urlscan.io logo urlscan.io
SecurityTrails logo

login.bit2win.cloud Open in urlscan Pro
146.148.27.230  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://internal-prod-04.bit2win.cloud/
Effective URL: https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&respons...
Submission: On July 05 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 146.148.27.230, located in Brussels, Belgium and belongs to GOOGLE, US. The main domain is login.bit2win.cloud.
TLS certificate: Issued by R11 on July 2nd 2024. Valid for: 3 months.
This is the only time login.bit2win.cloud was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.34.131.101 396982 (GOOGLE-CL...)
9 146.148.27.230 15169 (GOOGLE)
1 34.96.113.75 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
13 4
1    34.34.131.101 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 101.131.34.34.bc.googleusercontent.com
internal-prod-04.bit2win.cloud
9    146.148.27.230 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
PTR: 230.27.148.146.bc.googleusercontent.com
login.bit2win.cloud
1    34.96.113.75 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 75.113.96.34.bc.googleusercontent.com
cdn.bit2win.cloud
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
11 bit2win.cloud
internal-prod-04.bit2win.cloud
login.bit2win.cloud
cdn.bit2win.cloud
31 KB
2 gstatic.com
fonts.gstatic.com
97 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83
1 KB
13 3
Domain Requested by
9 login.bit2win.cloud login.bit2win.cloud
2 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com login.bit2win.cloud
1 cdn.bit2win.cloud login.bit2win.cloud
1 internal-prod-04.bit2win.cloud 1 redirects
13 5

This site contains links to these domains. Also see Links.

Domain
www.bit2win.com
Subject Issuer Validity Valid
login.bit2win.cloud
R11		 2024-07-02 -
2024-09-30		 3 months crt.sh
play-int-dev.bit2win.cloud
WR3		 2024-06-18 -
2024-09-16		 3 months crt.sh
upload.video.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
Frame ID: 843CA2E4853896BB78096B8BAB125692
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Administration Portal | Bit2win

Page URL History Show full URLs

  1. https://internal-prod-04.bit2win.cloud/ HTTP 302
    https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20pro... Page URL

Page Statistics

13
Requests

100 %
HTTPS

40 %
IPv6

3
Domains

5
Subdomains

4
IPs

3
Countries

128 kB
Transfer

155 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://internal-prod-04.bit2win.cloud/ HTTP 302
    https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request auth
login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/
Redirect Chain
  • https://internal-prod-04.bit2win.cloud/
  • https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2F...
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
146.148.27.230 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
230.27.148.146.bc.googleusercontent.com
Software
APISIX /
Resource Hash
4fd5dc4685bf974a4a40f669d076cdcab441c0e9b635dfe250bfd5969c71e54f
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, must-revalidate, max-age=0
content-language
en
content-length
4768
content-security-policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type
text/html;charset=utf-8
referrer-policy
no-referrer
server
APISIX
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
none
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store, max-age=0
content-length
217
content-security-policy
frame-src 'self'; frame-ancestors 'self';
content-type
text/html
date
Fri, 05 Jul 2024 14:38:54 GMT
location
https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
server
APISIX
strict-transport-security
max-age=86400; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-request-id
20382dd66facc88a7bc76c993968e504
style.css
cdn.bit2win.cloud/static/css/ 		13 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.bit2win.cloud/static/css/style.css
Requested by
Host: login.bit2win.cloud
URL: https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.113.75 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
75.113.96.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
342c6fa8e57c9cab0c88d036220747d5e35dfb4f8aca41940b3122f189d145b2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Jul 2024 14:38:54 GMT
age
0
x-guploader-uploadid
ACJd0NpwhS7TwvfZV9AMsBKjPpD0N-d8FQZZRwJDRxhvsmpsCa-ZNvEU6Zd2uleden01ehC2MDg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13035
last-modified
Mon, 01 Jul 2024 10:53:10 GMT
server
UploadServer
etag
"d1082560f9f608ac1056b61e69db9b04"
x-goog-generation
1711365353620143
x-goog-hash
crc32c=QRfyVw==, md5=0QglYPn2CKwQVrYeadubBA==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public,max-age=300
x-goog-stored-content-length
13035
accept-ranges
bytes
content-type
text/css
common.css
login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/common.css
Requested by
Host: login.bit2win.cloud
URL: https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
146.148.27.230 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
230.27.148.146.bc.googleusercontent.com
Software
APISIX /
Resource Hash
1df5b984ef55ee18480f85a249fc1f4e9b8cfffc1ecde0b94c8dc9d4a84e278d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
server
APISIX
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
2522
x-xss-protection
1; mode=block
login.css
login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/ 		981 B
616 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/login.css
Requested by
Host: login.bit2win.cloud
URL: https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
146.148.27.230 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
230.27.148.146.bc.googleusercontent.com
Software
APISIX /
Resource Hash
eb46d55263a9c671ae4bee1bb91630e63b7fd844c6f40f891cc5beb99f4f56c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
server
APISIX
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
403
x-xss-protection
1; mode=block
register.css
login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/ 		85 B
310 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/register.css
Requested by
Host: login.bit2win.cloud
URL: https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
146.148.27.230 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
230.27.148.146.bc.googleusercontent.com
Software
APISIX /
Resource Hash
074b866c5e3879315588eaaf42ce817191937c3945e90a35cf6b4aecc8b9d13d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
server
APISIX
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
98
x-xss-protection
1; mode=block
reset-password.css
login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/ 		0
232 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/reset-password.css
Requested by
Host: login.bit2win.cloud
URL: https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
146.148.27.230 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
230.27.148.146.bc.googleusercontent.com
Software
APISIX /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
server
APISIX
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
20
x-xss-protection
1; mode=block
form-validation.js
login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/js/ 		1 KB
608 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/js/form-validation.js
Requested by
Host: login.bit2win.cloud
URL: https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
146.148.27.230 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
230.27.148.146.bc.googleusercontent.com
Software
APISIX /
Resource Hash
cc4f64665cc4c5db84fa78271b6bf32f209131f4d7604e6eaf7ed40a887fc7ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
server
APISIX
content-type
text/javascript;charset=UTF-8
cache-control
max-age=2592000
content-length
390
x-xss-protection
1; mode=block
variables.css
login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/variables.css
Requested by
Host: login.bit2win.cloud
URL: https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/common.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
146.148.27.230 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
230.27.148.146.bc.googleusercontent.com
Software
APISIX /
Resource Hash
e547f6acccb3f989fc061f260c2573c4c48c50722ec14742e83c620773e001d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
server
APISIX
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
1090
x-xss-protection
1; mode=block
css2
fonts.googleapis.com/ 		17 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Raleway:ital,wght@0,300;0,400;0,500;0,600;0,700;1,300;1,400;1,500;1,600;1,700&display=swap
Requested by
Host: login.bit2win.cloud
URL: https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/variables.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7db76d0822ff9e6c69a4dfbbee3a05c22e0b03d54a13801ea33f38e4615a4c78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 05 Jul 2024 14:38:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 05 Jul 2024 14:20:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 05 Jul 2024 14:38:55 GMT
logo.png
login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/img/logo.png
Requested by
Host: login.bit2win.cloud
URL: https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/css/common.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
146.148.27.230 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
230.27.148.146.bc.googleusercontent.com
Software
APISIX /
Resource Hash
0cebc4baa33bccf702dc7769fe9535e1b05bd7b4e887b409dc3c989bc2c02609
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
server
APISIX
content-type
image/png
cache-control
max-age=2592000
content-length
4117
x-xss-protection
1; mode=block
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v34/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Raleway:ital,wght@0,300;0,400;0,500;0,600;0,700;1,300;1,400;1,500;1,600;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47d477915fa5912616e2dc5df8c5780f9202671678cf275472bd39f3381c0098
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://login.bit2win.cloud
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 14:51:28 GMT
x-content-type-options
nosniff
age
258447
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48336
x-xss-protection
0
last-modified
Wed, 01 May 2024 20:31:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 02 Jul 2025 14:51:28 GMT
1Ptsg8zYS_SKggPNyCg4TYFq.woff2
fonts.gstatic.com/s/raleway/v34/ 		49 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v34/1Ptsg8zYS_SKggPNyCg4TYFq.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Raleway:ital,wght@0,300;0,400;0,500;0,600;0,700;1,300;1,400;1,500;1,600;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e5fe078647762a646b321938ba4096bb0e6f62a7f01c9bc4be5ab606666fca1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://login.bit2win.cloud
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 14:28:48 GMT
x-content-type-options
nosniff
age
87007
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50424
x-xss-protection
0
last-modified
Wed, 01 May 2024 20:31:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 04 Jul 2025 14:28:48 GMT
favicon.ico
login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/img/ 		1 KB
940 B 		Other
General
Check archive.org
Download Go to
Full URL
https://login.bit2win.cloud/auth/resources/bmsaq/login/bit2win/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
146.148.27.230 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
230.27.148.146.bc.googleusercontent.com
Software
APISIX /
Resource Hash
167c9e9d51944366d500310f1cd3884567c359f984526fbb7f0fd85529973173
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
server
APISIX
content-type
application/octet-stream
cache-control
max-age=2592000
content-length
727
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

4 Cookies

Domain/Path Name / Value
login.bit2win.cloud/auth/realms/internal-prod-04/ Name: AUTH_SESSION_ID
Value: 63e7572b-fc8a-426f-9a60-aad6cd970a58.keycloak-prod-keycloak-3-697
login.bit2win.cloud/auth/realms/internal-prod-04/ Name: AUTH_SESSION_ID_LEGACY
Value: 63e7572b-fc8a-426f-9a60-aad6cd970a58.keycloak-prod-keycloak-3-697
login.bit2win.cloud/auth/realms/internal-prod-04/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3NDhmZDZhOC1iZDIxLTQ5MTEtYTUyYi0zZjQwMzlmMTdkNDAifQ.eyJjaWQiOiJjbGllbnQtaW50ZXJuYWwtcHJvZC0wNCIsInB0eSI6Im9wZW5pZC1jb25uZWN0IiwicnVyaSI6Imh0dHBzOi8vaW50ZXJuYWwtcHJvZC0wNC5iaXQyd2luLmNsb3VkL29hdXRoMi9jYWxsYmFjayIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJpc3MiOiJodHRwczovL2xvZ2luLmJpdDJ3aW4uY2xvdWQvYXV0aC9yZWFsbXMvaW50ZXJuYWwtcHJvZC0wNCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9pbnRlcm5hbC1wcm9kLTA0LmJpdDJ3aW4uY2xvdWQvb2F1dGgyL2NhbGxiYWNrIiwic3RhdGUiOiI5NGQ1NmVjNTE0Y2M2MWE3YTM1Y2EzZDE2ZGIwNWRlNCIsIm5vbmNlIjoiZjFkMjUzYWQ4NzI5YzY3OTgxMTYxNmZjOGFlMDFkNzYifX0.bEAJB50fcTBHj8oXL7BvbX8G2hgKvFdP2GJtxPuOZYc
.internal-prod-04.bit2win.cloud/ Name: bit2win_session_cookie
Value: Hx2gVC4LiesvBs6cSTqLQQ|1720193934|RbARg9CkhBASQ8NC2n9YGwRcvVPOaW2KPHTOGrSF5dhkqTQ5G2ZESrofXK61g1AiZknF2Nkxhbq76-yi0YRl-I4R1Yhc1qfgBUByplqJWfL3WrbhVXi1gbPkWiDh91C0TFbjYj5e-VFCmE61sTQhp8hNJdkFZMEh3IDxgidIMnFb6cAejZuG5KXvZb-QIx1a5w02bOuAnw1LiB2LCpe8vda6WonCqenD88q5IXnRxhg|v2Rhm3s7eJBYGSw_eVN8-HzzZuM

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://login.bit2win.cloud/auth/realms/internal-prod-04/protocol/openid-connect/auth?scope=openid%20profile%20email&response_type=code&client_id=client-internal-prod-04&redirect_uri=https%3A%2F%2Finternal-prod-04.bit2win.cloud%2Foauth2%2Fcallback&nonce=f1d253ad8729c679811616fc8ae01d76&state=94d56ec514cc61a7a35ca3d16db05de4
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "username"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block