urlscan.io logo urlscan.io
SecurityTrails logo

login-uat.nibc.com Open in urlscan Pro
104.16.147.28  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://login-uat.nibcdirect.be/
Effective URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On March 02 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 24 HTTP transactions. The main IP is 104.16.147.28, located in and belongs to CLOUDFLARENET, US. The main domain is login-uat.nibc.com.
TLS certificate: Issued by Sectigo RSA Extended Validation Secur... on February 8th 2024. Valid for: a year.
This is the only time login-uat.nibc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 17 104.16.147.28 13335 (CLOUDFLAR...)
3 13 104.16.146.28 13335 (CLOUDFLAR...)
24 2
Apex Domain
Subdomains		 Transfer
16 nibc.com
login-uat.nibc.com
387 KB
14 nibcdirect.be
login-uat.nibcdirect.be
80 KB
24 2
Domain Requested by
16 login-uat.nibc.com 2 redirects login-uat.nibcdirect.be
login-uat.nibc.com
14 login-uat.nibcdirect.be 4 redirects login-uat.nibcdirect.be
24 2

This site contains links to these domains. Also see Links.

Domain
www.nibc.nl
Subject Issuer Validity Valid
login-uat.nibcdirect.be
Cloudflare Inc ECC CA-3		 2024-03-02 -
2024-12-31		 10 months crt.sh
login-uat.nibc.com
Sectigo RSA Extended Validation Secure Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login-uat.nibc.com/ui/login?language=nl_NL
Frame ID: DC23B800E9EE6DD4E5CEB46C461D3955
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Inloggen

Page URL History Show full URLs

  1. http://login-uat.nibcdirect.be/ HTTP 301
    https://login-uat.nibcdirect.be/ HTTP 302
    https://login-uat.nibcdirect.be/ui/login HTTP 302
    https://login-uat.nibcdirect.be/generate-domain-cookie?referer=https%3A%2F%2Flogin-uat.nibcdirect.be%2Fui%2F... HTTP 302
    https://login-uat.nibcdirect.be/ui/login Page URL
  2. https://login-uat.nibc.com/ui/login?language=nl_NL HTTP 302
    https://login-uat.nibc.com/generate-domain-cookie?referer=https%3A%2F%2Flogin-uat.nibc.com%2Fui%2Flogin... HTTP 302
    https://login-uat.nibc.com/ui/login?language=nl_NL Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

463 kB
Transfer

895 kB
Size

14
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://login-uat.nibcdirect.be/ HTTP 301
    https://login-uat.nibcdirect.be/ HTTP 302
    https://login-uat.nibcdirect.be/ui/login HTTP 302
    https://login-uat.nibcdirect.be/generate-domain-cookie?referer=https%3A%2F%2Flogin-uat.nibcdirect.be%2Fui%2Flogin HTTP 302
    https://login-uat.nibcdirect.be/ui/login Page URL
  2. https://login-uat.nibc.com/ui/login?language=nl_NL HTTP 302
    https://login-uat.nibc.com/generate-domain-cookie?referer=https%3A%2F%2Flogin-uat.nibc.com%2Fui%2Flogin%3Flanguage%3Dnl_NL HTTP 302
    https://login-uat.nibc.com/ui/login?language=nl_NL Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://login-uat.nibcdirect.be/ HTTP 301
  • https://login-uat.nibcdirect.be/ HTTP 302
  • https://login-uat.nibcdirect.be/ui/login HTTP 302
  • https://login-uat.nibcdirect.be/generate-domain-cookie?referer=https%3A%2F%2Flogin-uat.nibcdirect.be%2Fui%2Flogin HTTP 302
  • https://login-uat.nibcdirect.be/ui/login

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
login
login-uat.nibcdirect.be/ui/
Redirect Chain
  • http://login-uat.nibcdirect.be/
  • https://login-uat.nibcdirect.be/
  • https://login-uat.nibcdirect.be/ui/login
  • https://login-uat.nibcdirect.be/generate-domain-cookie?referer=https%3A%2F%2Flogin-uat.nibcdirect.be%2Fui%2Flogin
  • https://login-uat.nibcdirect.be/ui/login
15 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b86eee80a5657b9fa8995f22fc862665e87cb27e69e89142280b57fdc8639546
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store
cf-cache-status
DYNAMIC
cf-ray
85decbe59fea77fa-FCO
content-encoding
gzip
content-language
nl-NL
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
content-type
text/html;charset=UTF-8
date
Sat, 02 Mar 2024 04:55:47 GMT
server
cloudflare
strict-transport-security
max-age=15768000
x-content-type-options
nosniff
x-frame-options
DENY
x-robots-tag
noindex
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85decbe4ff0a77fa-FCO
content-language
nl-NL
content-length
0
date
Sat, 02 Mar 2024 04:55:46 GMT
location
https://login-uat.nibcdirect.be/ui/login
p3p
server
cloudflare
strict-transport-security
max-age=15768000
x-frame-options
DENY
x-robots-tag
noindex
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block
general.min.css
login-uat.nibcdirect.be/ui/css/ 		134 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibcdirect.be/ui/css/general.min.css
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c289de351e133aac0e5d60107631c0ed1787ac021e8a4ac8975cf2f8822cb5bb
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:47 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbe99de377fa-FCO
expires
0
main.css
login-uat.nibcdirect.be/ui/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibcdirect.be/ui/css/main.css
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0d7e011ae54a9ea199b1242b3d98e6495881146399a3bd22a18774de60dc475
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:47 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbe99de477fa-FCO
expires
0
logo-nibc.png
login-uat.nibcdirect.be/ui/assets/general/img/logos/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login-uat.nibcdirect.be/ui/assets/general/img/logos/logo-nibc.png
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e231884f1f6dcc9afade356a9ed8feeffcf02c21d6b326cc4acb993296464c90
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:47 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
16518
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
image/png
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
85decbe99de777fa-FCO
expires
0
jquery-3.3.1.min.js
login-uat.nibcdirect.be/ui/js/external/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibcdirect.be/ui/js/external/jquery-3.3.1.min.js
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:47 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbe9de4377fa-FCO
expires
0
general.min.js
login-uat.nibcdirect.be/ui/js/ 		32 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibcdirect.be/ui/js/general.min.js
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:47 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbeb486777fa-FCO
expires
0
prevent-resubmit.js
login-uat.nibcdirect.be/ui/js/ 		292 B
638 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibcdirect.be/ui/js/prevent-resubmit.js
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:47 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbebc94077fa-FCO
expires
0
client-side-validation-no-empty-form.js
login-uat.nibcdirect.be/ui/js/ 		2 KB
1005 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibcdirect.be/ui/js/client-side-validation-no-empty-form.js
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbeccb5e77fa-FCO
expires
0
cookies.min.js
login-uat.nibcdirect.be/ui/js/external/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibcdirect.be/ui/js/external/cookies.min.js
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbecfba677fa-FCO
expires
0
cookie-banner.js
login-uat.nibcdirect.be/ui/js/ 		469 B
698 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibcdirect.be/ui/js/cookie-banner.js
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.146.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibcdirect.be/ui/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbedece177fa-FCO
expires
0
Primary Request login
login-uat.nibc.com/ui/
Redirect Chain
  • https://login-uat.nibc.com/ui/login?language=nl_NL
  • https://login-uat.nibc.com/generate-domain-cookie?referer=https%3A%2F%2Flogin-uat.nibc.com%2Fui%2Flogin%3Flanguage%3Dnl_NL
  • https://login-uat.nibc.com/ui/login?language=nl_NL
15 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/login?language=nl_NL
Requested by
Host: login-uat.nibcdirect.be
URL: https://login-uat.nibcdirect.be/ui/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ff6091a801af97268706b73a1a2baa22a2a2c125dad7e44b8ceb0d66d67b450
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login-uat.nibcdirect.be/ui/login
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store
cf-cache-status
DYNAMIC
cf-ray
85decbeea9dfa319-FCO
content-encoding
gzip
content-language
nl-NL
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
content-type
text/html;charset=UTF-8
date
Sat, 02 Mar 2024 04:55:48 GMT
server
cloudflare
strict-transport-security
max-age=15768000
x-content-type-options
nosniff
x-frame-options
DENY
x-robots-tag
noindex
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85decbee1bc3a32b-FCO
content-language
nl-NL
content-length
0
date
Sat, 02 Mar 2024 04:55:48 GMT
location
https://login-uat.nibc.com/ui/login?language=nl_NL
p3p
server
cloudflare
strict-transport-security
max-age=15768000
x-frame-options
DENY
x-robots-tag
noindex
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block
general.min.css
login-uat.nibc.com/ui/css/ 		134 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/css/general.min.css
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c289de351e133aac0e5d60107631c0ed1787ac021e8a4ac8975cf2f8822cb5bb
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbf04b9ca319-FCO
expires
0
main.css
login-uat.nibc.com/ui/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/css/main.css
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0d7e011ae54a9ea199b1242b3d98e6495881146399a3bd22a18774de60dc475
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbf04b9ea319-FCO
expires
0
logo-nibc.png
login-uat.nibc.com/ui/assets/general/img/logos/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login-uat.nibc.com/ui/assets/general/img/logos/logo-nibc.png
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e231884f1f6dcc9afade356a9ed8feeffcf02c21d6b326cc4acb993296464c90
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
16518
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
image/png
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
85decbf04b9fa319-FCO
expires
0
jquery-3.3.1.min.js
login-uat.nibc.com/ui/js/external/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/js/external/jquery-3.3.1.min.js
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbf04ba0a319-FCO
expires
0
general.min.js
login-uat.nibc.com/ui/js/ 		32 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/js/general.min.js
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96df6f1095dc3d0fedaa4c388babbd31455e6b84395b78e4f24cc4558d5f8f23
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbf1ddaaa319-FCO
expires
0
prevent-resubmit.js
login-uat.nibc.com/ui/js/ 		292 B
638 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/js/prevent-resubmit.js
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50f8ff1910295be70f1db1c9c9240c0c39717523ae0c546bd5fdd5581a4dead0
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbf1edb4a319-FCO
expires
0
client-side-validation-no-empty-form.js
login-uat.nibc.com/ui/js/ 		2 KB
1005 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/js/client-side-validation-no-empty-form.js
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c46224201cbff644330605c4ebd43695ef688dc943094bdb3adf3857ddd8befe
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbf1edb6a319-FCO
expires
0
cookies.min.js
login-uat.nibc.com/ui/js/external/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/js/external/cookies.min.js
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2949872386ad9f1f795b97bc891366ef80137e57779ef162f96d64746d0c767
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbf1edb7a319-FCO
expires
0
cookie-banner.js
login-uat.nibc.com/ui/js/ 		469 B
698 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/js/cookie-banner.js
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02add2810fd3f90d44045fe4806a8cd6b763abbc209e43f50a96865e1ebd5683
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbf1edb8a319-FCO
expires
0
nibc-header-1.jpg
login-uat.nibc.com/ui/assets/general/img/photos/ 		185 KB
185 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login-uat.nibc.com/ui/assets/general/img/photos/nibc-header-1.jpg
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/login?language=nl_NL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02e6bf885d046dc12e8c2446fefa87cd13916f9650253d878ea54a66f7a325c9
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://login-uat.nibc.com/ui/login?language=nl_NL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
189271
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
image/jpeg
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
85decbf1edbba319-FCO
expires
0
Sora-Bold.ttf
login-uat.nibc.com/ui/assets/general/fonts/Sora/ 		56 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/assets/general/fonts/Sora/Sora-Bold.ttf
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/css/main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e1d01b95f06047dda0ff5cb5b4ac79fa264e0004f017740d1a6f9b156fcb232
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login-uat.nibc.com/ui/css/main.css
Origin
https://login-uat.nibc.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
57724
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/x-font-ttf
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
85decbf1edbca319-FCO
expires
0
Sora-Regular.ttf
login-uat.nibc.com/ui/assets/general/fonts/Sora/ 		56 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/assets/general/fonts/Sora/Sora-Regular.ttf
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/css/main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4cfe2e20581cdf9cc0dc02caffabd1050ce4d33dfed0921613c2d5afa05afef
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login-uat.nibc.com/ui/css/main.css
Origin
https://login-uat.nibc.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
57644
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/x-font-ttf
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
85decbf1edbda319-FCO
expires
0
icons.woff
login-uat.nibc.com/ui/assets/general/fonts/icons/ 		8 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login-uat.nibc.com/ui/assets/general/fonts/icons/icons.woff
Requested by
Host: login-uat.nibc.com
URL: https://login-uat.nibc.com/ui/css/general.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.147.28 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c262f462b86385967717cd65697e5cc802682d6e8b104e72752120ebcfcd44d8
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://login-uat.nibc.com/ui/css/general.min.css
Origin
https://login-uat.nibc.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Sat, 02 Mar 2024 04:55:48 GMT
content-security-policy
default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
cf-cache-status
MISS
content-encoding
gzip
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 17 May 2023 14:29:10 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/font-woff
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-robots-tag
noindex
cf-ray
85decbf1edbfa319-FCO
expires
0

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getCookie function| setCookie function| getUrlParameter function| isMobileApp function| redirect_mobile_app function| check_language_param function| redirect_login_page function| redirect_dashboard_page object| RecaptchaOptions function| $ function| jQuery object| docCookies

14 Cookies

Domain/Path Name / Value
login-uat.nibcdirect.be/ui Name: UI_EXTENSION_JSESSIONID
Value: 135205B0C93A618ABECBF31FBDA5E902
login-uat.nibc.com/ui Name: UI_EXTENSION_JSESSIONID
Value: 85A3AE82632C380B36B8D9E19F6615DD
.login-uat.nibcdirect.be/ Name: _cfuvid
Value: XxZhwGpxJOCu5O.z8oYj82HfxFsgodMU8uvtFyvOXyU-1709355346305-0.0.1.1-604800000
login-uat.nibcdirect.be/ Name: SESSION
Value: MDc1MGNhOWItZTYzMi00Y2U3LWE4Y2MtYTZkZmNmMWRmZjFk
login-uat.nibcdirect.be/ Name: legacy_SESSION
Value: MDc1MGNhOWItZTYzMi00Y2U3LWE4Y2MtYTZkZmNmMWRmZjFk
.login-uat.nibcdirect.be/ Name: idp_session_magmt_token
Value: 0750ca9b-e632-4ce7-a8cc-a6dfcf1dff1d
login-uat.nibcdirect.be/ Name: INGRESSCOOKIE
Value: ab1cec5d6934e1c7
.login-uat.nibc.com/ Name: _cfuvid
Value: iDM1gFT1KZxRAuY2bfTKomLOPgxe3lKgpV96pJnB26w-1709355348144-0.0.1.1-604800000
.login-uat.nibc.com/ Name: idp_session_magmt_token
Value: f6887f69-3dbd-416b-901d-17d60cabebd8
login-uat.nibc.com/ Name: SESSION
Value: ZjY4ODdmNjktM2RiZC00MTZiLTkwMWQtMTdkNjBjYWJlYmQ4
login-uat.nibc.com/ Name: legacy_SESSION
Value: ZjY4ODdmNjktM2RiZC00MTZiLTkwMWQtMTdkNjBjYWJlYmQ4
.login-uat.nibc.com/ Name: idp_set_session_locale
Value: nl-NL
login-uat.nibc.com/ Name: INGRESSCOOKIE
Value: ab1cec5d6934e1c7
login-uat.nibc.com/ Name: lan
Value: nl_NL

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' www.google.com token-uat.nibc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' token-uat.nibc.com; frame-ancestors 'none';
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block