sso.group-ib.com
Open in
urlscan Pro
162.55.215.75
Public Scan
Effective URL: https://sso.group-ib.com/?redirect_uri=https%3A%2F%2Fsso.group-ib.com%2Foauth%2Fv2%2Fauth%3Fback%3Dhttps%253A%252F%252Fta...
Submission: On November 28 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 1st 2024. Valid for: a year.
This is the only time sso.group-ib.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 13 | 162.55.215.75 162.55.215.75 | 24940 (HETZNER-A...) (HETZNER-AS Hetzner Online GmbH) | |
10 | 1 |
ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: static.75.215.55.162.clients.your-server.de
tap.group-ib.com | |
sso.group-ib.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
group-ib.com
3 redirects
tap.group-ib.com — Cisco Umbrella Rank: 917644 sso.group-ib.com |
1 MB |
10 | 1 |
Domain | Requested by | |
---|---|---|
11 | sso.group-ib.com |
1 redirects
sso.group-ib.com
|
2 | tap.group-ib.com | 2 redirects |
10 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
group-ib.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.group-ib.com Sectigo RSA Domain Validation Secure Server CA |
2024-07-01 - 2025-07-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sso.group-ib.com/?redirect_uri=https%3A%2F%2Fsso.group-ib.com%2Foauth%2Fv2%2Fauth%3Fback%3Dhttps%253A%252F%252Ftap.group-ib.com%252F%253F_ac%253D1%26state%3D5387d7ebf1d6c02cc09fb80e15eef2f9%26scope%3Dapp%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Ftap.group-ib.com%252Fapi%252Fv2%252Fweb%252Fauth%252Fsso%252Fcheck%26client_id%3D737ca8c8102751d42b4dba0c13ca2bb418ba14a7%26back%3Dhttps%253A%252F%252Ftap.group-ib.com%252F%253F_ac%253D1
Frame ID: 035A5241D64938DD50BEA279ECDC6374
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Group-IB AuthenticationPage URL History Show full URLs
-
https://tap.group-ib.com/
HTTP 302
https://tap.group-ib.com/api/v2/web/auth/sso?back=https://tap.group-ib.com/?_ac%3D1 HTTP 302
https://sso.group-ib.com/oauth/v2/auth?back=https%3A%2F%2Ftap.group-ib.com%2F%3F_ac%3D1&state=5387d7e... HTTP 302
https://sso.group-ib.com/?redirect_uri=https%3A%2F%2Fsso.group-ib.com%2Foauth%2Fv2%2Fauth%3Fback%3Dht... Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tap.group-ib.com/
HTTP 302
https://tap.group-ib.com/api/v2/web/auth/sso?back=https://tap.group-ib.com/?_ac%3D1 HTTP 302
https://sso.group-ib.com/oauth/v2/auth?back=https%3A%2F%2Ftap.group-ib.com%2F%3F_ac%3D1&state=5387d7ebf1d6c02cc09fb80e15eef2f9&scope=app&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Ftap.group-ib.com%2Fapi%2Fv2%2Fweb%2Fauth%2Fsso%2Fcheck&client_id=737ca8c8102751d42b4dba0c13ca2bb418ba14a7 HTTP 302
https://sso.group-ib.com/?redirect_uri=https%3A%2F%2Fsso.group-ib.com%2Foauth%2Fv2%2Fauth%3Fback%3Dhttps%253A%252F%252Ftap.group-ib.com%252F%253F_ac%253D1%26state%3D5387d7ebf1d6c02cc09fb80e15eef2f9%26scope%3Dapp%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Ftap.group-ib.com%252Fapi%252Fv2%252Fweb%252Fauth%252Fsso%252Fcheck%26client_id%3D737ca8c8102751d42b4dba0c13ca2bb418ba14a7%26back%3Dhttps%253A%252F%252Ftap.group-ib.com%252F%253F_ac%253D1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sso.group-ib.com/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.030dffe5.chunk.css
sso.group-ib.com/static/css/ |
62 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6062f7ba.chunk.css
sso.group-ib.com/static/css/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
02208d50-3388-11ed-99bf-b679f56265da.js
sso.group-ib.com/js/ |
284 KB 107 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.c70052ea.chunk.js
sso.group-ib.com/static/js/ |
599 KB 203 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.d65ac726.chunk.js
sso.group-ib.com/static/js/ |
152 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AI.3f16321e.png
sso.group-ib.com/static/media/ |
651 KB 652 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
idgib-w-sso
sso.group-ib.com/api/fl/ |
205 B 616 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
sso.group-ib.com/static/ |
279 KB 279 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
fl
sso.group-ib.com/api/ |
669 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| GIB function| evCustomInit boolean| __490b4151545cea713cb1b1346e7edd3b__ function| gibSetAttribute function| gibSetAttributeCallback function| gibRemoveAttribute function| gibHash function| gibEncrypt object| gib string| __guc__1.0.0 object| webpackJsonpgib-sso-login object| regeneratorRuntime number| 2f1acc6c3a606b082e5eef5e54414ffb12 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
tap.group-ib.com/ | Name: PHPSESSID Value: 588ad25240f97d6890fe5da15639ec85 |
|
sso.group-ib.com/ | Name: PHPSESSID Value: f9490f599e2380f0dd678116bb695d0f |
|
.sso.group-ib.com/ | Name: __zzatgib-w-sso Value: MDA0dBA=Fz2+aQ== |
|
.group-ib.com/ | Name: __zzatgib-w-sso Value: MDA0dBA=Fz2+aQ== |
|
sso.group-ib.com/ | Name: gsscgib-w-sso Value: p70hX5neIgh1X3YCrthxIiGFJJNaMES3NaUOxPgQjSs7YC/5W56itZS5Y0b/3++9LV4sKhz8RjumPk4FSoZNGyPgPZsVdCwoxrZOqoJH2jtBdfEbd06bR5+4T6maQxw7YzCA8RFw6jv0UjqhKdpgGaXUJFS2mK/RVY923tZIfZHtJfR5h22evIWfxJ6v7MFq/RC3i1CM8v3oi3UPRfyGaC/mshiaeUhwHpz03Ph5vteaOoVsVPKbU334PkaT1k115nA= |
|
sso.group-ib.com/ | Name: cfidsgib-w-sso Value: 1ARWVaxm35PSa7LZAS0RN49WijXH+R7iWhXL/A7uYcuY9qsZNUOSSTtf8ATgSCEYnUzVlo0SFKtj1sBwgOEGrePK6CwgQVD5yNFmrGCNHy79yJaNSWuc3iTL2IQilZDI45tUFEgxS5rbHYa6KCYGBKpDejK7iwRL2t43 |
|
.sso.group-ib.com/ | Name: cfidsgib-w-sso Value: 1ARWVaxm35PSa7LZAS0RN49WijXH+R7iWhXL/A7uYcuY9qsZNUOSSTtf8ATgSCEYnUzVlo0SFKtj1sBwgOEGrePK6CwgQVD5yNFmrGCNHy79yJaNSWuc3iTL2IQilZDI45tUFEgxS5rbHYa6KCYGBKpDejK7iwRL2t43 |
|
.group-ib.com/ | Name: cfidsgib-w-sso Value: 1ARWVaxm35PSa7LZAS0RN49WijXH+R7iWhXL/A7uYcuY9qsZNUOSSTtf8ATgSCEYnUzVlo0SFKtj1sBwgOEGrePK6CwgQVD5yNFmrGCNHy79yJaNSWuc3iTL2IQilZDI45tUFEgxS5rbHYa6KCYGBKpDejK7iwRL2t43 |
|
.sso.group-ib.com/ | Name: gsscgib-w-sso Value: p70hX5neIgh1X3YCrthxIiGFJJNaMES3NaUOxPgQjSs7YC/5W56itZS5Y0b/3++9LV4sKhz8RjumPk4FSoZNGyPgPZsVdCwoxrZOqoJH2jtBdfEbd06bR5+4T6maQxw7YzCA8RFw6jv0UjqhKdpgGaXUJFS2mK/RVY923tZIfZHtJfR5h22evIWfxJ6v7MFq/RC3i1CM8v3oi3UPRfyGaC/mshiaeUhwHpz03Ph5vteaOoVsVPKbU334PkaT1k115nA= |
|
.group-ib.com/ | Name: gsscgib-w-sso Value: p70hX5neIgh1X3YCrthxIiGFJJNaMES3NaUOxPgQjSs7YC/5W56itZS5Y0b/3++9LV4sKhz8RjumPk4FSoZNGyPgPZsVdCwoxrZOqoJH2jtBdfEbd06bR5+4T6maQxw7YzCA8RFw6jv0UjqhKdpgGaXUJFS2mK/RVY923tZIfZHtJfR5h22evIWfxJ6v7MFq/RC3i1CM8v3oi3UPRfyGaC/mshiaeUhwHpz03Ph5vteaOoVsVPKbU334PkaT1k115nA= |
|
.sso.group-ib.com/ | Name: fgsscgib-w-sso Value: puls441c58571c56e205f0610ce52316011f596d |
|
.group-ib.com/ | Name: fgsscgib-w-sso Value: puls441c58571c56e205f0610ce52316011f596d |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self'; |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | sameorigin |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sso.group-ib.com
tap.group-ib.com
162.55.215.75
60cabd94d0c7cf7853969c7af5596c38cca70bd9239f7b431c196b1fb4af973e
80c9d4a30d3628ffe207ee4a4967499d283da4e5ab036b024695988be8edcc3e
91776aed49a473eeea490d03acc06309a1665455ad3655c1ce07a1721715b473
abb361908f9edb17b690769a4ca5629daa34b65693a6edf326f49c6f2abc1215
b5c83cb53989fea929e7ce45566bc5d3dfe62bec1337e53651e110746a1d3bba
c7c327f247e1ae724280a568cd2031493d7e7f91db3d991a57aabfb3e4233063
c829342746467560928ae52ffc97ae4241053e149ed9cf4e727214e4bdea7b41
cce43ddbcdc363ba5733795500ad08848cb03adc37f5e0e92a0ca5e6d6194a6d
e34b2a9df1a43ecf20f3505634177770e9018832114507ccd7dc9d9eec950a82
f0d9e6d34e8db93f83331de03716495f8c74464fa65bed2b7574125b9ceaeb15