urlscan.io logo urlscan.io
SecurityTrails logo

coles.boof-2157.psau-test.psau.fluxtest.app Open in urlscan Pro
54.79.90.208  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://coles.boof-2157.psau-test.psau.fluxtest.app/
Effective URL: https://coles.boof-2157.psau-test.psau.fluxtest.app/
Submission: On December 14 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 54.79.90.208, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is coles.boof-2157.psau-test.psau.fluxtest.app.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on December 11th 2023. Valid for: 3 months.
This is the only time coles.boof-2157.psau-test.psau.fluxtest.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 54.79.90.208 16509 (AMAZON-02)
6 1
Apex Domain
Subdomains		 Transfer
6 fluxtest.app
coles.boof-2157.psau-test.psau.fluxtest.app
386 KB
6 1
Domain Requested by
6 coles.boof-2157.psau-test.psau.fluxtest.app coles.boof-2157.psau-test.psau.fluxtest.app
6 1

This site contains links to these domains. Also see Links.

Domain
www.coles.boof-2157.psau-test.psau.fluxtest.app
www.google.com
Subject Issuer Validity Valid
*.boof-2157.psau-test.psau.fluxtest.app
ZeroSSL RSA Domain Secure Site CA		 2023-12-11 -
2024-03-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://coles.boof-2157.psau-test.psau.fluxtest.app/
Frame ID: E62608A10D7FA1C9A562BFC833D265D6
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Coles Energy Login

Page URL History Show full URLs

  1. http://coles.boof-2157.psau-test.psau.fluxtest.app/ HTTP 307
    https://coles.boof-2157.psau-test.psau.fluxtest.app/ Page URL

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

386 kB
Transfer

1397 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://coles.boof-2157.psau-test.psau.fluxtest.app/ HTTP 307
    https://coles.boof-2157.psau-test.psau.fluxtest.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
coles.boof-2157.psau-test.psau.fluxtest.app/
Redirect Chain
  • http://coles.boof-2157.psau-test.psau.fluxtest.app/
  • https://coles.boof-2157.psau-test.psau.fluxtest.app/
5 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://coles.boof-2157.psau-test.psau.fluxtest.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.79.90.208 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-79-90-208.ap-southeast-2.compute.amazonaws.com
Software
envoy /
Resource Hash
08df54d700f916e88708b561c998b13cad913475db9b1fe06e9e14eee9df7cd5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store
content-security-policy-report-only
default-src 'self' https://tags.tiqcdn.com/utag/meridianenergy/flux https://tags.tiqcdn.com/utag/meridianenergy/psnz-flux https://ci.cdn.fluxci.com/ https://www.googletagmanager.com https://maps.googleapis.com/maps/api https://www.google-analytics.com https://app.launchdarkly.com https://events.launchdarkly.com https://clientstream.launchdarkly.com; img-src 'self' data: http://www.w3.org/2000/svg https://heapanalytics.com https://ci.cdn.fluxci.com/ https://*.mypurecloud.com.au https://*.apse2.pure.cloud; object-src https://*.mypurecloud.com.au https://*.apse2.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.heapanalytics.com https://heapanalytics.com http://www.googletagmanager.com http://cdn.heapanalytics.com https://ci.cdn.fluxci.com/ https://*.nr-data.net https://*.newrelic.com https://*.mypurecloud.com.au https://*.apse2.pure.cloud; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://ci.cdn.fluxci.com/; connect-src 'self' https://app.launchdarkly.com https://events.launchdarkly.com https://*.mypurecloud.com.au https://*.nr-data.net https://shyrka-prod-apse2.s3.ap-southeast-2.amazonaws.com https://*.newrelic.com https://*.apse2.pure.cloud wss://*.mypurecloud.com.au wss://*.apse2.pure.cloud; media-src https://*.mypurecloud.com.au https://*.apse2.pure.cloud; child-src https://*.mypurecloud.com.au https://*.apse2.pure.cloud; report-uri /csp_violations
content-type
text/html; charset=utf-8
date
Thu, 14 Dec 2023 05:47:49 GMT
etag
W/"08df54d700f916e88708b561c998b13c"
link
</assets/coles/assets/stylesheets/login-f2dc4367f78b142c6155ce1c43fa41c395d09f6dc4986554f0642dd1b3601449.css>; rel=preload; as=style; nopush,</assets/vendor-9fd240a8a4ebd83357d4744aacca9e77e3d9d7fba486422adef482efccd86e15.js>; rel=preload; as=script; nopush
referrer-policy
strict-origin-when-cross-origin
server
envoy
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-download-options
noopen
x-envoy-upstream-service-time
226
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
e1eacd96-480d-4db3-a8df-4843ff0835a0
x-runtime
0.213253
x-ua-compatible
IE=Edge,chrome=1
x-xss-protection
0

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://coles.boof-2157.psau-test.psau.fluxtest.app/
Non-Authoritative-Reason
HSTS
login-f2dc4367f78b142c6155ce1c43fa41c395d09f6dc4986554f0642dd1b3601449.css
coles.boof-2157.psau-test.psau.fluxtest.app/assets/coles/assets/stylesheets/ 		21 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://coles.boof-2157.psau-test.psau.fluxtest.app/assets/coles/assets/stylesheets/login-f2dc4367f78b142c6155ce1c43fa41c395d09f6dc4986554f0642dd1b3601449.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.79.90.208 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-79-90-208.ap-southeast-2.compute.amazonaws.com
Software
envoy /
Resource Hash
f2dc4367f78b142c6155ce1c43fa41c395d09f6dc4986554f0642dd1b3601449
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://coles.boof-2157.psau-test.psau.fluxtest.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 14 Dec 2023 05:47:49 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 11 Dec 2023 04:26:57 GMT
server
envoy
vary
Accept-Encoding
content-type
text/css
x-envoy-upstream-service-time
4
content-length
3666
vendor-9fd240a8a4ebd83357d4744aacca9e77e3d9d7fba486422adef482efccd86e15.js
coles.boof-2157.psau-test.psau.fluxtest.app/assets/ 		1 MB
346 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://coles.boof-2157.psau-test.psau.fluxtest.app/assets/vendor-9fd240a8a4ebd83357d4744aacca9e77e3d9d7fba486422adef482efccd86e15.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.79.90.208 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-79-90-208.ap-southeast-2.compute.amazonaws.com
Software
envoy /
Resource Hash
9fd240a8a4ebd83357d4744aacca9e77e3d9d7fba486422adef482efccd86e15
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://coles.boof-2157.psau-test.psau.fluxtest.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 14 Dec 2023 05:47:49 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 11 Dec 2023 04:26:57 GMT
server
envoy
vary
Accept-Encoding
content-type
application/javascript
x-envoy-upstream-service-time
5
content-length
353637
logotype-bright-b40c10e9e0073d2f329652cbbe641e4497b62a98109a5c7675cea4cb60122b94.svg
coles.boof-2157.psau-test.psau.fluxtest.app/assets/coles/assets/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://coles.boof-2157.psau-test.psau.fluxtest.app/assets/coles/assets/images/logotype-bright-b40c10e9e0073d2f329652cbbe641e4497b62a98109a5c7675cea4cb60122b94.svg
Requested by
Host: coles.boof-2157.psau-test.psau.fluxtest.app
URL: https://coles.boof-2157.psau-test.psau.fluxtest.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.79.90.208 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-79-90-208.ap-southeast-2.compute.amazonaws.com
Software
envoy /
Resource Hash
b40c10e9e0073d2f329652cbbe641e4497b62a98109a5c7675cea4cb60122b94
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://coles.boof-2157.psau-test.psau.fluxtest.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 14 Dec 2023 05:47:49 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-envoy-upstream-service-time
4
last-modified
Mon, 11 Dec 2023 04:11:34 GMT
server
envoy
content-length
5298
content-type
image/svg+xml
Roboto-Light-webfont-94e3c960e7ac7a42aac1f0a681c9e4d497c626c0ee7593de6450410b6d4b26fd.woff
coles.boof-2157.psau-test.psau.fluxtest.app/assets/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://coles.boof-2157.psau-test.psau.fluxtest.app/assets/Roboto-Light-webfont-94e3c960e7ac7a42aac1f0a681c9e4d497c626c0ee7593de6450410b6d4b26fd.woff
Requested by
Host: coles.boof-2157.psau-test.psau.fluxtest.app
URL: https://coles.boof-2157.psau-test.psau.fluxtest.app/assets/coles/assets/stylesheets/login-f2dc4367f78b142c6155ce1c43fa41c395d09f6dc4986554f0642dd1b3601449.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.79.90.208 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-79-90-208.ap-southeast-2.compute.amazonaws.com
Software
envoy /
Resource Hash
94e3c960e7ac7a42aac1f0a681c9e4d497c626c0ee7593de6450410b6d4b26fd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://coles.boof-2157.psau-test.psau.fluxtest.app/assets/coles/assets/stylesheets/login-f2dc4367f78b142c6155ce1c43fa41c395d09f6dc4986554f0642dd1b3601449.css
Origin
https://coles.boof-2157.psau-test.psau.fluxtest.app
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 14 Dec 2023 05:47:50 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-envoy-upstream-service-time
3
last-modified
Mon, 11 Dec 2023 04:11:34 GMT
server
envoy
content-length
24576
content-type
application/font-woff
cookie_test
coles.boof-2157.psau-test.psau.fluxtest.app/customer/ 		2 B
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://coles.boof-2157.psau-test.psau.fluxtest.app/customer/cookie_test
Requested by
Host: coles.boof-2157.psau-test.psau.fluxtest.app
URL: https://coles.boof-2157.psau-test.psau.fluxtest.app/assets/vendor-9fd240a8a4ebd83357d4744aacca9e77e3d9d7fba486422adef482efccd86e15.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.79.90.208 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-79-90-208.ap-southeast-2.compute.amazonaws.com
Software
envoy /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, text/html, application/xml, text/xml, */*
X-Prototype-Version
1.7
Referer
https://coles.boof-2157.psau-test.psau.fluxtest.app/
X-Requested-With
XMLHttpRequest
X-CSRF-Token
2CnZnbCJZ7oJvC55IZgZmkYh3bzA3KuGk0MYuy1QKFxBdd_0lhdysrU7S-Qx5VCCNQopVlVEoMP7pAy0hpVkYg
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 14 Dec 2023 05:47:51 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
content-security-policy-report-only
default-src 'self' https://tags.tiqcdn.com/utag/meridianenergy/flux https://tags.tiqcdn.com/utag/meridianenergy/psnz-flux https://ci.cdn.fluxci.com/ https://www.googletagmanager.com https://maps.googleapis.com/maps/api https://www.google-analytics.com https://app.launchdarkly.com https://events.launchdarkly.com https://clientstream.launchdarkly.com; img-src 'self' data: http://www.w3.org/2000/svg https://heapanalytics.com https://ci.cdn.fluxci.com/ https://*.mypurecloud.com.au https://*.apse2.pure.cloud; object-src https://*.mypurecloud.com.au https://*.apse2.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.heapanalytics.com https://heapanalytics.com http://www.googletagmanager.com http://cdn.heapanalytics.com https://ci.cdn.fluxci.com/ https://*.nr-data.net https://*.newrelic.com https://*.mypurecloud.com.au https://*.apse2.pure.cloud; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://ci.cdn.fluxci.com/; connect-src 'self' https://app.launchdarkly.com https://events.launchdarkly.com https://*.mypurecloud.com.au https://*.nr-data.net https://shyrka-prod-apse2.s3.ap-southeast-2.amazonaws.com https://*.newrelic.com https://*.apse2.pure.cloud wss://*.mypurecloud.com.au wss://*.apse2.pure.cloud; media-src https://*.mypurecloud.com.au https://*.apse2.pure.cloud; child-src https://*.mypurecloud.com.au https://*.apse2.pure.cloud; report-uri /csp_violations
x-envoy-upstream-service-time
138
x-xss-protection
0
x-request-id
0a0502e5-691a-4801-80e1-351bfd314327
x-ua-compatible
IE=Edge,chrome=1
x-runtime
0.135752
referrer-policy
strict-origin-when-cross-origin
server
envoy
etag
W/"565339bc4d33d72817b583024112eb7f"
x-download-options
noopen
vary
Accept
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=utf-8
cache-control
no-store

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| Prototype object| Abstract object| Try object| Class function| PeriodicalExecuter function| Template object| $break object| Enumerable function| $A function| $w function| $H function| Hash function| $R function| ObjectRange object| Ajax function| $ object| Form object| Field function| $F object| Toggle object| Insertion object| $continue object| Position object| Effect object| Droppables object| Draggables function| Draggable function| SortableObserver object| Sortable object| Autocompleter object| swfobject function| extraButtonsPlugin function| partialFocusPlugin object| UI function| AutoComplete object| Modernizr object| html5 function| yepnope function| jQuery function| Tether function| Drop function| _ function| $$ undefined| Sizzle function| Selector function| flatpickr_v2_6_3 function| FlatpickrInstance object| jQuery18307085271138493372 object| LDClient boolean| isIE10 boolean| isIE11

2 Cookies

Domain/Path Name / Value
coles.boof-2157.psau-test.psau.fluxtest.app/ Name: cookie_test
Value: coles
coles.boof-2157.psau-test.psau.fluxtest.app/ Name: au_session
Value: KcgWvVu0bL1Srh3XEzWWnTvqEDcx5Jvrm6XwYSSour8EbJ5shPH1ePpzxZckWZo7NdWscpwwyav1PnWr0GBDjImHkGyHUhDpC1Qakqv4zb5gBtxcffj7Ii4nzR3bASNKkzGcJRWc3KgChZNm5pjKcqO4dE2asRVHPJsDsgmhJHkQXVBQmqHih%2Fi%2FsDGABw%3D%3D--ZovSMc7f9W6fPp%2Fj--u5wca57bUrbMw8a78qivWA%3D%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0