urlscan.io logo urlscan.io
SecurityTrails logo

ciamsso.ciam.vodafone.com Open in urlscan Pro
139.47.167.228  Public Scan

Go To Rescan Add Verdict Report
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&use...
Submission: On January 19 via manual from DE — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 139.47.167.228, located in Italy and belongs to VODAFONE-GROUP, IT. The main domain is ciamsso.ciam.vodafone.com.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on February 9th 2021. Valid for: a year.
This is the only time ciamsso.ciam.vodafone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
18 139.47.167.228 12663 (VODAFONE-...)
18 1
Apex Domain
Subdomains		 Transfer
18 vodafone.com
ciamsso.ciam.vodafone.com
419 KB
18 1
Domain Requested by
18 ciamsso.ciam.vodafone.com ciamsso.ciam.vodafone.com
18 1

This site contains links to these domains. Also see Links.

Domain
www.allaboutcookies.org
portal.vodafone.com
www.vodafone.com
Subject Issuer Validity Valid
ciamsso.prd1.ciam.vodafone.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-02-09 -
2022-02-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Frame ID: D08622E40CA1F34D50FC8059BF9A29A8
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Change Password

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

419 kB
Transfer

811 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request confirmrecovery.do
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/ 		19 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
9d713436745de18631e78edc333f2a580062e05b2f515fbb755a767dab2ca1c8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
it-IT,it;q=0.9

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
Server
WSO2 Carbon Server
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
X-Frame-Options
SAMEORIGIN DENY
Referrer-Policy
strict-origin-when-cross-origin
Access-Control-Allow-Headers
Cache-Control
X-XSS-Protection
1; mode=block
vary
accept-encoding
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
X-OneAgent-JS-Injection
true
X-ruxit-JS-Agent
true
Server-Timing
dtRpid;desc="-256925931"
Keep-Alive
timeout=60, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
ruxitagentjs_ICA27Vfghijqrux_10229211201102017.js
ciamsso.ciam.vodafone.com/ 		246 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/ruxitagentjs_ICA27Vfghijqrux_10229211201102017.js
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
Apache /
Resource Hash
4233eae69c71d84b728b9a69601a0f494a2d68297b3b8baea792d4a861782134
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
94502
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 03 Mar 2010 07:01:40 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, immutable
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Keep-Alive
timeout=60, max=99
Expires
Thu, 19 Jan 2023 11:50:47 GMT
bootstrap.min.css
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/libs/bootstrap_3.4.1/css/ 		119 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/libs/bootstrap_3.4.1/css/bootstrap.min.css
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff, nosniff
Transfer-Encoding
chunked
Server-Timing
dtRpid;desc="1825419872"
vary
accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
ETag
W/"121457-1639572411000"
X-Frame-Options
SAMEORIGIN, DENY
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
style.css
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/ 		12 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
b7998114c90d13c93e42fb1e0045233aa8f3a45408910b68311bc178cb31c097
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff, nosniff
Transfer-Encoding
chunked
Server-Timing
dtRpid;desc="1579396794"
vary
accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
ETag
W/"12015-1639572411000"
X-Frame-Options
SAMEORIGIN, DENY
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
main.js
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/js/ 		316 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/js/main.js
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
0bbf04824e72b0b741b3ea8f27e60063cb4308fdb1a70c8923c4a3390b4d0427
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
X-Content-Type-Options
nosniff, nosniff
Server-Timing
dtRpid;desc="162613510"
Content-Length
316
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
X-Frame-Options
SAMEORIGIN, DENY
ETag
W/"316-1639572411000"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
jquery-3.4.1.js
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/libs/jquery_3.4.1/ 		132 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/libs/jquery_3.4.1/jquery-3.4.1.js
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
5bf3acc72c497acf34d96bf4a9fdcc3b08552659e2e8aed6d5f713bfae99bb0e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff, nosniff
Transfer-Encoding
chunked
Server-Timing
dtRpid;desc="62289834"
vary
accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
ETag
W/"135185-1639572411000"
X-Frame-Options
SAMEORIGIN, DENY
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
bootstrap.min.js
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/libs/bootstrap_3.4.1/js/ 		39 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/libs/bootstrap_3.4.1/js/bootstrap.min.js
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff, nosniff
Transfer-Encoding
chunked
Server-Timing
dtRpid;desc="655052566"
vary
accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
ETag
W/"39680-1639572411000"
X-Frame-Options
SAMEORIGIN, DENY
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
info.png
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/ 		864 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/info.png
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
ca4b8f0aead58c962c198b3e81b4234ae777edd9c924ec75075c114799a883a3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
X-Content-Type-Options
nosniff, nosniff
Server-Timing
dtRpid;desc="-1598454532"
Content-Length
864
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
X-Frame-Options
SAMEORIGIN, DENY
ETag
W/"864-1639572411000"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
forbidden-dark.png
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/ 		946 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/forbidden-dark.png
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
e4a8f27253930e689044ab844e95c4c660f611b7cf49c6c83bed80edcdcc2a79
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
X-Content-Type-Options
nosniff, nosniff
Server-Timing
dtRpid;desc="1010160181"
Content-Length
946
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
X-Frame-Options
SAMEORIGIN, DENY
ETag
W/"946-1639572411000"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=98
login-sprite.png
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/login-sprite.png
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
f47307ec823b5f1c81a9ee50bb95e84a8cfcc58de94f03bc94de7498da3411f7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
X-Content-Type-Options
nosniff, nosniff
Server-Timing
dtRpid;desc="-541904368"
Content-Length
5992
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
X-Frame-Options
SAMEORIGIN, DENY
ETag
W/"5992-1639572411000"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
login.jpg
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/ 		49 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/login.jpg
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
44cead5be53a49382f2ce2098f487793f3df2a24b50e4f4929783c87b99a1acd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff, nosniff
Transfer-Encoding
chunked
Server-Timing
dtRpid;desc="-69414913"
vary
accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
ETag
W/"50244-1639572411000"
X-Frame-Options
SAMEORIGIN, DENY
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/jpeg
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
VodafoneRg-Regular.woff
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/fonts/vodafone/ 		51 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/fonts/vodafone/VodafoneRg-Regular.woff
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
5d96e8713fa2bb0634c0218396a94a685d1d423b8f2e8a6d386e17181805ba19
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
Origin
https://ciamsso.ciam.vodafone.com
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
X-Content-Type-Options
nosniff, nosniff
Server-Timing
dtRpid;desc="127046439"
Content-Length
52620
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
X-Frame-Options
SAMEORIGIN, DENY
ETag
W/"52620-1639572411000"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
font/woff
Access-Control-Allow-Origin
https://ciamsso.ciam.vodafone.com
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Timing-Allow-Origin
*
Keep-Alive
timeout=60, max=99
VodafoneLt-Regular.woff
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/fonts/vodafone/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/fonts/vodafone/VodafoneLt-Regular.woff
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
482a6838347b4a02298cb79d51d83cec50e52b0d8df7428ae17088df94b206e8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
Origin
https://ciamsso.ciam.vodafone.com
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
X-Content-Type-Options
nosniff, nosniff
Server-Timing
dtRpid;desc="13475281"
Content-Length
42068
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
X-Frame-Options
SAMEORIGIN, DENY
ETag
W/"42068-1639572411000"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
font/woff
Access-Control-Allow-Origin
https://ciamsso.ciam.vodafone.com
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Timing-Allow-Origin
*
Keep-Alive
timeout=60, max=99
VodafoneRg-Bold.woff
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/fonts/vodafone/ 		40 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/fonts/vodafone/VodafoneRg-Bold.woff
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
fd244d007d87d199a3d2e368878d38d0d7b0fea0c09bf35d067b3ba8ab17b0a0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/css/style.css
Origin
https://ciamsso.ciam.vodafone.com
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:47 GMT
X-Content-Type-Options
nosniff, nosniff
Server-Timing
dtRpid;desc="362128585"
Content-Length
41260
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
X-Frame-Options
SAMEORIGIN, DENY
ETag
W/"41260-1639572411000"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
font/woff
Access-Control-Allow-Origin
https://ciamsso.ciam.vodafone.com
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Timing-Allow-Origin
*
Keep-Alive
timeout=60, max=98
login-sprite.png
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/login-sprite.png
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/ruxitagentjs_ICA27Vfghijqrux_10229211201102017.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
f47307ec823b5f1c81a9ee50bb95e84a8cfcc58de94f03bc94de7498da3411f7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:49 GMT
X-Content-Type-Options
nosniff, nosniff
Server-Timing
dtRpid;desc="-1140386612"
Content-Length
5992
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
X-Frame-Options
SAMEORIGIN, DENY
ETag
W/"5992-1639572411000"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=98
login.jpg
ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/ 		49 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/custom_libs/images/login.jpg
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/ruxitagentjs_ICA27Vfghijqrux_10229211201102017.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
WSO2 Carbon Server /
Resource Hash
44cead5be53a49382f2ce2098f487793f3df2a24b50e4f4929783c87b99a1acd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 11:50:49 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff, nosniff
Transfer-Encoding
chunked
Server-Timing
dtRpid;desc="-14160407"
vary
accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Cache-Control
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 15 Dec 2021 12:46:51 GMT
Server
WSO2 Carbon Server
ETag
W/"50244-1639572411000"
X-Frame-Options
SAMEORIGIN, DENY
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/jpeg
Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=98
rb_d0bd3e11-db47-4ac1-a352-3cac3d7d53d2
ciamsso.ciam.vodafone.com/ 		126 B
1015 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/rb_d0bd3e11-db47-4ac1-a352-3cac3d7d53d2?type=js&session=3%243F3DCF710109576E608287E14CDEAF86&svrid=3&flavor=post&visitID=DIRRQFRUBPGCHPCJRUKBTLINSMSORFWT-0&modifiedSince=1642298704166&referer=https%3A%2F%2Fciamsso.ciam.vodafone.com%2Faccountrecoveryendpoint%2Fconfirmrecovery.do%3Fconfirmation%3D1523821a-5cff-423b-b349-0f02ae9ecb1d%26userstoredomain%3DPRIMARY%26username%3D7ba8e05d-d275-4bb6-a256-be22f76972be%26tenantdomain%3Dcarbon.super%26sp%3DCOVE%26callback%3Dhttps%3A%2F%2Fportal.vodafone.com%2F&app=bec010ee6d37c184&crc=2390591189&end=1
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/ruxitagentjs_ICA27Vfghijqrux_10229211201102017.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
Apache /
Resource Hash
872c6427d9b348bdf814158fa542080d9038274528172fa2b1f07df62a99f1a5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 19 Jan 2022 11:50:49 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://ciamsso.ciam.vodafone.com
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Connection
Keep-Alive
Access-Control-Allow-Headers
Cache-Control
Content-Length
126
X-Content-Type-Options
nosniff
Keep-Alive
timeout=60, max=97
rb_d0bd3e11-db47-4ac1-a352-3cac3d7d53d2
ciamsso.ciam.vodafone.com/ 		126 B
909 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ciamsso.ciam.vodafone.com/rb_d0bd3e11-db47-4ac1-a352-3cac3d7d53d2?type=js&session=3%243F3DCF710109576E608287E14CDEAF86%7Cbec010ee6d37c184%7C1&svrid=3&flavor=post&visitID=DIRRQFRUBPGCHPCJRUKBTLINSMSORFWT-0&modifiedSince=1642298704166&referer=https%3A%2F%2Fciamsso.ciam.vodafone.com%2Faccountrecoveryendpoint%2Fconfirmrecovery.do%3Fconfirmation%3D1523821a-5cff-423b-b349-0f02ae9ecb1d%26userstoredomain%3DPRIMARY%26username%3D7ba8e05d-d275-4bb6-a256-be22f76972be%26tenantdomain%3Dcarbon.super%26sp%3DCOVE%26callback%3Dhttps%3A%2F%2Fportal.vodafone.com%2F&app=bec010ee6d37c184&crc=4284668343&end=1
Requested by
Host: ciamsso.ciam.vodafone.com
URL: https://ciamsso.ciam.vodafone.com/ruxitagentjs_ICA27Vfghijqrux_10229211201102017.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
139.47.167.228 , Italy, ASN12663 (VODAFONE-GROUP, IT),
Reverse DNS
Software
Apache /
Resource Hash
872c6427d9b348bdf814158fa542080d9038274528172fa2b1f07df62a99f1a5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://ciamsso.ciam.vodafone.com/accountrecoveryendpoint/confirmrecovery.do?confirmation=1523821a-5cff-423b-b349-0f02ae9ecb1d&userstoredomain=PRIMARY&username=7ba8e05d-d275-4bb6-a256-be22f76972be&tenantdomain=carbon.super&sp=COVE&callback=https://portal.vodafone.com/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 19 Jan 2022 11:50:51 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://ciamsso.ciam.vodafone.com
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Connection
Keep-Alive
Access-Control-Allow-Headers
Cache-Control
Content-Length
126
X-Content-Type-Options
nosniff
Keep-Alive
timeout=60, max=96

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dT_ object| dtrum function| toggleArrow function| closeCookies function| $ function| evaluatePassword function| evaluateAjaxResponse function| onPasswordTyped

8 Cookies

Domain/Path Name / Value
ciamsso.ciam.vodafone.com/accountrecoveryendpoint Name: JSESSIONID
Value: D88C1DDF20AD0B0D10FF0F7BE811C9EB0D426CE86DCF0CEE6FA5690F83F81CEE0CA2FB855F3CDDC443A821F12AA86B2FE67D6BDC93E6BC2501B85B72014CDD1509485D840123B49E43C8CC83676CBFAEAC15CCE71DB92E7A89EE6E2AAE95DEDEA0C6D7843836CE92C0558E9F472D75DD1F29411F99B07672A645132CDF53394C
ciamsso.ciam.vodafone.com/ Name: ROUTEID
Value: .1
.vodafone.com/ Name: rxVisitor
Value: 1642593048098J7L0D6541OK3OUU2NRS4G07CDLR5L9NM
.vodafone.com/ Name: dtLatC
Value: 39
.vodafone.com/ Name: dtSa
Value: -
.vodafone.com/ Name: rxvt
Value: 1642594848325|1642593048100
.vodafone.com/ Name: dtPC
Value: 3$393048095_460h-vDIRRQFRUBPGCHPCJRUKBTLINSMSORFWT-0e0
.vodafone.com/ Name: dtCookie
Value: 3$3F3DCF710109576E608287E14CDEAF86|bec010ee6d37c184|1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; connect-src 'self' *.vodafone.com *.gravatar.com; worker-src blob:; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block