urlscan.io logo urlscan.io
SecurityTrails logo

vodafone.onimgzine.com Open in urlscan Pro
37.48.114.247  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mitarbeiterapp.vodafone.de/
Effective URL: https://vodafone.onimgzine.com/?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&redirectUrl=https%3A%2F...
Submission: On July 31 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 37.48.114.247, located in Amsterdam, Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is vodafone.onimgzine.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 21st 2023. Valid for: a year.
This is the only time vodafone.onimgzine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 7 45.60.74.63 19551 (INCAPSULA)
5 37.48.114.247 60781 (LEASEWEB-...)
10 2
Domain Requested by
7 mitarbeiterapp.vodafone.de 2 redirects mitarbeiterapp.vodafone.de
4 storage-vodafone.imgzine.com vodafone.onimgzine.com
storage-vodafone.imgzine.com
1 vodafone.onimgzine.com mitarbeiterapp.vodafone.de
10 3

This site contains no links.

Subject Issuer Validity Valid
mitarbeiterapp.vodafone.de
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-02-02 -
2025-02-04		 a year crt.sh
*.onimgzine.com
Sectigo RSA Domain Validation Secure Server CA		 2023-11-21 -
2024-12-20		 a year crt.sh
*.imgzine.com
Sectigo RSA Domain Validation Secure Server CA		 2023-10-04 -
2024-11-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://vodafone.onimgzine.com/?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&redirectUrl=https%3A%2F%2Fmitarbeiterapp.vodafone.de&webapp=true
Frame ID: FC757DFAD96659E3F0E23F2AC3BF3E48
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Vodafone Login

Page URL History Show full URLs

  1. https://mitarbeiterapp.vodafone.de/ Page URL
  2. https://mitarbeiterapp.vodafone.de/ HTTP 302
    https://mitarbeiterapp.vodafone.de/login/?path=%2F HTTP 302
    https://vodafone.onimgzine.com/?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&red... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

106 kB
Transfer

161 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mitarbeiterapp.vodafone.de/ Page URL
  2. https://mitarbeiterapp.vodafone.de/ HTTP 302
    https://mitarbeiterapp.vodafone.de/login/?path=%2F HTTP 302
    https://vodafone.onimgzine.com/?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&redirectUrl=https%3A%2F%2Fmitarbeiterapp.vodafone.de&webapp=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
mitarbeiterapp.vodafone.de/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mitarbeiterapp.vodafone.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.74.63 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
4e76707faf418a89e284f77df9be77abd7573c4729b6fc24e7c770ecf70ce8bf
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://www.instagram.com https://s0.assets-yammer.com https://platform.twitter.com https://connect.facebook.net https://platform-vodafone.imgzine.com 'nonce-N2Q2ODFhNmItYzVhYi00OTRmLTg3ZGEtMGRjNDk5YjliMjkx';style-src * 'self' 'nonce-N2Q2ODFhNmItYzVhYi00OTRmLTg3ZGEtMGRjNDk5YjliMjkx';connect-src 'self' https://platform-vodafone.imgzine.com https://notifications-vodafone.imgzine.com wss://notifications-vodafone.imgzine.com https://mitarbeiterapp.vodafone.de wss://mitarbeiterapp.vodafone.de https://*.vimeo.com https://*.vimeocdn.com;img-src 'self' https://*.vimeo.com https://*.vimeocdn.com data:;font-src 'self' data:;frame-src * blob:;child-src *;object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate, proxy-revalidate public
content-encoding
gzip
content-security-policy
default-src 'self';script-src 'self' https://www.instagram.com https://s0.assets-yammer.com https://platform.twitter.com https://connect.facebook.net https://platform-vodafone.imgzine.com 'nonce-N2Q2ODFhNmItYzVhYi00OTRmLTg3ZGEtMGRjNDk5YjliMjkx';style-src * 'self' 'nonce-N2Q2ODFhNmItYzVhYi00OTRmLTg3ZGEtMGRjNDk5YjliMjkx';connect-src 'self' https://platform-vodafone.imgzine.com https://notifications-vodafone.imgzine.com wss://notifications-vodafone.imgzine.com https://mitarbeiterapp.vodafone.de wss://mitarbeiterapp.vodafone.de https://*.vimeo.com https://*.vimeocdn.com;img-src 'self' https://*.vimeo.com https://*.vimeocdn.com data:;font-src 'self' data:;frame-src * blob:;child-src *;object-src 'none'
content-type
text/html; charset=utf-8
date
Wed, 31 Jul 2024 05:21:49 GMT
etag
W/"5ee-uOH/bvReqlGjlYXRD/wXdQUWu6Q"
expect-ct
max-age=0
expires
0
permissions-policy
accelerometer=(self)
pragma
no-cache public
referrer-policy
no-referrer strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=15552000; includeSubDomains
surrogate-control
no-store
x-cdn
Imperva
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-iinfo
12-4218916-4177311 pNYN RT(1722403309392 29) q(0 0 0 1) r(0 0) U12
x-permitted-cross-domain-policies
none
x-xss-protection
0 1; mode=block
_Incapsula_Resource
mitarbeiterapp.vodafone.de/ 		77 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mitarbeiterapp.vodafone.de/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1651337947
Requested by
Host: mitarbeiterapp.vodafone.de
URL: https://mitarbeiterapp.vodafone.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.74.63 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
89f8e1ef5008b90a4d66e201620fed5d09dc009fca7faf9c9ef71966580518f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://mitarbeiterapp.vodafone.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store
content-encoding
gzip
x-robots-tag
noindex
content-length
18864
content-type
application/javascript
create
mitarbeiterapp.vodafone.de/idi/ 		36 B
854 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mitarbeiterapp.vodafone.de/idi/create?
Requested by
Host: mitarbeiterapp.vodafone.de
URL: https://mitarbeiterapp.vodafone.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.74.63 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
6b3af54115ae236dd19afc55456c9526e0137bf8e136736805090baaba0a593b
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://www.instagram.com https://s0.assets-yammer.com https://platform.twitter.com https://connect.facebook.net https://platform-vodafone.imgzine.com 'nonce-NjhmMDk0ZmUtYTYwZS00MjMxLWFiMjItM2NiMjY0MWY2NjBi';style-src * 'self' 'nonce-NjhmMDk0ZmUtYTYwZS00MjMxLWFiMjItM2NiMjY0MWY2NjBi';connect-src 'self' https://platform-vodafone.imgzine.com https://notifications-vodafone.imgzine.com wss://notifications-vodafone.imgzine.com https://mitarbeiterapp.vodafone.de wss://mitarbeiterapp.vodafone.de https://*.vimeo.com https://*.vimeocdn.com;img-src 'self' https://*.vimeo.com https://*.vimeocdn.com data:;font-src 'self' data:;frame-src * blob:;child-src *;object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0, 1; mode=block

Request headers

Referer
https://mitarbeiterapp.vodafone.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 31 Jul 2024 05:21:49 GMT
content-security-policy
default-src 'self';script-src 'self' https://www.instagram.com https://s0.assets-yammer.com https://platform.twitter.com https://connect.facebook.net https://platform-vodafone.imgzine.com 'nonce-NjhmMDk0ZmUtYTYwZS00MjMxLWFiMjItM2NiMjY0MWY2NjBi';style-src * 'self' 'nonce-NjhmMDk0ZmUtYTYwZS00MjMxLWFiMjItM2NiMjY0MWY2NjBi';connect-src 'self' https://platform-vodafone.imgzine.com https://notifications-vodafone.imgzine.com wss://notifications-vodafone.imgzine.com https://mitarbeiterapp.vodafone.de wss://mitarbeiterapp.vodafone.de https://*.vimeo.com https://*.vimeocdn.com;img-src 'self' https://*.vimeo.com https://*.vimeocdn.com data:;font-src 'self' data:;frame-src * blob:;child-src *;object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
x-cdn
Imperva
surrogate-control
no-store
x-dns-prefetch-control
off
x-iinfo
12-4218916-4177311 pNYN RT(1722403309392 163) q(0 0 0 -1) r(0 0) U12
x-xss-protection
0, 1; mode=block
pragma
no-cache, public
referrer-policy
no-referrer, strict-origin-when-cross-origin
server
nginx
etag
W/"24-Jx3H4gWxVWzyVt9vW7V1VxJk2Nw"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
x-download-options
noopen
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, public
permissions-policy
accelerometer=(self)
expires
0
favicon.ico
mitarbeiterapp.vodafone.de/ 		682 B
362 B 		Other
General
Check archive.org
Download Go to
Full URL
https://mitarbeiterapp.vodafone.de/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.74.63 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
ce49667c76cc0e771177289871e6e4bb323807864adde5a6c6258148033e92a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://mitarbeiterapp.vodafone.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-iinfo
12-4218916-4177311 pNYN RT(1722403309392 166) q(0 0 0 -1) r(0 0) U11
date
Wed, 31 Jul 2024 05:21:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
nginx
x-cdn
Imperva
content-type
text/html
get
mitarbeiterapp.vodafone.de/idi/ 		36 B
714 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mitarbeiterapp.vodafone.de/idi/get
Requested by
Host: mitarbeiterapp.vodafone.de
URL: https://mitarbeiterapp.vodafone.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.74.63 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://www.instagram.com https://s0.assets-yammer.com https://platform.twitter.com https://connect.facebook.net https://platform-vodafone.imgzine.com 'nonce-Y2Q3MjY3YzQtZmFlOC00NjRhLThhMTMtNThiZmRjNTE5OTQz';style-src * 'self' 'nonce-Y2Q3MjY3YzQtZmFlOC00NjRhLThhMTMtNThiZmRjNTE5OTQz';connect-src 'self' https://platform-vodafone.imgzine.com https://notifications-vodafone.imgzine.com wss://notifications-vodafone.imgzine.com https://mitarbeiterapp.vodafone.de wss://mitarbeiterapp.vodafone.de https://*.vimeo.com https://*.vimeocdn.com;img-src 'self' https://*.vimeo.com https://*.vimeocdn.com data:;font-src 'self' data:;frame-src * blob:;child-src *;object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0, 1; mode=block

Request headers

Referer
https://mitarbeiterapp.vodafone.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 31 Jul 2024 05:21:49 GMT
content-security-policy
default-src 'self';script-src 'self' https://www.instagram.com https://s0.assets-yammer.com https://platform.twitter.com https://connect.facebook.net https://platform-vodafone.imgzine.com 'nonce-Y2Q3MjY3YzQtZmFlOC00NjRhLThhMTMtNThiZmRjNTE5OTQz';style-src * 'self' 'nonce-Y2Q3MjY3YzQtZmFlOC00NjRhLThhMTMtNThiZmRjNTE5OTQz';connect-src 'self' https://platform-vodafone.imgzine.com https://notifications-vodafone.imgzine.com wss://notifications-vodafone.imgzine.com https://mitarbeiterapp.vodafone.de wss://mitarbeiterapp.vodafone.de https://*.vimeo.com https://*.vimeocdn.com;img-src 'self' https://*.vimeo.com https://*.vimeocdn.com data:;font-src 'self' data:;frame-src * blob:;child-src *;object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
x-cdn
Imperva
surrogate-control
no-store
x-dns-prefetch-control
off
x-iinfo
12-4218916-4177311 pNYN RT(1722403309392 204) q(0 0 0 -1) r(1 1) U12
x-xss-protection
0, 1; mode=block
pragma
no-cache, public
referrer-policy
no-referrer, strict-origin-when-cross-origin
server
nginx
etag
W/"24-Jx3H4gWxVWzyVt9vW7V1VxJk2Nw"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
x-download-options
noopen
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, public
permissions-policy
accelerometer=(self)
expires
0
Primary Request /
vodafone.onimgzine.com/
Redirect Chain
  • https://mitarbeiterapp.vodafone.de/
  • https://mitarbeiterapp.vodafone.de/login/?path=%2F
  • https://vodafone.onimgzine.com/?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&redirectUrl=https%3A%2F%2Fmitarbeiterapp.vodafone.de&webapp=true
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vodafone.onimgzine.com/?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&redirectUrl=https%3A%2F%2Fmitarbeiterapp.vodafone.de&webapp=true
Requested by
Host: mitarbeiterapp.vodafone.de
URL: https://mitarbeiterapp.vodafone.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.48.114.247 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
8d5a20ee0c12617a3f0ad951f3d42419c7a8cfffd6c9b3ff44c4ec6a13d3ebf9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=15552000; includeSubdomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mitarbeiterapp.vodafone.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-length
2317
content-type
text/html; charset=utf-8
date
Wed, 31 Jul 2024 05:21:50 GMT
etag
W/"90d-w/2MaS1sMEU7np6/4P2MDt54m44"
server
nginx
strict-transport-security
max-age=15552000; includeSubDomains max-age=15552000; includeSubdomains
x-content-type-options
nosniff nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-store, no-cache, must-revalidate, proxy-revalidate public
content-length
410
content-security-policy
default-src 'self';script-src 'self' https://www.instagram.com https://s0.assets-yammer.com https://platform.twitter.com https://connect.facebook.net https://platform-vodafone.imgzine.com 'nonce-NjI3MmYzYTQtNGJkZi00NTNiLThmMDktYWRhYzI0NzQ5Njk3';style-src * 'self' 'nonce-NjI3MmYzYTQtNGJkZi00NTNiLThmMDktYWRhYzI0NzQ5Njk3';connect-src 'self' https://platform-vodafone.imgzine.com https://notifications-vodafone.imgzine.com wss://notifications-vodafone.imgzine.com https://mitarbeiterapp.vodafone.de wss://mitarbeiterapp.vodafone.de https://*.vimeo.com https://*.vimeocdn.com;img-src 'self' https://*.vimeo.com https://*.vimeocdn.com data:;font-src 'self' data:;frame-src * blob:;child-src *;object-src 'none'
content-type
text/html; charset=utf-8
date
Wed, 31 Jul 2024 05:21:49 GMT
expect-ct
max-age=0
expires
0
location
https://vodafone.onimgzine.com?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&redirectUrl=https%3A%2F%2Fmitarbeiterapp.vodafone.de&webapp=true
permissions-policy
accelerometer=(self)
pragma
no-cache public
referrer-policy
no-referrer strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=15552000; includeSubDomains
surrogate-control
no-store
vary
Accept
x-cdn
Imperva
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-iinfo
12-4218916-4177311 pNNN RT(1722403309392 291) q(0 0 0 -1) r(0 0) U11
x-permitted-cross-domain-policies
none
x-xss-protection
0 1; mode=block
vodafone-login.css
storage-vodafone.imgzine.com/public/147/files/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storage-vodafone.imgzine.com/public/147/files/vodafone-login.css
Requested by
Host: vodafone.onimgzine.com
URL: https://vodafone.onimgzine.com/?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&redirectUrl=https%3A%2F%2Fmitarbeiterapp.vodafone.de&webapp=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.48.114.247 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
5f8b472a910586293693176398f63ef4cda4b7ece2478318cf55a24b6bf6b72c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vodafone.onimgzine.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 31 Jul 2024 05:21:50 GMT
strict-transport-security
max-age=15552000; includeSubdomains
x-content-type-options
nosniff
last-modified
Fri, 30 Aug 2019 08:37:22 GMT
server
nginx
etag
"5d68e042-16ee"
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-length
5870
x-xss-protection
1; mode=block
expires
-1
logo_small.png
storage-vodafone.imgzine.com/public/147/images/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage-vodafone.imgzine.com/public/147/images/logo_small.png
Requested by
Host: vodafone.onimgzine.com
URL: https://vodafone.onimgzine.com/?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&redirectUrl=https%3A%2F%2Fmitarbeiterapp.vodafone.de&webapp=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.48.114.247 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
bbeb2b73c15c9eb5eee221410de7e2d4215087def7835cbc938a057dad5f6374
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vodafone.onimgzine.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 31 Jul 2024 05:21:50 GMT
strict-transport-security
max-age=15552000; includeSubdomains
x-content-type-options
nosniff
last-modified
Wed, 03 Jul 2019 07:21:34 GMT
server
nginx
etag
"5d1c577e-322d"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-length
12845
x-xss-protection
1; mode=block
expires
-1
Roboto-Regular.woff
storage-vodafone.imgzine.com/public/147/fonts/ 		60 KB
61 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://storage-vodafone.imgzine.com/public/147/fonts/Roboto-Regular.woff
Requested by
Host: storage-vodafone.imgzine.com
URL: https://storage-vodafone.imgzine.com/public/147/files/vodafone-login.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.48.114.247 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
2cd6b07b7855716761250290ce3cf447ccc98e793e484294d3fa8ccbb55b016a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://storage-vodafone.imgzine.com/public/147/files/vodafone-login.css
Origin
https://vodafone.onimgzine.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 31 Jul 2024 05:21:50 GMT
strict-transport-security
max-age=15552000; includeSubdomains
x-content-type-options
nosniff
last-modified
Tue, 11 Dec 2018 14:25:02 GMT
server
nginx
etag
"5c0fc8be-f128"
x-frame-options
SAMEORIGIN
content-type
font/woff
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-length
61736
x-xss-protection
1; mode=block
expires
-1
favicon.ico
storage-vodafone.imgzine.com/public/147/images/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://storage-vodafone.imgzine.com/public/147/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.48.114.247 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
aee110578df37fe95f8b0ff13710fee2d1c0c32c5c42bf571065a5fd151c984a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vodafone.onimgzine.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 31 Jul 2024 05:21:50 GMT
strict-transport-security
max-age=15552000; includeSubdomains
x-content-type-options
nosniff
last-modified
Thu, 04 Jul 2019 11:58:48 GMT
server
nginx
etag
"5d1de9f8-47e"
x-frame-options
SAMEORIGIN
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-length
1150
x-xss-protection
1; mode=block
expires
-1

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Domain/Path Name / Value
.vodafone.de/ Name: nlbi_2608084
Value: hWX7csCByRbjzc9nJ6dbnwAAAADaEBt6bwHxgBax+6Ay6Imk
.vodafone.de/ Name: visid_incap_2608084
Value: 22sNB9m6R5SismNZuwwaZO3JqWYAAAAAQUIPAAAAAAAhNVBRJnrRdpqE4tcso+7N
.vodafone.de/ Name: incap_ses_108_2608084
Value: SZVyadjifACEG2YoebF/Ae3JqWYAAAAADLk8qVXo+56jMWa/WJOjtQ==
mitarbeiterapp.vodafone.de/ Name: __Host-relevance
Value: s%3AxgMnAXeh5QO3gtXbf3O2-W-IPUQbb4Kn.Ry5tYoJndpDHMfSGB7iHCMVNYxn2t11Fs7GLwQTCh7c
vodafone.onimgzine.com/ Name: login-147
Value: s%3Al4rNoIFoPBcyO-JmpJZxZF7nkQB06_yL.u5YZiKy%2BAxvnXWLIYdJYKn9qwmb5f6cpnHIRCj6W3YI

2 Console Messages

Source Level URL
Text
network error URL: https://mitarbeiterapp.vodafone.de/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
rendering warning URL: https://vodafone.onimgzine.com/?app_version=4.0.0&idi=d096a6fb-6202-44cd-b5da-e8f97c757a74&magazine=147&redirectUrl=https%3A%2F%2Fmitarbeiterapp.vodafone.de&webapp=true(Line 5)
Message:
The value "100%" for key "width" was truncated to its numeric prefix.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';script-src 'self' https://www.instagram.com https://s0.assets-yammer.com https://platform.twitter.com https://connect.facebook.net https://platform-vodafone.imgzine.com 'nonce-N2Q2ODFhNmItYzVhYi00OTRmLTg3ZGEtMGRjNDk5YjliMjkx';style-src * 'self' 'nonce-N2Q2ODFhNmItYzVhYi00OTRmLTg3ZGEtMGRjNDk5YjliMjkx';connect-src 'self' https://platform-vodafone.imgzine.com https://notifications-vodafone.imgzine.com wss://notifications-vodafone.imgzine.com https://mitarbeiterapp.vodafone.de wss://mitarbeiterapp.vodafone.de https://*.vimeo.com https://*.vimeocdn.com;img-src 'self' https://*.vimeo.com https://*.vimeocdn.com data:;font-src 'self' data:;frame-src * blob:;child-src *;object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0 1; mode=block