EN ES PT
Back to Stats

Visual Capture

Screenshot of qa.orderexpress.net.au

Detection Info

https://qa.orderexpress.net.au/hemnetqa/login
Detected Brand
Order Express
Country
Australia
Confidence
100%
HTTP Status
200
Report ID
b71c4304-d1a…
Analyzed
2025-12-30 19:10

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1EBB18472D0516C13916395E9B6B0571AFB96C289C7871B8157F0837EAECFE90ED330A8
CONTENT ssdeep
96:V8+PkA2ytW3Wx3UXbjFA6nIjTmGABOPuvEXgLdcSW:TPkA2GpA01AlepSW

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
d9544476732cacab
VISUAL aHash
00f8ffefefffffff
VISUAL dHash
0020335a5a240832
VISUAL wHash
00181b1be8f039ff
VISUAL colorHash
07007000080
VISUAL cropResistant
0020335a5a240832

Code Analysis

Risk Score 94/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing targeting Order Express/Telstra users.
• Target: Order Express/Telstra customers in Australia.
• Method: Fake login form to steal usernames and passwords.
• Exfil: Unknown data exfiltration point - likely custom API.
• Indicators: Domain mismatch between URL (qa.orderexpress.net.au) and official Telstra domain.
• Risk: HIGH - Potential credential theft.

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • base64_strings

🎯 Kit Endpoints

  • /hemnetqa/paaslogin

📡 API Calls Detected

  • GET
  • https://www.google.com/ccm/geo
  • POST

📤 Form Action Targets

  • j_spring_security_check
  • /hemnetqa/logout

Scan History for qa.orderexpress.net.au

Found 1 other scan for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.