Submitted URL: https://digi-sit.bicbank.com.kh/
Effective URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Submission: On June 27 via api from US — Scanned from DE

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 32 HTTP transactions. The main IP is 103.166.94.167, located in Cambodia and belongs to BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH. The main domain is digi-sit.bicbank.com.kh.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on May 9th 2024. Valid for: a year.
This is the only time digi-sit.bicbank.com.kh was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 22 103.166.94.167 134136 (BICCAMBOD...)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
32 7
Apex Domain
Subdomains
Transfer
22 bicbank.com.kh
digi-sit.bicbank.com.kh
770 KB
4 googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 3981
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 642
1 KB
4 gstatic.com
www.gstatic.com
241 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81
132 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2355
1 google.com
www.google.com — Cisco Umbrella Rank: 5
961 B
32 6
Domain Requested by
22 digi-sit.bicbank.com.kh 2 redirects digi-sit.bicbank.com.kh
4 www.gstatic.com digi-sit.bicbank.com.kh
www.google.com
2 firebaseinstallations.googleapis.com www.gstatic.com
2 firebase.googleapis.com www.gstatic.com
2 www.googletagmanager.com www.gstatic.com
www.googletagmanager.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.google.com digi-sit.bicbank.com.kh
32 7

This site contains no links.

Subject Issuer Validity Valid
*.bicbank.com.kh
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-05-09 -
2025-06-09
a year crt.sh
*.google.com
WR2
2024-06-13 -
2024-09-05
3 months crt.sh
*.gstatic.com
WR2
2024-06-13 -
2024-09-05
3 months crt.sh
*.google-analytics.com
WR2
2024-06-13 -
2024-09-05
3 months crt.sh
upload.video.google.com
WR2
2024-06-13 -
2024-09-05
3 months crt.sh

This page contains 1 frames:

Primary Page: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Frame ID: 25528F60A0209B9C2FAC6F5D1BDBACFD
Requests: 30 HTTP requests in this frame

Screenshot

Page Title

Login - BICApp

Page URL History Show full URLs

  1. https://digi-sit.bicbank.com.kh/ HTTP 302
    https://digi-sit.bicbank.com.kh/web/admin HTTP 302
    https://digi-sit.bicbank.com.kh/web/admin/authentication/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /firebasejs/([\d.]+)/firebase

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

32
Requests

100 %
HTTPS

86 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

1144 kB
Transfer

1742 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://digi-sit.bicbank.com.kh/ HTTP 302
    https://digi-sit.bicbank.com.kh/web/admin HTTP 302
    https://digi-sit.bicbank.com.kh/web/admin/authentication/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login
digi-sit.bicbank.com.kh/web/admin/authentication/
Redirect Chain
  • https://digi-sit.bicbank.com.kh/
  • https://digi-sit.bicbank.com.kh/web/admin
  • https://digi-sit.bicbank.com.kh/web/admin/authentication/login
6 KB
7 KB
Document
General
Full URL
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
f3c3f8f58d9fb9f22d5c4c02bc7d7818ed9f8f6cbab30b18321c706ed23ded0c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate, public
Connection
Keep-Alive
Content-Language
en-US
Content-Length
6404
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/html;charset=UTF-8
Date
Thu, 27 Jun 2024 11:14:55 GMT
Expires
0
Keep-Alive
timeout=5, max=98
Server
Web Server
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com DENY
X-XSS-Protection
1; mode=block
x-request-id
c8b85e19464e463f9cbe589bba76b5c5
x-response-id
88e618e8a28e4735b4bf153ebceb1c9b

Redirect headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate, public
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Date
Thu, 27 Jun 2024 11:14:55 GMT
Expires
0
Keep-Alive
timeout=5, max=99
Location
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Server
Web Server
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com DENY
X-XSS-Protection
1; mode=block
bootstrap.min.css
digi-sit.bicbank.com.kh/webjars/bootstrap/3.4.1/css/
119 KB
119 KB
Stylesheet
General
Full URL
https://digi-sit.bicbank.com.kh/webjars/bootstrap/3.4.1/css/bootstrap.min.css
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:58 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
4c5aa2011ab544fbbe90c3fdc24c738e
Connection
Keep-Alive
Content-Length
121457
X-XSS-Protection
1; mode=block
x-request-id
9f865cc5a2d3430cb6ce9d07ee55c36e
Last-Modified
Mon, 21 Aug 2023 02:29:44 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
core.css
digi-sit.bicbank.com.kh/assets/css/
18 KB
19 KB
Stylesheet
General
Full URL
https://digi-sit.bicbank.com.kh/assets/css/core.css
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
f180bf2d2e2657621cd223890fbd5fb319f0ac6736b2784fcd8b4986c27f3fae
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:58 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
d4d557519cc54057bed449ac4985ade4
Connection
Keep-Alive
Content-Length
18240
X-XSS-Protection
1; mode=block
x-request-id
b532a28596a74bd092ebaae6aa808449
Last-Modified
Tue, 05 May 2020 05:08:05 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
components.css
digi-sit.bicbank.com.kh/assets/css/
91 KB
92 KB
Stylesheet
General
Full URL
https://digi-sit.bicbank.com.kh/assets/css/components.css
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
97dbf1085f897465c53f70c788d0283ff0cc837249e562314ca1275fac8770a4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:58 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
d7cf49e08fe64bf58ae7a24b228d021e
Connection
Keep-Alive
Content-Length
93019
X-XSS-Protection
1; mode=block
x-request-id
6d0487ef528c47f591888f4f3cd0f57b
Last-Modified
Mon, 30 Nov 2020 22:21:21 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
icons.css
digi-sit.bicbank.com.kh/assets/css/
209 KB
210 KB
Stylesheet
General
Full URL
https://digi-sit.bicbank.com.kh/assets/css/icons.css
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
104019a8eb893070eba7ac139fc4ee715764818022360d438f8b57858f887efb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:58 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
352d150b03e044b1a6f4d64e0113a8cb
Connection
Keep-Alive
Content-Length
214255
X-XSS-Protection
1; mode=block
x-request-id
627c5eff1c1043ca9097f281ea98e578
Last-Modified
Tue, 05 May 2020 05:08:05 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
pages.css
digi-sit.bicbank.com.kh/assets/css/
20 KB
21 KB
Stylesheet
General
Full URL
https://digi-sit.bicbank.com.kh/assets/css/pages.css
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
f5d099c48c083ad6668570417b0b9c0b40cc516e78ecee1c7df980dddcf512eb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:58 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
fde830c5f1a94c8fac1b6e267858caf8
Connection
Keep-Alive
Content-Length
20421
X-XSS-Protection
1; mode=block
x-request-id
54adb870e1504403ac20dc48f1356cd6
Last-Modified
Tue, 05 May 2020 05:08:05 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
menu.css
digi-sit.bicbank.com.kh/assets/css/
12 KB
13 KB
Stylesheet
General
Full URL
https://digi-sit.bicbank.com.kh/assets/css/menu.css
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
b9f60174e5cd6ebc46d84db3331a4ac1a18aa1cf75d8311e71201c392a312254
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:58 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
b4977b498cd44412be30d80d39e0021c
Connection
Keep-Alive
Content-Length
12484
X-XSS-Protection
1; mode=block
x-request-id
c654f39d75e744d2893c95bdc66a3894
Last-Modified
Thu, 04 Mar 2021 03:19:08 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
responsive.css
digi-sit.bicbank.com.kh/assets/css/
4 KB
5 KB
Stylesheet
General
Full URL
https://digi-sit.bicbank.com.kh/assets/css/responsive.css
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
b8b3607ea088f9f6ee014d312fbd17c798515ca11365bde4df8b2209a5284987
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:59 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
8d1365d5eb9a47019505187bcdf93fee
Connection
Keep-Alive
Content-Length
4473
X-XSS-Protection
1; mode=block
x-request-id
19f308250b564ae197fc579d27b9fcfc
Last-Modified
Tue, 05 May 2020 05:08:05 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
style.css
digi-sit.bicbank.com.kh/assets/css/
3 KB
4 KB
Stylesheet
General
Full URL
https://digi-sit.bicbank.com.kh/assets/css/style.css
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
88da7bd2ad34add27f0cdfcf50e5ea05ae64e810d0ce72afcdfc65454e8a3158
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:59 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
eb5e96ad65224a32a6f831cd053eabf1
Connection
Keep-Alive
Content-Length
3058
X-XSS-Protection
1; mode=block
x-request-id
88aa92f2cd7b479a8971fa7cee510f81
Last-Modified
Wed, 04 Jan 2023 01:54:26 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
modernizr.min.js
digi-sit.bicbank.com.kh/assets/js/
11 KB
12 KB
Script
General
Full URL
https://digi-sit.bicbank.com.kh/assets/js/modernizr.min.js
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:59 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
c444ce87c8684a0ab13584c8ac2f4ef7
Connection
Keep-Alive
Content-Length
11084
X-XSS-Protection
1; mode=block
x-request-id
92862effe42b44d6b64b387416f0f240
Last-Modified
Tue, 05 May 2020 05:08:05 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
application/javascript;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
api.js
www.google.com/recaptcha/
1 KB
961 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
df85e001ce72e46c578531cf3ea8bbb0712a4af63abc112d9d633e474c05965f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 11:14:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 27 Jun 2024 11:14:58 GMT
logo.png
digi-sit.bicbank.com.kh/assets/images/
9 KB
10 KB
Image
General
Full URL
https://digi-sit.bicbank.com.kh/assets/images/logo.png
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
c9eb76ae89793eb8f515331de43344f6c04d45d02a80bd7bbdcd91bcfef5c79e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:59 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
3b214188983045ce91d2da35a0a2937b
Connection
Keep-Alive
Content-Length
9664
X-XSS-Protection
1; mode=block
x-request-id
389db7d5d1f9438ca26e57bb6bc576a1
Last-Modified
Fri, 15 May 2020 05:39:52 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
image/png;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
jquery-3.6.0.min.js
digi-sit.bicbank.com.kh/assets/js/
87 KB
88 KB
Script
General
Full URL
https://digi-sit.bicbank.com.kh/assets/js/jquery-3.6.0.min.js
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:59 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
4dd4f9971035413dbb2199545c5b0855
Connection
Keep-Alive
Content-Length
89501
X-XSS-Protection
1; mode=block
x-request-id
c9264852dd4a4af9add1bbef9262ac3b
Last-Modified
Wed, 09 Feb 2022 01:52:02 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
application/javascript;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
bootstrap.min.js
digi-sit.bicbank.com.kh/webjars/bootstrap/3.4.1/js/
39 KB
40 KB
Script
General
Full URL
https://digi-sit.bicbank.com.kh/webjars/bootstrap/3.4.1/js/bootstrap.min.js
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:59 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
9640bbaeb3c54c31aea20a7e0e5589a5
Connection
Keep-Alive
Content-Length
39680
X-XSS-Protection
1; mode=block
x-request-id
3bcac72795d7462d81da62051abe3ac5
Last-Modified
Mon, 21 Aug 2023 02:29:44 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
application/javascript;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
push.min.js
digi-sit.bicbank.com.kh/plugins/push/
13 KB
13 KB
Script
General
Full URL
https://digi-sit.bicbank.com.kh/plugins/push/push.min.js
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
54fa706a73b5488a878791923a93198477e5440f3d0f22311c6cd58829163b0c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:15:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
be79c9da1324458f9b2773bbd3ff9c70
Connection
Keep-Alive
Content-Length
12917
X-XSS-Protection
1; mode=block
x-request-id
e37a962630d74580b5e3bf793ca4b832
Last-Modified
Tue, 05 May 2020 05:08:06 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
application/javascript;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
firebase-app.js
www.gstatic.com/firebasejs/7.23.0/
20 KB
7 KB
Script
General
Full URL
https://www.gstatic.com/firebasejs/7.23.0/firebase-app.js
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61fbb9b0a6dd750be54d75b8eb16f6aea217aa36df2b4e3a4b80f960a1ca368f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 14:48:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
160018
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6636
x-xss-protection
0
last-modified
Thu, 08 Oct 2020 20:48:24 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 25 Jun 2025 14:48:03 GMT
firebase-messaging.js
www.gstatic.com/firebasejs/7.23.0/
40 KB
11 KB
Script
General
Full URL
https://www.gstatic.com/firebasejs/7.23.0/firebase-messaging.js
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b090c352b4698d65d2d9fcd3c4b41e5f50d017e4caa48f2eef492c6a61adffb7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 08:00:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11645
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10930
x-xss-protection
0
last-modified
Thu, 08 Oct 2020 20:48:30 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 27 Jun 2025 08:00:56 GMT
firebase-analytics.js
www.gstatic.com/firebasejs/7.23.0/
35 KB
11 KB
Script
General
Full URL
https://www.gstatic.com/firebasejs/7.23.0/firebase-analytics.js
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
954201eeb1cac382fbf2a85d6023b581a75c1d58c618367851503ef696262e7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:44:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
55816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10857
x-xss-protection
0
last-modified
Thu, 08 Oct 2020 20:48:30 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 26 Jun 2025 19:44:45 GMT
firebase-initialization.js
digi-sit.bicbank.com.kh/
2 KB
3 KB
Script
General
Full URL
https://digi-sit.bicbank.com.kh/firebase-initialization.js
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
a3d92b66d7b642c7683e4ce3200545cf44cac360b0e984dd059b54ca2148f894
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:15:00 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
684877bb90a244c69cc974148cd8d363
Connection
Keep-Alive
Content-Length
2311
X-XSS-Protection
1; mode=block
x-request-id
b53ea439c23d43e8a45a4a278986e040
Last-Modified
Tue, 13 Oct 2020 02:10:18 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
application/javascript;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
core_font.css
digi-sit.bicbank.com.kh/assets/css/
4 KB
5 KB
Stylesheet
General
Full URL
https://digi-sit.bicbank.com.kh/assets/css/core_font.css
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/assets/css/core.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
a6bda323817443a9ae484cf93743af7b2aa66811ee5f4e8b0ecdfb5658afcbc3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/assets/css/core.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:14:59 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
7acb7215a52e4072935a60ca714271b6
Connection
Keep-Alive
Content-Length
4377
X-XSS-Protection
1; mode=block
x-request-id
4415d42c6fac44878aa4adceb1e06fc5
Last-Modified
Wed, 04 Jan 2023 01:54:26 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
w8gdH283Tvk__Lua32TysjIfp8uP.woff2
digi-sit.bicbank.com.kh/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://digi-sit.bicbank.com.kh/assets/fonts/w8gdH283Tvk__Lua32TysjIfp8uP.woff2
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/assets/css/core_font.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
940bd4a564804ab577a9d374f205561fe77d98dfe612a6a14424d67ec1c10f69
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/assets/css/core_font.css
Origin
https://digi-sit.bicbank.com.kh
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:15:03 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
7c9b9970f95d44578fdae213ac2ed20f
Connection
Keep-Alive
Content-Length
20072
X-XSS-Protection
1; mode=block
x-request-id
45f7d79407b449f486312db51473608a
Last-Modified
Tue, 05 May 2020 05:08:05 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Type
application/font-woff2;charset=UTF-8
Access-Control-Allow-Origin
https://digi-sit.bicbank.com.kh
Cache-Control
public
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
recaptcha__de.js
www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/
536 KB
213 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/
Origin
https://digi-sit.bicbank.com.kh
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 07:46:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12508
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
217833
x-xss-protection
0
last-modified
Sun, 23 Jun 2024 08:01:07 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 27 Jun 2025 07:46:35 GMT
f0Xu0e2p98ZvDXdZQIOcpqjfKaMXfsEp.woff2
digi-sit.bicbank.com.kh/assets/fonts/
14 KB
15 KB
Font
General
Full URL
https://digi-sit.bicbank.com.kh/assets/fonts/f0Xu0e2p98ZvDXdZQIOcpqjfKaMXfsEp.woff2
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/assets/css/core_font.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
c157136175a709c00bcb92dc4062ff21415ae49755ba9181c294a65c93ca3e8c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/assets/css/core_font.css
Origin
https://digi-sit.bicbank.com.kh
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:15:03 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
6e137238d50c41e4a773d901ca0b6974
Connection
Keep-Alive
Content-Length
14472
X-XSS-Protection
1; mode=block
x-request-id
fea621517748433ea751894f0723abae
Last-Modified
Tue, 05 May 2020 05:08:05 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Type
application/font-woff2;charset=UTF-8
Access-Control-Allow-Origin
https://digi-sit.bicbank.com.kh
Cache-Control
public
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
fontawesome-webfont.woff2
digi-sit.bicbank.com.kh/assets/fonts/
70 KB
71 KB
Font
General
Full URL
https://digi-sit.bicbank.com.kh/assets/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: digi-sit.bicbank.com.kh
URL: https://digi-sit.bicbank.com.kh/assets/css/icons.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/assets/css/icons.css
Origin
https://digi-sit.bicbank.com.kh
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:15:03 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
99f9b612ead44dd5af141469e3e5064f
Connection
Keep-Alive
Content-Length
71896
X-XSS-Protection
1; mode=block
x-request-id
2a62bf716fb242dcba0ed1df2497bf88
Last-Modified
Tue, 05 May 2020 05:08:05 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Type
application/font-woff2;charset=UTF-8
Access-Control-Allow-Origin
https://digi-sit.bicbank.com.kh
Cache-Control
public
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
js
www.googletagmanager.com/gtag/
127 KB
49 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?l=dataLayer
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/firebasejs/7.23.0/firebase-analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5bab76553fdd1fdd2f683abd5989e6bda3aff57f7c6d9577b766b9927db45b99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 11:15:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49500
x-xss-protection
0
last-modified
Thu, 27 Jun 2024 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 27 Jun 2024 11:15:03 GMT
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:1036381386280:web:e86ac4a081b244887d671d/
335 B
423 B
Fetch
General
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:1036381386280:web:e86ac4a081b244887d671d/webConfig
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/firebasejs/7.23.0/firebase-analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4ddadc98d6768d1472e3ea6306109d819836f23d5601561229f2d22c540d6c53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
accept
application/json
Referer
https://digi-sit.bicbank.com.kh/
x-goog-api-key
AIzaSyBCqBguxEgZV1njyw74gbEsQS2zP-6aqiY
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 11:15:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://digi-sit.bicbank.com.kh
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
233
x-xss-protection
0
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:1036381386280:web:e86ac4a081b244887d671d/
0
0
Preflight
General
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:1036381386280:web:e86ac4a081b244887d671d/webConfig
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-api-key
Access-Control-Request-Method
GET
Origin
https://digi-sit.bicbank.com.kh
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://digi-sit.bicbank.com.kh
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 27 Jun 2024 11:15:03 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/bic-orbv2/
0
0
Preflight
General
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/bic-orbv2/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://digi-sit.bicbank.com.kh
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://digi-sit.bicbank.com.kh
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 27 Jun 2024 11:15:03 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/bic-orbv2/
628 B
689 B
Fetch
General
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/bic-orbv2/installations
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/firebasejs/7.23.0/firebase-messaging.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9bb26efe441065e0696242c4f5df655eafe7f466d03caf1cf2353f0f8b82ba94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type
application/json
accept
application/json
Referer
https://digi-sit.bicbank.com.kh/
x-goog-api-key
AIzaSyBCqBguxEgZV1njyw74gbEsQS2zP-6aqiY
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 11:15:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://digi-sit.bicbank.com.kh
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
500
x-xss-protection
0
js
www.googletagmanager.com/gtag/
230 KB
83 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CZWTKFMMXD&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
23ba7c1e4f3ad0532812448e857c88b163de568ea81653f8272c749c1204ded8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 11:15:04 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85067
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 27 Jun 2024 11:15:04 GMT
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-CZWTKFMMXD&gtm=45je46q0v868500549za200&_p=1719486904104&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&_fid=cYcTaWdVClJpfqq34UkVL8&cid=1681147835.1719486904&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1719486904&sct=1&seg=0&dl=https%3A%2F%2Fdigi-sit.bicbank.com.kh%2Fweb%2Fadmin%2Fauthentication%2Flogin&dt=Login%20-%20BICApp&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.origin=firebase&tfd=10336&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CZWTKFMMXD&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 27 Jun 2024 11:15:04 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://digi-sit.bicbank.com.kh
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
favicon.ico
digi-sit.bicbank.com.kh/
946 B
2 KB
Other
General
Full URL
https://digi-sit.bicbank.com.kh/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.166.94.167 , Cambodia, ASN134136 (BICCAMBODIABANKPLC-AS-AP B.I.C Cambodia Bank PLC, KH),
Reverse DNS
Software
Web Server /
Resource Hash
a3fe67e3549fdbc5819762b43c7efd93b1caea734f87a33c909a4e4b2ba4e32b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 27 Jun 2024 11:15:03 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
x-response-id
f1a8428994c24b8caa4575d120be7c87
Connection
Keep-Alive
Content-Length
946
X-XSS-Protection
1; mode=block
x-request-id
c23cf7084e4c4e439ada81e27817940e
Last-Modified
Mon, 21 Aug 2023 02:20:41 GMT
Server
Web Server
X-Frame-Options
ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Content-Type
image/x-icon;charset=UTF-8
Cache-Control
public
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| html5 object| Modernizr object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| $ function| jQuery object| Push string| apiKey string| authDomain string| databaseURL string| projectId string| storageBucket string| messagingSenderId string| appId string| measurementId string| publicVapidKey string| profilePictureAllowedExtension string| profilePictureAllowedFileSize string| defaultProfilePicture object| firebase function| firebaseInitialization object| dataLayer function| gtag object| recaptcha object| google_tag_manager object| google_tag_data object| gaGlobal

5 Cookies

Domain/Path Name / Value
digi-sit.bicbank.com.kh/ Name: ROUTEID
Value: .2
digi-sit.bicbank.com.kh/ Name: cookiesession1
Value: 678A3E1D4AE00FB391E696D93A0AB27A
digi-sit.bicbank.com.kh/ Name: JSESSIONID
Value: E23D8ECCEAEC3A5AF451DA0D73170B60
.bicbank.com.kh/ Name: _ga_CZWTKFMMXD
Value: GS1.1.1719486904.1.0.1719486904.0.0.0
.bicbank.com.kh/ Name: _ga
Value: GA1.1.1681147835.1719486904

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://digi-sit.bicbank.com.kh/web/admin/authentication/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://devwebpayment.kesspay.io https://uatbicmobile.page.link https://iframetester.com DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

digi-sit.bicbank.com.kh
firebase.googleapis.com
firebaseinstallations.googleapis.com
region1.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
103.166.94.167
2001:4860:4802:32::36
2a00:1450:4001:827::2008
2a00:1450:4001:827::200a
2a00:1450:4001:829::2004
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2003
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
104019a8eb893070eba7ac139fc4ee715764818022360d438f8b57858f887efb
23ba7c1e4f3ad0532812448e857c88b163de568ea81653f8272c749c1204ded8
4ddadc98d6768d1472e3ea6306109d819836f23d5601561229f2d22c540d6c53
54fa706a73b5488a878791923a93198477e5440f3d0f22311c6cd58829163b0c
5bab76553fdd1fdd2f683abd5989e6bda3aff57f7c6d9577b766b9927db45b99
61fbb9b0a6dd750be54d75b8eb16f6aea217aa36df2b4e3a4b80f960a1ca368f
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
88da7bd2ad34add27f0cdfcf50e5ea05ae64e810d0ce72afcdfc65454e8a3158
940bd4a564804ab577a9d374f205561fe77d98dfe612a6a14424d67ec1c10f69
954201eeb1cac382fbf2a85d6023b581a75c1d58c618367851503ef696262e7d
97dbf1085f897465c53f70c788d0283ff0cc837249e562314ca1275fac8770a4
9bb26efe441065e0696242c4f5df655eafe7f466d03caf1cf2353f0f8b82ba94
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a3d92b66d7b642c7683e4ce3200545cf44cac360b0e984dd059b54ca2148f894
a3fe67e3549fdbc5819762b43c7efd93b1caea734f87a33c909a4e4b2ba4e32b
a6bda323817443a9ae484cf93743af7b2aa66811ee5f4e8b0ecdfb5658afcbc3
b090c352b4698d65d2d9fcd3c4b41e5f50d017e4caa48f2eef492c6a61adffb7
b8b3607ea088f9f6ee014d312fbd17c798515ca11365bde4df8b2209a5284987
b9f60174e5cd6ebc46d84db3331a4ac1a18aa1cf75d8311e71201c392a312254
c157136175a709c00bcb92dc4062ff21415ae49755ba9181c294a65c93ca3e8c
c9eb76ae89793eb8f515331de43344f6c04d45d02a80bd7bbdcd91bcfef5c79e
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
df85e001ce72e46c578531cf3ea8bbb0712a4af63abc112d9d633e474c05965f
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
f180bf2d2e2657621cd223890fbd5fb319f0ac6736b2784fcd8b4986c27f3fae
f3c3f8f58d9fb9f22d5c4c02bc7d7818ed9f8f6cbab30b18321c706ed23ded0c
f5d099c48c083ad6668570417b0b9c0b40cc516e78ecee1c7df980dddcf512eb