![](/screenshots/ce65d721-5c30-404b-b0a6-9f2126d73a5d.png)
www.group-ib.com
Open in
urlscan Pro
3.72.181.255
Public Scan
Submission: On December 07 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 26th 2023. Valid for: a year.
This is the only time www.group-ib.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 3.72.181.255 3.72.181.255 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 136.243.23.113 136.243.23.113 | 24940 (HETZNER-AS) (HETZNER-AS) | |
6 | 3 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
www.group-ib.com |
ASN24940 (HETZNER-AS, DE)
PTR: static.113.23.243.136.clients.your-server.de
fhp-de-js.group-ib.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
group-ib.com
1 redirects
www.group-ib.com fhp-de-js.group-ib.com — Cisco Umbrella Rank: 405486 |
145 KB |
6 | 1 |
Domain | Requested by | |
---|---|---|
6 | www.group-ib.com |
1 redirects
fhp-de-js.group-ib.com
www.group-ib.com |
1 | fhp-de-js.group-ib.com |
www.group-ib.com
|
6 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.group-ib.com Sectigo RSA Domain Validation Secure Server CA |
2023-06-26 - 2024-06-28 |
a year | crt.sh |
*.group-ib.com Sectigo RSA Domain Validation Secure Server CA |
2023-06-30 - 2024-07-04 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://www.group-ib.com/blog/krasue-rat/
Frame ID: 008E9742C0954CE2FBD571F0CF1FD441
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://www.group-ib.com/blog/krasue-rat HTTP 301
- https://www.group-ib.com/blog/krasue-rat/
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
krasue-rat
www.group-ib.com/blog/ |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bt-autoinject.js
fhp-de-js.group-ib.com/d/ |
343 KB 135 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
483 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
www.group-ib.com/api/fl/ |
205 B 670 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
fl
www.group-ib.com/api/ |
669 B 976 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.group-ib.com/blog/krasue-rat/ Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
fl
www.group-ib.com/api/ |
669 B 688 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.group-ib.com/ | Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: xSMO6uuFM9S+izt3t87Ydx6puYQ1qvArxEb7TZWG/j/87hDkOO4NrTXmdU1XL5wH0dxOJd39at0FFo3MPscLcWSPruwvFn4yLMiZJ3wVSkEVzBcGtnBzQtiHG7b8kN3QjXBJRa5rIyFoMJob8TEbnhdWmtMWsMhHlI/k |
|
.group-ib.com/ | Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: xSMO6uuFM9S+izt3t87Ydx6puYQ1qvArxEb7TZWG/j/87hDkOO4NrTXmdU1XL5wH0dxOJd39at0FFo3MPscLcWSPruwvFn4yLMiZJ3wVSkEVzBcGtnBzQtiHG7b8kN3QjXBJRa5rIyFoMJob8TEbnhdWmtMWsMhHlI/k |
|
.www.group-ib.com/ | Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: EvxgvDCR8xFKCalq4mNBwiiO3GP8C+IK0af/gUHRXd+33m1yabegbTmQd8CoevyLM9qLRxwBi00W3RF7KeDAG1rDTr+B+fE/cHamRhEPpZp/2XCxrMOVzy0sD/pRgHiFP+daU2X5gx1A3quBsbW5H8rtlr/6IMKJYnnVuslUGy8UOurXUbu3nIO25RiGzQ1DBJQVPz2+xxPjCI4GMgSnQfQTTPRI74GxDiGtZC7eY0wpALsASItdq3tRf2Y4sCQ2bg== |
|
.group-ib.com/ | Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: EvxgvDCR8xFKCalq4mNBwiiO3GP8C+IK0af/gUHRXd+33m1yabegbTmQd8CoevyLM9qLRxwBi00W3RF7KeDAG1rDTr+B+fE/cHamRhEPpZp/2XCxrMOVzy0sD/pRgHiFP+daU2X5gx1A3quBsbW5H8rtlr/6IMKJYnnVuslUGy8UOurXUbu3nIO25RiGzQ1DBJQVPz2+xxPjCI4GMgSnQfQTTPRI74GxDiGtZC7eY0wpALsASItdq3tRf2Y4sCQ2bg== |
|
.www.group-ib.com/ | Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: 671d2e133c341e9afcfd5af25cb54cad6974a08a |
|
.group-ib.com/ | Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: 671d2e133c341e9afcfd5af25cb54cad6974a08a |
|
.www.group-ib.com/ | Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: MDA0dBA=Fz2+aQ== |
|
.group-ib.com/ | Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: MDA0dBA=Fz2+aQ== |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fhp-de-js.group-ib.com
www.group-ib.com
136.243.23.113
3.72.181.255
1fba48cb40737fc64ee1855e9530f568da4b40da32b8ace1865a15b22d54ee1e
5031af9597ee5c2b9c1e629580329f295818b0a8ad5e04c60a3ed22e320b044e
8980c7bc7433166875f5848144719d5a112de6cf0844790e3b930060aa1853d9
90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0
9307e8b91d588311d5e79c434e29a5d78b8c40bf15f05c2c07cdad6c65c19799
ba049d6b63e2db299f12defba1f963286f70cb8bc1dc20a1878d546d46943d61