sso.group-ib.com Open in urlscan Pro
162.55.211.31 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bt.group-ib.com/api/v2/apt/threat?df=2020-11-01T00:00:00Z&resultId=4b1e301f56af2a48c393eb0eb6226fa5c61a914c226fa...
Effective URL:
https://sso.group-ib.com/
Submission: On June 27 via manual (June 27th 2022, 8:24:10 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 162.55.211.31, located in Germany and belongs to HETZNER-AS, DE. The main domain is sso.group-ib.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 21st 2021. Valid for: a year.

This is the only time sso.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	148.251.221.102 148.251.221.102	24940 (HETZNER-AS) (HETZNER-AS)
1 15	162.55.211.31 162.55.211.31	24940 (HETZNER-AS) (HETZNER-AS)
14	1

2 148.251.221.102 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: bt.group-ib.com

bt.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 162.55.211.31 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.31.211.55.162.clients.your-server.de

sso.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	group-ib.com 3 redirects bt.group-ib.com sso.group-ib.com	1 MB
14	1

	Domain	Requested by
15	sso.group-ib.com	1 redirects sso.group-ib.com
2	bt.group-ib.com	2 redirects
14	2

This site contains links to these domains. Also see Links.

Domain
group-ib.com
go.group-ib.com

Subject Issuer	Validity	Valid
*.group-ib.com Sectigo RSA Domain Validation Secure Server CA	`2021-06-21` - `2022-07-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sso.group-ib.com/
Frame ID: D254DEEC328C6EC984122C3C73B53FC4
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Group-IB Authentication

Page URL History Show full URLs

http://bt.group-ib.com/api/v2/apt/threat?df=2020-11-01T00:00:00Z&resultId=4b1e301f56af2a48c393eb0eb... HTTP 301
https://bt.group-ib.com/api/v2/apt/threat?df=2020-11-01T00:00:00Z&resultId=4b1e301f56af2a48c393eb0eb... HTTP 302
https://sso.group-ib.com/forbidden/ci Page URL
https://sso.group-ib.com/forbidden/ci HTTP 302
http://sso.group-ib.com/ HTTP 307
https://sso.group-ib.com/ Page URL

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

1122 kB
Transfer

2001 kB
Size

11
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://group-ib.com/

Search URL Search Domain Scan URL

URL: https://go.group-ib.com/en-Threat-Intelligence-2-beta
Title: Try demo

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bt.group-ib.com/api/v2/apt/threat?df=2020-11-01T00:00:00Z&resultId=4b1e301f56af2a48c393eb0eb6226fa5c61a914c226fa5c61a914c HTTP 301
https://bt.group-ib.com/api/v2/apt/threat?df=2020-11-01T00:00:00Z&resultId=4b1e301f56af2a48c393eb0eb6226fa5c61a914c226fa5c61a914c HTTP 302
https://sso.group-ib.com/forbidden/ci Page URL
https://sso.group-ib.com/forbidden/ci HTTP 302
http://sso.group-ib.com/ HTTP 307
https://sso.group-ib.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://bt.group-ib.com/api/v2/apt/threat?df=2020-11-01T00:00:00Z&resultId=4b1e301f56af2a48c393eb0eb6226fa5c61a914c226fa5c61a914c HTTP 301
https://bt.group-ib.com/api/v2/apt/threat?df=2020-11-01T00:00:00Z&resultId=4b1e301f56af2a48c393eb0eb6226fa5c61a914c226fa5c61a914c HTTP 302
https://sso.group-ib.com/forbidden/ci

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

403

ci Show response
sso.group-ib.com/forbidden/
Redirect Chain

http://bt.group-ib.com/api/v2/apt/threat?df=2020-11-01T00:00:00Z&resultId=4b1e301f56af2a48c393eb0eb6226fa5c61a914c226fa5c61a914c
https://bt.group-ib.com/api/v2/apt/threat?df=2020-11-01T00:00:00Z&resultId=4b1e301f56af2a48c393eb0eb6226fa5c61a914c226fa5c61a914c
https://sso.group-ib.com/forbidden/ci

265 B
356 B

131ms
23ms

Document
text/html

162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sso.group-ib.com/forbidden/ci
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.31.211.55.162.clients.your-server.de
Software: /
Resource Hash: 2cd3058e95fe4adeea20a4f6bf5e86c0cda41fc8801a044ed8d7e9dd5251d211

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 265
content-type: text/html
date: Mon, 27 Jun 2022 20:24:05 GMT

Redirect headers

Connection: keep-alive
Content-Length: 154
Content-Type: text/html
Date: Mon, 27 Jun 2022 20:24:05 GMT
Location: https://sso.group-ib.com/forbidden/ci
Server: nginx
Strict-Transport-Security: max-age=31536000;
X-Frame-Options: SAMEORIGIN

GET
H2 200 main_114_0da21926_601_1883.js Show response
sso.group-ib.com/js/ 284 KB
108 KB 56ms
56ms Script
application/javascript 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/js/main_114_0da21926_601_1883.js

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/forbidden/ci

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

7d740ca958f7ba50f4b39cc55fc687324e19a4189bbc2a00caaa519b8645683a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sso.group-ib.com/forbidden/ci
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 20 May 2022 13:52:35 GMT
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:05 GMT
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
accept-ranges: bytes

GET
H2 200 idgib-w-sso Show response
sso.group-ib.com/api/fl/ 205 B
628 B 41ms
40ms XHR
application/json 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/api/fl/idgib-w-sso

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/js/main_114_0da21926_601_1883.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

e1093ea867711ddf079c4fbfcf17b19706d7a051932198d1b029933664ead344

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sso.group-ib.com/forbidden/ci
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
x-cfids: -

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:06 GMT
x-download-options: noopen
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
cache-control: no-cache
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
etag: W/"/axOpFLnMneOV1Ng9UPmqJcImo/hQ3fus3bR9n0b7J1SsJxfzqjpkWSb+5Bxbt+GlFxme3GPGi6M0hgDB9cPmhksShyXLRMFWJetXIgKRI5wjuETcuVcLshE7BSplUOwJKelNQ8rkQ5RJACFiVlou/Oy"

POST
H2 200 fl Show response
sso.group-ib.com/api/ 677 B
980 B 96ms
96ms XHR
application/json 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/api/fl?u=0da2192607&mv=2&cfidsgib-w-sso=%2FaxOpFLnMneOV1Ng9UPmqJcImo%2FhQ3fus3bR9n0b7J1SsJxfzqjpkWSb%2B5Bxbt%2BGlFxme3GPGi6M0hgDB9cPmhksShyXLRMFWJetXIgKRI5wjuETcuVcLshE7BSplUOwJKelNQ8rkQ5RJACFiVlou%2FOy

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/js/main_114_0da21926_601_1883.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

365d57cfec02ea1c06b226f312743b863023b9576723c33dc1bff0f48b61e7c7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sso.group-ib.com/forbidden/ci
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:07 GMT
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sso.group-ib.com
cache-control: no-store
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
access-control-allow-credentials: true
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H2

200

Primary Request / Show response
sso.group-ib.com/
Redirect Chain

https://sso.group-ib.com/forbidden/ci
http://sso.group-ib.com/
https://sso.group-ib.com/

3 KB
3 KB

75ms
74ms

Document
text/html

162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/forbidden/ci

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

9f2e2e989026aed734a0b536553faa7d0d612b3c73daed6a99648ef478ec6f4a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

allow: GET
cache-control: max-age=0, must-revalidate, private
content-security-policy: frame-ancestors 'self';
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 20:24:07 GMT
expires: Mon, 27 Jun 2022 20:24:07 GMT
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
referrer-policy: strict-origin-when-cross-origin
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://sso.group-ib.com/
Non-Authoritative-Reason: HSTS

POST
H2 200 fl
sso.group-ib.com/api/ 677 B
687 B 45ms
45ms Ping
application/json 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/api/fl?u=0da2192607&mv=2&cfidsgib-w-sso=kUHlmMRRk%2BfXTf%2FsPXVmWJpSUWjlnuho2ZXCDfmavui%2FMCLBymW8BLT23OBFFWexKfyf%2Bw1BvdD6HqOAJ5WSnkSFntMLOywD9pF%2BIXk5Dgjqc%2F9Zi2albD9IWymcHsoCbfJRxTELQcAnFhCS7FYeFi3KV797lSOnzpD8

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/js/main_114_0da21926_601_1883.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sso.group-ib.com/forbidden/ci
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:07 GMT
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sso.group-ib.com
cache-control: no-store
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
access-control-allow-credentials: true
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H2 200 2.b6be2e87.chunk.css
sso.group-ib.com/static/css/ 62 KB
11 KB 115ms
114ms Stylesheet
text/css 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/static/css/2.b6be2e87.chunk.css

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

995a5441be83acd7d9484da21c54145f346399806025e691c9e2e475b68197c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sso.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 20 May 2022 13:52:35 GMT
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:07 GMT
x-download-options: noopen
vary: Accept-Encoding
content-type: text/css
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
accept-ranges: bytes

GET
H2 200 main.786d6929.chunk.css
sso.group-ib.com/static/css/ 14 KB
4 KB 65ms
64ms Stylesheet
text/css 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/static/css/main.786d6929.chunk.css

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

e7432fa38e30f972d9693411f43037ad3a8237219a9a867d2ddfb1c38bda77f4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sso.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 20 May 2022 13:52:35 GMT
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:07 GMT
x-download-options: noopen
vary: Accept-Encoding
content-type: text/css
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
accept-ranges: bytes

GET
H2 200 main_114_0da21926_601_1883.js Show response
sso.group-ib.com/js/ 284 KB
108 KB 135ms
134ms Script
application/javascript 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/js/main_114_0da21926_601_1883.js

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

cce43ddbcdc363ba5733795500ad08848cb03adc37f5e0e92a0ca5e6d6194a6d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sso.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 20 May 2022 13:52:35 GMT
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:07 GMT
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
accept-ranges: bytes

GET
H2 200 2.1c52216e.chunk.js Show response
sso.group-ib.com/static/js/ 573 KB
195 KB 40ms
40ms Script
application/javascript 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/static/js/2.1c52216e.chunk.js

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

48f5f39b35c51cb06de599ba676fef891c34c734144b68e65d73e83d6198ef1a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sso.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 Jun 2022 14:24:24 GMT
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:07 GMT
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
accept-ranges: bytes

GET
H2 200 main.9e2ca81c.chunk.js Show response
sso.group-ib.com/static/js/ 128 KB
38 KB 42ms
41ms Script
application/javascript 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/static/js/main.9e2ca81c.chunk.js

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

921a442a307a0f8aa3dafa0ac8db36e33bb1b9cb566402237da512a312c64690

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sso.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 Jun 2022 14:24:24 GMT
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:07 GMT
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
accept-ranges: bytes

GET
H2 200 AI.3f16321e.png
sso.group-ib.com/static/media/ 651 KB
652 KB 38ms
37ms Image
image/png 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sso.group-ib.com/static/media/AI.3f16321e.png

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

abb361908f9edb17b690769a4ca5629daa34b65693a6edf326f49c6f2abc1215

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sso.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-length: 666842
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 20 May 2022 13:52:35 GMT
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:07 GMT
x-download-options: noopen
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
etag: "62879d23-a2cda"
accept-ranges: bytes

GET
H2 200 idgib-w-sso Show response
sso.group-ib.com/api/fl/ 217 B
605 B 41ms
41ms XHR
application/json 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/api/fl/idgib-w-sso

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/js/main_114_0da21926_601_1883.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

aa4d375c9fa63bc680163dda12291f84264eb911b2bd204da60f77fac4ac9e69

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Referer: https://sso.group-ib.com/
X-GIB-GSSCgib-w-sso: v4zLXfQoxq8cT8sdyNhpzB/bucTj1tkEtPgz+dwlOWwVJH4vBFZg+yuuunBYnfGzJNx9RajjDhMNF9NMjsVJAAa3hjtZVo0Fj6izURo8vF2phElxu7vJK3KBdw0fvGIPWLvvsf60/ep956hOm2IeS5QfCDY9V4yeb6fFUr2zzfA6WXnfD6P1C+BP0YQeFWAFRkJypArV5txU27tn0c/du6NtFmqQ/9IgED/XBnTlk+lFJDBrUBXyENbkl0WJhg==
accept-language: de-DE,de;q=0.9
X-GIB-FGSSCgib-w-sso: ZWJKd9abab54ead4800e1793b894b90caacf8d90
x-cfids: kUHlmMRRk+fXTf/sPXVmWJpSUWjlnuho2ZXCDfmavui/MCLBymW8BLT23OBFFWexKfyf+w1BvdD6HqOAJ5WSnkSFntMLOywD9pF+IXk5Dgjqc/9Zi2albD9IWymcHsoCbfJRxTELQcAnFhCS7FYeFi3KV797lSOnzpD8

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:07 GMT
x-download-options: noopen
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json; charset=utf-8
cache-control: no-cache
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
etag: W/"5LWqfpd8Jp1zmsGf6NvS9Kfed8vk+oAHK8ctELDraAOUaPBcpdTcdg00Vu9IZB58bd+08lQPz5Q+PhTTzKzcebbBdGj8XdNi3e+G+doGY2GD2yMSd3LFc5QEZ/kCM/ydGWr/zNGYcyQY2gduUXMIt2f0h/BKRoz4cGtn"

POST
H2 200 fl Show response
sso.group-ib.com/api/ 677 B
1 KB 43ms
42ms XHR
application/json 162.55.211.31
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.group-ib.com/api/fl?u=0da2192607&mv=2&cfidsgib-w-sso=5LWqfpd8Jp1zmsGf6NvS9Kfed8vk%2BoAHK8ctELDraAOUaPBcpdTcdg00Vu9IZB58bd%2B08lQPz5Q%2BPhTTzKzcebbBdGj8XdNi3e%2BG%2BdoGY2GD2yMSd3LFc5QEZ%2FkCM%2FydGWr%2FzNGYcyQY2gduUXMIt2f0h%2FBKRoz4cGtn

Requested by

Host: sso.group-ib.com
URL: https://sso.group-ib.com/js/main_114_0da21926_601_1883.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.55.211.31 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.31.211.55.162.clients.your-server.de

Software

istio-envoy /

Resource Hash

334f8240af597ca2c756894921cd743fb120e3096a4544a7cf416f5eebcfaea9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Referer: https://sso.group-ib.com/
X-GIB-GSSCgib-w-sso: v4zLXfQoxq8cT8sdyNhpzB/bucTj1tkEtPgz+dwlOWwVJH4vBFZg+yuuunBYnfGzJNx9RajjDhMNF9NMjsVJAAa3hjtZVo0Fj6izURo8vF2phElxu7vJK3KBdw0fvGIPWLvvsf60/ep956hOm2IeS5QfCDY9V4yeb6fFUr2zzfA6WXnfD6P1C+BP0YQeFWAFRkJypArV5txU27tn0c/du6NtFmqQ/9IgED/XBnTlk+lFJDBrUBXyENbkl0WJhg==
accept-language: de-DE,de;q=0.9
X-GIB-FGSSCgib-w-sso: 6IUDf7a3324fd4d3d1e0fa76a5128ba87cb087b9
Content-Type: text/plain;charset=UTF-8

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
x-dns-prefetch-control: off
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: istio-envoy
x-frame-options: sameorigin
date: Mon, 27 Jun 2022 20:24:08 GMT
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sso.group-ib.com
cache-control: no-store
feature-policy: camera 'none';microphone 'none';geolocation 'none';encrypted-media 'none';payment 'none';speaker 'none';usb 'none';
permissions-policy: camera=(),microphone=(),geolocation=(),encrypted-media=(),payment=(),speaker=(),usb=(),
access-control-allow-credentials: true
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sso.group-ib.com/	1970-01-20 12:51:37	Name: __zzatgib-w-sso Value: MDA0dBA=Fz2+aQ==
.group-ib.com/	1970-01-20 12:51:37	Name: __zzatgib-w-sso Value: MDA0dBA=Fz2+aQ==
sso.group-ib.com/	1970-01-20 04:06:01	Name: gssc114 Value:
sso.group-ib.com/	1970-01-20 04:07:27	Name: PHPSESSID Value: 77edab701877a6656eec6b7a087d6403
sso.group-ib.com/	1970-01-20 12:51:37	Name: cfidsgib-w-sso Value: +k4ddXabNrhM/nRwKlQ3yKZuyRvi6Az9uVqZ9UC03HKr4aJaZIc0OQcLFvn4InwaUwacs2PUxqbKEiZg5NmehOnZrNUh1zvsoqFSEYcgC2VRM90Z0Z1tbAxneMQjjEU39qYqnGGNO4S5VaE0zCmkOGeZKfmsbP10tFpc
.sso.group-ib.com/	1970-01-20 12:51:37	Name: cfidsgib-w-sso Value: +k4ddXabNrhM/nRwKlQ3yKZuyRvi6Az9uVqZ9UC03HKr4aJaZIc0OQcLFvn4InwaUwacs2PUxqbKEiZg5NmehOnZrNUh1zvsoqFSEYcgC2VRM90Z0Z1tbAxneMQjjEU39qYqnGGNO4S5VaE0zCmkOGeZKfmsbP10tFpc
.group-ib.com/	1970-01-20 12:51:37	Name: cfidsgib-w-sso Value: +k4ddXabNrhM/nRwKlQ3yKZuyRvi6Az9uVqZ9UC03HKr4aJaZIc0OQcLFvn4InwaUwacs2PUxqbKEiZg5NmehOnZrNUh1zvsoqFSEYcgC2VRM90Z0Z1tbAxneMQjjEU39qYqnGGNO4S5VaE0zCmkOGeZKfmsbP10tFpc
.sso.group-ib.com/	1970-01-20 12:51:37	Name: gsscgib-w-sso Value: pcKy4PpjXfld6DS+g6L6CKzT1JLliiQe+fV7AKX0GLwuGbUwLdWgRs87oZsoaQ60kV1A4TnEjS2TTMXmvD8wmSavNzCQhsqSknL8oQzxMmTainL/AsRaqKxMmzRY3ybY2H6TDc3qozn/byQArZkZj9bYaWpnBjXZG4RV8OZOWqc2ONAiFjsag24IgGl4+00GYxeWR9kMHhsFdq1mXpSi0fAocbJJv9nYIA14ssr/4aFBmAZddn6AFmYDdC+Tbg==
.group-ib.com/	1970-01-20 12:51:37	Name: gsscgib-w-sso Value: pcKy4PpjXfld6DS+g6L6CKzT1JLliiQe+fV7AKX0GLwuGbUwLdWgRs87oZsoaQ60kV1A4TnEjS2TTMXmvD8wmSavNzCQhsqSknL8oQzxMmTainL/AsRaqKxMmzRY3ybY2H6TDc3qozn/byQArZkZj9bYaWpnBjXZG4RV8OZOWqc2ONAiFjsag24IgGl4+00GYxeWR9kMHhsFdq1mXpSi0fAocbJJv9nYIA14ssr/4aFBmAZddn6AFmYDdC+Tbg==
.sso.group-ib.com/	1970-01-20 12:51:37	Name: fgsscgib-w-sso Value: LMFY36b6c99d1cb063d9819c8c3fa3411688a92d
.group-ib.com/	1970-01-20 12:51:37	Name: fgsscgib-w-sso Value: LMFY36b6c99d1cb063d9819c8c3fa3411688a92d

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sso.group-ib.com/forbidden/ci Message: Failed to load resource: the server responded with a status of 403 ()
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security	error	Message: Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bt.group-ib.com
sso.group-ib.com
148.251.221.102
162.55.211.31
2cd3058e95fe4adeea20a4f6bf5e86c0cda41fc8801a044ed8d7e9dd5251d211
334f8240af597ca2c756894921cd743fb120e3096a4544a7cf416f5eebcfaea9
365d57cfec02ea1c06b226f312743b863023b9576723c33dc1bff0f48b61e7c7
48f5f39b35c51cb06de599ba676fef891c34c734144b68e65d73e83d6198ef1a
7d740ca958f7ba50f4b39cc55fc687324e19a4189bbc2a00caaa519b8645683a
921a442a307a0f8aa3dafa0ac8db36e33bb1b9cb566402237da512a312c64690
995a5441be83acd7d9484da21c54145f346399806025e691c9e2e475b68197c6
9f2e2e989026aed734a0b536553faa7d0d612b3c73daed6a99648ef478ec6f4a
aa4d375c9fa63bc680163dda12291f84264eb911b2bd204da60f77fac4ac9e69
abb361908f9edb17b690769a4ca5629daa34b65693a6edf326f49c6f2abc1215
cce43ddbcdc363ba5733795500ad08848cb03adc37f5e0e92a0ca5e6d6194a6d
e1093ea867711ddf079c4fbfcf17b19706d7a051932198d1b029933664ead344
e7432fa38e30f972d9693411f43037ad3a8237219a9a867d2ddfb1c38bda77f4

sso.group-ib.com Open in urlscan Pro 162.55.211.31 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

1 IPs

1 Countries

1122 kBTransfer

2001 kBSize

11 Cookies

2 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

11 Cookies

3 Console Messages

Indicators

sso.group-ib.com Open in urlscan Pro
162.55.211.31 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

1122 kB
Transfer

2001 kB
Size

11
Cookies

14 HTTP transactions
0 data transactions