urlscan.io logo urlscan.io
SecurityTrails logo

metconnect.metcash.com Open in urlscan Pro
161.71.144.11  Public Scan

Go To Rescan Add Verdict Report
URL: https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411...
Submission: On April 12 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 161.71.144.11, located in United States and belongs to SALESFORCE, US. The main domain is metconnect.metcash.com.
TLS certificate: Issued by Trusted Secure Certificate Authority 5 on August 12th 2022. Valid for: a year.
This is the only time metconnect.metcash.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 161.71.144.11 14340 (SALESFORCE)
13 2
Apex Domain
Subdomains		 Transfer
11 metcash.com
metconnect.metcash.com
2 MB
0 documentforce.com Failed
metcash--dev2--c.documentforce.com Failed
13 2
Domain Requested by
11 metconnect.metcash.com metconnect.metcash.com
0 metcash--dev2--c.documentforce.com Failed
13 2

This site contains no links.

Subject Issuer Validity Valid
metconnect.metcash.com
Trusted Secure Certificate Authority 5		 2022-08-12 -
2023-09-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
Frame ID: 5F015018E1309B4A3D1C76C501797AD9
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Survey: supplier_activity_log

Page Statistics

13
Requests

85 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

2015 kB
Transfer

9212 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request runtimeApp.app
metconnect.metcash.com/survey/ 		177 KB
54 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
b8cd3437a3ac187f1f05895486b4f743e82148a040d4900960876e9c9544288e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests default-src 'self'; script-src 'self' 'nonce-ctxnGHBtaZl8pGzlKHFv2QsOnkm0iR8D' chrome-extension: 'unsafe-inline' 'unsafe-eval' *.canary.lwc.dev *.visualforce.com blob: https://ssl.gstatic.com/accessibility/; object-src 'self'; style-src 'self' blob: chrome-extension: 'unsafe-inline' https://api.mixpanel.com https://*.springcm.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; img-src 'self' http: https: data: blob: https://api.mixpanel.com https://*.springcm.com https://app.powerbi.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; media-src 'self' https://api.mixpanel.com https://*.springcm.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; frame-ancestors 'self'; frame-src blob: https: mailto: https://api.mixpanel.com https://*.springcm.com https://app.powerbi.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; font-src 'self' https: data: https://api.mixpanel.com https://*.springcm.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; connect-src 'self' https://api.bluetail.salesforce.com https://staging.bluetail.salesforce.com https://preprod.bluetail.salesforce.com https://api.mixpanel.com https://*.springcm.com https://app.powerbi.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com blob: *.visualforce.com; base-uri 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-encoding
gzip
content-security-policy
upgrade-insecure-requests default-src 'self'; script-src 'self' 'nonce-ctxnGHBtaZl8pGzlKHFv2QsOnkm0iR8D' chrome-extension: 'unsafe-inline' 'unsafe-eval' *.canary.lwc.dev *.visualforce.com blob: https://ssl.gstatic.com/accessibility/; object-src 'self'; style-src 'self' blob: chrome-extension: 'unsafe-inline' https://api.mixpanel.com https://*.springcm.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; img-src 'self' http: https: data: blob: https://api.mixpanel.com https://*.springcm.com https://app.powerbi.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; media-src 'self' https://api.mixpanel.com https://*.springcm.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; frame-ancestors 'self'; frame-src blob: https: mailto: https://api.mixpanel.com https://*.springcm.com https://app.powerbi.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; font-src 'self' https: data: https://api.mixpanel.com https://*.springcm.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; connect-src 'self' https://api.bluetail.salesforce.com https://staging.bluetail.salesforce.com https://preprod.bluetail.salesforce.com https://api.mixpanel.com https://*.springcm.com https://app.powerbi.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com blob: *.visualforce.com; base-uri 'self'
content-type
text/html;charset=UTF-8
date
Wed, 12 Apr 2023 03:08:35 GMT
expires
Tue, 12 Apr 2022 03:08:34 GMT
last-modified
Tue, 12 Apr 2022 03:08:34 GMT
link
</l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fforce%3Abase%22%2C%22markup%3A%2F%2Fforce%3AformFactorLarge%22%2C%22markup%3A%2F%2Fsurvey%3AsurveyNamespace%22%5D%2C%22tuid%22%3A%22v1_LlYTNpg5VK0eLD9lGRA%22%2C%22cuid%22%3A-239054401%7D%2C%22pathPrefix%22%3A%22%22%7D/app.css?2=&aura.attributes=%7B%22invitationId%22%3A%220Ki5Y000000mgAE%22%2C%22surveyName%22%3A%22supplier_activity_log%22%7D>;rel=preload;as=style;nopush,</auraFW/javascript/2kszAdlijI-L2tQGa5JU9w/aura_prod.js>;rel=preload;as=script;nopush,</l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22serializationVersion%22%3A%221-242.20.4-2.31.8-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22348087373%22%7D/appcore.js?2=>;rel=preload;as=script;nopush,</l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22serializationVersion%22%3A%221-242.20.4-2.31.8-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22348087373%22%7D/app.js?2=>;rel=preload;as=script;nopush
referrer-policy
origin-when-cross-origin
server
sfdcedge
server-timing
Total;dur=120
strict-transport-security
max-age=63072000; includeSubDomains
timing-allow-origin
*
vary
Origin, Accept-Encoding
x-content-type-options
nosniff
x-sfdc-request-id
9368f2b4bd66c5b3381dfd510e7ff377
x-xss-protection
1; mode=block
app.css
metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22... 		1 MB
135 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fforce%3Abase%22%2C%22markup%3A%2F%2Fforce%3AformFactorLarge%22%2C%22markup%3A%2F%2Fsurvey%3AsurveyNamespace%22%5D%2C%22tuid%22%3A%22v1_LlYTNpg5VK0eLD9lGRA%22%2C%22cuid%22%3A-239054401%7D%2C%22pathPrefix%22%3A%22%22%7D/app.css?2=&aura.attributes=%7B%22invitationId%22%3A%220Ki5Y000000mgAE%22%2C%22surveyName%22%3A%22supplier_activity_log%22%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
8e37df894b9ebe0bf48f82893dd92ff62ac12935eeb93cf6b1d59d70c69b9c49
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 03:08:35 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 11 Apr 2023 03:08:35 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
f17258126771d881810d36fe8b12df9e
vary
Origin, Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
max-age=31536000,public,immutable
x-xss-protection
1; mode=block
expires
Thu, 10 Aug 2023 03:08:35 GMT
aura_prod.js
metconnect.metcash.com/auraFW/javascript/2kszAdlijI-L2tQGa5JU9w/ 		819 KB
257 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/auraFW/javascript/2kszAdlijI-L2tQGa5JU9w/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
c9085af3674404dd3ef6c9ec99c83f5d1d9d2e5eeb36bb0b575ca6d49fb66537
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 03:08:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server-timing
Total;dur=37
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 11 Apr 2023 03:08:35 GMT
server
sfdcedge
x-sfdc-request-id
8f397bbd25c794b251ff686ad36089cf
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
max-age=31536000,public,immutable
timing-allow-origin
*
expires
Thu, 10 Aug 2023 03:08:35 GMT
appcore.js
metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22serializationVersion%22%3A%221-242.20.4-2.31.8-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22A... 		939 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22serializationVersion%22%3A%221-242.20.4-2.31.8-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22348087373%22%7D/appcore.js?2=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
701a2e7b828e181e9722b6cc804889e4d89c5e8f2661eb4a6ac8481c6b6be664
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 03:08:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 11 Apr 2023 03:08:36 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
4863ff05d1a8154725ac0feb18e9e356
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000,public,immutable
x-xss-protection
1; mode=block
expires
Thu, 10 Aug 2023 03:08:36 GMT
app.js
metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22serializationVersion%22%3A%221-242.20.4-2.31.8-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22A... 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22serializationVersion%22%3A%221-242.20.4-2.31.8-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22348087373%22%7D/app.js?2=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
7bdfba2ca73e1b47c8f2b9e020a11b4621bb82cef9e595924a5266349cb2519d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 03:08:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 11 Apr 2023 03:08:36 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
ad2e652a080c8dd145ac9027ec478478
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000,public,immutable
x-xss-protection
1; mode=block
expires
Thu, 10 Aug 2023 03:08:36 GMT
resources.js
metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22fwuid%22%3A%222kszAdlijI-L2tQGa5JU9w%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3... 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22fwuid%22%3A%222kszAdlijI-L2tQGa5JU9w%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22%7D%2C%22apce%22%3A1%2C%22apck%22%3A%22JPdK8xyTY6x_LHTKyQH9og%22%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22348087373%22%7D/resources.js?pv=16811037200001429636961&rv=1681194368000
Requested by
Host: metconnect.metcash.com
URL: https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
08f4ae9359c03f9a484ee22b74cb031fab5c09b0acbd2dc392c132e6a4fa42b5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 03:08:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 11 Apr 2023 03:08:36 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
f694a6df3e575eb0a1f6d60d0eb803fd
vary
Origin, Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
max-age=31536000,private,immutable
x-xss-protection
1; mode=block
expires
Thu, 10 Aug 2023 03:08:36 GMT
aura
metconnect.metcash.com/ 		83 KB
25 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/aura?r=0&aura.Component.getComponent=1&ui-survey-components-controller.SurveyRuntime.getFlowParameters=1
Requested by
Host: metconnect.metcash.com
URL: https://metconnect.metcash.com/auraFW/javascript/2kszAdlijI-L2tQGa5JU9w/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
4d13faebf1b4113e24e2292e68424119a0c9027185f118fdcb929900069e6686
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
X-SFDC-Page-Cache
2a23e5b501c9d187
accept-language
en-AU,en;q=0.9
X-SFDC-Request-Id
672870000005b484a8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 12 Apr 2023 03:08:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 03:08:39 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
672870000005b484a8
vary
Origin, Accept-Encoding
content-type
application/json;charset=UTF-8
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
server-timing
Total;dur=362
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Tue, 12 Apr 2022 03:08:39 GMT
aura
metconnect.metcash.com/ 		9 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/aura?r=1&ui-interaction-runtime-components-controllers.FlowRuntime.runInterview=1
Requested by
Host: metconnect.metcash.com
URL: https://metconnect.metcash.com/auraFW/javascript/2kszAdlijI-L2tQGa5JU9w/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
61360962b1ff7628ed6cc2977db4e5295c1e8eb6320bab9ed53c9a80d07040e3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
X-SFDC-Page-Cache
2a23e5b501c9d187
accept-language
en-AU,en;q=0.9
X-SFDC-Request-Id
8137500000ebf242ad
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 12 Apr 2023 03:08:41 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 03:08:41 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
8137500000ebf242ad
vary
Origin, Accept-Encoding
content-type
application/json;charset=UTF-8
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
server-timing
Total;dur=253
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Tue, 12 Apr 2022 03:08:41 GMT
aura
metconnect.metcash.com/ 		15 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/aura?r=2&aura.Component.getComponent=1&aura.Component.getComponentDef=1
Requested by
Host: metconnect.metcash.com
URL: https://metconnect.metcash.com/auraFW/javascript/2kszAdlijI-L2tQGa5JU9w/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
0d6ed404e5d24e899e9f863d64267661360881f89870121892ffb6b61381fc19
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
X-SFDC-Page-Cache
2a23e5b501c9d187
accept-language
en-AU,en;q=0.9
X-SFDC-Request-Id
9315700000317c3218
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 12 Apr 2023 03:08:42 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 03:08:41 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
9315700000317c3218
vary
Origin, Accept-Encoding
content-type
application/json;charset=UTF-8
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
server-timing
Total;dur=30
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Tue, 12 Apr 2022 03:08:41 GMT
aura
metconnect.metcash.com/ 		1 MB
277 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://metconnect.metcash.com/aura?r=3&aura.Component.getComponentDef=1
Requested by
Host: metconnect.metcash.com
URL: https://metconnect.metcash.com/auraFW/javascript/2kszAdlijI-L2tQGa5JU9w/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
78cc8b3e09dcf88be76e5d2e61de1fe83ac31b1ea4af0b25e7f5bb5a30466bd2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://metconnect.metcash.com/survey/runtimeApp.app?invitationId=0Ki5Y000000mgAE&surveyName=supplier_activity_log&UUID=586b411e-e127-4322-9ebb-b35038d706b8
X-SFDC-Page-Cache
2a23e5b501c9d187
accept-language
en-AU,en;q=0.9
X-SFDC-Request-Id
93300000002838daad
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 12 Apr 2023 03:08:42 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 12 Apr 2022 03:08:42 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
93300000002838daad
vary
Origin, Accept-Encoding
content-type
application/json;charset=UTF-8
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
x-xss-protection
1; mode=block
expires
Tue, 12 Apr 2022 03:08:42 GMT
asterisk.svg
metconnect.metcash.com/_sfdc/surveyAssets/icons/surveySvgs/ 		453 B
689 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://metconnect.metcash.com/_sfdc/surveyAssets/icons/surveySvgs/asterisk.svg
Requested by
Host: metconnect.metcash.com
URL: https://metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fforce%3Abase%22%2C%22markup%3A%2F%2Fforce%3AformFactorLarge%22%2C%22markup%3A%2F%2Fsurvey%3AsurveyNamespace%22%5D%2C%22tuid%22%3A%22v1_LlYTNpg5VK0eLD9lGRA%22%2C%22cuid%22%3A-239054401%7D%2C%22pathPrefix%22%3A%22%22%7D/app.css?2=&aura.attributes=%7B%22invitationId%22%3A%220Ki5Y000000mgAE%22%2C%22surveyName%22%3A%22supplier_activity_log%22%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.71.144.11 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge3-hnd.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
43c3796696528c01ce914001d8362c5081ca726af9226ac3f177c62203915381
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://metconnect.metcash.com/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22survey%3AruntimeApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsurvey%3AruntimeApp%22%3A%22kMx97zp9v4Gw3PCDHQxw6w%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fforce%3Abase%22%2C%22markup%3A%2F%2Fforce%3AformFactorLarge%22%2C%22markup%3A%2F%2Fsurvey%3AsurveyNamespace%22%5D%2C%22tuid%22%3A%22v1_LlYTNpg5VK0eLD9lGRA%22%2C%22cuid%22%3A-239054401%7D%2C%22pathPrefix%22%3A%22%22%7D/app.css?2=&aura.attributes=%7B%22invitationId%22%3A%220Ki5Y000000mgAE%22%2C%22surveyName%22%3A%22supplier_activity_log%22%7D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 03:08:42 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Fri, 07 Jul 2017 21:48:38 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
b6e289066c773a31ae02bec265240944
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public,max-age=10368000
x-xss-protection
1; mode=block
expires
Thu, 10 Aug 2023 03:08:42 GMT
Email_Metcash_Letterhead_21
metcash--dev2--c.documentforce.com/file-asset-public/ 		0
0
aura
metconnect.metcash.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
metcash--dev2--c.documentforce.com
URL
https://metcash--dev2--c.documentforce.com/file-asset-public/Email_Metcash_Letterhead_21?oid=00D010000008ayS&v=1
Domain
metconnect.metcash.com
URL
https://metconnect.metcash.com/aura?r=4&ui-instrumentation-components-beacon.InstrumentationBeacon.sendData=1

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless number| pageStartTime object| Aura object| AuraLocker object| AuraLockerDisabled object| $A object| aura function| DOMPurify function| Router object| picassoSPA

3 Cookies

Domain/Path Name / Value
metconnect.metcash.com/ Name: CookieConsentPolicy
Value: 0:1
metconnect.metcash.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
metconnect.metcash.com/ Name: sfdc-stream
Value: !wMtLdfILU9AoOmiVcU/3jnGF/R97Yz+3/WohGug+2RlnnDrKGG4gzXBTxGhqezyiItEr1QPxwGCHPyM=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests default-src 'self'; script-src 'self' 'nonce-ctxnGHBtaZl8pGzlKHFv2QsOnkm0iR8D' chrome-extension: 'unsafe-inline' 'unsafe-eval' *.canary.lwc.dev *.visualforce.com blob: https://ssl.gstatic.com/accessibility/; object-src 'self'; style-src 'self' blob: chrome-extension: 'unsafe-inline' https://api.mixpanel.com https://*.springcm.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; img-src 'self' http: https: data: blob: https://api.mixpanel.com https://*.springcm.com https://app.powerbi.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; media-src 'self' https://api.mixpanel.com https://*.springcm.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; frame-ancestors 'self'; frame-src blob: https: mailto: https://api.mixpanel.com https://*.springcm.com https://app.powerbi.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; font-src 'self' https: data: https://api.mixpanel.com https://*.springcm.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com *.visualforce.com; connect-src 'self' https://api.bluetail.salesforce.com https://staging.bluetail.salesforce.com https://preprod.bluetail.salesforce.com https://api.mixpanel.com https://*.springcm.com https://app.powerbi.com https://*.clmfed.docusign.com https://*.clm.docusign.mil https://online.flippingbook.com blob: *.visualforce.com; base-uri 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block