eon.gloat-staging.gloat.com Open in urlscan Pro
172.67.155.109 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://eon.orgagility.gloat-staging.gloat.com/
Effective URL:
https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/
Submission: On March 30 via api (March 30th 2024, 5:16:56 pm UTC) from US — Scanned from US

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 4 domains to perform 23 HTTP transactions. The main IP is 172.67.155.109, located in United States and belongs to CLOUDFLARENET, US. The main domain is eon.gloat-staging.gloat.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on April 27th 2023. Valid for: a year.

This is the only time eon.gloat-staging.gloat.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	3.76.92.241 3.76.92.241	16509 (AMAZON-02) (AMAZON-02)
6	2607:f8b0:400... 2607:f8b0:4004:c06::5f	15169 (GOOGLE) (GOOGLE)
2	3.161.213.95 3.161.213.95	16509 (AMAZON-02) (AMAZON-02)
2	18.195.228.218 18.195.228.218	16509 (AMAZON-02) (AMAZON-02)
1	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
6	172.67.155.109 172.67.155.109	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.247.156 35.186.247.156	15169 (GOOGLE) (GOOGLE)
23	8

3 3.76.92.241 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-76-92-241.eu-central-1.compute.amazonaws.com

eon.orgagility.gloat-staging.gloat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c06::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.161.213.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-213-95.yul62.r.cloudfront.net

static.innermobility.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.228.218 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-228-218.eu-central-1.compute.amazonaws.com

web-common.gloat-staging.gloat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

gloat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.155.109 (United States)

ASN13335 (CLOUDFLARENET, US)

eon.gloat-staging.gloat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	gloat.com eon.orgagility.gloat-staging.gloat.com web-common.gloat-staging.gloat.com gloat.com — Cisco Umbrella Rank: 369866 eon.gloat-staging.gloat.com	2 MB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	4 KB
2	innermobility.com static.innermobility.com	2 KB
1	sentry.io sentry.io — Cisco Umbrella Rank: 154	324 B
23	4

	Domain	Requested by
6	eon.gloat-staging.gloat.com	eon.orgagility.gloat-staging.gloat.com eon.gloat-staging.gloat.com
6	fonts.googleapis.com	eon.orgagility.gloat-staging.gloat.com eon.gloat-staging.gloat.com
3	eon.orgagility.gloat-staging.gloat.com	eon.orgagility.gloat-staging.gloat.com
2	web-common.gloat-staging.gloat.com	eon.orgagility.gloat-staging.gloat.com
2	static.innermobility.com	eon.orgagility.gloat-staging.gloat.com eon.gloat-staging.gloat.com
1	sentry.io	eon.gloat-staging.gloat.com
1	gloat.com
23	7

This site contains no links.

Subject Issuer	Validity	Valid
*.orgagility.gloat-staging.gloat.com Amazon RSA 2048 M03	`2024-03-16` - `2025-04-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
static.innermobility.com Amazon RSA 2048 M01	`2023-07-16` - `2024-08-13`	a year	crt.sh
*.gloat-staging.gloat.com Go Daddy Secure Certificate Authority - G2	`2024-02-25` - `2025-03-28`	a year	crt.sh
*.gloat.com Go Daddy Secure Certificate Authority - G2	`2023-12-23` - `2025-01-23`	a year	crt.sh
sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2024-09-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/
Frame ID: 637F2FEC6D45BB9303E93C5233D2A3AA
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://eon.orgagility.gloat-staging.gloat.com/ Page URL
https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

23
Requests

91 %
HTTPS

14 %
IPv6

4
Domains

7
Subdomains

8
IPs

2
Countries

2411 kB
Transfer

3281 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://eon.orgagility.gloat-staging.gloat.com/ Page URL
https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
eon.orgagility.gloat-staging.gloat.com/ 1 KB
2 KB 516ms
145ms Document
text/html 3.76.92.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eon.orgagility.gloat-staging.gloat.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.76.92.241 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-76-92-241.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: eecee428f49e56143a4b92e11012fbc7d63cee6eb50d042c12714a27ac072297

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: localhost
Connection: keep-alive
Content-Length: 1311
Content-Type: text/html
Date: Sat, 30 Mar 2024 17:16:50 GMT
ETag: "66001e00-51f"
Last-Modified: Sun, 24 Mar 2024 12:35:12 GMT
X-Request-ID: 82635eefd6db5529706dd92d9f8f49ff

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
1015 B 177ms
70ms Stylesheet
text/css 2607:f8b0:4004:c06::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap

Requested by

Host: eon.orgagility.gloat-staging.gloat.com
URL: https://eon.orgagility.gloat-staging.gloat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4bcb85c4b4155b0680b77b107feb69fe927eaa1220a0d4a2598c7a7248d432c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.orgagility.gloat-staging.gloat.com/
Origin: https://eon.orgagility.gloat-staging.gloat.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sat, 30 Mar 2024 17:16:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 30 Mar 2024 16:21:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 30 Mar 2024 17:16:50 GMT

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
872 B 173ms
66ms Stylesheet
text/css 2607:f8b0:4004:c06::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700&display=swa

Requested by

Host: eon.orgagility.gloat-staging.gloat.com
URL: https://eon.orgagility.gloat-staging.gloat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c62f53db271220ca33087210a3e710f44de1c88231e85c08adc181a482a6b586

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.orgagility.gloat-staging.gloat.com/
Origin: https://eon.orgagility.gloat-staging.gloat.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sat, 30 Mar 2024 17:16:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 30 Mar 2024 17:08:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 30 Mar 2024 17:16:50 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
512 B 173ms
67ms Stylesheet
text/css 2607:f8b0:4004:c06::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Material+Icons%7CMaterial+Icons+Outlined

Requested by

Host: eon.orgagility.gloat-staging.gloat.com
URL: https://eon.orgagility.gloat-staging.gloat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46ce4b49297a7b60d67e831c05370a9b9bfbda619fca005ffba5a03ab632a00f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.orgagility.gloat-staging.gloat.com/
Origin: https://eon.orgagility.gloat-staging.gloat.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sat, 30 Mar 2024 17:16:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 30 Mar 2024 17:16:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 30 Mar 2024 17:16:50 GMT

GET
H2 200 material-icons-font.css
static.innermobility.com/icons/material-icons/ 628 B
982 B 234ms
70ms Stylesheet
text/css 3.161.213.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.innermobility.com/icons/material-icons/material-icons-font.css
Requested by: Host: eon.orgagility.gloat-staging.gloat.com
URL: https://eon.orgagility.gloat-staging.gloat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-95.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5ddb60a3228a04a997c272ac84cb0272e44c32c03d0a63dea5b241840e091ab7

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.orgagility.gloat-staging.gloat.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 02:25:25 GMT
via: 1.1 f0d805e341a04f5774e9d3de6f38e1e8.cloudfront.net (CloudFront)
last-modified: Sun, 03 Dec 2023 14:42:02 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-P1
age: 53486
etag: "589048badd7bc8b40d584d36f1d49402"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 628
x-amz-cf-id: g_V65hOuGMF_62Bt3aWCe9vgAyEUVLaI5RFo56YJ6BgvYmYm8nwwvA==

GET
H/1.1 200
OK index-777f53a3.js Show response
eon.orgagility.gloat-staging.gloat.com/orgagility/assets/ 2 MB
2 MB 144ms
143ms Script
application/javascript 3.76.92.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eon.orgagility.gloat-staging.gloat.com/orgagility/assets/index-777f53a3.js
Requested by: Host: eon.orgagility.gloat-staging.gloat.com
URL: https://eon.orgagility.gloat-staging.gloat.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.76.92.241 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-76-92-241.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 08b9cf8a8132e45d54d322e3ed376f4d2114e341da3c0d42fdf6e6db1a02d5c6

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.orgagility.gloat-staging.gloat.com/
Origin: https://eon.orgagility.gloat-staging.gloat.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 30 Mar 2024 17:16:50 GMT
Last-Modified: Sun, 24 Mar 2024 12:35:12 GMT
ETag: "66001e00-1f17ac"
Content-Type: application/javascript
Access-Control-Allow-Origin: localhost
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2037676
X-Request-ID: aa9b1adf7a2dcbb0d8a48e707f1ab84a

OPTIONS
H/1.1 200
OK domain-resolution
web-common.gloat-staging.gloat.com/api/v1/config/ 0
0 646ms
144ms Preflight
text/plain 18.195.228.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://web-common.gloat-staging.gloat.com/api/v1/config/domain-resolution?identifier=eon&identifier_type=slug

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.195.228.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-195-228-218.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	img-src * data: blob:;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: resolver,x-client,x-csrftoken
Access-Control-Request-Method: GET
Origin: https://eon.orgagility.gloat-staging.gloat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8
Date: Sat, 30 Mar 2024 17:16:52 GMT
access-control-allow-credentials: true
access-control-allow-headers: resolver,x-client,x-csrftoken
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: *
access-control-max-age: 600
content-security-policy: img-src * data: blob:;
permissions-policy: midi=()
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=63072000; includeSubdomains;
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK domain-resolution Show response
web-common.gloat-staging.gloat.com/api/v1/config/ 45 B
499 B 144ms
143ms Fetch
application/json 18.195.228.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://web-common.gloat-staging.gloat.com/api/v1/config/domain-resolution?identifier=eon&identifier_type=slug

Requested by

Host: eon.orgagility.gloat-staging.gloat.com
URL: https://eon.orgagility.gloat-staging.gloat.com/orgagility/assets/index-777f53a3.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.195.228.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-195-228-218.eu-central-1.compute.amazonaws.com

Software

Resource Hash

aadba00b177a9d3e0dca37a07cce02d673ce1e5d5603b6163da56ae194482156

Security Headers

Name	Value
Content-Security-Policy	img-src * data: blob:;
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

resolver: 0ee4fc0a-77b2-4437-8990-55c1b24ab7e1
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer: https://eon.orgagility.gloat-staging.gloat.com/
X-Client: web
X-CSRFToken: undefined
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 30 Mar 2024 17:16:52 GMT
strict-transport-security: max-age=63072000; includeSubdomains;
referrer-policy: no-referrer-when-downgrade
content-security-policy: img-src * data: blob:;
x-frame-options: SAMEORIGIN
Content-Type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
permissions-policy: midi=()
Connection: keep-alive
Content-Length: 45
x-xss-protection: 1; mode=block

GET
H2 200 cropped-new--32x32.png
gloat.com/wp-content/uploads/ 298 B
943 B 360ms
236ms Other
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://gloat.com/wp-content/uploads/cropped-new--32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a22705f3879afcfa32183ecbc4eb693dbc5f37a254566283ba9817b397c1bad

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.orgagility.gloat-staging.gloat.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 17:16:52 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains;
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 298
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 20 Dec 2023 11:45:06 GMT
server: cloudflare
etag: "6582d3c2-12a"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: ws.zoominfo.com
cache-control: max-age=31536000
permissions-policy: midi=()
accept-ranges: bytes
cf-ray: 86c9bffa1adfd9dd-MIA
expires: Sun, 30 Mar 2025 17:16:52 GMT

OPTIONS
H2 200 user
eon.gloat-staging.gloat.com/api/v1/auth/ 0
0 461ms
392ms Preflight
text/html 172.67.155.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://eon.gloat-staging.gloat.com/api/v1/auth/user

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.155.109 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern..js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://.intercom.io wss://.intercom.io https://uploads.intercomcdn.com https://.ingest.sentry.io https://sentry.io https://.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' blob:; manifest-src 'self'; media-src data: 'self' https://.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://.gloat.com; frame-ancestors 'self' https://.gloat.com https://.gloat-staging.gloat.com .teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: x-client,x-csrftoken
Access-Control-Request-Method: GET
Origin: https://eon.orgagility.gloat-staging.gloat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, x-client, x-admin-mode
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://eon.orgagility.gloat-staging.gloat.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 86c9bffeae862206-MIA
content-encoding: br
content-security-policy: default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://*.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern.*.js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://*.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://*.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://*.ingest.sentry.io https://sentry.io https://*.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://*.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' * blob:; manifest-src 'self'; media-src data: 'self' https://*.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://*.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://*.gloat.com; frame-ancestors 'self' https://*.gloat.com https://*.gloat-staging.gloat.com *.teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
content-type: text/html; charset=utf-8
date: Sat, 30 Mar 2024 17:16:53 GMT
permissions-policy: midi=()
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: b9b9c8609392a781dcde23ea891141b2
x-xss-protection: 1; mode=block

GET
H3 401 user
eon.gloat-staging.gloat.com/api/v1/auth/ 187 B
0 456ms
418ms Fetch
application/json 172.67.155.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://eon.gloat-staging.gloat.com/api/v1/auth/user

Requested by

Host: eon.orgagility.gloat-staging.gloat.com
URL: https://eon.orgagility.gloat-staging.gloat.com/orgagility/assets/index-777f53a3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.155.109 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern..js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://.intercom.io wss://.intercom.io https://uploads.intercomcdn.com https://.ingest.sentry.io https://sentry.io https://.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' blob:; manifest-src 'self'; media-src data: 'self' https://.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://.gloat.com; frame-ancestors 'self' https://.gloat.com https://.gloat-staging.gloat.com .teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer: https://eon.orgagility.gloat-staging.gloat.com/
X-Client: web
X-CSRFToken: undefined
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 17:16:53 GMT
content-security-policy: default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://*.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern.*.js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://*.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://*.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://*.ingest.sentry.io https://sentry.io https://*.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://*.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' * blob:; manifest-src 'self'; media-src data: 'self' https://*.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://*.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://*.gloat.com; frame-ancestors 'self' https://*.gloat.com https://*.gloat-staging.gloat.com *.teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
content-length: 187
pragma: no-cache
x-server-time: 0.001176595687866211
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Cookie, Origin
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://eon.orgagility.gloat-staging.gloat.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: midi=()
cf-ray: 86c9c0015b6d227d-MIA

GET
H/1.1 404
Not Found refresh
eon.orgagility.gloat-staging.gloat.com/api/auth/ 22 B
254 B 145ms
145ms Fetch
application/json 3.76.92.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eon.orgagility.gloat-staging.gloat.com/api/auth/refresh
Requested by: Host: eon.orgagility.gloat-staging.gloat.com
URL: https://eon.orgagility.gloat-staging.gloat.com/orgagility/assets/index-777f53a3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.76.92.241 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-76-92-241.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.orgagility.gloat-staging.gloat.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 30 Mar 2024 17:16:53 GMT
access-control-expose-headers: X-Request-ID
Connection: keep-alive
Content-Length: 22
x-request-id: fcb039605c10ffbbea6dbbf818504f74
Content-Type: application/json

GET
H3 200 Primary Request proxy-login Show response
eon.gloat-staging.gloat.com/ 1 KB
3 KB 164ms
163ms Document
text/html 172.67.155.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/

Requested by

Host: eon.orgagility.gloat-staging.gloat.com
URL: https://eon.orgagility.gloat-staging.gloat.com/orgagility/assets/index-777f53a3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.155.109 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8471495ad010cc3989c6c74dfa737a593bc093c504f549589ca4bce8682f792d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern..js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://.intercom.io wss://.intercom.io https://uploads.intercomcdn.com https://.ingest.sentry.io https://sentry.io https://.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' blob:; manifest-src 'self'; media-src data: 'self' https://.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://.gloat.com; frame-ancestors 'self' https://.gloat.com https://.gloat-staging.gloat.com .teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eon.orgagility.gloat-staging.gloat.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 86c9c004ef12227d-MIA
content-encoding: br
content-security-policy: default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://*.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern.*.js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://*.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://*.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://*.ingest.sentry.io https://sentry.io https://*.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://*.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' * blob:; manifest-src 'self'; media-src data: 'self' https://*.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://*.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://*.gloat.com; frame-ancestors 'self' https://*.gloat.com https://*.gloat-staging.gloat.com *.teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
content-type: text/html
date: Sat, 30 Mar 2024 17:16:54 GMT
last-modified: Wed, 27 Mar 2024 05:20:08 GMT
permissions-policy: midi=()
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: 42738dc5c57147b5a790fca55cb50a19
x-xss-protection: 1; mode=block

GET permissions
eon.gloat-staging.gloat.com/api/v1/rbac/ 0
0

OPTIONS
H2 200 permissions
eon.gloat-staging.gloat.com/api/v1/rbac/ 0
0 159ms
158ms Preflight
text/html 172.67.155.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://eon.gloat-staging.gloat.com/api/v1/rbac/permissions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.155.109 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern..js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://.intercom.io wss://.intercom.io https://uploads.intercomcdn.com https://.ingest.sentry.io https://sentry.io https://.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' blob:; manifest-src 'self'; media-src data: 'self' https://.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://.gloat.com; frame-ancestors 'self' https://.gloat.com https://.gloat-staging.gloat.com .teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: x-client,x-csrftoken
Access-Control-Request-Method: GET
Origin: https://eon.orgagility.gloat-staging.gloat.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, x-client, x-admin-mode
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://eon.orgagility.gloat-staging.gloat.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 86c9c004ee352206-MIA
content-encoding: br
content-security-policy: default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://*.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern.*.js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://*.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://*.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://*.ingest.sentry.io https://sentry.io https://*.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://*.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' * blob:; manifest-src 'self'; media-src data: 'self' https://*.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://*.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://*.gloat.com; frame-ancestors 'self' https://*.gloat.com https://*.gloat-staging.gloat.com *.teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
content-type: text/html; charset=utf-8
date: Sat, 30 Mar 2024 17:16:54 GMT
permissions-policy: midi=()
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: 2988adb32bb01a77642767a58cbf2e44
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
1 KB 67ms
65ms Stylesheet
text/css 2607:f8b0:4004:c06::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap

Requested by

Host: eon.gloat-staging.gloat.com
URL: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4bcb85c4b4155b0680b77b107feb69fe927eaa1220a0d4a2598c7a7248d432c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/
Origin: https://eon.gloat-staging.gloat.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sat, 30 Mar 2024 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 30 Mar 2024 17:01:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 30 Mar 2024 17:16:54 GMT

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
513 B 69ms
68ms Stylesheet
text/css 2607:f8b0:4004:c06::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700&display=swa

Requested by

Host: eon.gloat-staging.gloat.com
URL: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c62f53db271220ca33087210a3e710f44de1c88231e85c08adc181a482a6b586

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/
Origin: https://eon.gloat-staging.gloat.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sat, 30 Mar 2024 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 30 Mar 2024 17:16:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 30 Mar 2024 17:16:54 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
512 B 68ms
67ms Stylesheet
text/css 2607:f8b0:4004:c06::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Material+Icons%7CMaterial+Icons+Outlined

Requested by

Host: eon.gloat-staging.gloat.com
URL: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46ce4b49297a7b60d67e831c05370a9b9bfbda619fca005ffba5a03ab632a00f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/
Origin: https://eon.gloat-staging.gloat.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sat, 30 Mar 2024 17:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 30 Mar 2024 17:16:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 30 Mar 2024 17:16:54 GMT

GET
H2 200 material-icons-font.css
static.innermobility.com/icons/material-icons/ 628 B
980 B 71ms
71ms Stylesheet
text/css 3.161.213.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.innermobility.com/icons/material-icons/material-icons-font.css
Requested by: Host: eon.gloat-staging.gloat.com
URL: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-213-95.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5ddb60a3228a04a997c272ac84cb0272e44c32c03d0a63dea5b241840e091ab7

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 02:25:25 GMT
via: 1.1 f0d805e341a04f5774e9d3de6f38e1e8.cloudfront.net (CloudFront)
last-modified: Sun, 03 Dec 2023 14:42:02 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-P1
age: 53490
etag: "589048badd7bc8b40d584d36f1d49402"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 628
x-amz-cf-id: 1hU5ciUl-BR7KlRARAWp1rzxZ_PQ1PIbIcue-_Xe19C3t0qLbktbKw==

GET
H3 200 app-5d24596e.js Show response
eon.gloat-staging.gloat.com/static/dist/assets/ 1 MB
406 KB 490ms
490ms Script
application/javascript 172.67.155.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://eon.gloat-staging.gloat.com/static/dist/assets/app-5d24596e.js

Requested by

Host: eon.gloat-staging.gloat.com
URL: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.155.109 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2b0e7b6bdaca02a44b6d7f7158a315c593d468c151a2dce07606ae76b9445db

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern..js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://.intercom.io wss://.intercom.io https://uploads.intercomcdn.com https://.ingest.sentry.io https://sentry.io https://.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' blob:; manifest-src 'self'; media-src data: 'self' https://.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://.gloat.com; frame-ancestors 'self' https://.gloat.com https://.gloat-staging.gloat.com .teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/
Origin: https://eon.gloat-staging.gloat.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 17:16:54 GMT
content-security-policy: default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://*.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern.*.js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://*.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://*.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://*.ingest.sentry.io https://sentry.io https://*.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://*.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' * blob:; manifest-src 'self'; media-src data: 'self' https://*.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://*.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://*.gloat.com; frame-ancestors 'self' https://*.gloat.com https://*.gloat-staging.gloat.com *.teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: c392380d8d98190b627f48e89b2a59a0
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 29 Mar 2024 13:38:27 GMT
server: cloudflare
etag: W/"6606c453-1382fb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
permissions-policy: midi=()
cf-ray: 86c9c006087f227d-MIA
expires: Sat, 30 Mar 2024 21:16:54 GMT

POST
H2 200 / Show response
sentry.io/api/1280773/envelope/ 2 B
324 B 162ms
67ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1280773/envelope/?sentry_key=0cd6aef08375436998965905c89961c9&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.91.0

Requested by

Host: eon.gloat-staging.gloat.com
URL: https://eon.gloat-staging.gloat.com/static/dist/assets/app-5d24596e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://eon.gloat-staging.gloat.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 30 Mar 2024 17:16:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H3 200 favicon.ico
eon.gloat-staging.gloat.com/ 1 KB
3 KB 398ms
398ms Other
text/html 172.67.155.109
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://eon.gloat-staging.gloat.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.155.109 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8471495ad010cc3989c6c74dfa737a593bc093c504f549589ca4bce8682f792d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern..js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://.intercom.io wss://.intercom.io https://uploads.intercomcdn.com https://.ingest.sentry.io https://sentry.io https://.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' blob:; manifest-src 'self'; media-src data: 'self' https://.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://.gloat.com; frame-ancestors 'self' https://.gloat.com https://.gloat-staging.gloat.com .teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://eon.gloat-staging.gloat.com/proxy-login?next=https://eon.orgagility.gloat-staging.gloat.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 17:16:55 GMT
content-security-policy: default-src 'self'; script-src data: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://s1.addpipe.com/ https://gloat-fe-static-public.s3.amazonaws.com/jsoneditor/ https://challenges.cloudflare.com https://performance.radar.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/ https://rs.fullstory.com https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/rec/integrations https://*.gloat.com https://sisense-analytics.gloat-dev.gloat.com/js/frame.js https://sisense-analytics.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://sisense-analytics.gloat-staging.innermobility.com https://static.innermobility.com/innermobility/ https://widget.intercom.io https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://js.intercomcdn.com/vendor-modern.*.js https://cdn.walkme.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://gloat-fe-static-public.s3.amazonaws.com https://fonts.googleapis.com https://static.innermobility.com; object-src 'none'; base-uri 'self'; connect-src data: 'self' https://s1.addpipe.com wss://*.addpipe.com https://gloat-staging-transaction.s3.eu-central-1.amazonaws.com https://gloat-transaction.s3.amazonaws.com https://gloat-staging-transaction.s3.amazonaws.com https://gloat-dev-transaction.s3.amazonaws.com https://inner-mobility.s3-eu-west-1.amazonaws.com https://rs.fullstory.com https://edge.fullstory.com https://*.gloat.com https://clients.gloat.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.innermobility.com https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://*.ingest.sentry.io https://sentry.io https://*.walkme.com https://stgwalmartcaeu.blob.core.windows.net; font-src data: 'self' https://fonts.gstatic.com https://static.innermobility.com https://*.intercomcdn.com; frame-src 'self' https://www.figma.com https://identity.gloat.com https://identity.gloat-dev.gloat.com https://identity.gloat-staging.gloat.com https://sisense-analytics.gloat-staging.gloat.com https://sisense-analytics.gloat.com https://sisense-analytics.gloat-dev.gloat.com https://sisense-analytics.gloat-staging.innermobility.com https://identity.innermobility.com https://player.vimeo.com https://cdn.walkme.com https://s3.walkmeusercontent.com https://www.youtube.com; img-src data: 'self' * blob:; manifest-src 'self'; media-src data: 'self' https://*.addpipe.com https://gloat-staging-assets.s3.amazonaws.com https://gloat-dev-assets.s3.amazonaws.com https://gloat-imob-assets.s3.amazonaws.com https://*.gloat.com https://js.intercomcdn.com https://www.youtube.com; worker-src blob: https://*.gloat.com; frame-ancestors 'self' https://*.gloat.com https://*.gloat-staging.gloat.com *.teams.microsoft.com teams.microsoft.com *.skype.com; report-uri https://62de4fca90d65793425d9477.endpoint.csper.io?v=28;
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: ed7c7776e1c4cce6b31a080e27c026f6
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 29 Mar 2024 13:38:27 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html
cache-control: public, max-age=14400
permissions-policy: midi=()
cf-ray: 86c9c00c7ffe227d-MIA
expires: Sat, 30 Mar 2024 21:16:55 GMT

GET refresh
eon.gloat-staging.gloat.com/api/auth/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: eon.gloat-staging.gloat.com
URL: https://eon.gloat-staging.gloat.com/api/v1/rbac/permissions

Domain: eon.gloat-staging.gloat.com
URL: https://eon.gloat-staging.gloat.com/api/auth/refresh

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.gloat.com/	1970-01-20 19:30:20	Name: __cf_bm Value: 9UWISNjjZcpujby70dGuTyg_WxPvSy02Sw.T7dOL8rM-1711819012-1.0.1.1-eHEF4KzuW4LOw60yzs5x7YoPGs8bWyn07i5YSp6DsgQyhO57XWeBEH1g0Dk9d7aZEW.Bx7QBcf2QwgzVICbMug
eon.gloat-staging.gloat.com/	1970-01-20 19:40:23	Name: csrftoken Value: dDefMJva9WUH2YeQgwwI8xWOyQSaUumVFGIaoKbZWhL13PqkwLs7HQGoADbblTHg
.gloat-staging.gloat.com/	1970-01-20 19:50:28	Name: eonsessionid Value: l1h7wlebi5hr08ka5jjecuj0w2jv49mq

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://eon.gloat-staging.gloat.com/api/v1/auth/user Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://eon.orgagility.gloat-staging.gloat.com/api/auth/refresh Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

eon.gloat-staging.gloat.com
eon.orgagility.gloat-staging.gloat.com
fonts.googleapis.com
gloat.com
sentry.io
static.innermobility.com
web-common.gloat-staging.gloat.com
eon.gloat-staging.gloat.com
141.193.213.20
172.67.155.109
18.195.228.218
2607:f8b0:4004:c06::5f
3.161.213.95
3.76.92.241
35.186.247.156
08b9cf8a8132e45d54d322e3ed376f4d2114e341da3c0d42fdf6e6db1a02d5c6
2a22705f3879afcfa32183ecbc4eb693dbc5f37a254566283ba9817b397c1bad
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46ce4b49297a7b60d67e831c05370a9b9bfbda619fca005ffba5a03ab632a00f
4bcb85c4b4155b0680b77b107feb69fe927eaa1220a0d4a2598c7a7248d432c7
5ddb60a3228a04a997c272ac84cb0272e44c32c03d0a63dea5b241840e091ab7
8471495ad010cc3989c6c74dfa737a593bc093c504f549589ca4bce8682f792d
aadba00b177a9d3e0dca37a07cce02d673ce1e5d5603b6163da56ae194482156
c2b0e7b6bdaca02a44b6d7f7158a315c593d468c151a2dce07606ae76b9445db
c62f53db271220ca33087210a3e710f44de1c88231e85c08adc181a482a6b586
eecee428f49e56143a4b92e11012fbc7d63cee6eb50d042c12714a27ac072297

eon.gloat-staging.gloat.com Open in urlscan Pro 172.67.155.109 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

91 %HTTPS

14 %IPv6

4 Domains

7 Subdomains

8 IPs

2 Countries

2411 kBTransfer

3281 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

eon.gloat-staging.gloat.com Open in urlscan Pro
172.67.155.109 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

91 %
HTTPS

14 %
IPv6

4
Domains

7
Subdomains

8
IPs

2
Countries

2411 kB
Transfer

3281 kB
Size

3
Cookies

23 HTTP transactions
0 data transactions