb2sqotShd0lz--S5C55-pCcVbtLTbrR_UHid2axgxP_ucH9LP7yJHZ8auf92y9vHu58v_YL0#
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id
b3ba234e-d553-4b95-80b2-47a546471000
x-ms-ests-server
2.1.12529.17 - WEULR2 ProdSlices
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-clitelem
1,0,0,,
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Referrer-Policy
strict-origin-when-cross-origin
Date
Tue, 08 Mar 2022 14:04:50 GMT
Content-Length
906
style.css
sts.sainsburys.co.uk/adfs/portal/css/ 		8 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sts.sainsburys.co.uk/adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99
Requested by
Host: sts.sainsburys.co.uk
URL: https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAYWSTWjTYACGk6bLakFXJshEkYI9iJA0f02TwsDZdTVdk64_W11uyfd9aZM1PyQpLsXDQASPQxDEm4qXnWQelJ28CDovExTFqxcRBPG0oxXxqpf39PLA-5MlWVqg2dJlgqOZSoFjLBZKkkwJJcOgBA4iSuZlQJUtCQgAlhgIjHA-m2vMv8q_e36r9vQj9fh1Abu9h18YxnEQVYpFezDyfdpDIDZCXmRo4NPjreILHD_C8a84fjd11vGHHg19dCUybC8yx2ES_XHtpQomkKAlcTwFeYmjBARMSpbLgDJBWeSnONGQ-M-pudbSOB5yv8UP7Qn6mcpYoTFwkRc_IG6ipBHoVUVUXM3VeuuCtqzbzf7KlrasxFq9xqsJO9QmA6bZU5JWXXfU5U1Gd5Ttza4SKV5nojj-tua0OW3SFlRn60az2oj16x3f5Np2y24ker8TAHfDgbXRGNY3ks2-xhh9eax4zOIece5vEYPQCIa0a4PQj3wrnkZ094kCYlkLirxAcaJZooSyJVCSKQFKZiQkiCKSTWgdEsI_IMX1CIV0Bxkw7wfIs2E-CH3LHqFPBH6Uxr-lz2TwXHphLo9dmmeISiaTzWELWB47TuOPZqbbaRcPnnU_3Fvd2a8_WannsMOZYq1bXevVhmpSh0ujdb3aW22BttFzw6DbvtoK4Ep1rai6cb2sqotShd0lz--S5C55-pCcVbtLTbrR_UHid2axgxP_ucH9LP7yJHZ8auf92y9vHu58v_YL0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
109.94.138.132 Halling, United Kingdom, ASN39060 (SAINSBURYS-NET, GB),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d74d4d6943f32ae6f7f11d14d601dbb0e1a58919176ee512150366b6279aaf99

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAYWSTWjTYACGk6bLakFXJshEkYI9iJA0f02TwsDZdTVdk64_W11uyfd9aZM1PyQpLsXDQASPQxDEm4qXnWQelJ28CDovExTFqxcRBPG0oxXxqpf39PLA-5MlWVqg2dJlgqOZSoFjLBZKkkwJJcOgBA4iSuZlQJUtCQgAlhgIjHA-m2vMv8q_e36r9vQj9fh1Abu9h18YxnEQVYpFezDyfdpDIDZCXmRo4NPjreILHD_C8a84fjd11vGHHg19dCUybC8yx2ES_XHtpQomkKAlcTwFeYmjBARMSpbLgDJBWeSnONGQ-M-pudbSOB5yv8UP7Qn6mcpYoTFwkRc_IG6ipBHoVUVUXM3VeuuCtqzbzf7KlrasxFq9xqsJO9QmA6bZU5JWXXfU5U1Gd5Ttza4SKV5nojj-tua0OW3SFlRn60az2oj16x3f5Np2y24ker8TAHfDgbXRGNY3ks2-xhh9eax4zOIece5vEYPQCIa0a4PQj3wrnkZ094kCYlkLirxAcaJZooSyJVCSKQFKZiQkiCKSTWgdEsI_IMX1CIV0Bxkw7wfIs2E-CH3LHqFPBH6Uxr-lz2TwXHphLo9dmmeISiaTzWELWB47TuOPZqbbaRcPnnU_3Fvd2a8_WannsMOZYq1bXevVhmpSh0ujdb3aW22BttFzw6DbvtoK4Ep1rai6cb2sqotShd0lz--S5C55-pCcVbtLTbrR_UHid2axgxP_ucH9LP7yJHZ8auf92y9vHu58v_YL0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 08 Mar 2022 14:04:50 GMT
Expires
Thu, 07 Apr 2022 13:04:50 GMT
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag
D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99
Content-Length
7812
Content-Type
text/css
logo.jpg
sts.sainsburys.co.uk/adfs/portal/logo/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sts.sainsburys.co.uk/adfs/portal/logo/logo.jpg?id=8B91620B72738A3DDA3A20602B59F2D5CCE910E043F654D187672F35D5D22E44
Requested by
Host: sts.sainsburys.co.uk
URL: https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAYWSTWjTYACGk6bLakFXJshEkYI9iJA0f02TwsDZdTVdk64_W11uyfd9aZM1PyQpLsXDQASPQxDEm4qXnWQelJ28CDovExTFqxcRBPG0oxXxqpf39PLA-5MlWVqg2dJlgqOZSoFjLBZKkkwJJcOgBA4iSuZlQJUtCQgAlhgIjHA-m2vMv8q_e36r9vQj9fh1Abu9h18YxnEQVYpFezDyfdpDIDZCXmRo4NPjreILHD_C8a84fjd11vGHHg19dCUybC8yx2ES_XHtpQomkKAlcTwFeYmjBARMSpbLgDJBWeSnONGQ-M-pudbSOB5yv8UP7Qn6mcpYoTFwkRc_IG6ipBHoVUVUXM3VeuuCtqzbzf7KlrasxFq9xqsJO9QmA6bZU5JWXXfU5U1Gd5Ttza4SKV5nojj-tua0OW3SFlRn60az2oj16x3f5Np2y24ker8TAHfDgbXRGNY3ks2-xhh9eax4zOIece5vEYPQCIa0a4PQj3wrnkZ094kCYlkLirxAcaJZooSyJVCSKQFKZiQkiCKSTWgdEsI_IMX1CIV0Bxkw7wfIs2E-CH3LHqFPBH6Uxr-lz2TwXHphLo9dmmeISiaTzWELWB47TuOPZqbbaRcPnnU_3Fvd2a8_WannsMOZYq1bXevVhmpSh0ujdb3aW22BttFzw6DbvtoK4Ep1rai6cb2sqotShd0lz--S5C55-pCcVbtLTbrR_UHid2axgxP_ucH9LP7yJHZ8auf92y9vHu58v_YL0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
109.94.138.132 Halling, United Kingdom, ASN39060 (SAINSBURYS-NET, GB),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8b91620b72738a3dda3a20602b59f2d5cce910e043f654d187672f35d5d22e44

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAYWSTWjTYACGk6bLakFXJshEkYI9iJA0f02TwsDZdTVdk64_W11uyfd9aZM1PyQpLsXDQASPQxDEm4qXnWQelJ28CDovExTFqxcRBPG0oxXxqpf39PLA-5MlWVqg2dJlgqOZSoFjLBZKkkwJJcOgBA4iSuZlQJUtCQgAlhgIjHA-m2vMv8q_e36r9vQj9fh1Abu9h18YxnEQVYpFezDyfdpDIDZCXmRo4NPjreILHD_C8a84fjd11vGHHg19dCUybC8yx2ES_XHtpQomkKAlcTwFeYmjBARMSpbLgDJBWeSnONGQ-M-pudbSOB5yv8UP7Qn6mcpYoTFwkRc_IG6ipBHoVUVUXM3VeuuCtqzbzf7KlrasxFq9xqsJO9QmA6bZU5JWXXfU5U1Gd5Ttza4SKV5nojj-tua0OW3SFlRn60az2oj16x3f5Np2y24ker8TAHfDgbXRGNY3ks2-xhh9eax4zOIece5vEYPQCIa0a4PQj3wrnkZ094kCYlkLirxAcaJZooSyJVCSKQFKZiQkiCKSTWgdEsI_IMX1CIV0Bxkw7wfIs2E-CH3LHqFPBH6Uxr-lz2TwXHphLo9dmmeISiaTzWELWB47TuOPZqbbaRcPnnU_3Fvd2a8_WannsMOZYq1bXevVhmpSh0ujdb3aW22BttFzw6DbvtoK4Ep1rai6cb2sqotShd0lz--S5C55-pCcVbtLTbrR_UHid2axgxP_ucH9LP7yJHZ8auf92y9vHu58v_YL0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 08 Mar 2022 14:04:50 GMT
Expires
Thu, 07 Apr 2022 13:04:50 GMT
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag
8B91620B72738A3DDA3A20602B59F2D5CCE910E043F654D187672F35D5D22E44
Content-Length
5504
Content-Type
image/jpg
illustration.jpg
sts.sainsburys.co.uk/adfs/portal/illustration/ 		168 KB
168 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sts.sainsburys.co.uk/adfs/portal/illustration/illustration.jpg?id=1694D29EE4146713AB21D099696F7B46D8B05DCF142AFECE756043E924C821EC
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
109.94.138.132 Halling, United Kingdom, ASN39060 (SAINSBURYS-NET, GB),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
1694d29ee4146713ab21d099696f7b46d8b05dcf142afece756043e924c821ec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sts.sainsburys.co.uk/adfs/ls/?login_hint=john.doe%40sainsburys.co.uk&client-request-id=20c5124a-b7d1-4583-b0d7-2da3c8240085&username=john.doe%40sainsburys.co.uk&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAYWSTWjTYACGk6bLakFXJshEkYI9iJA0f02TwsDZdTVdk64_W11uyfd9aZM1PyQpLsXDQASPQxDEm4qXnWQelJ28CDovExTFqxcRBPG0oxXxqpf39PLA-5MlWVqg2dJlgqOZSoFjLBZKkkwJJcOgBA4iSuZlQJUtCQgAlhgIjHA-m2vMv8q_e36r9vQj9fh1Abu9h18YxnEQVYpFezDyfdpDIDZCXmRo4NPjreILHD_C8a84fjd11vGHHg19dCUybC8yx2ES_XHtpQomkKAlcTwFeYmjBARMSpbLgDJBWeSnONGQ-M-pudbSOB5yv8UP7Qn6mcpYoTFwkRc_IG6ipBHoVUVUXM3VeuuCtqzbzf7KlrasxFq9xqsJO9QmA6bZU5JWXXfU5U1Gd5Ttza4SKV5nojj-tua0OW3SFlRn60az2oj16x3f5Np2y24ker8TAHfDgbXRGNY3ks2-xhh9eax4zOIece5vEYPQCIa0a4PQj3wrnkZ094kCYlkLirxAcaJZooSyJVCSKQFKZiQkiCKSTWgdEsI_IMX1CIV0Bxkw7wfIs2E-CH3LHqFPBH6Uxr-lz2TwXHphLo9dmmeISiaTzWELWB47TuOPZqbbaRcPnnU_3Fvd2a8_WannsMOZYq1bXevVhmpSh0ujdb3aW22BttFzw6DbvtoK4Ep1rai6cb2sqotShd0lz--S5C55-pCcVbtLTbrR_UHid2axgxP_ucH9LP7yJHZ8auf92y9vHu58v_YL0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 08 Mar 2022 14:04:50 GMT
Expires
Thu, 07 Apr 2022 13:04:50 GMT
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag
1694D29EE4146713AB21D099696F7B46D8B05DCF142AFECE756043E924C821EC
Content-Length
172080
Content-Type
image/jpg

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration

8 Cookies

Domain/Path Name / Value
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
.login.microsoftonline.com/ Name: AADSSO
Value: NA|NoExtension
login.microsoftonline.com/ Name: SSOCOOKIEPULLED
Value: 1
login.microsoftonline.com/ Name: buid
Value: 0.ARAANNYf4bUm9EeLjJCORm6b34nY8SCqRd5Ck5x_jEzVDcoQAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrRi4icpc586A9c9xpZiPxvSMNf1MRIhI_K4HRrIlGkg6lLZjdFp1CCOXME3sJ54AeCMxXYzOU2l5DoDpfRok2Vuksat7F_kHBzmeiJBPXwgsgAA
.login.microsoftonline.com/ Name: ESTSWCTXFLOWTOKEN
Value: AQABAAEAAAD--DLA3VO7QrddgJg7WevrvUawqQIffE2cs1aJVZEG--dNApEegky37s_aMohhRAaIxQxvy65NWEFvkS9AK1HccVPbtA-6YX9yRSnY5wDynif3aNV_hayhY-ifR4PKgmwPFMZ3IazQpdbfx6MeoKXBJs_bfnRbLH5n7t6QoafPNNisZyNDW1llk1bDeOcQzU9ppjdrnPDObOGPLN-szADmjfHoxajtkHEB4yzNE8KPpm27QYrPT34LdDIK0OIuDaIA_Pd6XhlaglUlh8pJl-6ePgaqXzBdEYHiworoqPFHplUg97Yq-lkADacxlQYq0k-XeP9WzKJehZ62RRwrkuQRRm9tNQsQ-TCxRDJRaf8EolMWKeSjxzwclWuEAH5GSNOREAW02XBicqg3VESWtHNMvrkOe0B63_m61mFTBZGUmKcwuRt9vb9r8IDkHUtgib4MKsP--1UbwuTyi0kQK5Nm_THGyUpasmFItg1JDVKFYzk-18XtwVHEL2pktoDHUY8gAA
login.microsoftonline.com/ Name: fpc
Value: AuBW0Z7haN1IoW78m1oBAAROLRQTAgAAAIFZudkOAAAA
.login.microsoftonline.com/ Name: esctx
Value: AQABAAAAAAD--DLA3VO7QrddgJg7WevrTEGd-F-XDQAkYA2CSIwSkqELDOC1Q4QRmxeUqlF_EAmoOX1PSz-UNUCEZgmE-FhRYapzzhRGl_80dVPQJvQlsnmRA2ICYpvwnEF-rTTufT-4FLFarCbOjUV5XYLhAxZCdvqqciy1U_2drpBjuSm3Kd4iC2oQArPF5yucB2Xd8WUgAA

4 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security error URL: https://igloo.nectar360.co.uk/(Line 2)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googletagmanager.com/gtag/js". Either the 'unsafe-inline' keyword, a hash ('sha256-Wxv2yWwQ1hlXXCw8pnF8FYIa2mx4uHZcUBkDt9J4bmA='), or a nonce ('nonce-...') is required to enable inline execution.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security error URL: https://igloo.nectar360.co.uk/#error=login_required&error_description=AADSTS50058%3a+A+silent+sign-in+request+was+sent+but+no+user+is+signed+in.+The+cookies+used+to+represent+the+user%27s+session+were+not+sent+in+the+request+to+Azure+AD.+This+can+happen+if+the+user+is+using+Internet+Explorer+or+Edge%2c+and+the+web+app+sending+the+silent+sign-in+request+is+in+different+IE+security+zone+than+the+Azure+AD+endpoint+(login.microsoftonline.com).%0d%0aTrace+ID%3a+a22f30c4-dcd5-456d-ba3d-1fe11e241100%0d%0aCorrelation+ID%3a+3860ee7c-79d7-4752-b560-16c03ae318a9%0d%0aTimestamp%3a+2022-03-08+14%3a04%3a50Z&error_uri=https%3a%2f%2flogin.microsoftonline.com%2ferror%3fcode%3d50058&state=eyJpZCI6IjI3NWQ1M2RkLTQ4YmQtNGQ2ZC05ZDU5LWNiMTIxMDRjYTBjMiIsInRzIjoxNjQ2NzQ4Mjg5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9(Line 2)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googletagmanager.com/gtag/js". Either the 'unsafe-inline' keyword, a hash ('sha256-Wxv2yWwQ1hlXXCw8pnF8FYIa2mx4uHZcUBkDt9J4bmA='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://stg.iglootool.co.uk/ https://prod.iglootool.co.uk https://*.microsoftonline.com/ https://graph.microsoft.com/ https://www.google-analytics.com/g/collect; frame-src 'self' https://*.microsoftonline.com; script-src 'self' https://www.googletagmanager.com/gtag/js; img-src 'self' data:; base-uri 'self'; font-src 'self' https: data:; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block