urlscan.io logo urlscan.io
SecurityTrails logo

lavazzapro.force.com Open in urlscan Pro
13.110.47.96  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://admin-shop.lavazzapro.com/
Effective URL: https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
Submission: On October 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 11 HTTP transactions. The main IP is 13.110.47.96, located in United States and belongs to SALESFORCE, US. The main domain is lavazzapro.force.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 28th 2021. Valid for: a year.
This is the only time lavazzapro.force.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 5 151.101.65.124 54113 (FASTLY)
1 151.101.2.137 54113 (FASTLY)
1 6 13.110.47.96 14340 (SALESFORCE)
1 162.247.242.19 23467 (NEWRELIC-...)
11 5
Apex Domain
Subdomains		 Transfer
6 force.com
lavazzapro.force.com
67 KB
5 lavazzapro.com
admin-shop.lavazzapro.com
17 KB
1 nr-data.net
bam.nr-data.net
322 B
1 newrelic.com
js-agent.newrelic.com
12 KB
11 4
Domain Requested by
6 lavazzapro.force.com 1 redirects lavazzapro.force.com
5 admin-shop.lavazzapro.com 2 redirects admin-shop.lavazzapro.com
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com admin-shop.lavazzapro.com
11 4

This site contains no links.

Subject Issuer Validity Valid
lavazzapro.ca
R3		 2021-08-28 -
2021-11-26		 3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-10-06 -
2022-11-07		 a year crt.sh
*.na139.force.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-28 -
2022-01-26		 a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
Frame ID: 3A41FE87802678B09F0F7311F0AEE652
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Single Sign-On Error | MarsDrinks.Community.com

Page URL History Show full URLs

  1. http://admin-shop.lavazzapro.com/ HTTP 301
    https://admin-shop.lavazzapro.com/ HTTP 302
    https://admin-shop.lavazzapro.com/customer/account/login/ Page URL
  2. https://lavazzapro.force.com/community/idp/endpoint/HttpPost HTTP 302
    https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605 Page URL

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

91 kB
Transfer

119 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://admin-shop.lavazzapro.com/ HTTP 301
    https://admin-shop.lavazzapro.com/ HTTP 302
    https://admin-shop.lavazzapro.com/customer/account/login/ Page URL
  2. https://lavazzapro.force.com/community/idp/endpoint/HttpPost HTTP 302
    https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://admin-shop.lavazzapro.com/ HTTP 301
  • https://admin-shop.lavazzapro.com/ HTTP 302
  • https://admin-shop.lavazzapro.com/customer/account/login/

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
admin-shop.lavazzapro.com/customer/account/login/
Redirect Chain
  • http://admin-shop.lavazzapro.com/
  • https://admin-shop.lavazzapro.com/
  • https://admin-shop.lavazzapro.com/customer/account/login/
11 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://admin-shop.lavazzapro.com/customer/account/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.124 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ef251a1ffe0030f8758dccf86c477cd07b36aa674e2e49468c8c78d0756d3b13
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

:method
GET
:authority
admin-shop.lavazzapro.com
:scheme
https
:path
/customer/account/login/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
cookie
PHPSESSID=412d63296aa9a30ae2c147e25a2f5b14
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html; charset=UTF-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
set-cookie
PHPSESSID=412d63296aa9a30ae2c147e25a2f5b14; expires=Fri, 08-Oct-2021 22:57:27 GMT; Max-Age=3600; path=/; domain=admin-shop.lavazzapro.com; secure; HttpOnly; SameSite=Lax
x-debug-info
eyJyZXRyaWVzIjowfQ==
x-platform-server
i-07d6001488d05e9d4
x-request-id
fmcwghoav2dfqxnfy4a7sj3v
x-robots-tag
noindex, nofollow
accept-ranges
bytes
date
Fri, 08 Oct 2021 21:57:27 GMT
x-served-by
cache-lhr6625-LHR, cache-hhn4073-HHN
x-cache
MISS, MISS
x-cache-hits
0, 0
vary
Accept-Encoding,Cookie
strict-transport-security
max-age=31557600

Redirect headers

cache-control
max-age=0, must-revalidate, no-cache, no-store
content-security-policy-report-only
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://pay.google.com https://secure-test.worldpay.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de bam.nr-data.net js-agent.newrelic.com d2oh4tlt9mrke9.cloudfront.net stats.g.doubleclick.net ws.sessioncam.com https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com cdn.dnky.co webchat.dotdigital.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de bam.nr-data.net js-agent.newrelic.com d2oh4tlt9mrke9.cloudfront.net stats.g.doubleclick.net www.google-analytics.com ws.sessioncam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
content-type
text/html; charset=UTF-8
expires
Thu, 08 Oct 2020 21:57:27 GMT
location
https://admin-shop.lavazzapro.com/customer/account/login/
pragma
no-cache
set-cookie
PHPSESSID=412d63296aa9a30ae2c147e25a2f5b14; expires=Fri, 08-Oct-2021 22:57:27 GMT; Max-Age=3600; path=/; domain=admin-shop.lavazzapro.com; secure; HttpOnly; SameSite=Lax
x-content-type-options
nosniff
x-debug-info
eyJyZXRyaWVzIjowfQ==
x-frame-options
SAMEORIGIN
x-platform-server
i-0cfb17d9c8adfea09
x-request-id
3nwm6cinbngy27hfe5l5jyab
x-robots-tag
noindex, nofollow
x-xss-protection
1; mode=block
accept-ranges
bytes
date
Fri, 08 Oct 2021 21:57:27 GMT
x-served-by
cache-lhr7335-LHR, cache-hhn4073-HHN
x-cache
MISS, MISS
x-cache-hits
0, 0
vary
Accept-Encoding,Cookie
strict-transport-security
max-age=31557600
content-length
0
post.js
admin-shop.lavazzapro.com/simplesaml/resources/ 		178 B
298 B 		Script
General
Check archive.org
Download Go to
Full URL
https://admin-shop.lavazzapro.com/simplesaml/resources/post.js
Requested by
Host: admin-shop.lavazzapro.com
URL: https://admin-shop.lavazzapro.com/customer/account/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.124 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
042defc6aec1defb1c12dc727d98665be04b1c51ec3278f126f02a4d2944030b
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

:path
/simplesaml/resources/post.js
pragma
no-cache
cookie
PHPSESSID=412d63296aa9a30ae2c147e25a2f5b14
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
admin-shop.lavazzapro.com
referer
https://admin-shop.lavazzapro.com/customer/account/login/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://admin-shop.lavazzapro.com/customer/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 21:57:27 GMT
vary
Accept-Encoding
x-platform-server
i-07d6001488d05e9d4
x-cache
MISS, MISS
x-cache-hits
0, 0
content-length
178
x-request-id
yvcjrdorzjpuqzhn6iegq54v
x-served-by
cache-lhr7336-LHR, cache-hhn4073-HHN
last-modified
Thu, 19 Aug 2021 15:13:42 GMT
etag
"611e7526-b2"
strict-transport-security
max-age=31557600
content-type
application/javascript
cache-control
no-cache
accept-ranges
bytes
x-robots-tag
noindex, nofollow
x-debug-info
eyJyZXRyaWVzIjowfQ==
expires
Fri, 08 Oct 2021 21:57:26 GMT
post.css
admin-shop.lavazzapro.com/simplesaml/resources/ 		49 B
223 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://admin-shop.lavazzapro.com/simplesaml/resources/post.css
Requested by
Host: admin-shop.lavazzapro.com
URL: https://admin-shop.lavazzapro.com/customer/account/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.124 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3f9d048692e5bd3124a58001bbe28baa05fafe0ef2f179fca97bc32ca0b1f640
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

:path
/simplesaml/resources/post.css
pragma
no-cache
cookie
PHPSESSID=412d63296aa9a30ae2c147e25a2f5b14
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
admin-shop.lavazzapro.com
referer
https://admin-shop.lavazzapro.com/customer/account/login/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://admin-shop.lavazzapro.com/customer/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 21:57:27 GMT
vary
Accept-Encoding
x-platform-server
i-07d6001488d05e9d4
x-cache
MISS, MISS
x-cache-hits
0, 0
content-length
49
x-request-id
55xzh46sud3hzyalyo2wh6vi
x-served-by
cache-lhr7344-LHR, cache-hhn4073-HHN
last-modified
Thu, 19 Aug 2021 15:13:42 GMT
etag
"611e7526-31"
strict-transport-security
max-age=31557600
content-type
text/css
cache-control
no-cache
accept-ranges
bytes
x-robots-tag
noindex, nofollow
x-debug-info
eyJyZXRyaWVzIjowfQ==
expires
Fri, 08 Oct 2021 21:57:26 GMT
nr-1210.min.js
js-agent.newrelic.com/ 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1210.min.js
Requested by
Host: admin-shop.lavazzapro.com
URL: https://admin-shop.lavazzapro.com/customer/account/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://admin-shop.lavazzapro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id
tUmpG8VLFN_NnT6837P9feidPwIndCMZ
content-encoding
gzip
etag
"67f7ff413fcbb9300ab2dbf1bb53180c"
x-amz-request-id
3700EJ4ZWWQ4P78Z
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
11781
x-amz-id-2
WHzeslBLMht/NaCF9kkJd18iJ6Fkr2YZAl5iGj0a1qtVGAGpwFyTtZrMMtk5xKXdIU5RYSWHiEw=
x-served-by
cache-hhn4039-HHN
last-modified
Tue, 22 Jun 2021 22:47:07 GMT
server
AmazonS3
x-timer
S1633730248.770397,VS0,VE0
date
Fri, 08 Oct 2021 21:57:27 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
12332
Primary Request SamlError
lavazzapro.force.com/community/_nc_external/identity/saml/
Redirect Chain
  • https://lavazzapro.force.com/community/idp/endpoint/HttpPost
  • https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.47.96 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl16-ncg1-c6-iad5.na139-ia5.force.com
Software
/
Resource Hash
07622e42822f0e7b1606ecf2a3598a33b03c40c24114a493d92f3ee950d51f17
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536004; includeSubDomains

Request headers

Host
lavazzapro.force.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://admin-shop.lavazzapro.com/
Accept-Encoding
gzip, deflate, br
Cookie
CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=usMX6SiCEeyTuH9xLtUq3A; BrowserId_sec=usMX6SiCEeyTuH9xLtUq3A
Upgrade-Insecure-Requests
1
Origin
https://admin-shop.lavazzapro.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://admin-shop.lavazzapro.com/

Response headers

Date
Fri, 08 Oct 2021 21:57:28 GMT
Strict-Transport-Security
max-age=31536004; includeSubDomains
Content-Security-Policy
upgrade-insecure-requests
Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Transfer-Encoding
chunked

Redirect headers

Date
Fri, 08 Oct 2021 21:57:28 GMT
Set-Cookie
CookieConsentPolicy=0:1; domain=lavazzapro.force.com; path=/; expires=Sat, 08-Oct-2022 21:57:28 GMT; Max-Age=31536000 LSKey-c$CookieConsentPolicy=0:1; domain=lavazzapro.force.com; path=/; expires=Sat, 08-Oct-2022 21:57:28 GMT; Max-Age=31536000 BrowserId=usMX6SiCEeyTuH9xLtUq3A; domain=.force.com; path=/; expires=Sat, 08-Oct-2022 21:57:28 GMT; Max-Age=31536000 BrowserId_sec=usMX6SiCEeyTuH9xLtUq3A; domain=.force.com; path=/; expires=Sat, 08-Oct-2022 21:57:28 GMT; Max-Age=31536000; secure; SameSite=None
Strict-Transport-Security
max-age=31536004; includeSubDomains
Content-Security-Policy
upgrade-insecure-requests
Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Location
https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
Content-Length
0
NRJS-7b3a8858d12ae2f3e23
bam.nr-data.net/1/ 		57 B
322 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/NRJS-7b3a8858d12ae2f3e23?a=816332796&v=1210.e2a3f80&to=YlFQNUNUDRdXU0BeXlsbcwJFXAwKGVNBREVaWVcTHlQAB1lFWkMeWVtVCF8%3D&rst=444&ck=1&ref=https://admin-shop.lavazzapro.com/customer/account/login/&ap=63&be=372&fe=416&dc=415&perf=%7B%22timing%22:%7B%22of%22:1633730247335,%22n%22:0,%22f%22:247,%22dn%22:247,%22dne%22:247,%22c%22:247,%22ce%22:247,%22rq%22:248,%22rp%22:351,%22rpe%22:351,%22dl%22:354,%22di%22:415,%22ds%22:415,%22de%22:415,%22dc%22:416,%22l%22:416,%22le%22:418%7D,%22navigation%22:%7B%7D%7D&at=ThZTQwtOHhk%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1210.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.19 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-7.nr-data.net
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://admin-shop.lavazzapro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Cross-Origin-Resource-Policy
cross-origin
Content-Type
text/javascript;charset=iso-8859-1
Content-Length
57
Expires
Thu, 01 Jan 1970 00:00:00 GMT
NRJS-7b3a8858d12ae2f3e23
bam.nr-data.net/events/1/ 		0
0
sfdc_210.css
lavazzapro.force.com/css/ 		15 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lavazzapro.force.com/css/sfdc_210.css
Requested by
Host: lavazzapro.force.com
URL: https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.47.96 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl16-ncg1-c6-iad5.na139-ia5.force.com
Software
/
Resource Hash
6effaae73ce83316d1356ea984e417519743bce7a23982f053b1b8ec82135dae
Security Headers
Name Value
Strict-Transport-Security max-age=31536004; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
lavazzapro.force.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
Cookie
CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=usMX6SiCEeyTuH9xLtUq3A; BrowserId_sec=usMX6SiCEeyTuH9xLtUq3A
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 21:57:28 GMT
Content-Encoding
gzip
Last-Modified
Tue, 23 May 2017 21:11:38 GMT
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536004; includeSubDomains
Accept-Ranges
bytes
Expires
Sat, 05 Feb 2022 21:57:28 GMT
servlet.ImageServer
lavazzapro.force.com/community/servlet/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lavazzapro.force.com/community/servlet/servlet.ImageServer?id=0150L00000AwErh&oid=00DE0000000HgPB&lastMod=1559047517000
Requested by
Host: lavazzapro.force.com
URL: https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.47.96 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl16-ncg1-c6-iad5.na139-ia5.force.com
Software
/
Resource Hash
9e8c51637808ec8fcabf6a9f561d77725df4960cb86916f83d4c159d0ded7cba
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536004; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
lavazzapro.force.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
Cookie
CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=usMX6SiCEeyTuH9xLtUq3A; BrowserId_sec=usMX6SiCEeyTuH9xLtUq3A
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://lavazzapro.force.com/community/_nc_external/identity/saml/SamlError?idpError=1605
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 17:59:36 GMT
Last-Modified
Tue, 28 May 2019 12:45:17 GMT
Age
14272
Strict-Transport-Security
max-age=31536004; includeSubDomains
Content-Type
image/png
Cache-Control
public,max-age=31536000
Content-Security-Policy
upgrade-insecure-requests
Content-Length
5804
Expires
Sat, 08 Oct 2022 17:59:36 GMT
SalesforceSans-Regular.woff2
lavazzapro.force.com/login/assets/fonts/SalesforceSans/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://lavazzapro.force.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2
Requested by
Host: lavazzapro.force.com
URL: https://lavazzapro.force.com/css/sfdc_210.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.47.96 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl16-ncg1-c6-iad5.na139-ia5.force.com
Software
/
Resource Hash
1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536004; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://lavazzapro.force.com
Accept-Encoding
gzip, deflate, br
Host
lavazzapro.force.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://lavazzapro.force.com/css/sfdc_210.css
Cookie
CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=usMX6SiCEeyTuH9xLtUq3A; BrowserId_sec=usMX6SiCEeyTuH9xLtUq3A
Connection
keep-alive
Referer
https://lavazzapro.force.com/css/sfdc_210.css
Origin
https://lavazzapro.force.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 17:59:36 GMT
Last-Modified
Fri, 24 Jul 2015 20:32:56 GMT
Age
14273
Strict-Transport-Security
max-age=31536004; includeSubDomains
Content-Type
font/woff2
Cache-Control
public,max-age=10368000
Accept-Ranges
bytes
Content-Length
27580
Expires
Sat, 05 Feb 2022 17:59:36 GMT
SalesforceSans-Light.woff2
lavazzapro.force.com/login/assets/fonts/SalesforceSans/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://lavazzapro.force.com/login/assets/fonts/SalesforceSans/SalesforceSans-Light.woff2
Requested by
Host: lavazzapro.force.com
URL: https://lavazzapro.force.com/css/sfdc_210.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.47.96 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl16-ncg1-c6-iad5.na139-ia5.force.com
Software
/
Resource Hash
b7df2d6cb9d0ecda707a1de1302b3c9d9bda16247dc382e696579a8308d49771
Security Headers
Name Value
Strict-Transport-Security max-age=31536004; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://lavazzapro.force.com
Accept-Encoding
gzip, deflate, br
Host
lavazzapro.force.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://lavazzapro.force.com/css/sfdc_210.css
Cookie
CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=usMX6SiCEeyTuH9xLtUq3A; BrowserId_sec=usMX6SiCEeyTuH9xLtUq3A
Connection
keep-alive
Referer
https://lavazzapro.force.com/css/sfdc_210.css
Origin
https://lavazzapro.force.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 21:57:29 GMT
Last-Modified
Fri, 24 Jul 2015 20:32:54 GMT
Transfer-Encoding
chunked
Content-Type
font/woff2
Cache-Control
public,max-age=10368000
Strict-Transport-Security
max-age=31536004; includeSubDomains
Accept-Ranges
bytes
Expires
Sat, 05 Feb 2022 21:57:29 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bam.nr-data.net
URL
https://bam.nr-data.net/events/1/NRJS-7b3a8858d12ae2f3e23?a=816332796&v=1210.e2a3f80&to=YlFQNUNUDRdXU0BeXlsbcwJFXAwKGVNBREVaWVcTHlQAB1lFWkMeWVtVCF8%3D&rst=1538&ck=1&ref=https://admin-shop.lavazzapro.com/customer/account/login/

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| p function| bodyOnLoad function| bodyOnBeforeUnload function| bodyOnFocus function| bodyOnUnload

6 Cookies

Domain/Path Name / Value
.admin-shop.lavazzapro.com/ Name: PHPSESSID
Value: 412d63296aa9a30ae2c147e25a2f5b14
.nr-data.net/ Name: JSESSIONID
Value: 9729e8abb488b9e5
.lavazzapro.force.com/ Name: CookieConsentPolicy
Value: 0:1
.lavazzapro.force.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
.force.com/ Name: BrowserId
Value: usMX6SiCEeyTuH9xLtUq3A
.force.com/ Name: BrowserId_sec
Value: usMX6SiCEeyTuH9xLtUq3A

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31557600