urlscan.io logo urlscan.io
SecurityTrails logo

login.orderexpress.telstra.com.au Open in urlscan Pro
20.193.42.210  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u1599583.ct.sendgrid.net/ls/click?upn=pmrCMHxAXyCdeGjnqLQUl5w-2FwV9nQqJlKb7PnRGQKgraVKjHz89UVr1GA2PzYYyOmLLe0RVDkjunegSG3...
Effective URL: https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=fals...
Submission: On April 01 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 9 HTTP transactions. The main IP is 20.193.42.210, located in Sydney, Australia and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.orderexpress.telstra.com.au.
TLS certificate: Issued by QuoVadis Global SSL ICA G3 on January 29th 2021. Valid for: a year.
This is the only time login.orderexpress.telstra.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.118.28 11377 (SENDGRID)
2 3 20.193.2.35 8075 (MICROSOFT...)
1 7 20.193.42.210 8075 (MICROSOFT...)
1 20.53.75.233 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
9 5
1    167.89.118.28 (Las Vegas, United States)

ASN11377 (SENDGRID, US)
PTR: o16789118x28.outbound-mail.sendgrid.net
u1599583.ct.sendgrid.net
3    20.193.2.35 (Sydney, Australia)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
orderexpress.telstra.com.au
7    20.193.42.210 (Sydney, Australia)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.orderexpress.telstra.com.au
1    20.53.75.233 (Sydney, Australia)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
partner.orderexpress.telstra.com.au
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
Domain Requested by
7 login.orderexpress.telstra.com.au 1 redirects login.orderexpress.telstra.com.au
3 orderexpress.telstra.com.au 2 redirects
1 fonts.googleapis.com login.orderexpress.telstra.com.au
1 partner.orderexpress.telstra.com.au login.orderexpress.telstra.com.au
1 u1599583.ct.sendgrid.net 1 redirects
9 5

This site contains links to these domains. Also see Links.

Domain
orderexpress.telstra.com.au
Subject Issuer Validity Valid
orderexpress.telstra.com.au
QuoVadis Global SSL ICA G3		 2020-07-13 -
2021-07-13		 a year crt.sh
login.orderexpress.telstra.com.au
QuoVadis Global SSL ICA G3		 2021-01-29 -
2022-01-29		 a year crt.sh
partner.orderexpress.telstra.com.au
QuoVadis Global SSL ICA G3		 2020-07-13 -
2021-07-13		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-03-11 -
2021-06-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
Frame ID: 21D5F36211C4A6EC80A80D8C2F4BB90F
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://u1599583.ct.sendgrid.net/ls/click?upn=pmrCMHxAXyCdeGjnqLQUl5w-2FwV9nQqJlKb7PnRGQKgraVKjHz89UVr1GA2PzY... HTTP 302
    https://orderexpress.telstra.com.au/manage/telstra/verifyemail?token=0417b4c3e3da12e7d4a696a0756fd066 HTTP 302
    https://orderexpress.telstra.com.au/manage/sso HTTP 302
    https://orderexpress.telstra.com.au/manage_sso/samlsso Page URL
  2. https://login.orderexpress.telstra.com.au/samlsso HTTP 302
    https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=fa... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

9
Requests

100 %
HTTPS

20 %
IPv6

3
Domains

5
Subdomains

5
IPs

3
Countries

327 kB
Transfer

1364 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u1599583.ct.sendgrid.net/ls/click?upn=pmrCMHxAXyCdeGjnqLQUl5w-2FwV9nQqJlKb7PnRGQKgraVKjHz89UVr1GA2PzYYyOmLLe0RVDkjunegSG3zrnmMYD9SBZn6fB7bMFkJ8ka4scr8P3hVXyH2RycP2HG-2BRSjie9vvwQfYK6k-2B3pgscg-2Bw-3D-3DFlAD_RL1JExwc8cKmCy5bELgKVfbYJN09EdDPUZeDUOt1fyB8CUeByu6kbuJKr1qaKxtdm8LNwkOolEDmtAMn6iQRe7Qaxk5atXRYKjy1RPQg-2FT8wSyJUyyBxIwpl87l3c6kfx24uD0QmYV3nt83sGGpqBs32Yfos6xQaHErry-2FmMn7awFlDeJt0N7HVURtXVAeIU-2BXUG2aFtQ-2FrvGjLMn2CTT-2FHYS5LYS6YK6gSoEEjWvGg-3D HTTP 302
    https://orderexpress.telstra.com.au/manage/telstra/verifyemail?token=0417b4c3e3da12e7d4a696a0756fd066 HTTP 302
    https://orderexpress.telstra.com.au/manage/sso HTTP 302
    https://orderexpress.telstra.com.au/manage_sso/samlsso Page URL
  2. https://login.orderexpress.telstra.com.au/samlsso HTTP 302
    https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://u1599583.ct.sendgrid.net/ls/click?upn=pmrCMHxAXyCdeGjnqLQUl5w-2FwV9nQqJlKb7PnRGQKgraVKjHz89UVr1GA2PzYYyOmLLe0RVDkjunegSG3zrnmMYD9SBZn6fB7bMFkJ8ka4scr8P3hVXyH2RycP2HG-2BRSjie9vvwQfYK6k-2B3pgscg-2Bw-3D-3DFlAD_RL1JExwc8cKmCy5bELgKVfbYJN09EdDPUZeDUOt1fyB8CUeByu6kbuJKr1qaKxtdm8LNwkOolEDmtAMn6iQRe7Qaxk5atXRYKjy1RPQg-2FT8wSyJUyyBxIwpl87l3c6kfx24uD0QmYV3nt83sGGpqBs32Yfos6xQaHErry-2FmMn7awFlDeJt0N7HVURtXVAeIU-2BXUG2aFtQ-2FrvGjLMn2CTT-2FHYS5LYS6YK6gSoEEjWvGg-3D HTTP 302
  • https://orderexpress.telstra.com.au/manage/telstra/verifyemail?token=0417b4c3e3da12e7d4a696a0756fd066 HTTP 302
  • https://orderexpress.telstra.com.au/manage/sso HTTP 302
  • https://orderexpress.telstra.com.au/manage_sso/samlsso

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
samlsso
orderexpress.telstra.com.au/manage_sso/
Redirect Chain
  • https://u1599583.ct.sendgrid.net/ls/click?upn=pmrCMHxAXyCdeGjnqLQUl5w-2FwV9nQqJlKb7PnRGQKgraVKjHz89UVr1GA2PzYYyOmLLe0RVDkjunegSG3zrnmMYD9SBZn6fB7bMFkJ8ka4scr8P3hVXyH2RycP2HG-2BRSjie9vvwQfYK6k-2B3pg...
  • https://orderexpress.telstra.com.au/manage/telstra/verifyemail?token=0417b4c3e3da12e7d4a696a0756fd066
  • https://orderexpress.telstra.com.au/manage/sso
  • https://orderexpress.telstra.com.au/manage_sso/samlsso
6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://orderexpress.telstra.com.au/manage_sso/samlsso
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.193.2.35 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.19.2 /
Resource Hash
69a80d1163c3d2fd831bafa97326064b42d4f2a57495374941a02ee59e27fa7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
orderexpress.telstra.com.au
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx/1.19.2
Date
Thu, 01 Apr 2021 19:29:22 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubDomains

Redirect headers

Server
nginx/1.19.2
Date
Thu, 01 Apr 2021 19:29:21 GMT
Content-Type
text/html;charset=ISO-8859-1
Content-Length
204
Connection
keep-alive
X-FRAME-OPTIONS
DENY
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Pragma
no-cache
Cache-Control
no-cache no-store
Location
https://orderexpress.telstra.com.au/manage_sso/samlsso
Content-Language
en-US
Access-Control-Max-Age
: 99999999
Primary Request Cookie set login.do
login.orderexpress.telstra.com.au/authenticationendpoint/
Redirect Chain
  • https://login.orderexpress.telstra.com.au/samlsso
  • https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f...
20 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.193.42.210 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
fb99d257ee38836c0a83881ccdce31ee8e10d7f4537b8b193bd78ee0b5fa80b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
login.orderexpress.telstra.com.au
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://orderexpress.telstra.com.au/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
Origin
https://orderexpress.telstra.com.au
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://orderexpress.telstra.com.au/

Response headers

X-Frame-Options
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Set-Cookie
JSESSIONID=3B743A5746236DF8619B87226A126EFE5C13189F657E451E68C9A571AE501CB991B6268CD3E2249207C7C6F5FD69ED9B2A5E07EA5F8C2723221633157221F56B37EC9617E900C178F62AB63A3A2D52105F88C5E56B05688641CEA5BFCD48639C5D906CE740D933BB2C0FB5BCBF11DDDE91D57E4119C36EF3EC1AB6CD06C0C101; Path=/authenticationendpoint; Secure; HttpOnly
vary
accept-encoding
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Date
Thu, 01 Apr 2021 19:29:35 GMT
Keep-Alive
timeout=60
Connection
keep-alive
Server
WSO2 Carbon Server

Redirect headers

X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
X-Frame-Options
DENY
Location
https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
Content-Length
0
Date
Thu, 01 Apr 2021 19:29:35 GMT
Keep-Alive
timeout=60
Connection
keep-alive
Server
WSO2 Carbon Server
wso2-default.min.css
login.orderexpress.telstra.com.au/authenticationendpoint/libs/theme/ 		734 KB
112 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.orderexpress.telstra.com.au/authenticationendpoint/libs/theme/wso2-default.min.css
Requested by
Host: login.orderexpress.telstra.com.au
URL: https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.193.42.210 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
3b3d58e2ad598e46f39af48a85a9d1ab773679bced881889380e66c55a7282e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 01 Apr 2021 19:29:35 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 26 Jan 2021 03:30:25 GMT
Server
WSO2 Carbon Server
ETag
W/"751914-1611631825000"
X-Frame-Options
DENY
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
Accept-Ranges
bytes
vary
accept-encoding
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=60
jquery-3.4.1.js
login.orderexpress.telstra.com.au/authenticationendpoint/libs/jquery_3.4.1/ 		286 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.orderexpress.telstra.com.au/authenticationendpoint/libs/jquery_3.4.1/jquery-3.4.1.js
Requested by
Host: login.orderexpress.telstra.com.au
URL: https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.193.42.210 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
3f80e8e5e1945b57180397b363fb0a747e1e99cf492d59b4f8cd09bfb239f2b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 01 Apr 2021 19:29:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 26 Jan 2021 03:30:25 GMT
Server
WSO2 Carbon Server
ETag
W/"292564-1611631825000"
X-Frame-Options
DENY
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
Accept-Ranges
bytes
vary
accept-encoding
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=60
logo2.png
partner.orderexpress.telstra.com.au/oeimg/resources/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://partner.orderexpress.telstra.com.au/oeimg/resources/images/logo2.png
Requested by
Host: login.orderexpress.telstra.com.au
URL: https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.53.75.233 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.19.6 /
Resource Hash
75983a3dc72d2679b25d953523f27d90c62158b1631ecfc1d6a157d4fb45f0c9

Request headers

Referer
https://login.orderexpress.telstra.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 01 Apr 2021 19:29:37 GMT
Last-Modified
Mon, 01 Feb 2021 12:34:46 GMT
Server
nginx/1.19.6
ETag
"6017f566-189d"
Access-Control-Allow-Methods
GET, POST, OPTIONS, PUT, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type,Accept
Content-Length
6301
semantic.min.js
login.orderexpress.telstra.com.au/authenticationendpoint/libs/theme/ 		269 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.orderexpress.telstra.com.au/authenticationendpoint/libs/theme/semantic.min.js
Requested by
Host: login.orderexpress.telstra.com.au
URL: https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.193.42.210 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
b7c19ea67c8f9b0f6df9fa0c87798a36f728aea3476a648ab4a471c695048052
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 01 Apr 2021 19:29:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 26 Jan 2021 03:30:25 GMT
Server
WSO2 Carbon Server
ETag
W/"275730-1611631825000"
X-Frame-Options
DENY
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
Accept-Ranges
bytes
vary
accept-encoding
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=60
css
fonts.googleapis.com/ 		3 KB
566 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin
Requested by
Host: login.orderexpress.telstra.com.au
URL: https://login.orderexpress.telstra.com.au/authenticationendpoint/libs/theme/wso2-default.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
20568af44ab9b900de7d9f4d286cb26181af272d5ca6d1bb0789ae5483003643
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://login.orderexpress.telstra.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 01 Apr 2021 19:09:16 GMT
server
ESF
date
Thu, 01 Apr 2021 19:29:37 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 01 Apr 2021 19:29:37 GMT
truncated
/ 		960 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef4942d48fb43ccba878b4078605c7b63713af13d111adef8913271705c0d730

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
icons.woff2
login.orderexpress.telstra.com.au/authenticationendpoint/libs/theme/assets/fonts/ 		39 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.orderexpress.telstra.com.au/authenticationendpoint/libs/theme/assets/fonts/icons.woff2
Requested by
Host: login.orderexpress.telstra.com.au
URL: https://login.orderexpress.telstra.com.au/authenticationendpoint/libs/theme/wso2-default.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.193.42.210 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
a12fd41c86a59b4dff636fd500fe325f78e65e9fe867d4cc5961dda45af4034d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Origin
https://login.orderexpress.telstra.com.au
Referer
https://login.orderexpress.telstra.com.au/authenticationendpoint/libs/theme/wso2-default.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 01 Apr 2021 19:29:36 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 26 Jan 2021 03:30:25 GMT
Server
WSO2 Carbon Server
ETag
W/"40148-1611631825000"
X-Frame-Options
DENY
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
40148
X-XSS-Protection
1; mode=block
logincontext
login.orderexpress.telstra.com.au/ 		20 B
282 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.orderexpress.telstra.com.au/logincontext?sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&tenantDomain=carbon.super&_=1617305377624
Requested by
Host: login.orderexpress.telstra.com.au
URL: https://login.orderexpress.telstra.com.au/authenticationendpoint/libs/jquery_3.4.1/jquery-3.4.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.193.42.210 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://login.orderexpress.telstra.com.au/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=e3e0716c-3374-4f25-a5a4-a38e233bd4c7&relyingParty=oe_sec&type=samlsso&sp=oe_sec&isSaaSApp=false&authenticators=OpenIDConnectAuthenticator%3AAzure%3BBasicAuthenticator%3ALOCAL
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 01 Apr 2021 19:29:39 GMT
X-Content-Type-Options
nosniff
Server
WSO2 Carbon Server
Content-Type
application/json;charset=UTF-8
Connection
keep-alive
Keep-Alive
timeout=60
Content-Length
20
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| goBack function| checkSessionKey function| getParameterByName function| myFunction function| handleNoDomain function| changeUsername

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains