Submitted URL: https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptyltd.sharepoint.com/sit...
Effective URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Submission: On May 08 via manual from AU — Scanned from NL

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 157.155.36.16, located in Australia and belongs to COLESMYER-AS-AP Coles Myer, AU. The main domain is login.colesgroup.com.au.
TLS certificate: Issued by Thawte RSA CA 2018 on August 2nd 2022. Valid for: a year.
This is the only time login.colesgroup.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 40.126.32.136 8075 (MICROSOFT...)
1 15 157.155.36.16 17983 (COLESMYER...)
19 3
Apex Domain
Subdomains
Transfer
15 colesgroup.com.au
login.colesgroup.com.au
460 KB
3 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 25
59 KB
0 bootstrapcdn.com Failed
maxcdn.bootstrapcdn.com Failed
19 3
Domain Requested by
15 login.colesgroup.com.au 1 redirects login.colesgroup.com.au
3 login.microsoftonline.com login.microsoftonline.com
0 maxcdn.bootstrapcdn.com Failed login.colesgroup.com.au
19 3

This site contains no links.

Subject Issuer Validity Valid
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA
2023-02-24 -
2024-02-24
a year crt.sh
login.colesgroup.com.au
Thawte RSA CA 2018
2022-08-02 -
2023-08-17
a year crt.sh

This page contains 1 frames:

Primary Page: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Frame ID: 5ABA4A5969FE5915CCBE5370D2E6FC56
Requests: 19 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptylt... Page URL
  2. https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptylt... Page URL
  3. https://login.colesgroup.com.au/nidp/saml2/sso HTTP 302
    https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

89 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

518 kB
Transfer

873 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptyltd.sharepoint.com/sites/Coles/SitePages/Disclosures/Pages/index.aspx?PId=4608&whr=coles.com.au Page URL
  2. https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptyltd.sharepoint.com/sites/Coles/SitePages/Disclosures/Pages/index.aspx?PId=4608&whr=coles.com.au&sso_reload=true Page URL
  3. https://login.colesgroup.com.au/nidp/saml2/sso HTTP 302
    https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
login.srf
login.microsoftonline.com/
153 KB
55 KB
Document
General
Full URL
https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptyltd.sharepoint.com/sites/Coles/SitePages/Disclosures/Pages/index.aspx?PId=4608&whr=coles.com.au
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.32.136 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
950472ce917c1760b8e5daf0897a3a7f3035e2d604ebf4d6ab5a2a44e7640326
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
55421
Content-Type
text/html; charset=utf-8
Date
Mon, 08 May 2023 09:14:47 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.15319.9 - WEULR1 ProdSlices
x-ms-request-id
13e847fb-4df4-46d1-a185-6eb546b00f00
reportbssotelemetry
login.microsoftonline.com/common/instrumentation/
265 B
1 KB
Ping
General
Full URL
https://login.microsoftonline.com/common/instrumentation/reportbssotelemetry?hpgid=6&hpgact=2101&client-request-id=fd4213d5-4b7e-4629-a48f-56188673c778&hpgrequestid=13e847fb-4df4-46d1-a185-6eb546b00f00
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptyltd.sharepoint.com/sites/Coles/SitePages/Disclosures/Pages/index.aspx?PId=4608&whr=coles.com.au
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.32.136 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptyltd.sharepoint.com/sites/Coles/SitePages/Disclosures/Pages/index.aspx?PId=4608&whr=coles.com.au
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Mon, 08 May 2023 09:14:47 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
Content-Type
application/json; charset=utf-8
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id
ee5d8318-d97f-4a2b-982b-623a58b36600
Cache-Control
no-store, no-cache
Content-Length
265
x-ms-ests-server
2.1.15256.7 - WEULR2 ProdSlices
X-XSS-Protection
0
Expires
-1
login.srf
login.microsoftonline.com/
1 KB
3 KB
Document
General
Full URL
https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptyltd.sharepoint.com/sites/Coles/SitePages/Disclosures/Pages/index.aspx?PId=4608&whr=coles.com.au&sso_reload=true
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptyltd.sharepoint.com/sites/Coles/SitePages/Disclosures/Pages/index.aspx?PId=4608&whr=coles.com.au
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.32.136 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
308a6982df819e0656b6d0a383465958c06d2e6678ceb6ecd5b03b03d75af7c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https://stoplineptyltd.sharepoint.com/sites/Coles/SitePages/Disclosures/Pages/index.aspx?PId=4608&whr=coles.com.au
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
984
Content-Type
text/html; charset=utf-8
Date
Mon, 08 May 2023 09:14:47 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.15256.7 - NEULR2 ProdSlices
x-ms-request-id
390c0fa1-d1f5-4f3f-912d-c34a38465900
Primary Request sso
login.colesgroup.com.au/nidp/saml2/
Redirect Chain
  • https://login.colesgroup.com.au/nidp/saml2/sso
  • https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
21 KB
21 KB
Document
General
Full URL
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
64047983bcd1bfb2194802fc961a7bb3321bcb8d0aa40460153c012167be30c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
Date
Mon, 08 May 2023 09:14:50 GMT
Keep-Alive
timeout=60
Pragma
No-cache
Strict-Transport-Security
max-age=31536000 max-age=16070400
Transfer-Encoding
chunked
WWW-Authenticate
Negotiate
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
SAMEORIGIN
X-XSS-Protection
1; mode=block
via-ESP
null,NIDPLOGGING.600105004 session33-CBAA3BACA70D3987DF2B7292D1A4689D null,NIDPLOGGING.600105004 session33-CBAA3BACA70D3987DF2B7292D1A4689D,NIDPLOGGING.600105002 session220-CBAA3BACA70D3987DF2B7292D1A4689D

Redirect headers

Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Date
Mon, 08 May 2023 09:14:50 GMT
Keep-Alive
timeout=60
Location
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Pragma
No-cache
Strict-Transport-Security
max-age=31536000 max-age=16070400
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
SAMEORIGIN
X-XSS-Protection
1; mode=block
mycoles.css
login.colesgroup.com.au/nidp/resources/css/
124 KB
125 KB
Stylesheet
General
Full URL
https://login.colesgroup.com.au/nidp/resources/css/mycoles.css
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
02fa1e9fc48e9b92c0de23e7af85be7382468ead9c084425bd46e877811e0db0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:27:25 GMT
ETag
W/"127240-1668162445414"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
127240
X-XSS-Protection
1; mode=block
jquery-1.9.1.min.js
login.colesgroup.com.au/nidp/resources/js/
90 KB
91 KB
Script
General
Full URL
https://login.colesgroup.com.au/nidp/resources/js/jquery-1.9.1.min.js
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:28:08 GMT
ETag
W/"92633-1668162488671"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
92633
X-XSS-Protection
1; mode=block
jquery.selectbox-1.2.js
login.colesgroup.com.au/nidp/resources/js/
10 KB
10 KB
Script
General
Full URL
https://login.colesgroup.com.au/nidp/resources/js/jquery.selectbox-1.2.js
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
0e58048c30277fd33bc8d075bd74887eeb82db2acec1ad20b171da52235582ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:28:10 GMT
ETag
W/"10062-1668162490045"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
10062
X-XSS-Protection
1; mode=block
jquery.cookie.js
login.colesgroup.com.au/nidp/resources/js/
2 KB
3 KB
Script
General
Full URL
https://login.colesgroup.com.au/nidp/resources/js/jquery.cookie.js
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
0032b7c67f96c4a33a5cbf68ecaec4c1798f02dcee76d095df8c1393bd7ce7c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:28:09 GMT
ETag
W/"2318-1668162489344"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
2318
X-XSS-Protection
1; mode=block
respond.min.js
login.colesgroup.com.au/nidp/resources/js/
4 KB
4 KB
Script
General
Full URL
https://login.colesgroup.com.au/nidp/resources/js/respond.min.js
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
749816ecfebd27111a8d3c3afbbd228c3f427d7ab9733d5a8f61f55c7844b1b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:28:11 GMT
ETag
W/"4048-1668162491340"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
4048
X-XSS-Protection
1; mode=block
logo-mycoles.png
login.colesgroup.com.au/nidp/resources/images/
41 KB
41 KB
Image
General
Full URL
https://login.colesgroup.com.au/nidp/resources/images/logo-mycoles.png
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
a583e7bd319320fa4eaf144ade1a5e9217b2ff02847b88b8cf3370fc46f124c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:27:53 GMT
ETag
W/"41690-1668162473364"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
41690
X-XSS-Protection
1; mode=block
coles-logo.png
login.colesgroup.com.au/nidp/resources/images/
2 KB
2 KB
Image
General
Full URL
https://login.colesgroup.com.au/nidp/resources/images/coles-logo.png
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
9be5aaf3886920e4f4e3cb807e41dc5303140d85878f0e27f728ca36dab7e313
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:27:47 GMT
ETag
W/"1580-1668162467729"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
1580
X-XSS-Protection
1; mode=block
Close.svg
login.colesgroup.com.au/nidp/resources/images/
925 B
1 KB
Image
General
Full URL
https://login.colesgroup.com.au/nidp/resources/images/Close.svg
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
fde7ee12bacb6ba4e183f000cd6048986482a7ee020c13e16c8841591e99daa6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:27:41 GMT
ETag
W/"925-1668162461994"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
925
X-XSS-Protection
1; mode=block
mycoles-card-desktop.png
login.colesgroup.com.au/nidp/resources/images/
29 KB
29 KB
Image
General
Full URL
https://login.colesgroup.com.au/nidp/resources/images/mycoles-card-desktop.png
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
6e2f60ad60ee8f8dbda079c8cbade4bccc16575356fca76ca7d1efa0a59eb2b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:27:54 GMT
ETag
W/"29764-1668162474725"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
29764
X-XSS-Protection
1; mode=block
mycoles-footer.png
login.colesgroup.com.au/nidp/resources/images/
37 KB
37 KB
Image
General
Full URL
https://login.colesgroup.com.au/nidp/resources/images/mycoles-footer.png
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
b9a654bf049aa9e0de8e2ba666e92ce958ca578e3fae5465ac32aef848d84a51
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:27:55 GMT
ETag
W/"37546-1668162475354"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
37546
X-XSS-Protection
1; mode=block
mycoles.js
login.colesgroup.com.au/nidp/resources/js/
4 KB
4 KB
Script
General
Full URL
https://login.colesgroup.com.au/nidp/resources/js/mycoles.js
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
380b88d0c281918ca320c8de386ee2a2deb97a0a30fd247d9cd85e75ab8c2875
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:28:10 GMT
ETag
W/"3692-1668162490700"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
3692
X-XSS-Protection
1; mode=block
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/
0
0

bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/
0
0

ColesHapticBd.ttf
login.colesgroup.com.au/nidp/resources/fonts/
89 KB
90 KB
Font
General
Full URL
https://login.colesgroup.com.au/nidp/resources/fonts/ColesHapticBd.ttf
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
0fe8d37996c3c57587e2d65ac3c70f2c5d82f71ff783d8d1dc4c0867307fdeda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Origin
https://login.colesgroup.com.au
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:27:27 GMT
ETag
W/"91416-1668162447252"
X-FRAME-OPTIONS
SAMEORIGIN
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
91416
X-XSS-Protection
1; mode=block
SourceSansPro-Regular.ttf
login.colesgroup.com.au/nidp/resources/fonts/
265 KB
0
Font
General
Full URL
https://login.colesgroup.com.au/nidp/resources/fonts/SourceSansPro-Regular.ttf
Requested by
Host: login.colesgroup.com.au
URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.155.36.16 , Australia, ASN17983 (COLESMYER-AS-AP Coles Myer, AU),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Origin
https://login.colesgroup.com.au
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=16070400
Date
Mon, 08 May 2023 09:14:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 11 Nov 2022 10:27:30 GMT
ETag
W/"293516-1668162450471"
X-FRAME-OPTIONS
SAMEORIGIN
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
293516
X-XSS-Protection
1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
maxcdn.bootstrapcdn.com
URL
http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js
Domain
maxcdn.bootstrapcdn.com
URL
http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery

9 Cookies

Domain/Path Name / Value
login.colesgroup.com.au/nidp Name: JSESSIONID
Value: CBAA3BACA70D3987DF2B7292D1A4689D
login.colesgroup.com.au/nidp Name: UrnNovellNidpClusterMemberId
Value: ~03~05~7Dbb~01~16~16hnq~0A~0C~0A
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
.login.microsoftonline.com/ Name: AADSSO
Value: NA|NoExtension
login.microsoftonline.com/ Name: SSOCOOKIEPULLED
Value: 1
login.microsoftonline.com/ Name: buid
Value: 0.ATEAqzBRR7ViQUKp00fjfJvCFQMAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrFE76ppw227FO-hXH4mgO_gO6vLx_34mY7F_H44j9crYi87WEuiW_vJawJJYQbL3ymCAeKza6dKaMN5jJkvF4ZGJlLnGq4nIHIVVCR__vV3IgAA
login.microsoftonline.com/ Name: fpc
Value: AkZyd4_eNPJApgAXk7NLIt1YSqg3AQAAAIe06tsOAAAA
.login.microsoftonline.com/ Name: esctx
Value: PAQABAAEAAAD--DLA3VO7QrddgJg7Wevr999npAln2PIueO6vLO_IitiWTFMKmQ-yevBfVZdp2M97HWLVRB0p3XliOIEEFDuXBoMiAaU18NmomyaNFBxxOEVmmPRr6Ne9dX88boW25VfvoEcItX27B1-MMxhJBTvblDriXVw6UmWCfnPG1BYUkLIEhXcjDOU3UJpgtUWFgCMgAA

3 Console Messages

Source Level URL
Text
network error URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Message:
Failed to load resource: the server responded with a status of 401 ()
security error URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential
Message:
Mixed Content: The page at 'https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential' was loaded over HTTPS, but requested an insecure script 'http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential(Line 37)
Message:
Mixed Content: The page at 'https://login.colesgroup.com.au/nidp/saml2/sso?sid=0&option=credential' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0