login.app.us.cobalt.io
Open in
urlscan Pro
104.19.167.24
Public Scan
Effective URL: https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIH...
Submission: On October 08 via manual from SA — Scanned from US
Summary
TLS certificate: Issued by E1 on August 31st 2023. Valid for: 3 months.
This is the only time login.app.us.cobalt.io was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 104.18.30.198 104.18.30.198 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 108.139.47.54 108.139.47.54 | () () | |
1 | 18.238.55.50 18.238.55.50 | () () | |
1 2 | 104.19.167.24 104.19.167.24 | () () | |
1 | 18.164.96.87 18.164.96.87 | () () | |
1 | 18.164.107.47 18.164.107.47 | () () | |
4 | 104.18.0.125 104.18.0.125 | () () | |
17 | 8 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
cobalt.io
1 redirects
app.us.cobalt.io login.app.us.cobalt.io |
4 MB |
4 |
co27.io
static.co27.io |
983 KB |
2 |
hotjar.com
static.hotjar.com script.hotjar.com |
60 KB |
1 |
auth0.com
cdn.auth0.com |
61 KB |
1 |
pendo.io
cdn.pendo.io |
147 KB |
0 |
sentry.io
Failed
o159135.ingest.sentry.io Failed |
|
0 |
hotjar.io
Failed
content.hotjar.io Failed |
|
17 | 7 |
Domain | Requested by | |
---|---|---|
5 | app.us.cobalt.io |
app.us.cobalt.io
|
4 | static.co27.io |
login.app.us.cobalt.io
|
2 | login.app.us.cobalt.io |
1 redirects
app.us.cobalt.io
|
1 | cdn.auth0.com |
login.app.us.cobalt.io
|
1 | script.hotjar.com |
static.hotjar.com
|
1 | static.hotjar.com |
app.us.cobalt.io
|
1 | cdn.pendo.io |
app.us.cobalt.io
|
0 | o159135.ingest.sentry.io Failed |
app.us.cobalt.io
|
0 | content.hotjar.io Failed |
app.us.cobalt.io
|
17 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cobalt.io Cloudflare Inc ECC CA-3 |
2023-08-08 - 2024-08-06 |
a year | crt.sh |
cdn.pendo.io Amazon RSA 2048 M02 |
2023-06-30 - 2024-07-28 |
a year | crt.sh |
*.hotjar.com Amazon ECDSA 256 M01 |
2023-03-09 - 2024-04-06 |
a year | crt.sh |
login.app.us.cobalt.io E1 |
2023-08-31 - 2023-11-29 |
3 months | crt.sh |
*.auth0.com Amazon RSA 2048 M01 |
2023-02-24 - 2024-03-24 |
a year | crt.sh |
co27.io Cloudflare Inc ECC CA-3 |
2023-07-20 - 2024-07-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHQ5RHNPNkwyQWkyZVFsSTBVV3F5bkZ5SGFfV3JiMTNwo2NpZNkgeUlnb0tyS2pVU29TWE9UM2d0d2lEOU41cDRFWHRBaU4
Frame ID: F740924D8773E443204409464A8E544F
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Sign In | CobaltPage URL History Show full URLs
- https://app.us.cobalt.io/jllerena Page URL
-
https://login.app.us.cobalt.io/authorize?client_id=yIgoKrKjUSoSXOT3gtwiD9N5p4EXtAiN&scope=openid+profile+em...
HTTP 302
https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcn... Page URL
Detected technologies
Hotjar (Analytics) ExpandDetected patterns
- //static\.hotjar\.com/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://app.us.cobalt.io/jllerena Page URL
-
https://login.app.us.cobalt.io/authorize?client_id=yIgoKrKjUSoSXOT3gtwiD9N5p4EXtAiN&scope=openid+profile+email+offline_access&audience=api.us.cobalt.io&redirect_uri=https%3A%2F%2Fapp.us.cobalt.io&response_type=code&response_mode=query&state=SjlFZzBpUXo0UEFZOXhNR3FsX3BkOTFaeEpyNG1OfmhuLThwYWdUNV9PNA%3D%3D&nonce=YVRhVXFGdW5KQzdWMUEwREZjQlJxeEktS25lUUg0TGpOaGNuRjcxVUh0ZA%3D%3D&code_challenge=-AKS4T14Kf8JlrFvkitn8LX9uQf7NwHd6Uufb-lOy0I&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMi4yLjEifQ%3D%3D
HTTP 302
https://login.app.us.cobalt.io/u/login?state=hKFo2SBBbWJlYXdmZDZsRzhtck9QaS1EZGtEWktQbGQzcWQ3aqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHQ5RHNPNkwyQWkyZVFsSTBVV3F5bkZ5SGFfV3JiMTNwo2NpZNkgeUlnb0tyS2pVU29TWE9UM2d0d2lEOU41cDRFWHRBaU4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
jllerena
app.us.cobalt.io/ |
291 B 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.bc289776.js
app.us.cobalt.io/static/js/ |
20 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
805.3e398135.chunk.js
app.us.cobalt.io/static/js/ |
8 MB 4 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
350.c2ccee94e30ca6ccfca0.css
app.us.cobalt.io/static/css/ |
11 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
350.b7f407e0.chunk.js
app.us.cobalt.io/static/js/ |
3 MB 534 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pendo.js
cdn.pendo.io/agent/static/2e056d99-1cbb-4c18-619a-0e064fab9ce0/ |
444 KB 147 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
09af5a01-e4f4-48ca-b1a1-a2b693854ef2
https://app.us.cobalt.io/ |
2 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-2292642.js
static.hotjar.com/c/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login
login.app.us.cobalt.io/u/ Redirect Chain
|
21 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.9b99185f84da153d26eb.js
script.hotjar.com/ |
226 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
content.hotjar.io/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
o159135.ingest.sentry.io/api/1220993/envelope/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.cdn.min.css
cdn.auth0.com/ulp/react-components/1.78.14/css/ |
251 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
New_Cobalt_logo.svg
static.co27.io/assets/images/ |
8 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-hero.png
static.co27.io/assets/images/ |
653 KB 654 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Cobalt-Logo.png
static.co27.io/assets/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
650 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
688 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Inter.var.woff2
static.co27.io/assets/fonts/ |
317 KB 318 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- content.hotjar.io
- URL
- https://content.hotjar.io/?gzip=1
- Domain
- o159135.ingest.sentry.io
- URL
- https://o159135.ingest.sentry.io/api/1220993/envelope/?sentry_key=41e49729f6c74b8e9cb00cd7f860b73c&sentry_version=7&sentry_client=sentry.javascript.react%2F7.58.1
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.cobalt.io/ | Name: _hjSessionUser_2292642 Value: eyJpZCI6IjgyMzkzZTRmLWZkZGEtNTQ3Yy1hZDUzLWM4ODQ5YjQxNzA3MCIsImNyZWF0ZWQiOjE2OTY3NTUyMjkzOTMsImV4aXN0aW5nIjpmYWxzZX0= |
|
.cobalt.io/ | Name: _hjFirstSeen Value: 1 |
|
.cobalt.io/ | Name: _hjIncludedInSessionSample_2292642 Value: 1 |
|
.cobalt.io/ | Name: _hjSession_2292642 Value: eyJpZCI6IjEyZWJmN2NmLTVkMjctNGU5YS05Y2UyLWVlMmRkNGM3OTYyYyIsImNyZWF0ZWQiOjE2OTY3NTUyMjkzOTQsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjpmYWxzZX0= |
|
.cobalt.io/ | Name: _hjAbsoluteSessionInProgress Value: 0 |
|
login.app.us.cobalt.io/ | Name: did Value: s%3Av0%3A32de95a0-65b8-11ee-884e-3f9950282c40.CiAQDsPt4E08Qb%2BhrTAkpOaCTBr%2BF960o%2FDLJ0j5Ev0 |
|
login.app.us.cobalt.io/ | Name: auth0 Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMXAk4tM7flasKKYmRRAHBJCt2eiVWoclY_K9gwxVfA89wKvuSjDsQDTBH-TEcJZlcnOmQZ4x9q_hMCf5uFYwFSmY29va2llg6dleHBpcmVz1_-zh3kAZSZina5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.S1AAiryGlCHnmw4DTA6xe64ErHEC0AURuH7cBKPGEBc |
|
login.app.us.cobalt.io/ | Name: did_compat Value: s%3Av0%3A32de95a0-65b8-11ee-884e-3f9950282c40.CiAQDsPt4E08Qb%2BhrTAkpOaCTBr%2BF960o%2FDLJ0j5Ev0 |
|
login.app.us.cobalt.io/ | Name: auth0_compat Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMXAk4tM7flasKKYmRRAHBJCt2eiVWoclY_K9gwxVfA89wKvuSjDsQDTBH-TEcJZlcnOmQZ4x9q_hMCf5uFYwFSmY29va2llg6dleHBpcmVz1_-zh3kAZSZina5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.S1AAiryGlCHnmw4DTA6xe64ErHEC0AURuH7cBKPGEBc |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' https: blob: ;child-src 'self' https://play.vidyard.com *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* *.hotjar.com:* app.pendo.io pendo-io-extensions.storage.googleapis.com blob: ;connect-src wss://* data: blob: 'self' *.doubleclick.net https://www.google-analytics.com https://*.usercentrics.eu https://grsm.io/pr/signup *.hotjar.com:* *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* api.transferwise.com static.growthbook.us.cobalt.io cobalt-api.production.platform-02.us.cobalt.io cobalt-work-formation.production.platform-02.us.cobalt.io cobalt-work-formation.production.us.cobalt.io cobalt-work-formation.us.cobalt.io cobalt-pentest-api.production.platform-02.us.cobalt.io cve-api.us.co27.io cve-api.us.cobalt.io taxonomy-api.production.platform-02.us.cobalt.io taxonomy-api.us.cobalt.io taxonomy-api.production.us.cobalt.io cobalt-taxonomy.production.platform-02.us.cobalt.io cobalt-credits.production.platform-02.us.cobalt.io cobalt-engine.production.platform-02.us.cobalt.io engine.us.cobalt.io engine.production.us.cobalt.io odin-api.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io cobalt-admin-api.production.platform-02.us.cobalt.io admin-api.us.cobalt.io admin-api.production.us.cobalt.io s3.amazonaws.com s3-us-west-2.amazonaws.com *.ingest.sentry.io gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-ancestors *.atlassian.net app.pendo.io ;font-src 'self' https://fonts.gstatic.com data: ;img-src 'self' blob: https://*.usercentrics.eu https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com data: cobalt-pentest-api.production.platform-02.us.cobalt.io api.us.cobalt.io api.production.us.cobalt.io storage.googleapis.com s3-us-west-2.amazonaws.com s3.amazonaws.com gravatar.com secure.gravatar.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;object-src 'self' blob: data: https://*.usercentrics.eu ;script-src 'self' https://snippet.growsumo.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.usercentrics.eu https://*.calendly.com *.hotjar.com *.hotjar.io *.auth0.com:* login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* 'sha256-W//r7zYFhph26WyKhE7ziPbRACTMBF5wevdDMttEcac=' bam.nr-data.net 'sha256-sZ6svVsJZQZ7dK7F8dSLy0yIWWPqgDn6JswaEs57G5U=' 'sha256-QNjm9/X1muv3XaN2YjLgRB2zF/F3LKy/8kxQPBQwWa8=' 'sha256-s2ms0zhlxVUZzHf+tnGL+zQ9Kia3HD14zV5J2bGzgCY=' s3.amazonaws.com pendo-io-static.storage.googleapis.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-extensions.storage.googleapis.com ;frame-src www.workato.com app.workato.com login.app.us.cobalt.io:* login.app.us.us.cobalt.io:* pendo-io-extensions.storage.googleapis.com app.pendo.io ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com s3.amazonaws.com pendo-static-6219827428196352.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com ;upgrade-insecure-requests; |
Strict-Transport-Security | max-age=15724800; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.us.cobalt.io
cdn.auth0.com
cdn.pendo.io
content.hotjar.io
login.app.us.cobalt.io
o159135.ingest.sentry.io
script.hotjar.com
static.co27.io
static.hotjar.com
content.hotjar.io
o159135.ingest.sentry.io
104.18.0.125
104.18.30.198
104.19.167.24
108.139.47.54
18.164.107.47
18.164.96.87
18.238.55.50
201fbb788f4e2e5851b874e6d022bf912d9cfd16bedd028eacb552283c3598e7
4bd74133a6f37a44cce3a4062abece2c2d98c34509b6ec3819ab7780e219e844
5fa7d4ecf3d24851dd6d1d8c4eed3c6c1b2fc68c2445addbacea1412dae2299b
85f08b5f51e36ca7e961a033c6bb61d7f0e44aa0984646383ecac648e98fdcc8
8aa15826b008f40d04d6a30af939744f3e19b609d1625275c765843575ce5452
aaf1eac584819e98c7f78a20216bd2fb10ee29e10b290983bc0fa82d0f293bce
cfcd099530f8d95f3b36cab401a23d54d517c52d86e89f775b1103f157126e1a
d913c958a243edfa12e59ab9d980f2a6b2c9b7baa4c819de1626705988cda6f1
e3ed70ba40baa316aa8710bd277de5bd7f421ff9177872c52230d8bcd6a0f968
e5e1c4ba68bf62bb5f3a8a2eea6a6d981feec5304d4645df1169a0bfd2c6707a
ea5e4145f594c6cfe4a158ae30d7ed88687b3b0fcd2a0877c659f4a0fc457163
f1fa06cc63e31247d8f039ada95476fc87876c8573d59291a96380dd0c211551
fd0c91dae3964654557348546b167581cdac13a2e00555b3c5b73e0981d4b165