oav-worklife.io Open in urlscan Pro
13.37.187.221 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://oav-worklife.io/login
Submission: On June 01 via manual (June 1st 2024, 7:58:14 am UTC) from FR — Scanned from FR

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 22 HTTP transactions. The main IP is 13.37.187.221, located in Paris, France and belongs to AMAZON-02, US. The main domain is oav-worklife.io.
TLS certificate: Issued by Amazon RSA 2048 M02 on May 21st 2024. Valid for: a year.

This is the only time oav-worklife.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	13.37.187.221 13.37.187.221	16509 (AMAZON-02) (AMAZON-02)
1	54.230.228.97 54.230.228.97	16509 (AMAZON-02) (AMAZON-02)
22	2

21 13.37.187.221 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

oav-worklife.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.228.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-97.muc50.r.cloudfront.net

assets.worklife.care	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	oav-worklife.io oav-worklife.io	879 KB
1	worklife.care assets.worklife.care	39 KB
22	2

	Domain	Requested by
21	oav-worklife.io	oav-worklife.io
1	assets.worklife.care	oav-worklife.io
22	2

This site contains no links.

Subject Issuer	Validity	Valid
oav-worklife.io Amazon RSA 2048 M02	`2024-05-21` - `2025-06-19`	a year	crt.sh
*.worklife.care Amazon RSA 2048 M01	`2023-09-11` - `2024-10-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://oav-worklife.io/login
Frame ID: 67EE3C33869CCB351B808433A69612D4
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Project ECHO

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

918 kB
Transfer

898 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login Show response
oav-worklife.io/ 4 KB
5 KB 98ms
29ms Document
text/html 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

dcfa4bbe10cc6e75137b3c09899b7dc4bd03a48adf9b8950272f00d67a1ad447

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
content-length: 3745
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
content-type: text/html
date: Sat, 01 Jun 2024 07:58:09 GMT
etag: "664c7ec7-ea1"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
last-modified: Tue, 21 May 2024 11:00:23 GMT
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
permissions-policy: geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 index-CxesLhCy.js Show response
oav-worklife.io/assets/ 587 KB
589 KB 30ms
30ms Script
application/javascript 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/index-CxesLhCy.js

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

f32148f33c3205cd15c75834f1a74365cdbe29b6b633a82c176751ca2f7659dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/login
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:09 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 600985
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-92b99"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: application/javascript
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 index-w6r3FORt.css
oav-worklife.io/assets/ 21 KB
22 KB 82ms
82ms Stylesheet
text/css 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/index-w6r3FORt.css

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

6d11178ec6dce6bd4e1dfa0295f03a94692fa66c3ba13af00addeba511dd6619

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/login
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:09 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 21952
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-55c0"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: text/css
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 en.json Show response
assets.worklife.care/messages/echo-web/ 39 KB
39 KB 311ms
139ms Fetch
application/json 54.230.228.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.worklife.care/messages/echo-web/en.json
Requested by: Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.228.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-228-97.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf1cc9639ff6777db90050d54dd79410d435d83720495445e6fcc8833ee37830

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:11 GMT
via: 1.1 1457b39f2ccd71582289928342a87178.cloudfront.net (CloudFront)
last-modified: Mon, 27 May 2024 17:06:03 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P5
x-amz-server-side-encryption: AES256
etag: "cd3b8f1b15abae9dd9add51cf631fa7b"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
content-length: 39612
x-amz-cf-id: ByjOK9qHYl4WAKaZ2Gv-AxYOkMouWAAoeWTjBKraPC6NNuA10YOC7A==

GET
H2 200 NoAuthLayout-A36GYLGs.js Show response
oav-worklife.io/assets/ 727 B
2 KB 32ms
32ms Script
application/javascript 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/NoAuthLayout-A36GYLGs.js

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

5ee7037893d39e31f609056ff4b8e6ac9e8355959b07740ebd1e5070265b69d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 727
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-2d7"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: application/javascript
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 NoAuthLayout-DziM-jHF.css
oav-worklife.io/assets/ 837 B
2 KB 28ms
28ms Stylesheet
text/css 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/NoAuthLayout-DziM-jHF.css

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

609d834d186893cb938748a4477cb4836a294c0f85a0a6e09444c96e7220dc92

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/login
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 837
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-345"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: text/css
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 favicon.svg
oav-worklife.io/ 926 B
1 KB 31ms
31ms Other
image/svg+xml 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/favicon.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

b69acc62c78a57b7f35ba98b367cb3e168afee85fa8ec01b31865a11f33f225f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/login
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 May 2024 11:00:21 GMT
etag: "664c7ec5-39e"
content-type: image/svg+xml
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 926
expires: Mon, 01 Jul 2024 07:58:10 GMT

GET
H2 200 LoginPage-C_D3s5q3.js Show response
oav-worklife.io/assets/ 2 KB
3 KB 29ms
28ms Script
application/javascript 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/LoginPage-C_D3s5q3.js

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

76d54ca796657fbfb92e3eb3356e72ac5090367758b1a706190bdd8ea05ceb88

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 2053
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-805"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: application/javascript
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 index-CAA3TLpN.js Show response
oav-worklife.io/assets/ 78 KB
79 KB 35ms
34ms Script
application/javascript 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/index-CAA3TLpN.js

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

19bfc9fe906384d6948ed0d13c58b74d9efc808e459da6f668a216b5314b8c36

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 79428
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-13644"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: application/javascript
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 ControlledFieldText-CnnPtqUA.js Show response
oav-worklife.io/assets/ 825 B
2 KB 42ms
40ms Script
application/javascript 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/ControlledFieldText-CnnPtqUA.js

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

9d471bea5f43d58bc475a953b1fc95f0c3937b9bc64307938beb7face6d3c86b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 825
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-339"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: application/javascript
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 ControlledFieldPassword-06kDS_ux.js Show response
oav-worklife.io/assets/ 1 KB
2 KB 30ms
29ms Script
application/javascript 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/ControlledFieldPassword-06kDS_ux.js

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

d73b9a9bd3d66f9f878244baf89d6d3783151f7b885ba84ab0f53dda8b12a85f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 1229
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-4cd"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: application/javascript
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 ControlledFieldPassword-DrRFN2gN.css
oav-worklife.io/assets/ 257 B
1 KB 34ms
33ms Stylesheet
text/css 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/ControlledFieldPassword-DrRFN2gN.css

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

064cc561b398deb69949d7695203b43887256268e3e4f7b3dbaee376938d9268

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/login
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 257
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-101"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: text/css
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 Button-BwyPNtqZ.js Show response
oav-worklife.io/assets/ 662 B
2 KB 32ms
31ms Script
application/javascript 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/Button-BwyPNtqZ.js

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

e79aa5fc06aae7d103322a736714dfd86b737cfaabb858ae8e37c8f4e6ea3157

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 662
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-296"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: application/javascript
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 Button-CFzd8qp_.css
oav-worklife.io/assets/ 2 KB
3 KB 33ms
32ms Stylesheet
text/css 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/Button-CFzd8qp_.css

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

09443849e8a1a785fad59fb576e3748b5300eccae883cda514181e8411188b63

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/login
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 1841
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-731"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: text/css
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 useMutation-DAgEa6F3.js Show response
oav-worklife.io/assets/ 2 KB
3 KB 31ms
30ms Script
application/javascript 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/useMutation-DAgEa6F3.js

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

e90163e66ed467b4ac8cac8714814f56734ba5f9a6df4dcdb4026344011f71c2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 1762
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-6e2"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: application/javascript
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 LoginPage-CzcpUGze.css
oav-worklife.io/assets/ 82 B
1 KB 29ms
28ms Stylesheet
text/css 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/LoginPage-CzcpUGze.css

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

8abe5f1567fdcd10a1e61099120f41ab00c29b382d48baf1b51df31db80fd401

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/login
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 82
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-52"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: text/css
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 credit-agricole-logo.png
oav-worklife.io/images/ 60 KB
61 KB 34ms
34ms Image
image/png 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://oav-worklife.io/images/credit-agricole-logo.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

e9a151502c2a8db18acf35eeb2e11633a7aebbf86a57cd9c84d224819ff12f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/login
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 May 2024 11:00:21 GMT
etag: "664c7ec5-f14e"
content-type: image/png
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 61774
expires: Mon, 01 Jul 2024 07:58:10 GMT

GET
H2 200 eye-filled-DmpUDL2j.js Show response
oav-worklife.io/assets/ 515 B
1 KB 30ms
29ms Script
application/javascript 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/assets/eye-filled-DmpUDL2j.js

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-CxesLhCy.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

24f9555163121e9fc1b7087f6e6c11493a204ab7a63037cf7a98d69e2921669e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/assets/index-CxesLhCy.js
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 515
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:23 GMT
etag: "664c7ec7-203"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: application/javascript
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 Satoshi-Regular.woff2
oav-worklife.io/fonts/satoshi/ 25 KB
26 KB 33ms
32ms Font
font/woff2 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/fonts/satoshi/Satoshi-Regular.woff2

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-w6r3FORt.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

50dca57f0b77918e0fb7dac998c3f5ef6b0c2a29657da97658a04f98ac532fc5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/assets/index-w6r3FORt.css
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 25516
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:21 GMT
etag: "664c7ec5-63ac"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: font/woff2
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 Satoshi-Black.woff2
oav-worklife.io/fonts/satoshi/ 23 KB
24 KB 35ms
35ms Font
font/woff2 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/fonts/satoshi/Satoshi-Black.woff2

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-w6r3FORt.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

bd11b5820231420e78046c611aebdd628dc17ad67788258ffe3fe902253efd3b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/assets/index-w6r3FORt.css
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 23484
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:21 GMT
etag: "664c7ec5-5bbc"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: font/woff2
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 Satoshi-Medium.woff2
oav-worklife.io/fonts/satoshi/ 25 KB
26 KB 38ms
38ms Font
font/woff2 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/fonts/satoshi/Satoshi-Medium.woff2

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-w6r3FORt.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

af02a72246f53ad49c44a591921edbd39ec8258a03d8cc2e0532aa1e497e85b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/assets/index-w6r3FORt.css
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 25596
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:21 GMT
etag: "664c7ec5-63fc"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: font/woff2
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

GET
H2 200 Satoshi-Bold.woff2
oav-worklife.io/fonts/satoshi/ 25 KB
26 KB 31ms
31ms Font
font/woff2 13.37.187.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://oav-worklife.io/fonts/satoshi/Satoshi-Bold.woff2

Requested by

Host: oav-worklife.io
URL: https://oav-worklife.io/assets/index-w6r3FORt.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.37.187.221 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-37-187-221.eu-west-3.compute.amazonaws.com

Software

Resource Hash

353a7fbfb4475f0c31470a7449226006cb64211c71055ca9db860a8acdaa9f68

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://oav-worklife.io/assets/index-w6r3FORt.css
Origin: https://oav-worklife.io
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 07:58:10 GMT
content-security-policy: default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.hotjar.com https://*.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
nel: {"report_to":"default","max_age":2592000,"include_subdomains":false}
content-length: 25328
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 21 May 2024 11:00:21 GMT
etag: "664c7ec5-62f0"
expect-ct: max-age=0, report-uri="https://worklife.report-uri.com/r/d/ct/reportOnly"
x-frame-options: DENY
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://worklife.report-uri.com/a/d/g"}],"include_subdomains":false}
content-type: font/woff2
permissions-policy: geolocation=(), microphone=()
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| __reactRouterVersion object| __SENTRY__

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://oav-worklife.io/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://.hotjar.com https://.hotjar.io https://js.appboycdn.com https://cdn.segment.com https://*.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; report-uri https://worklife.report-uri.com/r/d/csp/enforce;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.worklife.care
oav-worklife.io
13.37.187.221
54.230.228.97
064cc561b398deb69949d7695203b43887256268e3e4f7b3dbaee376938d9268
09443849e8a1a785fad59fb576e3748b5300eccae883cda514181e8411188b63
19bfc9fe906384d6948ed0d13c58b74d9efc808e459da6f668a216b5314b8c36
24f9555163121e9fc1b7087f6e6c11493a204ab7a63037cf7a98d69e2921669e
353a7fbfb4475f0c31470a7449226006cb64211c71055ca9db860a8acdaa9f68
50dca57f0b77918e0fb7dac998c3f5ef6b0c2a29657da97658a04f98ac532fc5
5ee7037893d39e31f609056ff4b8e6ac9e8355959b07740ebd1e5070265b69d4
609d834d186893cb938748a4477cb4836a294c0f85a0a6e09444c96e7220dc92
6d11178ec6dce6bd4e1dfa0295f03a94692fa66c3ba13af00addeba511dd6619
76d54ca796657fbfb92e3eb3356e72ac5090367758b1a706190bdd8ea05ceb88
8abe5f1567fdcd10a1e61099120f41ab00c29b382d48baf1b51df31db80fd401
9d471bea5f43d58bc475a953b1fc95f0c3937b9bc64307938beb7face6d3c86b
af02a72246f53ad49c44a591921edbd39ec8258a03d8cc2e0532aa1e497e85b4
b69acc62c78a57b7f35ba98b367cb3e168afee85fa8ec01b31865a11f33f225f
bd11b5820231420e78046c611aebdd628dc17ad67788258ffe3fe902253efd3b
cf1cc9639ff6777db90050d54dd79410d435d83720495445e6fcc8833ee37830
d73b9a9bd3d66f9f878244baf89d6d3783151f7b885ba84ab0f53dda8b12a85f
dcfa4bbe10cc6e75137b3c09899b7dc4bd03a48adf9b8950272f00d67a1ad447
e79aa5fc06aae7d103322a736714dfd86b737cfaabb858ae8e37c8f4e6ea3157
e90163e66ed467b4ac8cac8714814f56734ba5f9a6df4dcdb4026344011f71c2
e9a151502c2a8db18acf35eeb2e11633a7aebbf86a57cd9c84d224819ff12f9f
f32148f33c3205cd15c75834f1a74365cdbe29b6b633a82c176751ca2f7659dc

oav-worklife.io Open in urlscan Pro 13.37.187.221 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

22 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

918 kBTransfer

898 kBSize

0 Cookies

0 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

oav-worklife.io Open in urlscan Pro
13.37.187.221 Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

918 kB
Transfer

898 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions