Submitted URL: http://login-tst.nibcdirect.be/
Effective URL: https://login-tst.nibcdirect.be/ui/login
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On March 02 via api from IT — Scanned from IT

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 104.16.146.28, located in and belongs to CLOUDFLARENET, US. The main domain is login-tst.nibcdirect.be.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 2nd 2024. Valid for: 10 months.
This is the only time login-tst.nibcdirect.be was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 18 104.16.146.28 13335 (CLOUDFLAR...)
14 1
Apex Domain
Subdomains
Transfer
18 nibcdirect.be
login-tst.nibcdirect.be
385 KB
14 1
Domain Requested by
18 login-tst.nibcdirect.be 4 redirects login-tst.nibcdirect.be
14 1

This site contains links to these domains. Also see Links.

Domain
www.nibc.nl
Subject Issuer Validity Valid
login-tst.nibcdirect.be
Cloudflare Inc ECC CA-3
2024-03-02 -
2024-12-31
10 months crt.sh

This page contains 1 frames:

Primary Page: https://login-tst.nibcdirect.be/ui/login
Frame ID: CF9AE63EEC450744C8F2175E135E2821
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

Inloggen

Page URL History Show full URLs

  1. http://login-tst.nibcdirect.be/ HTTP 301
    https://login-tst.nibcdirect.be/ HTTP 302
    https://login-tst.nibcdirect.be/ui/login HTTP 302
    https://login-tst.nibcdirect.be/generate-domain-cookie?referer=https%3A%2F%2Flogin-tst.nibcdirect.be%2Fui%2F... HTTP 302
    https://login-tst.nibcdirect.be/ui/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

383 kB
Transfer

593 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://login-tst.nibcdirect.be/ HTTP 301
    https://login-tst.nibcdirect.be/ HTTP 302
    https://login-tst.nibcdirect.be/ui/login HTTP 302
    https://login-tst.nibcdirect.be/generate-domain-cookie?referer=https%3A%2F%2Flogin-tst.nibcdirect.be%2Fui%2Flogin HTTP 302
    https://login-tst.nibcdirect.be/ui/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login
login-tst.nibcdirect.be/ui/
Redirect Chain
  • http://login-tst.nibcdirect.be/
  • https://login-tst.nibcdirect.be/
  • https://login-tst.nibcdirect.be/ui/login
  • https://login-tst.nibcdirect.be/generate-domain-cookie?referer=https%3A%2F%2Flogin-tst.nibcdirect.be%2Fui%2Flogin
  • https://login-tst.nibcdirect.be/ui/login
8 KB
3 KB
Document
General
Full URL
https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
186e54c6295c1ba4f8a2bf4678ece23a521d58f176c835224bad1acfc597dc8d
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store
cf-cache-status
DYNAMIC
cf-ray
85dee0180ecfa31f-FCO
content-encoding
gzip
content-language
nl-NL-direct
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
content-type
text/html;charset=UTF-8
date
Sat, 02 Mar 2024 05:09:34 GMT
server
cloudflare
strict-transport-security
max-age=15768000
x-content-type-options
nosniff
x-frame-options
DENY
x-robots-tag
noindex
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85dee016ccaca31f-FCO
content-language
nl-NL-direct
content-length
0
date
Sat, 02 Mar 2024 05:09:34 GMT
location
https://login-tst.nibcdirect.be/ui/login
p3p
server
cloudflare
strict-transport-security
max-age=15768000
x-frame-options
DENY
x-robots-tag
noindex
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block
general.min.css
login-tst.nibcdirect.be/ui/css/
134 KB
17 KB
Stylesheet
General
Full URL
https://login-tst.nibcdirect.be/ui/css/general.min.css
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c289de351e133aac0e5d60107631c0ed1787ac021e8a4ac8975cf2f8822cb5bb
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:34 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85dee01acb80a31f-FCO
expires
0
main.css
login-tst.nibcdirect.be/ui/css/
10 KB
2 KB
Stylesheet
General
Full URL
https://login-tst.nibcdirect.be/ui/css/main.css
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a4c3e62e14ebbed4a95ac9205b48834cdde6152cae9c3ba6c5efe5797cc378d
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:34 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85dee01acb81a31f-FCO
expires
0
logo-nibc.png
login-tst.nibcdirect.be/ui/assets/general/img/logos/
16 KB
17 KB
Image
General
Full URL
https://login-tst.nibcdirect.be/ui/assets/general/img/logos/logo-nibc.png
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e231884f1f6dcc9afade356a9ed8feeffcf02c21d6b326cc4acb993296464c90
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:34 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
16518
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
image/png
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
85dee01acb83a31f-FCO
expires
0
jquery-3.3.1.min.js
login-tst.nibcdirect.be/ui/js/external/
85 KB
30 KB
Script
General
Full URL
https://login-tst.nibcdirect.be/ui/js/external/jquery-3.3.1.min.js
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:34 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85dee01acb85a31f-FCO
expires
0
general.min.js
login-tst.nibcdirect.be/ui/js/
32 KB
5 KB
Script
General
Full URL
https://login-tst.nibcdirect.be/ui/js/general.min.js
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96df6f1095dc3d0fedaa4c388babbd31455e6b84395b78e4f24cc4558d5f8f23
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:34 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85dee01b8cb7a31f-FCO
expires
0
prevent-resubmit.js
login-tst.nibcdirect.be/ui/js/
292 B
611 B
Script
General
Full URL
https://login-tst.nibcdirect.be/ui/js/prevent-resubmit.js
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50f8ff1910295be70f1db1c9c9240c0c39717523ae0c546bd5fdd5581a4dead0
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:34 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85dee01cbee8a31f-FCO
expires
0
client-side-validation-no-empty-form.js
login-tst.nibcdirect.be/ui/js/
2 KB
978 B
Script
General
Full URL
https://login-tst.nibcdirect.be/ui/js/client-side-validation-no-empty-form.js
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c46224201cbff644330605c4ebd43695ef688dc943094bdb3adf3857ddd8befe
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:34 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85dee01cdf1da31f-FCO
expires
0
cookies.min.js
login-tst.nibcdirect.be/ui/js/external/
1 KB
1 KB
Script
General
Full URL
https://login-tst.nibcdirect.be/ui/js/external/cookies.min.js
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2949872386ad9f1f795b97bc891366ef80137e57779ef162f96d64746d0c767
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:34 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85dee01cdf21a31f-FCO
expires
0
cookie-banner.js
login-tst.nibcdirect.be/ui/js/
469 B
671 B
Script
General
Full URL
https://login-tst.nibcdirect.be/ui/js/cookie-banner.js
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02add2810fd3f90d44045fe4806a8cd6b763abbc209e43f50a96865e1ebd5683
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:35 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85dee01cdf22a31f-FCO
expires
0
nibc-header-1.jpg
login-tst.nibcdirect.be/ui/assets/general/img/photos/
185 KB
185 KB
Image
General
Full URL
https://login-tst.nibcdirect.be/ui/assets/general/img/photos/nibc-header-1.jpg
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02e6bf885d046dc12e8c2446fefa87cd13916f9650253d878ea54a66f7a325c9
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-tst.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:35 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
189271
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
image/jpeg
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
85dee01cef2fa31f-FCO
expires
0
Sora-Bold.ttf
login-tst.nibcdirect.be/ui/assets/general/fonts/Sora/
56 KB
57 KB
Font
General
Full URL
https://login-tst.nibcdirect.be/ui/assets/general/fonts/Sora/Sora-Bold.ttf
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/css/main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e1d01b95f06047dda0ff5cb5b4ac79fa264e0004f017740d1a6f9b156fcb232
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login-tst.nibcdirect.be/ui/css/main.css
Origin
https://login-tst.nibcdirect.be
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:35 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
57724
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/x-font-ttf
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
85dee01cef30a31f-FCO
expires
0
Sora-Regular.ttf
login-tst.nibcdirect.be/ui/assets/general/fonts/Sora/
56 KB
57 KB
Font
General
Full URL
https://login-tst.nibcdirect.be/ui/assets/general/fonts/Sora/Sora-Regular.ttf
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/css/main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4cfe2e20581cdf9cc0dc02caffabd1050ce4d33dfed0921613c2d5afa05afef
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login-tst.nibcdirect.be/ui/css/main.css
Origin
https://login-tst.nibcdirect.be
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:35 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
57644
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/x-font-ttf
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
85dee01cef31a31f-FCO
expires
0
icons.woff
login-tst.nibcdirect.be/ui/assets/general/fonts/icons/
8 KB
9 KB
Font
General
Full URL
https://login-tst.nibcdirect.be/ui/assets/general/fonts/icons/icons.woff
Requested by
Host: login-tst.nibcdirect.be
URL: https://login-tst.nibcdirect.be/ui/css/general.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c262f462b86385967717cd65697e5cc802682d6e8b104e72752120ebcfcd44d8
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login-tst.nibcdirect.be/ui/css/general.min.css
Origin
https://login-tst.nibcdirect.be
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 05:09:35 GMT
content-security-policy
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Apr 2023 15:22:51 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/font-woff
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85dee01cef32a31f-FCO
expires
0

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| RecaptchaOptions function| $ function| jQuery object| docCookies

6 Cookies

Domain/Path Name / Value
login-tst.nibcdirect.be/ui Name: UI_EXTENSION_JSESSIONID
Value: C9F09FE3BAFD217CB07AAE92B2D5C2AF
.login-tst.nibcdirect.be/ Name: _cfuvid
Value: D98JZ3es8zhTmyAfWGEFNz5O61hQDcV74LyeylddRFQ-1709356173400-0.0.1.1-604800000
login-tst.nibcdirect.be/ Name: SESSION
Value: ZjEwYjExNmUtY2RmMi00OGNmLWIyOTItOWNjNGZiM2Q4MGQ2
login-tst.nibcdirect.be/ Name: legacy_SESSION
Value: ZjEwYjExNmUtY2RmMi00OGNmLWIyOTItOWNjNGZiM2Q4MGQ2
.login-tst.nibcdirect.be/ Name: idp_session_magmt_token
Value: f10b116e-cdf2-48cf-b292-9cc4fb3d80d6
login-tst.nibcdirect.be/ Name: INGRESSCOOKIE
Value: 08c7c72b2f7fedc5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block