urlscan.io logo urlscan.io
SecurityTrails logo

bitz.bundesbots.de Open in urlscan Pro
80.245.144.242  Public Scan

Go To Rescan Add Verdict Report
URL: https://bitz.bundesbots.de/
Submission: On July 05 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 80.245.144.242, located in Germany and belongs to ZIVIT-AS, DE. The main domain is bitz.bundesbots.de.
TLS certificate: Issued by GEANT OV RSA CA 4 on July 5th 2024. Valid for: a year.
This is the only time bitz.bundesbots.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 80.245.144.242 35704 (ZIVIT-AS)
9 2
Apex Domain
Subdomains		 Transfer
6 bundesbots.de
bitz.bundesbots.de
1 MB
9 1
Domain Requested by
6 bitz.bundesbots.de bitz.bundesbots.de
9 1

This site contains no links.

Subject Issuer Validity Valid
servicedesk-admin.bundesbots.de
GEANT OV RSA CA 4		 2024-07-05 -
2025-07-05		 a year crt.sh

This page contains 1 frames:

Primary Page: https://bitz.bundesbots.de/
Frame ID: 026EA09E21EF762B190ECAC18C4C1425
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BITZ Bot

Page Statistics

9
Requests

67 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1073 kB
Transfer

1165 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bitz.bundesbots.de/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bitz.bundesbots.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
80.245.144.242 , Germany, ASN35704 (ZIVIT-AS, DE),
Reverse DNS
servicedesk-training.chb.it.bund.de
Software
Apache /
Resource Hash
db6e96271d94c018e10498cc51b0659fe025f2fea321ddc540a5d7755fa13028
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Accept-Encoding,Authorization,Content-Type,DNT,Origin,User-Agent,X-Csrftoken,X-Requested-With,User-Id,User-Label,Ut-External-Options
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
allow
GET, HEAD, OPTIONS
cache-control
max-age=0
content-language
de
content-length
1584
content-security-policy
default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
date
Fri, 05 Jul 2024 15:57:22 GMT
referrer-policy
same-origin
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding,Cookie,Accept-Language
x-content-type-options
nosniff
index.js
bitz.bundesbots.de/static/widget-static/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://bitz.bundesbots.de/static/widget-static/index.js
Requested by
Host: bitz.bundesbots.de
URL: https://bitz.bundesbots.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
80.245.144.242 , Germany, ASN35704 (ZIVIT-AS, DE),
Reverse DNS
servicedesk-training.chb.it.bund.de
Software
Apache /
Resource Hash
eac96d9f998caebab5b175fa6bbcb082dd49652d71d6b6518d25a5b61336423f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bitz.bundesbots.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Jul 2024 15:57:23 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
content-length
1073973
referrer-policy
same-origin
last-modified
Tue, 02 Jul 2024 07:12:02 GMT
server
Apache
cross-origin-opener-policy
same-origin
etag
"66838c22-106335"
vary
Accept-Encoding,Accept-Language
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-language
de
content-type
text/javascript; charset="utf-8"
cache-control
max-age=60, public
access-control-allow-credentials
true
access-control-allow-headers
Accept,Accept-Encoding,Authorization,Content-Type,DNT,Origin,User-Agent,X-Csrftoken,X-Requested-With,User-Id,User-Label,Ut-External-Options
/
bitz.bundesbots.de/chat/widget/ 		124 B
220 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bitz.bundesbots.de/chat/widget/
Requested by
Host: bitz.bundesbots.de
URL: https://bitz.bundesbots.de/static/widget-static/index.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
80.245.144.242 , Germany, ASN35704 (ZIVIT-AS, DE),
Reverse DNS
servicedesk-training.chb.it.bund.de
Software
Apache /
Resource Hash
db7e806f38d0bb9c54492ec41eb87116a6953e42e2eba0d8b57ad7d5cdbec981
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

User-ID
YjIzMWQ4MDctMzU3ZS00MWQ5LWFiYjAtM2FlM2NmZTNiMzA5
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
UT-External-Options
eyJ1cmwiOnt9LCJkYXRhc2V0Ijp7fX0=
Referer
https://bitz.bundesbots.de/
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
date
Fri, 05 Jul 2024 15:57:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
https://bitz.bundesbots.de
access-control-allow-credentials
true
access-control-allow-headers
Accept,Accept-Encoding,Authorization,Content-Type,DNT,Origin,User-Agent,X-Csrftoken,X-Requested-With,User-Id,User-Label,Ut-External-Options
bitz-avatar-shadow.6972d86871698e1e46576fa27a709133.svg
bitz.bundesbots.de/static/widget-static/static/media/ 		94 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bitz.bundesbots.de/static/widget-static/static/media/bitz-avatar-shadow.6972d86871698e1e46576fa27a709133.svg
Requested by
Host: bitz.bundesbots.de
URL: https://bitz.bundesbots.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
80.245.144.242 , Germany, ASN35704 (ZIVIT-AS, DE),
Reverse DNS
servicedesk-training.chb.it.bund.de
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bitz.bundesbots.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Jul 2024 15:57:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
content-length
137212
referrer-policy
same-origin
last-modified
Tue, 02 Jul 2024 07:12:02 GMT
server
Apache
cross-origin-opener-policy
same-origin
etag
"66838c22-217fc"
vary
Accept-Language
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-language
de
content-type
image/svg+xml
cache-control
max-age=60, public
access-control-allow-credentials
true
access-control-allow-headers
Accept,Accept-Encoding,Authorization,Content-Type,DNT,Origin,User-Agent,X-Csrftoken,X-Requested-With,User-Id,User-Label,Ut-External-Options
bitz-behoerde.3e3fe7fd49be6255ac79185ac0206ed0.svg
bitz.bundesbots.de/static/widget-static/static/media/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bitz.bundesbots.de/static/widget-static/static/media/bitz-behoerde.3e3fe7fd49be6255ac79185ac0206ed0.svg
Requested by
Host: bitz.bundesbots.de
URL: https://bitz.bundesbots.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
80.245.144.242 , Germany, ASN35704 (ZIVIT-AS, DE),
Reverse DNS
servicedesk-training.chb.it.bund.de
Software
Apache /
Resource Hash
c5d389a6d4e2f500e0afc750bfc6dacd69a14b6b25bf58f37d7fc97081e7be77
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bitz.bundesbots.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Jul 2024 15:57:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
content-length
20279
referrer-policy
same-origin
last-modified
Tue, 02 Jul 2024 07:12:02 GMT
server
Apache
cross-origin-opener-policy
same-origin
etag
"66838c22-4f37"
vary
Accept-Language
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-language
de
content-type
image/svg+xml
cache-control
max-age=60, public
access-control-allow-credentials
true
access-control-allow-headers
Accept,Accept-Encoding,Authorization,Content-Type,DNT,Origin,User-Agent,X-Csrftoken,X-Requested-With,User-Id,User-Label,Ut-External-Options
icon_send_arrow.43d485ed23b20f991ad672dd6b924277.svg
bitz.bundesbots.de/static/widget-static/static/media/ 		664 B
718 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bitz.bundesbots.de/static/widget-static/static/media/icon_send_arrow.43d485ed23b20f991ad672dd6b924277.svg
Requested by
Host: bitz.bundesbots.de
URL: https://bitz.bundesbots.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
80.245.144.242 , Germany, ASN35704 (ZIVIT-AS, DE),
Reverse DNS
servicedesk-training.chb.it.bund.de
Software
Apache /
Resource Hash
b37114aa667b217e037791a2b4377334d68e274527a5b051016b99389ef0e196
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://bitz.bundesbots.de/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Jul 2024 15:57:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
content-length
664
referrer-policy
same-origin
last-modified
Tue, 02 Jul 2024 07:12:02 GMT
server
Apache
cross-origin-opener-policy
same-origin
etag
"66838c22-298"
vary
Accept-Language
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-language
de
content-type
image/svg+xml
cache-control
max-age=60, public
access-control-allow-credentials
true
access-control-allow-headers
Accept,Accept-Encoding,Authorization,Content-Type,DNT,Origin,User-Agent,X-Csrftoken,X-Requested-With,User-Id,User-Label,Ut-External-Options
BundesSans-Web-Bold.a3110bace63dc10972b9.woff2
bitz.bundesbots.de/static/widget-static/static/media/ 		0
0
BundesSans-Web-Regular.3707adc3eb6b15a2ffd4.woff2
bitz.bundesbots.de/static/widget-static/static/media/ 		0
0
/
bitz.bundesbots.de/chat/widget/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bitz.bundesbots.de
URL
https://bitz.bundesbots.de/static/widget-static/static/media/BundesSans-Web-Bold.a3110bace63dc10972b9.woff2
Domain
bitz.bundesbots.de
URL
https://bitz.bundesbots.de/static/widget-static/static/media/BundesSans-Web-Regular.3707adc3eb6b15a2ffd4.woff2
Domain
bitz.bundesbots.de
URL
https://bitz.bundesbots.de/chat/widget/

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| script object| UTW_INJECTED_PARAMS function| clearImmediate function| setImmediate object| regeneratorRuntime number| 2f1acc6c3a606b082e5eef5e54414ffb function| _

1 Cookies

Domain/Path Name / Value
bitz.bundesbots.de/ Name: AL_SESS-S
Value: AUj6exgaLx5bdcI!9Ui9kJdp5jtLYBZUD2A05vZ4rauBcdIkgj!X_dgup1Lj!OotBqDL

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: servicedesk-admin.bundesbots.de; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self' servicedesk-admin.bundesbots.de *.servicedesk-admin.bundesbots.de; child-src 'self'; font-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff