EN ES PT
Back to Stats

Visual Capture

Screenshot of qa.orderexpress.net.au

Detection Info

https://qa.orderexpress.net.au
Detected Brand
Order Express
Country
Australia
Confidence
100%
HTTP Status
200
Report ID
a3acdbfe-4e7…
Analyzed
2025-12-30 19:10
Final URL (after redirects)
https://qa.orderexpress.net.au/hemnetqa/login

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1EBB18472D0516C13916395E9B6B0571AFB96C289C7871B8157F0837EAECFE90ED330A8
CONTENT ssdeep
96:V8+PkA2ytW3Wx3UXbjFA6nIjTmGABOPuvEXgLdcSW:TPkA2GpA01AlepSW

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
d9544476732cacab
VISUAL aHash
00f8ffefefffffff
VISUAL dHash
0020335a5a240832
VISUAL wHash
00181b1be8f039ff
VISUAL colorHash
07007000080
VISUAL cropResistant
0020335a5a240832

Code Analysis

Risk Score 94/100
Threat Level MEDIO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing targeting Order Express users
• Target: Users of Order Express (likely Telstra customers in Australia)
• Method: Presents a fake login form to steal usernames and passwords
• Exfil: Unknown, likely a custom API or email
• Indicators: 'qa' subdomain indicating test environment, outdated copyright, mismatch with Telstra.com link
• Risk: MEDIUM - Potential for credential theft and account compromise

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • base64_strings

🎯 Kit Endpoints

  • /hemnetqa/paaslogin

📡 API Calls Detected

  • POST
  • GET
  • https://www.google.com/ccm/geo

📤 Form Action Targets

  • /hemnetqa/logout
  • j_spring_security_check

Scan History for qa.orderexpress.net.au

Found 1 other scan for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.