urlscan.io logo urlscan.io
SecurityTrails logo

uat.portal.discovery.us.deloitte.com Open in urlscan Pro
20.57.16.70  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://uat.portal.discovery.us.deloitte.com/
Effective URL: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Submission: On June 22 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 20.57.16.70, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is uat.portal.discovery.us.deloitte.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 4th 2024. Valid for: a year.
This is the only time uat.portal.discovery.us.deloitte.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 20.57.16.70 8075 (MICROSOFT...)
10 2
Apex Domain
Subdomains		 Transfer
11 deloitte.com
uat.portal.discovery.us.deloitte.com
474 KB
10 1
Domain Requested by
11 uat.portal.discovery.us.deloitte.com 1 redirects uat.portal.discovery.us.deloitte.com
10 1

This site contains no links.

Subject Issuer Validity Valid
uat.portal.discovery.us.deloitte.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-03-04 -
2025-03-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Frame ID: 6C98655E9EDA7AEFBDCE90B8A962E1B8
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Client Portal

Page URL History Show full URLs

  1. https://uat.portal.discovery.us.deloitte.com/ Page URL
  2. https://uat.portal.discovery.us.deloitte.com/Login HTTP 302
    https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

510 kB
Transfer

537 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://uat.portal.discovery.us.deloitte.com/ Page URL
  2. https://uat.portal.discovery.us.deloitte.com/Login HTTP 302
    https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
uat.portal.discovery.us.deloitte.com/ 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4a0c5da59a3ec488783b2839633aeb293f466a3ba0d991d21e672aea21cacc62
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Content-Type
text/html; charset=utf-8
Date
Sat, 22 Jun 2024 17:58:21 GMT
Expires
-1
Pragma
no-cache
Referrer-Policy
no-referrer
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
X-Xss-Protection
1; mode=block
fonts.css
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/styles/ 		73 KB
79 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/styles/fonts.css
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4241728cd5c8758767c2cc172cbcc4dcfd72da1328bb32e63a8f551d27d3b4c2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 22 Jun 2024 17:58:21 GMT
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 10 Jun 2024 20:08:26 GMT
Server
Microsoft-IIS/10.0
ETag
"1dabb71f3fc3ac1"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
js.cookie.js
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/js.cookie.js
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8f6956b53aea11ba052653af7fc545914f775aed1a17825d24c751feb2f234ea
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 22 Jun 2024 17:58:21 GMT
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 10 Jun 2024 20:08:26 GMT
Server
Microsoft-IIS/10.0
ETag
"1dabb71f3fd16ce"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/javascript
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
capture-original-url.js
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/ 		548 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/capture-original-url.js
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
f93a3343fe569c33e33a5cb3d85e55fa397295f39156aab54b97989d0a704d0b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 22 Jun 2024 17:58:21 GMT
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 10 Jun 2024 20:08:26 GMT
Server
Microsoft-IIS/10.0
ETag
"1dabb71f3fd1b24"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/javascript
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
bg-mason.jpg
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/ 		143 KB
144 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/bg-mason.jpg
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8980ee10c8ad5a2bfcf8fc51ed9abaea0a2b7ddca95955ff39e1c9debd6bb3d3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://uat.portal.discovery.us.deloitte.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Content-Type-Options
nosniff
Date
Sat, 22 Jun 2024 17:58:21 GMT
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
Content-Length
146575
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 10 Jun 2024 20:08:26 GMT
Server
Microsoft-IIS/10.0
ETag
"1dabb71f3ff258f"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET,POST,HEAD
Content-Type
image/jpeg
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
truncated
/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e8a28a0638c920e5b76177e5f03ba94fcdedd3e3ecd347c333d82876b51c9c0

Request headers

Referer
Origin
https://uat.portal.discovery.us.deloitte.com
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ea20e5db3ba915c503173fae268445fc2745fc9a5dce2f58d47f5a355e1cdb18

Request headers

Referer
Origin
https://uat.portal.discovery.us.deloitte.com
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
Primary Request authentication
uat.portal.discovery.us.deloitte.com/
Redirect Chain
  • https://uat.portal.discovery.us.deloitte.com/Login
  • https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/capture-original-url.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
95e53efb546bb8387d5127baa44982f9d65537b717b230b6a724341905cd6790
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Referer
https://uat.portal.discovery.us.deloitte.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store,no-cache
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Content-Type
text/html; charset=utf-8
Date
Sat, 22 Jun 2024 17:58:21 GMT
Expires
-1
Pragma
no-cache
Referrer-Policy
no-referrer
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
X-Xss-Protection
1; mode=block

Redirect headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Content-Length
0
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Date
Sat, 22 Jun 2024 17:58:21 GMT
Expires
-1
Location
https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Pragma
no-cache
Referrer-Policy
no-referrer
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
X-Xss-Protection
1; mode=block
fonts.css
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/styles/ 		73 KB
79 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/styles/fonts.css
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4241728cd5c8758767c2cc172cbcc4dcfd72da1328bb32e63a8f551d27d3b4c2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 22 Jun 2024 17:58:21 GMT
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 10 Jun 2024 20:08:26 GMT
Server
Microsoft-IIS/10.0
ETag
"1dabb71f3fc3ac1"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
Deloitte-wh.png
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/Deloitte-wh.png
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
a62f9e00c3b8eec3d40b0bbb9a38d7de06f7ad5595fc7837cbff7962d0c5c24e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Content-Type-Options
nosniff
Date
Sat, 22 Jun 2024 17:58:21 GMT
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
Content-Length
8877
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 10 Jun 2024 20:08:26 GMT
Server
Microsoft-IIS/10.0
ETag
"1dabb71f3fd3bad"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET,POST,HEAD
Content-Type
image/png
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
bg-mason.jpg
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/ 		143 KB
144 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/bg-mason.jpg
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8980ee10c8ad5a2bfcf8fc51ed9abaea0a2b7ddca95955ff39e1c9debd6bb3d3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Content-Type-Options
nosniff
Date
Sat, 22 Jun 2024 17:58:21 GMT
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
Content-Length
146575
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 10 Jun 2024 20:08:26 GMT
Server
Microsoft-IIS/10.0
ETag
"1dabb71f3ff258f"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET,POST,HEAD
Content-Type
image/jpeg
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
truncated
/ 		18 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
Origin
https://uat.portal.discovery.us.deloitte.com
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ 		18 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
Origin
https://uat.portal.discovery.us.deloitte.com
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
favicon.ico
uat.portal.discovery.us.deloitte.com/ 		527 B
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ad3584a8d830e90490779ca89b691f7f30db2e4008f6cbb470788d7029127304
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Content-Type-Options
nosniff
Date
Sat, 22 Jun 2024 17:58:22 GMT
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET,POST,HEAD
Content-Type
text/plain
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Expires
-1

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

3 Cookies

Domain/Path Name / Value
.uat.portal.discovery.us.deloitte.com/ Name: ARRAffinity
Value: 8e5526da6ce91b2c201af09c727053a41ca153614da5533f6c3e4b0ec7e2c24d
.uat.portal.discovery.us.deloitte.com/ Name: ARRAffinitySameSite
Value: 8e5526da6ce91b2c201af09c727053a41ca153614da5533f6c3e4b0ec7e2c24d
uat.portal.discovery.us.deloitte.com/ Name: dseng.clientportal.antiforgery
Value: CfDJ8BCJtC3crCZEt0dbR8P8OG-JKNtpbc1-000fwp26ozChiP_wOlMTzZkkekQjdy60NgJ05rP4w218f1j6V7y3pWGJqdbhgYMEMXA6o7zmXGCvNOZjYC0QTgqVhfKS7XGrenxQkjaxZilTosQz9cut02w

1 Console Messages

Source Level URL
Text
network error URL: https://uat.portal.discovery.us.deloitte.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block