URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E...
Submission: On May 27 via api from BE — Scanned from DE

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 193.58.4.82, located in Belgium and belongs to BNP-PARIBAS France, FR. The main domain is www.bnpparibasfortis.be. The Cisco Umbrella rank of the primary domain is 460776.
TLS certificate: Issued by Entrust Certification Authority - L1M on November 29th 2021. Valid for: a year.
This is the only time www.bnpparibasfortis.be was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 193.58.4.82 25215 (BNP-PARIB...)
8 193.58.4.84 25215 (BNP-PARIB...)
2 83.217.64.28 34762 (COMBELL-AS)
3 193.58.4.1 25215 (BNP-PARIB...)
14 4
Apex Domain
Subdomains
Transfer
11 bnpparibasfortis.be
www.bnpparibasfortis.be — Cisco Umbrella Rank: 460776
static.bnpparibasfortis.be
companies.bnpparibasfortis.be
94 KB
3 bnpparibas.be
media.bnpparibas.be — Cisco Umbrella Rank: 825437
8 KB
14 2
Domain Requested by
8 static.bnpparibasfortis.be www.bnpparibasfortis.be
3 media.bnpparibas.be www.bnpparibasfortis.be
2 companies.bnpparibasfortis.be www.bnpparibasfortis.be
1 www.bnpparibasfortis.be
14 4

This site contains no links.

Subject Issuer Validity Valid
www.bnpparibasfortis.be
Entrust Certification Authority - L1M
2021-11-29 -
2022-12-28
a year crt.sh
static.bnpparibasfortis.be
Entrust Certification Authority - L1M
2021-10-11 -
2022-11-10
a year crt.sh
companies.bnpparibasfortis.be
Entrust Certification Authority - L1M
2021-12-07 -
2023-01-06
a year crt.sh
media.bnpparibas.be
Entrust Certification Authority - L1K
2021-06-30 -
2022-07-29
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Frame ID: 40C874C9C7D620A637F3D852583312A4
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

1 of meer betalingen niet uitgevoerd

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

4
IPs

1
Countries

101 kB
Transfer

192 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request default.aspx
www.bnpparibasfortis.be/site/renderers/
18 KB
7 KB
Document
General
Full URL
https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
easybanking.bnpparibasfortis.be
Software
/
Resource Hash
bc11ca5f9612b6d533a98488bcf0941714bb210507106efae9f81ef85db21aab
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Encoding
gzip
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
cache-control
private
content-type
text/html; charset=Windows-1252
date
Fri, 27 May 2022 08:56:10 GMT
p3p
CP="NON CUR OTPi OUR UNI NOR"
x-old-content-length
18342
Applicationfunction.css
static.bnpparibasfortis.be/Images/rStyles/
16 KB
6 KB
Stylesheet
General
Full URL
https://static.bnpparibasfortis.be/Images/rStyles/Applicationfunction.css
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.84 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
h193-58-4-84.unknown.fortisbank.be
Software
/
Resource Hash
f497cc3d836a599833d709b70608303132e686d4703be4c0665bb544e2d4f52f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 08:56:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
last-modified
Fri, 19 Mar 2010 13:18:17 GMT
etag
"5fb63da366c7ca1:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
p3p
CP="NON CUR OTPi OUR UNI NOR"
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Connection
Keep-Alive
accept-ranges
bytes
content-type
text/css
Vary
Accept-Encoding
Content-Length
5162
X-XSS-Protection
1; mode=block
General.css
static.bnpparibasfortis.be/Images/rStyles/
10 KB
5 KB
Stylesheet
General
Full URL
https://static.bnpparibasfortis.be/Images/rStyles/General.css
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.84 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
h193-58-4-84.unknown.fortisbank.be
Software
/
Resource Hash
3b3720d4cd553e1b5964d2d89004fe5e0057dfb3e166db7062f84b964fe00e1a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 08:56:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
last-modified
Fri, 19 Mar 2010 13:18:17 GMT
etag
"158e55a366c7ca1:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
p3p
CP="NON CUR OTPi OUR UNI NOR"
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Connection
Keep-Alive
accept-ranges
bytes
content-type
text/css
Vary
Accept-Encoding
Content-Length
3586
X-XSS-Protection
1; mode=block
jquery.js
static.bnpparibasfortis.be/Images/js/
70 KB
33 KB
Script
General
Full URL
https://static.bnpparibasfortis.be/Images/js/jquery.js
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.84 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
h193-58-4-84.unknown.fortisbank.be
Software
/
Resource Hash
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 08:56:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
last-modified
Tue, 28 Sep 2010 11:42:36 GMT
etag
"db79413f25fcb1:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
p3p
CP="NON CUR OTPi OUR UNI NOR"
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Connection
Keep-Alive
accept-ranges
bytes
content-type
application/x-javascript
Vary
Accept-Encoding
Content-Length
32337
X-XSS-Protection
1; mode=block
messagent.js
static.bnpparibasfortis.be/Images/js/
19 KB
7 KB
Script
General
Full URL
https://static.bnpparibasfortis.be/Images/js/messagent.js
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.84 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
h193-58-4-84.unknown.fortisbank.be
Software
/
Resource Hash
66f4e6d0d472a1f89924f44263eeda14250f87fdb77ca4b746f73dc98e76bcfe
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 08:56:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
last-modified
Fri, 27 May 2011 07:12:32 GMT
etag
"a16a723d1ccc1:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
p3p
CP="NON CUR OTPi OUR UNI NOR"
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Connection
Keep-Alive
accept-ranges
bytes
content-type
application/x-javascript
Vary
Accept-Encoding
Content-Length
6459
X-XSS-Protection
1; mode=block
common.js
static.bnpparibasfortis.be/Images/js/
286 B
1 KB
Script
General
Full URL
https://static.bnpparibasfortis.be/Images/js/common.js
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.84 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
h193-58-4-84.unknown.fortisbank.be
Software
/
Resource Hash
29e474269b1b11ff33bbac302bd3fa5bf1db4dcdc614fd91aac5beb1590a6a3d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 08:56:11 GMT
X-Content-Type-Options
nosniff
last-modified
Tue, 28 Sep 2010 11:43:31 GMT
etag
"f376d55f25fcb1:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
p3p
CP="NON CUR OTPi OUR UNI NOR"
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
accept-ranges
bytes
content-type
application/x-javascript
Vary
Accept-Encoding
content-length
286
X-XSS-Protection
1; mode=block
fieldManager.js
static.bnpparibasfortis.be/Images/js/
29 KB
9 KB
Script
General
Full URL
https://static.bnpparibasfortis.be/Images/js/fieldManager.js
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.84 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
h193-58-4-84.unknown.fortisbank.be
Software
/
Resource Hash
d0cc9f165d9125941518dc9864edd9391cf95875f04b119f03a591250d96015a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 08:56:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
last-modified
Tue, 28 Sep 2010 11:44:25 GMT
etag
"bbd74c8025fcb1:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
p3p
CP="NON CUR OTPi OUR UNI NOR"
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Connection
Keep-Alive
accept-ranges
bytes
content-type
application/x-javascript
Vary
Accept-Encoding
Content-Length
7743
X-XSS-Protection
1; mode=block
uts-init.js
static.bnpparibasfortis.be/Images/uts-static/
900 B
2 KB
Script
General
Full URL
https://static.bnpparibasfortis.be/Images/uts-static/uts-init.js
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.84 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
h193-58-4-84.unknown.fortisbank.be
Software
/
Resource Hash
5225ca2bdbaad9d78d34cc7b261bd6ace103cdce57e35e039c2fed86e66fe4f7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 08:56:11 GMT
X-Content-Type-Options
nosniff
last-modified
Thu, 16 Jul 2015 07:33:59 GMT
etag
"f872ebc799bfd01:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
p3p
CP="NON CUR OTPi OUR UNI NOR"
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
accept-ranges
bytes
content-type
application/x-javascript
Vary
Accept-Encoding
content-length
900
X-XSS-Protection
1; mode=block
uts-no-vea.min.js
static.bnpparibasfortis.be/Images/uts-static/
5 KB
3 KB
Script
General
Full URL
https://static.bnpparibasfortis.be/Images/uts-static/uts-no-vea.min.js
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.84 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
h193-58-4-84.unknown.fortisbank.be
Software
/
Resource Hash
05f0840a2562dcf757ea7b8b4fb7b54c9348d4338c12cc0f70958eb58e9401db
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 08:56:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
last-modified
Tue, 14 Jul 2015 07:45:54 GMT
etag
"c222f11c9bed01:0"
Strict-Transport-Security
max-age=31536000; includeSubDomains
p3p
CP="NON CUR OTPi OUR UNI NOR"
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.bnpparibasfortis.be; font-src 'self' https://*.bnpparibasfortis.be; frame-src 'self'; frame-ancestors 'self' https://www.xerius.be https://services.myxerius.be; form-action 'self'; report-uri /local/errors/csp.html?errorinfo=CSP
Connection
Keep-Alive
accept-ranges
bytes
content-type
application/x-javascript
Vary
Accept-Encoding
Content-Length
2375
X-XSS-Protection
1; mode=block
brandblock_bnppf_350.jpg
companies.bnpparibasfortis.be/images/default-source/mail/system/
11 KB
11 KB
Image
General
Full URL
https://companies.bnpparibasfortis.be/images/default-source/mail/system/brandblock_bnppf_350.jpg
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
83.217.64.28 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
83.217.64.28.static.hosted.by.combell.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d34a3a3d473e16cb5569b8147bd0baf4dc18eb25f2a967c35f5a1b1650f592dd
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Last-Modified
Thu, 10 Feb 2022 08:17:06 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
public, max-age=7776000
Date
Fri, 27 May 2022 08:56:10 GMT
Content-Disposition
inline; filename=brandblock_bnppf_350.jpg
Strict-Transport-Security
max-age=31536000
Content-Length
10802
X-Xss-Protection
1; mode=block
Expires
Thu, 25 Aug 2022 08:56:11 GMT
slogan_cpbb_nl.jpg
companies.bnpparibasfortis.be/images/default-source/mail/system/
8 KB
9 KB
Image
General
Full URL
https://companies.bnpparibasfortis.be/images/default-source/mail/system/slogan_cpbb_nl.jpg
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
83.217.64.28 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
83.217.64.28.static.hosted.by.combell.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
08d2173dd1bdb4797639b87ed744bc965ca8c863a95b4cee49f338dcb98650b5
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Last-Modified
Thu, 10 Feb 2022 08:17:06 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
public, max-age=7776000
Date
Fri, 27 May 2022 08:56:10 GMT
Content-Disposition
inline; filename=slogan_cpbb_nl.jpg
Strict-Transport-Security
max-age=31536000
Content-Length
8427
X-Xss-Protection
1; mode=block
Expires
Thu, 25 Aug 2022 08:56:11 GMT
icon-IN.jpg
media.bnpparibas.be/emailing/2015/mailgenerator_v2/icons/social_media/
2 KB
3 KB
Image
General
Full URL
https://media.bnpparibas.be/emailing/2015/mailgenerator_v2/icons/social_media/icon-IN.jpg
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.1 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
www.fortisbank.com
Software
/
Resource Hash
47aec50126cf2e683b17f71e3b1f791c098e3a6d4115b7f5e2a1026f23cf0776
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://media.bnpparibasfortis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self'; form-action 'self'; report-uri /errors/default.htm?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 08:56:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 22 May 2015 07:34:26 GMT
ETag
"91e31abb6194d01:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://media.bnpparibasfortis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self'; form-action 'self'; report-uri /errors/default.htm?errorinfo=CSP
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
2144
X-XSS-Protection
1; mode=block
1px.gif
media.bnpparibas.be/emailing/2015/mailgenerator_v2/icons/
1 KB
2 KB
Image
General
Full URL
https://media.bnpparibas.be/emailing/2015/mailgenerator_v2/icons/1px.gif
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.1 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
www.fortisbank.com
Software
/
Resource Hash
e572b8401a7038c3bf23c79d522bbfabf7540ee94dac5169a77db73f9b84a622
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://media.bnpparibasfortis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self'; form-action 'self'; report-uri /errors/default.htm?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 08:56:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 23 Apr 2015 09:05:07 GMT
ETag
"2fb86598a47dd01:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://media.bnpparibasfortis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self'; form-action 'self'; report-uri /errors/default.htm?errorinfo=CSP
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
1095
X-XSS-Protection
1; mode=block
icon-TW.jpg
media.bnpparibas.be/emailing/2015/mailgenerator_v2/icons/social_media/
2 KB
3 KB
Image
General
Full URL
https://media.bnpparibas.be/emailing/2015/mailgenerator_v2/icons/social_media/icon-TW.jpg
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.58.4.1 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
www.fortisbank.com
Software
/
Resource Hash
cda7b7a6f64e7af1dcee66c5f5614cfeccbbcedd5571609d1eb8299c8de0b748
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://media.bnpparibasfortis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self'; form-action 'self'; report-uri /errors/default.htm?errorinfo=CSP
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bnpparibasfortis.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 08:56:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 22 May 2015 07:34:26 GMT
ETag
"91a71fbb6194d01:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Content-Security-Policy
default-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://media.bnpparibasfortis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self'; form-action 'self'; report-uri /errors/default.htm?errorinfo=CSP
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
2342
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery function| findRow function| ParseErrors function| openCenteredWindow function| isNumberKey function| isNumberOnlyKey function| formatAccountNumber function| formatRRNumber function| CheckPremieBedrag function| getElement function| DisableDiv function| ValideerRRNummer function| ValideerIDNummer function| setDateToDropdowns function| zeroPad function| selectOptionByValue function| isNonNumberKey function| capitalize function| resizeRightColumn function| checkZipCode function| nationalDays function| noWeekends function| noWeekendsOrHolidays function| RegisterPage function| resizeFrame boolean| isValidationActive boolean| showErrorMessageSwitch function| isSafari function| isNetscape function| checkIt function| showErrorServer function| showErrorClient function| chkFld function| validDefault function| validMnd function| getNbrVal function| getDateCompareVal function| validAct function| validActNL function| validTelNL function| validTel function| validMobile function| validMobileNL function| validRegisterNumber function| validOGM function| validInterTel function| validFloat function| validEmail function| validDate function| validCalendar function| validVAT function| validTime function| validRegExp function| setMyFocus function| getTagValue object| _utsp object| _utsc object| _uts function| readCookie function| testValidHrefLocation function| testNotEmpty function| initCr string| CRvalue string| hrefLocation number| startPos number| endPos string| oldCRValue

8 Cookies

Domain/Path Name / Value
www.bnpparibasfortis.be/ Name: ASP.NET_SessionId
Value: khnuqggn5aazphpkpsyr3fju
www.bnpparibasfortis.be/ Name: CR
Value: dDFFqChrRNB+LC8qg1uMXuiDnTjMaS3isvpxS24ldgsimIkVrqzr8f3fEAJYvmF657gRJqvBD38o2+Q5J+6LtpP46rs6SAs3o4luPZv7Cud2QPkIOdvWAHB1SrIktzdLCtuMZX45gUD9bPutNHO6MhXhRB/a1fzn
www.bnpparibasfortis.be/ Name: per_ebew_web
Value: !Afz1SBto+aeyWK7VO2JhYy0+A05F7ZYVgxkmmajAbglATWVO9DbEm7fGOdvil57we685MV3JmiahN44=
www.bnpparibasfortis.be/ Name: TS018554d6
Value: 011bf91c227675049cb799972f1c46dd737c73e1b21987fd9a5f711836073bd91be7ae462d9d618a6f637382cff7eb466f7ab880d5
www.bnpparibasfortis.be/ Name: TS8c6b196f027
Value: 083af333faab200086f7c5a3ecd6187e7dbb22381eb23bf15286823c907b9ad91a6ce56a1684c79a08fccb773f113000b3bf5b49ed4e4540414fb221fdb3f50f669d28dcc655ba89e5716ba6e458cd29f712b30c0ab2472a29aa50032ccb18a0
static.bnpparibasfortis.be/ Name: per_kcma
Value: !j7Dq2GrhgF8x7xHVO2JhYy0+A05F7alFeFL2Y2AtsJEPx6q4i9+S4GKGNPzwnGvk90Zceel/TsQdaw8=
static.bnpparibasfortis.be/ Name: TS011ad409
Value: 011bf91c22c982735b2e7ded92be7c7980bc0285cc6dafeb95d4fa714c80da72ebc8396c6420f8ad587b8584181b010088d1889cd5
companies.bnpparibasfortis.be/ Name: SERVERID
Value: ffffffffc3a0c86245525d5f4f58455e445a4a42378b

1 Console Messages

Source Level URL
Text
security error URL: https://www.bnpparibasfortis.be/site/renderers/default.aspx?ID=6yz6BfR06kj4rCRVMaIWiQma2sXM8HHSMYiG2ovnlh4Ea_JkZhWnGti5Ao83l+h8E+HVUSKtRbZCUM4tRP3xqAEGvnnI4
Message:
Unrecognized Content-Security-Policy directive 'reflected-xss'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block