urlscan.io logo urlscan.io
SecurityTrails logo

homelogin.woolworths.com.au Open in urlscan Pro
2.18.234.155  Public Scan

Go To Rescan Add Verdict Report
URL: https://homelogin.woolworths.com.au/
Submission: On April 27 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2.18.234.155, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is homelogin.woolworths.com.au.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on April 12th 2022. Valid for: a year.
This is the only time homelogin.woolworths.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 2.18.234.155 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
7 2
Apex Domain
Subdomains		 Transfer
6 woolworths.com.au
homelogin.woolworths.com.au
125 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 271
30 KB
7 2
Domain Requested by
6 homelogin.woolworths.com.au homelogin.woolworths.com.au
1 ajax.googleapis.com homelogin.woolworths.com.au
7 2

This site contains links to these domains. Also see Links.

Domain
www.woolworths.com.au
Subject Issuer Validity Valid
woolworths.com.au
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-12 -
2023-04-15		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://homelogin.woolworths.com.au/
Frame ID: 2773EAFAABF2EBDDDD7CE64BDC2DBD92
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Woolworths Secure Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

155 kB
Transfer

680 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
homelogin.woolworths.com.au/ 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://homelogin.woolworths.com.au/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.234.155 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-155.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6e86d1f8398e69b18495e4685e54c5a970c99f757a5b2e8e9d5199f7d9aef9c4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0
content-encoding
gzip
content-length
2373
content-security-policy
default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 05:40:54 GMT
etag
W/"5c4-15ee61e2990"
last-modified
Wed, 04 Oct 2017 06:41:30 GMT
server-timing
cdn-cache; desc=MISS edge; dur=36 origin; dur=411
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-akamai-transformed
9 637 0 pmb=mRUM,2
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
wooliesApp.css
homelogin.woolworths.com.au/css/ 		312 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://homelogin.woolworths.com.au/css/wooliesApp.css
Requested by
Host: homelogin.woolworths.com.au
URL: https://homelogin.woolworths.com.au/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.234.155 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-155.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
5eb837de8e84eaf67e7f25da3393c0c3ee1ef18feeb0f41af42d1f47a73e5a14
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Security-Policy default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://homelogin.woolworths.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
content-encoding
br
x-content-type-options
nosniff
x-content-security-policy
default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
x-dns-prefetch-control
off
server-timing
cdn-cache; desc=HIT, edge; dur=159
content-length
40828
x-xss-protection
1; mode=block
last-modified
Sat, 16 Apr 2022 08:59:16 GMT
server
Akamai Resource Optimizer
date
Wed, 27 Apr 2022 05:40:54 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000 ; includeSubDomains
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
etag
W/"4e1eb-15ee61e5c58"
accept-ranges
bytes
x-webkit-csp
default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
expires
Thu, 27 Apr 2023 05:40:54 GMT
style.css
homelogin.woolworths.com.au/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://homelogin.woolworths.com.au/css/style.css
Requested by
Host: homelogin.woolworths.com.au
URL: https://homelogin.woolworths.com.au/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.234.155 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-155.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
fcfd7910468b020c91e065356c1949cb756ea2381f2d605d1a6498b7b5d109af
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://homelogin.woolworths.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
content-encoding
br
x-content-type-options
nosniff
x-dns-prefetch-control
off
server-timing
cdn-cache; desc=HIT, edge; dur=398
content-length
540
x-xss-protection
1; mode=block
last-modified
Wed, 23 Mar 2022 03:39:15 GMT
server
Akamai Resource Optimizer
date
Wed, 27 Apr 2022 05:40:55 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000 ; includeSubDomains
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
etag
W/"719-15ee61e5c58"
expires
Thu, 27 Apr 2023 05:40:55 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: homelogin.woolworths.com.au
URL: https://homelogin.woolworths.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://homelogin.woolworths.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 08:53:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
593234
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Apr 2023 08:53:40 GMT
index.js
homelogin.woolworths.com.au/ 		234 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://homelogin.woolworths.com.au/index.js
Requested by
Host: homelogin.woolworths.com.au
URL: https://homelogin.woolworths.com.au/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.234.155 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-155.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
db094912f45df799cb196552d4cd3e68c1b90172d6cada9d1ccdee7e88585f57
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://homelogin.woolworths.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
content-encoding
br
x-content-type-options
nosniff
x-dns-prefetch-control
off
server-timing
cdn-cache; desc=HIT, edge; dur=135
content-length
57079
x-xss-protection
1; mode=block
last-modified
Wed, 13 Apr 2022 09:05:17 GMT
server
Akamai Resource Optimizer
date
Wed, 27 Apr 2022 05:40:54 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000 ; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=31536000
etag
W/"3a7bb-15ee61e3d18"
expires
Thu, 27 Apr 2023 05:40:54 GMT
icon-small.png
homelogin.woolworths.com.au/img/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://homelogin.woolworths.com.au/img/icon-small.png
Requested by
Host: homelogin.woolworths.com.au
URL: https://homelogin.woolworths.com.au/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.234.155 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-155.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0cbf4f83a27360a0bfc5ee9ae8d4e17f5e37402ba352e8e0f034a5169fe70d29
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://homelogin.woolworths.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
x-dns-prefetch-control
off
server-timing
edge; dur=8, origin; dur=409, cdn-cache; desc=MISS
content-length
4431
x-xss-protection
1; mode=block
last-modified
Wed, 04 Oct 2017 06:41:31 GMT
date
Wed, 27 Apr 2022 05:40:55 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=31536000
etag
W/"114f-15ee61e2d78"
accept-ranges
bytes
expires
Thu, 27 Apr 2023 05:40:55 GMT
wwfoodicons.ttf
homelogin.woolworths.com.au/fonts/ 		38 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://homelogin.woolworths.com.au/fonts/wwfoodicons.ttf
Requested by
Host: homelogin.woolworths.com.au
URL: https://homelogin.woolworths.com.au/css/wooliesApp.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.234.155 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-155.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b3b76bee5a967b78f93031d145a69530409bd7b3c9148a0b00219d0ed8aeb67e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://homelogin.woolworths.com.au/css/wooliesApp.css
Origin
https://homelogin.woolworths.com.au
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
content-encoding
gzip
x-content-type-options
nosniff
x-dns-prefetch-control
off
server-timing
edge; dur=5, origin; dur=506, cdn-cache; desc=MISS
content-length
18276
x-xss-protection
1; mode=block
last-modified
Wed, 04 Oct 2017 06:41:31 GMT
x-frame-options
SAMEORIGIN
date
Wed, 27 Apr 2022 05:40:55 GMT
x-download-options
noopen
vary
Accept-Encoding
strict-transport-security
max-age=31536000 ; includeSubDomains
content-type
application/x-font-ttf
cache-control
public, max-age=31536000
etag
W/"99ec-15ee61e2d78"
accept-ranges
bytes
expires
Thu, 27 Apr 2023 05:40:55 GMT

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| $ function| jQuery object| __core-js_shared__

0 Cookies

2 Console Messages

Source Level URL
Text
security error URL: https://homelogin.woolworths.com.au/(Line 34)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app". Either the 'unsafe-inline' keyword, a hash ('sha256-9L80nW6/wnsNaC/TWNo4gryOH3bGptV9J841/BKwAno='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://homelogin.woolworths.com.au/(Line 35)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app". Either the 'unsafe-inline' keyword, a hash ('sha256-DM4Ke827vLz32Lpca9A+wjccYGhA/MGcJqz3w5x9a1E='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' ajax.googleapis.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app; connect-src prod.mobile-api.woolworths.com.au oauth-redirect.googleusercontent.com app://com.google.android.apps.chromecast.app com.google.android.apps.chromecast.app
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block