login.app.us.cobalt.io Open in urlscan Pro
104.19.167.24 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://app.us.cobalt.io/jllerena
Effective URL:
https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIH...
Submission: On October 08 via manual (October 8th 2023, 8:53:55 am UTC) from SA — Scanned from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 1 countries across 7 domains to perform 17 HTTP transactions. The main IP is 104.19.167.24, located in and belongs to . The main domain is login.app.us.cobalt.io.
TLS certificate: Issued by E1 on August 31st 2023. Valid for: 3 months.

This is the only time login.app.us.cobalt.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	104.18.30.198 104.18.30.198	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.139.47.54 108.139.47.54	() ()
1	18.238.55.50 18.238.55.50	() ()
1 2	104.19.167.24 104.19.167.24	() ()
1	18.164.96.87 18.164.96.87	() ()
1	18.164.107.47 18.164.107.47	() ()
4	104.18.0.125 104.18.0.125	() ()
17	8

5 104.18.30.198 (None, )

ASN13335 (CLOUDFLARENET, US)

app.us.cobalt.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.139.47.54 (None, )

ASN- ()

cdn.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.238.55.50 (None, )

ASN- ()

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.167.24 (None, ) 1 redirects

ASN- ()

login.app.us.cobalt.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.87 (None, )

ASN- ()

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.107.47 (None, )

ASN- ()

cdn.auth0.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.0.125 (None, )

ASN- ()

static.co27.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	cobalt.io 1 redirects app.us.cobalt.io login.app.us.cobalt.io	4 MB
4	co27.io static.co27.io	983 KB
2	hotjar.com static.hotjar.com script.hotjar.com	60 KB
1	auth0.com cdn.auth0.com	61 KB
1	pendo.io cdn.pendo.io	147 KB
0	sentry.io Failed o159135.ingest.sentry.io Failed
0	hotjar.io Failed content.hotjar.io Failed
17	7

	Domain	Requested by
5	app.us.cobalt.io	app.us.cobalt.io
4	static.co27.io	login.app.us.cobalt.io
2	login.app.us.cobalt.io	1 redirects app.us.cobalt.io
1	cdn.auth0.com	login.app.us.cobalt.io
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	app.us.cobalt.io
1	cdn.pendo.io	app.us.cobalt.io
0	o159135.ingest.sentry.io Failed	app.us.cobalt.io
0	content.hotjar.io Failed	app.us.cobalt.io
17	9

This site contains no links.

Subject Issuer	Validity	Valid
cobalt.io Cloudflare Inc ECC CA-3	`2023-08-08` - `2024-08-06`	a year	crt.sh
cdn.pendo.io Amazon RSA 2048 M02	`2023-06-30` - `2024-07-28`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
login.app.us.cobalt.io E1	`2023-08-31` - `2023-11-29`	3 months	crt.sh
*.auth0.com Amazon RSA 2048 M01	`2023-02-24` - `2024-03-24`	a year	crt.sh
co27.io Cloudflare Inc ECC CA-3	`2023-07-20` - `2024-07-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHQ5RHNPNkwyQWkyZVFsSTBVV3F5bkZ5SGFfV3JiMTNwo2NpZNkgeUlnb0tyS2pVU29TWE9UM2d0d2lEOU41cDRFWHRBaU4
Frame ID: F740924D8773E443204409464A8E544F
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In | Cobalt

Page URL History Show full URLs

https://app.us.cobalt.io/jllerena Page URL
https://login.app.us.cobalt.io/authorize?client_id=yIgoKrKjUSoSXOT3gtwiD9N5p4EXtAiN&scope=openid+profile+em... HTTP 302
https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcn... Page URL

Detected technologies

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Page Statistics

17
Requests

82 %
HTTPS

0 %
IPv6

7
Domains

9
Subdomains

8
IPs

1
Countries

5470 kB
Transfer

13373 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://app.us.cobalt.io/jllerena Page URL
https://login.app.us.cobalt.io/authorize?client_id=yIgoKrKjUSoSXOT3gtwiD9N5p4EXtAiN&scope=openid+profile+email+offline_access&audience=api.us.cobalt.io&redirect_uri=https%3A%2F%2Fapp.us.cobalt.io&response_type=code&response_mode=query&state=SjlFZzBpUXo0UEFZOXhNR3FsX3BkOTFaeEpyNG1OfmhuLThwYWdUNV9PNA%3D%3D&nonce=YVRhVXFGdW5KQzdWMUEwREZjQlJxeEktS25lUUg0TGpOaGNuRjcxVUh0ZA%3D%3D&code_challenge=-AKS4T14Kf8JlrFvkitn8LX9uQf7NwHd6Uufb-lOy0I&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMi4yLjEifQ%3D%3D HTTP 302
https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHQ5RHNPNkwyQWkyZVFsSTBVV3F5bkZ5SGFfV3JiMTNwo2NpZNkgeUlnb0tyS2pVU29TWE9UM2d0d2lEOU41cDRFWHRBaU4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 jllerena Show response
app.us.cobalt.io/ 291 B
3 KB 401ms
51ms Document
text/html 104.18.30.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.us.cobalt.io/jllerena

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.30.198 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d913c958a243edfa12e59ab9d980f2a6b2c9b7baa4c819de1626705988cda6f1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* .hotjar.com: app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' .doubleclick.net https://www.google-analytics.com https://.usercentrics.eu https://grsm.io/pr/signup .hotjar.com: .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com .ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors .atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://.usercentrics.eu https://.calendly.com .hotjar.com .hotjar.io .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 812d27c6293343f8-EWR
content-encoding: br
content-security-policy: default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* *.hotjar.com:* app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' *.doubleclick.net https://www.google-analytics.com https://*.usercentrics.eu https://grsm.io/pr/signup *.hotjar.com:* *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com *.ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors *.atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://*.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://*.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.usercentrics.eu https://*.calendly.com *.hotjar.com *.hotjar.io *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
content-type: text/html
date: Sun, 08 Oct 2023 08:53:46 GMT
last-modified: Fri, 06 Oct 2023 21:40:43 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 main.bc289776.js Show response
app.us.cobalt.io/static/js/ 20 KB
10 KB 61ms
61ms Script
application/javascript 104.18.30.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.us.cobalt.io/static/js/main.bc289776.js

Requested by

Host: app.us.cobalt.io
URL: https://app.us.cobalt.io/jllerena

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.30.198 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa7d4ecf3d24851dd6d1d8c4eed3c6c1b2fc68c2445addbacea1412dae2299b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* .hotjar.com: app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' .doubleclick.net https://www.google-analytics.com https://.usercentrics.eu https://grsm.io/pr/signup .hotjar.com: .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com .ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors .atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://.usercentrics.eu https://.calendly.com .hotjar.com .hotjar.io .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://app.us.cobalt.io/jllerena
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:46 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* *.hotjar.com:* app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' *.doubleclick.net https://www.google-analytics.com https://*.usercentrics.eu https://grsm.io/pr/signup *.hotjar.com:* *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com *.ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors *.atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://*.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://*.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.usercentrics.eu https://*.calendly.com *.hotjar.com *.hotjar.io *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 06 Oct 2023 21:40:44 GMT
server: cloudflare
etag: W/"65207edc-4f58"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
cf-ray: 812d27c6896f43f8-EWR

GET
H2 200 805.3e398135.chunk.js Show response
app.us.cobalt.io/static/js/ 8 MB
4 MB 68ms
67ms Script
application/javascript 104.18.30.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.us.cobalt.io/static/js/805.3e398135.chunk.js

Requested by

Host: app.us.cobalt.io
URL: https://app.us.cobalt.io/static/js/main.bc289776.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.30.198 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1fa06cc63e31247d8f039ada95476fc87876c8573d59291a96380dd0c211551

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* .hotjar.com: app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' .doubleclick.net https://www.google-analytics.com https://.usercentrics.eu https://grsm.io/pr/signup .hotjar.com: .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com .ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors .atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://.usercentrics.eu https://.calendly.com .hotjar.com .hotjar.io .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://app.us.cobalt.io/jllerena
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:46 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* *.hotjar.com:* app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' *.doubleclick.net https://www.google-analytics.com https://*.usercentrics.eu https://grsm.io/pr/signup *.hotjar.com:* *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com *.ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors *.atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://*.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://*.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.usercentrics.eu https://*.calendly.com *.hotjar.com *.hotjar.io *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 06 Oct 2023 21:40:44 GMT
server: cloudflare
etag: W/"65207edc-842af1"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
cf-ray: 812d27c6f99643f8-EWR

GET
H2 200 350.c2ccee94e30ca6ccfca0.css
app.us.cobalt.io/static/css/ 11 KB
6 KB 69ms
69ms Stylesheet
text/css 104.18.30.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.us.cobalt.io/static/css/350.c2ccee94e30ca6ccfca0.css

Requested by

Host: app.us.cobalt.io
URL: https://app.us.cobalt.io/static/js/main.bc289776.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.30.198 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

201fbb788f4e2e5851b874e6d022bf912d9cfd16bedd028eacb552283c3598e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* .hotjar.com: app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' .doubleclick.net https://www.google-analytics.com https://.usercentrics.eu https://grsm.io/pr/signup .hotjar.com: .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com .ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors .atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://.usercentrics.eu https://.calendly.com .hotjar.com .hotjar.io .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://app.us.cobalt.io/jllerena
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:46 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* *.hotjar.com:* app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' *.doubleclick.net https://www.google-analytics.com https://*.usercentrics.eu https://grsm.io/pr/signup *.hotjar.com:* *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com *.ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors *.atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://*.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://*.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.usercentrics.eu https://*.calendly.com *.hotjar.com *.hotjar.io *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 06 Oct 2023 21:40:43 GMT
server: cloudflare
etag: W/"65207edb-2b4f"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache
cf-ray: 812d27c6f99743f8-EWR

GET
H2 200 350.b7f407e0.chunk.js Show response
app.us.cobalt.io/static/js/ 3 MB
534 KB 70ms
70ms Script
application/javascript 104.18.30.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.us.cobalt.io/static/js/350.b7f407e0.chunk.js

Requested by

Host: app.us.cobalt.io
URL: https://app.us.cobalt.io/static/js/main.bc289776.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.30.198 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5e1c4ba68bf62bb5f3a8a2eea6a6d981feec5304d4645df1169a0bfd2c6707a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* .hotjar.com: app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' .doubleclick.net https://www.google-analytics.com https://.usercentrics.eu https://grsm.io/pr/signup .hotjar.com: .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com .ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors .atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://.usercentrics.eu https://.calendly.com .hotjar.com .hotjar.io .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://app.us.cobalt.io/jllerena
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:46 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* *.hotjar.com:* app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' *.doubleclick.net https://www.google-analytics.com https://*.usercentrics.eu https://grsm.io/pr/signup *.hotjar.com:* *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com *.ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors *.atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://*.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://*.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.usercentrics.eu https://*.calendly.com *.hotjar.com *.hotjar.io *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 06 Oct 2023 21:45:13 GMT
server: cloudflare
etag: W/"65207fe9-2dfbbb"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
cf-ray: 812d27c6f99843f8-EWR

GET
H2 200 pendo.js
cdn.pendo.io/agent/static/2e056d99-1cbb-4c18-619a-0e064fab9ce0/ 444 KB
147 KB 469ms
75ms Script
application/javascript 108.139.47.54

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pendo.io/agent/static/2e056d99-1cbb-4c18-619a-0e064fab9ce0/pendo.js
Requested by: Host: app.us.cobalt.io
URL: https://app.us.cobalt.io/static/js/350.b7f407e0.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.54 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://app.us.cobalt.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:49 GMT
content-encoding: gzip
via: 1.1 1d2861d9b6c0fd303c8b7539b394c190.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P1
x-guploader-uploadid: ADPycdsT92IhUMYCqzO135GC1TSoqhe3XcGs_xXIOpzFtf-PwE7udpua52czGICMbiVDn0yG1TgTe6l7Z79LggO4UC5wVw
x-cache: Miss from cloudfront
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 149174
last-modified: Thu, 05 Oct 2023 18:13:56 GMT
server: UploadServer
etag: "e4ffe2d1feabb2e84c46e84731490d2c"
vary: Accept-Encoding
x-goog-generation: 1696529636281273
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=QLIp8g==, md5=5P/i0f6rsuhMRuhHMUkNLA==
access-control-expose-headers: *
cache-control: max-age=450
x-goog-stored-content-length: 149174
accept-ranges: bytes
x-amz-cf-id: gNE1ezAb46brUV5p-q2KzoruHofZmLp10D7oexrktqCLQeAib8rhYQ==
expires: Sun, 08 Oct 2023 09:01:19 GMT

GET
BLOB 200
OK 09af5a01-e4f4-48ca-b1a1-a2b693854ef2
https://app.us.cobalt.io/ 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://app.us.cobalt.io/09af5a01-e4f4-48ca-b1a1-a2b693854ef2
Requested by: Host: app.us.cobalt.io
URL: https://app.us.cobalt.io/jllerena
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Length: 2183
Content-Type: application/javascript

GET
H2 200 hotjar-2292642.js
static.hotjar.com/c/ 10 KB
4 KB 157ms
86ms Script
application/javascript 18.238.55.50

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2292642.js?sv=6

Requested by

Host: app.us.cobalt.io
URL: https://app.us.cobalt.io/static/js/350.b7f407e0.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.50 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://app.us.cobalt.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:49 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 f5386598f013dd093e17be33d361f408.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P4
etag: W/80badbaa23a33612afad31054098282d
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: _nOC3bpuSRDDnh-MqqMryR4TwVlNe_ErNLIAw8_oiwRy2hXMpjobOQ==

GET
H2

200

Primary Request login Show response
login.app.us.cobalt.io/u/
Redirect Chain

https://login.app.us.cobalt.io/authorize?client_id=yIgoKrKjUSoSXOT3gtwiD9N5p4EXtAiN&scope=openid+profile+email+offline_access&audience=api.us.cobalt.io&redirect_uri=https%3A%2F%2Fapp.us.cobalt.io&r...
https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHQ5RHNPNkwyQWkyZVFsSTBVV3F5bkZ5SGFfV3JiMTNwo2NpZNkgeUlnb0tyS2pVU29TWE9U...

21 KB
22 KB

328ms
327ms

Document
text/html

104.19.167.24

General

Check archive.org

Show headers Download Go to

Full URL

https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHQ5RHNPNkwyQWkyZVFsSTBVV3F5bkZ5SGFfV3JiMTNwo2NpZNkgeUlnb0tyS2pVU29TWE9UM2d0d2lEOU41cDRFWHRBaU4

Requested by

Host: app.us.cobalt.io
URL: https://app.us.cobalt.io/static/js/805.3e398135.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.167.24 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

8aa15826b008f40d04d6a30af939744f3e19b609d1625275c765843575ce5452

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.us.cobalt.io/jllerena
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, max-age=0, no-transform
cf-cache-status: DYNAMIC
cf-ray: 812d27da4917c33e-EWR
content-language: en
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=utf-8
date: Sun, 08 Oct 2023 08:53:50 GMT
etag: W/"55e0-NilN3HZDoCAYdDBFRblQ21lecOc"
expires: Sun, 08 Oct 2023 08:53:49 GMT
ot-baggage-auth0-request-id: 812d27da4917c33e
ot-tracer-sampled: true
ot-tracer-spanid: 233ab86f436e274d
ot-tracer-traceid: 2cc792fc39655a0d
pragma: no-cache
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-00000000000000002cc792fc39655a0d-233ab86f436e274d-01
tracestate: auth0-request-id=812d27da4917c33e,auth0=true
vary: Accept-Encoding
x-auth0-requestid: c617ef49ddd59f13bd21
x-content-type-options: nosniff
x-frame-options: deny
x-ratelimit-limit: 20
x-ratelimit-remaining: 19
x-ratelimit-reset: 1696755236
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, max-age=0, no-transform
cf-cache-status: DYNAMIC
cf-ray: 812d27d8786ac33e-EWR
content-length: 424
content-type: text/html; charset=utf-8
date: Sun, 08 Oct 2023 08:53:49 GMT
location: /u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHQ5RHNPNkwyQWkyZVFsSTBVV3F5bkZ5SGFfV3JiMTNwo2NpZNkgeUlnb0tyS2pVU29TWE9UM2d0d2lEOU41cDRFWHRBaU4
ot-baggage-auth0-request-id: 812d27d8786ac33e
ot-tracer-sampled: true
ot-tracer-spanid: 3d89aee00e6b0797
ot-tracer-traceid: 4bbb5e5206b5e5fa
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-00000000000000004bbb5e5206b5e5fa-3d89aee00e6b0797-01
tracestate: auth0-request-id=812d27d8786ac33e,auth0=true
vary: Accept, Accept-Encoding
x-auth0-requestid: b3fde4b12bed3fa7c13a
x-content-type-options: nosniff
x-ratelimit-limit: 300
x-ratelimit-remaining: 299
x-ratelimit-reset: 1696755230

GET
H2 200 modules.9b99185f84da153d26eb.js
script.hotjar.com/ 226 KB
55 KB 46ms
7ms Script
application/javascript 18.164.96.87

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9b99185f84da153d26eb.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2292642.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.87 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://app.us.cobalt.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:20:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 b5fe18267507cb61755963d8928a60f4.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P5
age: 156822
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56061
last-modified: Fri, 06 Oct 2023 13:19:11 GMT
etag: "9dacd935854d62b77318d5bf10d72c47"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: JHekz5wFm4SBR7GnEYKAU-DyEeCYuyiEf2q5nBNPQWJlmK46FeA8tQ==

POST /
content.hotjar.io/ 0
0

POST /
o159135.ingest.sentry.io/api/1220993/envelope/ 0
0

GET
H2 200 main.cdn.min.css
cdn.auth0.com/ulp/react-components/1.78.14/css/ 251 KB
61 KB 531ms
133ms Stylesheet
text/css 18.164.107.47

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.auth0.com/ulp/react-components/1.78.14/css/main.cdn.min.css

Requested by

Host: login.app.us.cobalt.io
URL: https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHQ5RHNPNkwyQWkyZVFsSTBVV3F5bkZ5SGFfV3JiMTNwo2NpZNkgeUlnb0tyS2pVU29TWE9UM2d0d2lEOU41cDRFWHRBaU4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.107.47 -, , ASN (),

Reverse DNS

Software

AmazonS3 /

Resource Hash

ea5e4145f594c6cfe4a158ae30d7ed88687b3b0fcd2a0877c659f4a0fc457163

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 20:47:31 GMT
x-amz-version-id: JZwLAw0D176b6GXTXEKnHFGsFKKCp4Q4
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-cf-pop: JFK50-P6
age: 43580
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: FAILED
last-modified: Mon, 21 Aug 2023 14:46:54 GMT
server: AmazonS3
etag: W/"45b8104b81b0cea2cc3a51a6d58111bf"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2628000,public
x-robots-tag: noindex
x-amz-cf-id: Bl4aUeFX6qO026cDl78KSo27li2W9CAvGRkO_p6J8Y8TNXbve9ibgw==

GET
H2 200 New_Cobalt_logo.svg
static.co27.io/assets/images/ 8 KB
4 KB 379ms
44ms Image
image/svg+xml 104.18.0.125

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.co27.io/assets/images/New_Cobalt_logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.0.125 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

e3ed70ba40baa316aa8710bd277de5bd7f421ff9177872c52230d8bcd6a0f968

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:50 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 10 Aug 2023 13:23:20 GMT
server: cloudflare
etag: W/"64d4e4c8-1e16"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 812d27de8e71c407-EWR
expires: Sun, 08 Oct 2023 12:53:50 GMT

GET
H2 200 login-hero.png
static.co27.io/assets/images/ 653 KB
654 KB 44ms
43ms Image
image/png 104.18.0.125

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.co27.io/assets/images/login-hero.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.0.125 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

cfcd099530f8d95f3b36cab401a23d54d517c52d86e89f775b1103f157126e1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://login.app.us.cobalt.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:51 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: REVALIDATED
last-modified: Thu, 10 Aug 2023 13:23:20 GMT
server: cloudflare
etag: "64d4e4c8-a342d"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 812d27e22800c407-EWR
content-length: 668717
expires: Sun, 08 Oct 2023 12:53:51 GMT

GET
H2 200 Cobalt-Logo.png
static.co27.io/assets/images/ 7 KB
7 KB 42ms
42ms Image
image/png 104.18.0.125

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.co27.io/assets/images/Cobalt-Logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.0.125 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

4bd74133a6f37a44cce3a4062abece2c2d98c34509b6ec3819ab7780e219e844

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://login.app.us.cobalt.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:51 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: REVALIDATED
last-modified: Thu, 10 Aug 2023 13:23:20 GMT
server: cloudflare
etag: "64d4e4c8-1c89"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 812d27e22801c407-EWR
content-length: 7305
expires: Sun, 08 Oct 2023 12:53:51 GMT

GET
DATA 200
OK truncated
/ 650 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aaf1eac584819e98c7f78a20216bd2fb10ee29e10b290983bc0fa82d0f293bce

Request headers

Referer
Origin: https://login.app.us.cobalt.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 688 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fd0c91dae3964654557348546b167581cdac13a2e00555b3c5b73e0981d4b165

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 Inter.var.woff2
static.co27.io/assets/fonts/ 317 KB
318 KB 370ms
57ms Font
font/woff2 104.18.0.125

General

Check archive.org

Show headers Download Go to

Full URL

https://static.co27.io/assets/fonts/Inter.var.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.0.125 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

85f08b5f51e36ca7e961a033c6bb61d7f0e44aa0984646383ecac648e98fdcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://login.app.us.cobalt.io/
Origin: https://login.app.us.cobalt.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 08:53:53 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: REVALIDATED
last-modified: Thu, 10 Aug 2023 13:23:20 GMT
server: cloudflare
etag: "64d4e4c8-4f500"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 812d27f1eb84435e-EWR
content-length: 324864
expires: Sun, 08 Oct 2023 12:53:53 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: content.hotjar.io
URL: https://content.hotjar.io/?gzip=1

Domain: o159135.ingest.sentry.io
URL: https://o159135.ingest.sentry.io/api/1220993/envelope/?sentry_key=41e49729f6c74b8e9cb00cd7f860b73c&sentry_version=7&sentry_client=sentry.javascript.react%2F7.58.1

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cobalt.io/	1970-01-21 00:04:51	Name: _hjSessionUser_2292642 Value: eyJpZCI6IjgyMzkzZTRmLWZkZGEtNTQ3Yy1hZDUzLWM4ODQ5YjQxNzA3MCIsImNyZWF0ZWQiOjE2OTY3NTUyMjkzOTMsImV4aXN0aW5nIjpmYWxzZX0=
.cobalt.io/	1970-01-20 15:19:17	Name: _hjFirstSeen Value: 1
.cobalt.io/	1970-01-20 15:19:15	Name: _hjIncludedInSessionSample_2292642 Value: 1
.cobalt.io/	1970-01-20 15:19:17	Name: _hjSession_2292642 Value: eyJpZCI6IjEyZWJmN2NmLTVkMjctNGU5YS05Y2UyLWVlMmRkNGM3OTYyYyIsImNyZWF0ZWQiOjE2OTY3NTUyMjkzOTQsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjpmYWxzZX0=
.cobalt.io/	1970-01-20 15:19:17	Name: _hjAbsoluteSessionInProgress Value: 0
login.app.us.cobalt.io/	1969-12-31 23:59:59	Name: did Value: s%3Av0%3A32de95a0-65b8-11ee-884e-3f9950282c40.CiAQDsPt4E08Qb%2BhrTAkpOaCTBr%2BF960o%2FDLJ0j5Ev0
login.app.us.cobalt.io/	1969-12-31 23:59:59	Name: auth0 Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMXAk4tM7flasKKYmRRAHBJCt2eiVWoclY_K9gwxVfA89wKvuSjDsQDTBH-TEcJZlcnOmQZ4x9q_hMCf5uFYwFSmY29va2llg6dleHBpcmVz1_-zh3kAZSZina5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.S1AAiryGlCHnmw4DTA6xe64ErHEC0AURuH7cBKPGEBc
login.app.us.cobalt.io/	1969-12-31 23:59:59	Name: did_compat Value: s%3Av0%3A32de95a0-65b8-11ee-884e-3f9950282c40.CiAQDsPt4E08Qb%2BhrTAkpOaCTBr%2BF960o%2FDLJ0j5Ev0
login.app.us.cobalt.io/	1969-12-31 23:59:59	Name: auth0_compat Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMXAk4tM7flasKKYmRRAHBJCt2eiVWoclY_K9gwxVfA89wKvuSjDsQDTBH-TEcJZlcnOmQZ4x9q_hMCf5uFYwFSmY29va2llg6dleHBpcmVz1_-zh3kAZSZina5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.S1AAiryGlCHnmw4DTA6xe64ErHEC0AURuH7cBKPGEBc

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://app.us.cobalt.io/static/js/350.b7f407e0.chunk.js(Line 9) Message: Refused to connect to 'https://content.hotjar.io/?gzip=1' because it violates the following Content Security Policy directive: "connect-src wss://* data: blob: 'self' .doubleclick.net https://www.google-analytics.com https://.usercentrics.eu https://grsm.io/pr/signup .hotjar.com: .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com *.ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* .hotjar.com: app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' .doubleclick.net https://www.google-analytics.com https://.usercentrics.eu https://grsm.io/pr/signup .hotjar.com: .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com .ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors .atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://.usercentrics.eu https://.calendly.com .hotjar.com .hotjar.io .auth0.com: login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.us.cobalt.io
cdn.auth0.com
cdn.pendo.io
content.hotjar.io
login.app.us.cobalt.io
o159135.ingest.sentry.io
script.hotjar.com
static.co27.io
static.hotjar.com
content.hotjar.io
o159135.ingest.sentry.io
104.18.0.125
104.18.30.198
104.19.167.24
108.139.47.54
18.164.107.47
18.164.96.87
18.238.55.50
201fbb788f4e2e5851b874e6d022bf912d9cfd16bedd028eacb552283c3598e7
4bd74133a6f37a44cce3a4062abece2c2d98c34509b6ec3819ab7780e219e844
5fa7d4ecf3d24851dd6d1d8c4eed3c6c1b2fc68c2445addbacea1412dae2299b
85f08b5f51e36ca7e961a033c6bb61d7f0e44aa0984646383ecac648e98fdcc8
8aa15826b008f40d04d6a30af939744f3e19b609d1625275c765843575ce5452
aaf1eac584819e98c7f78a20216bd2fb10ee29e10b290983bc0fa82d0f293bce
cfcd099530f8d95f3b36cab401a23d54d517c52d86e89f775b1103f157126e1a
d913c958a243edfa12e59ab9d980f2a6b2c9b7baa4c819de1626705988cda6f1
e3ed70ba40baa316aa8710bd277de5bd7f421ff9177872c52230d8bcd6a0f968
e5e1c4ba68bf62bb5f3a8a2eea6a6d981feec5304d4645df1169a0bfd2c6707a
ea5e4145f594c6cfe4a158ae30d7ed88687b3b0fcd2a0877c659f4a0fc457163
f1fa06cc63e31247d8f039ada95476fc87876c8573d59291a96380dd0c211551
fd0c91dae3964654557348546b167581cdac13a2e00555b3c5b73e0981d4b165

login.app.us.cobalt.io Open in urlscan Pro 104.19.167.24 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

82 %HTTPS

0 %IPv6

7 Domains

9 Subdomains

8 IPs

1 Countries

5470 kBTransfer

13373 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

9 Cookies

1 Console Messages

Security Headers

Indicators

login.app.us.cobalt.io Open in urlscan Pro
104.19.167.24 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

82 %
HTTPS

0 %
IPv6

7
Domains

9
Subdomains

8
IPs

1
Countries

5470 kB
Transfer

13373 kB
Size

9
Cookies

17 HTTP transactions
2 data transactions