sso.copilotab.com Open in urlscan Pro
35.214.179.121 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://sso.copilotab.com/
Effective URL:
https://sso.copilotab.com/unknown-session
Submission: On July 16 via api (July 16th 2024, 8:44:57 am UTC) from US — Scanned from NL

Summary HTTP 8 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 35.214.179.121, located in Groningen, Netherlands and belongs to GOOGLE, US. The main domain is sso.copilotab.com.
TLS certificate: Issued by R10 on July 16th 2024. Valid for: 3 months.

This is the only time sso.copilotab.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 9	35.214.179.121 35.214.179.121		15169 (GOOGLE) (GOOGLE)
8	1

9 35.214.179.121 (Groningen, Netherlands) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 121.179.214.35.bc.googleusercontent.com

sso.copilotab.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	copilotab.com 1 redirects sso.copilotab.com	284 KB
8	1

	Domain	Requested by
9	sso.copilotab.com	1 redirects sso.copilotab.com
8	1

This site contains links to these domains. Also see Links.

Domain
logto.io

Subject Issuer	Validity	Valid
sso.copilotab.com R10	`2024-07-16` - `2024-10-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sso.copilotab.com/unknown-session
Frame ID: 64CAC66E123F9157053B72C6F7E44FAC
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404 Not Found

Page URL History Show full URLs

https://sso.copilotab.com/ HTTP 302
https://sso.copilotab.com/unknown-session Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

283 kB
Transfer

1222 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://logto.io/?utm_source=sign_in&utm_medium=powered_by
Title: Powered by

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sso.copilotab.com/ HTTP 302
https://sso.copilotab.com/unknown-session Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request unknown-session Show response
sso.copilotab.com/
Redirect Chain

https://sso.copilotab.com/
https://sso.copilotab.com/unknown-session

909 B
492 B

156ms
156ms

Document
text/html

35.214.179.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.copilotab.com/unknown-session

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.214.179.121 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

121.179.214.35.bc.googleusercontent.com

Software

railway-edge /

Resource Hash

55a73c4bf066edf2dee9544d23c077fe095b3d324d3b8bb2dce66a5782cb7e48

Security Headers

Name	Value
Content-Security-Policy	img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: br
content-length: 355
content-security-policy: img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jul 2024 08:44:51 GMT
last-modified: Sat, 06 Jul 2024 02:35:47 GMT
logto-core-request-id: jf9MYQqfYNtTp5f7
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
server: railway-edge
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: UzwCkdw3Sy2aPMSO44Hplw_2823689937
x-xss-protection: 0

Redirect headers

content-length: 113
content-security-policy: img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jul 2024 08:44:51 GMT
location: https://sso.copilotab.com/unknown-session
logto-core-request-id: lc8VNUr0YckF5oHa
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
server: railway-edge
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: rIP9naoDRampeYz_a6IKYA_2823689937
x-xss-protection: 0

GET
H2 200 index.767b9897.css
sso.copilotab.com/ 43 KB
7 KB 294ms
294ms Stylesheet
text/css 35.214.179.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.copilotab.com/index.767b9897.css

Requested by

Host: sso.copilotab.com
URL: https://sso.copilotab.com/unknown-session

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.214.179.121 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

121.179.214.35.bc.googleusercontent.com

Software

railway-edge /

Resource Hash

3898b8fe2c3bb29a66081ff4bad561da07f1db1d05ba66096df39c675d6b3e96

Security Headers

Name	Value
Content-Security-Policy	img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sso.copilotab.com/unknown-session
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
content-encoding: br
x-content-type-options: nosniff
date: Tue, 16 Jul 2024 08:44:51 GMT
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
logto-core-request-id: DGNIFBeBpXbnVfhZ
cross-origin-resource-policy: cross-origin
content-length: 6657
x-xss-protection: 0
x-request-id: 78Wt1ZK4QQ6eFNFp09HxQg_2823689937
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 06 Jul 2024 02:35:47 GMT
server: railway-edge
x-download-options: noopen
vary: Accept-Encoding
content-type: text/css; charset=utf-8
origin-agent-cluster: ?1
cache-control: max-age=604800

GET
H2 200 index.d15f4be8.js Show response
sso.copilotab.com/ 1 KB
643 B 292ms
292ms Script
application/javascript 35.214.179.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.copilotab.com/index.d15f4be8.js

Requested by

Host: sso.copilotab.com
URL: https://sso.copilotab.com/unknown-session

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.214.179.121 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

121.179.214.35.bc.googleusercontent.com

Software

railway-edge /

Resource Hash

3c3fc5fc340766b86342718d074ed0f55f808a8f90d450b0e81190f0fb7442a7

Security Headers

Name	Value
Content-Security-Policy	img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sso.copilotab.com/unknown-session
Origin: https://sso.copilotab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
content-encoding: br
x-content-type-options: nosniff
date: Tue, 16 Jul 2024 08:44:51 GMT
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
logto-core-request-id: ECi2w7hwUjCwSVcV
cross-origin-resource-policy: cross-origin
content-length: 557
x-xss-protection: 0
x-request-id: CWWdSqXMSSKdZTXyBrFP8g_2823689937
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 06 Jul 2024 02:35:47 GMT
server: railway-edge
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
origin-agent-cluster: ?1
cache-control: max-age=604800

GET
H2 200 index.84fba2ba.js Show response
sso.copilotab.com/ 1 MB
270 KB 157ms
157ms Script
application/javascript 35.214.179.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.copilotab.com/index.84fba2ba.js

Requested by

Host: sso.copilotab.com
URL: https://sso.copilotab.com/unknown-session

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.214.179.121 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

121.179.214.35.bc.googleusercontent.com

Software

railway-edge /

Resource Hash

2154a7e4b74ea12525fbf7c3dcfd2095f2f72b7b10265fde1bc3269cd192da39

Security Headers

Name	Value
Content-Security-Policy	img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sso.copilotab.com/unknown-session
Origin: https://sso.copilotab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
content-encoding: br
x-content-type-options: nosniff
date: Tue, 16 Jul 2024 08:44:51 GMT
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
logto-core-request-id: hQhMNhGhXOQc_da2
cross-origin-resource-policy: cross-origin
content-length: 275892
x-xss-protection: 0
x-request-id: RlvNG6y2QMq9QP9GHUkjHA_2823689937
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 06 Jul 2024 02:35:49 GMT
server: railway-edge
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
origin-agent-cluster: ?1
cache-control: max-age=604800

GET
H2 200 sign-in-exp
sso.copilotab.com/api/.well-known/ 3 KB
2 KB 194ms
194ms Other
application/json 35.214.179.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.copilotab.com/api/.well-known/sign-in-exp

Requested by

Host: sso.copilotab.com
URL: https://sso.copilotab.com/unknown-session

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.214.179.121 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

121.179.214.35.bc.googleusercontent.com

Software

railway-edge /

Resource Hash

5de3719f18218b157eecb87b936f2e8cf4c5686335eea94f7639c6e9f460e71e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sso.copilotab.com/unknown-session
Origin: https://sso.copilotab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 16 Jul 2024 08:44:52 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
logto-core-request-id: Y_O3a--FQ4OJDXcL
cross-origin-resource-policy: same-origin
x-xss-protection: 0
x-request-id: kSDPQEJWSNGNUxnpJRPgUw_2823689937
referrer-policy: strict-origin-when-cross-origin
server: railway-edge
etag: "c1f-SDB87dxNzCGWFpUjWHpG2KB9cJk"
x-download-options: noopen
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
origin-agent-cluster: ?1

GET
H2 200 phrases
sso.copilotab.com/api/.well-known/ 11 KB
3 KB 229ms
229ms Other
application/json 35.214.179.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.copilotab.com/api/.well-known/phrases

Requested by

Host: sso.copilotab.com
URL: https://sso.copilotab.com/unknown-session

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.214.179.121 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

121.179.214.35.bc.googleusercontent.com

Software

railway-edge /

Resource Hash

13f33638d981080c5cc89f4a1bcfeb779b3e7f41e2557bb3a8b147f29b2c54a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sso.copilotab.com/unknown-session
Origin: https://sso.copilotab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 16 Jul 2024 08:44:52 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
logto-core-request-id: Z0BVi-M1hEF1Tff4
cross-origin-resource-policy: same-origin
x-xss-protection: 0
x-request-id: jNTJWykvTHaecX7ghfjGdA_2823689937
referrer-policy: strict-origin-when-cross-origin
server: railway-edge
etag: "2b3d-ypmUdbX/AwS+rrP5yLhaRicvSQI"
x-download-options: noopen
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-language: en
content-type: application/json; charset=utf-8
origin-agent-cluster: ?1

GET
H2 200 favicon.ico
sso.copilotab.com/ 909 B
436 B 203ms
193ms Other
text/html 35.214.179.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.copilotab.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.214.179.121 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

121.179.214.35.bc.googleusercontent.com

Software

railway-edge /

Resource Hash

55a73c4bf066edf2dee9544d23c077fe095b3d324d3b8bb2dce66a5782cb7e48

Security Headers

Name	Value
Content-Security-Policy	img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sso.copilotab.com/unknown-session
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
content-encoding: br
x-content-type-options: nosniff
date: Tue, 16 Jul 2024 08:44:52 GMT
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
logto-core-request-id: uIP0_hXSH5AOIV1h
cross-origin-resource-policy: cross-origin
content-length: 355
x-xss-protection: 0
x-request-id: u9tH4zEoRGiHOWdwGGvEVg_2823689937
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 06 Jul 2024 02:35:47 GMT
server: railway-edge
x-download-options: noopen
vary: Accept-Encoding
content-type: text/html; charset=utf-8
origin-agent-cluster: ?1
cache-control: no-cache, no-store, must-revalidate

GET
H2 200 favicon.561cee98.png
sso.copilotab.com/ 569 B
684 B 176ms
174ms Other
image/png 35.214.179.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.copilotab.com/favicon.561cee98.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.214.179.121 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

121.179.214.35.bc.googleusercontent.com

Software

railway-edge /

Resource Hash

799c9c09d3c464d3705e0bbb93489dabe13b10f9f55b57ac9afed7daaac669c3

Security Headers

Name	Value
Content-Security-Policy	img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sso.copilotab.com/unknown-session
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
date: Tue, 16 Jul 2024 08:44:52 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
logto-core-request-id: T2dOMNdbheeyiK3J
cross-origin-resource-policy: cross-origin
content-length: 569
x-xss-protection: 0
x-request-id: 5Oiog1xBS7iOnYCCE4KOww_2823689937
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 06 Jul 2024 02:35:44 GMT
server: railway-edge
x-download-options: noopen
vary: Accept-Encoding
content-type: image/png
origin-agent-cluster: ?1
cache-control: max-age=604800

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| parcelRequire2d52 function| clearImmediate function| setImmediate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client;connect-src 'self' https://accounts.google.com/gsi/ https://sso.copilotab.com;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'self' http://localhost:3002 https://sso-admin.copilotab.com;default-src 'self' https://accounts.google.com/gsi/;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sso.copilotab.com
35.214.179.121
13f33638d981080c5cc89f4a1bcfeb779b3e7f41e2557bb3a8b147f29b2c54a3
2154a7e4b74ea12525fbf7c3dcfd2095f2f72b7b10265fde1bc3269cd192da39
3898b8fe2c3bb29a66081ff4bad561da07f1db1d05ba66096df39c675d6b3e96
3c3fc5fc340766b86342718d074ed0f55f808a8f90d450b0e81190f0fb7442a7
55a73c4bf066edf2dee9544d23c077fe095b3d324d3b8bb2dce66a5782cb7e48
5de3719f18218b157eecb87b936f2e8cf4c5686335eea94f7639c6e9f460e71e
799c9c09d3c464d3705e0bbb93489dabe13b10f9f55b57ac9afed7daaac669c3

sso.copilotab.com Open in urlscan Pro 35.214.179.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

283 kBTransfer

1222 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

sso.copilotab.com Open in urlscan Pro
35.214.179.121 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

283 kB
Transfer

1222 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions