my.orienbank.tj Open in urlscan Pro
193.93.56.10  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response my.orienbank.tj/	5 KB 3 KB	993ms 142ms	Document text/html	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Full URL https://my.orienbank.tj/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash 728f9d1ea651ebc844a474e724bb05b70bcb36a5c027f4d669c908df2b2cbc40 Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache, no-store, must-revalidate content-encoding gzip content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: content-type text/html;charset=UTF-8 date Thu, 21 Jul 2022 14:25:46 GMT expires Thu, 01 Jan 1970 00:00:00 GMT pragma no-cache server nginx strict-transport-security max-age=31536000; includeSubDomains; preload vary Accept-Encoding x-content-type-options nosniff x-frame-options SAMEORIGIN x-robots-tag none x-xss-protection 1; mode=block
GET H2	200	index.min.css my.orienbank.tj/static/1000042/skins/web/css/	21 KB 6 KB	145ms 143ms	Stylesheet text/css	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Full URL https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash 380f409a1bc1f9def6af69e042dff4ead4b1dbe958afc25d1614b1f0fa1f5df7 Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.orienbank.tj/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT content-encoding gzip x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx x-frame-options SAMEORIGIN etag W/"5f93c323-5454" vary Accept-Encoding content-type text/css content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload x-robots-tag none x-xss-protection 1; mode=block
GET H2	200	jquery-1.12.4.min.js Show response my.orienbank.tj/static/1000042/skins/web/js/lib/	95 KB 33 KB	276ms 275ms	Script application/javascript	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Full URL https://my.orienbank.tj/static/1000042/skins/web/js/lib/jquery-1.12.4.min.js Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.orienbank.tj/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT content-encoding gzip x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx x-frame-options SAMEORIGIN etag W/"5f93c323-17b8b" vary Accept-Encoding content-type application/javascript content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload x-robots-tag none x-xss-protection 1; mode=block
GET H2	200	jquery.ext-1.0.js Show response my.orienbank.tj/static/1000042/skins/web/js/lib/	151 KB 43 KB	144ms 143ms	Script application/javascript	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Full URL https://my.orienbank.tj/static/1000042/skins/web/js/lib/jquery.ext-1.0.js Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash 3ac245240a8d310643b4ab07988c40f0c18a2968bc5d135c32bca99271cc7c1c Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.orienbank.tj/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT content-encoding gzip x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx x-frame-options SAMEORIGIN etag W/"5f93c323-25a07" vary Accept-Encoding content-type application/javascript content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload x-robots-tag none x-xss-protection 1; mode=block
GET H2	200	messages_ru.js Show response my.orienbank.tj/static/1000042/skins/web/js/lib/	2 KB 3 KB	267ms 266ms	Script application/javascript	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Full URL https://my.orienbank.tj/static/1000042/skins/web/js/lib/messages_ru.js Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash 4073831e6ee90c90fbdab69b63b07c2014999449882f592b4134c50d01a150eb Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.orienbank.tj/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx etag "5f93c323-92c" x-frame-options SAMEORIGIN content-type application/javascript content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes x-robots-tag none content-length 2348 x-xss-protection 1; mode=block
GET H2	200	index-1.0.min.js Show response my.orienbank.tj/static/1000042/skins/web/js/	4 KB 4 KB	134ms 133ms	Script application/javascript	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Full URL https://my.orienbank.tj/static/1000042/skins/web/js/index-1.0.min.js Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash 65572fb841e9db19400e642b18224589dfa1ff7b1aa3d790cc2b3bbf028c7031 Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.orienbank.tj/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx etag "5f93c323-e24" x-frame-options SAMEORIGIN content-type application/javascript content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes x-robots-tag none content-length 3620 x-xss-protection 1; mode=block
GET		js www.googletagmanager.com/gtag/	0 0
GET H2	200	index.png my.orienbank.tj/static/1000042/skins/web/i/index/	13 KB 14 KB	135ms 133ms	Image image/png	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Show image Full URL https://my.orienbank.tj/static/1000042/skins/web/i/index/index.png Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash 0e909f06ec329fa2d037f4ccf6be8615f4a3aa4bc1804a401b481fed8a52c46b Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx etag "5f93c323-350a" x-frame-options SAMEORIGIN content-type image/png content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes x-robots-tag none content-length 13578 x-xss-protection 1; mode=block
GET H2	200	sh.png my.orienbank.tj/static/1000042/skins/web/i/index/	945 B 1 KB	135ms 134ms	Image image/png	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Show image Full URL https://my.orienbank.tj/static/1000042/skins/web/i/index/sh.png Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash f32b15699f25b3f81b9ab4756124b738a82c23aedef5d5cc1a229efda5ae2d96 Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx etag "5f93c323-3b1" x-frame-options SAMEORIGIN content-type image/png content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes x-robots-tag none content-length 945 x-xss-protection 1; mode=block
GET H2	200	c.png my.orienbank.tj/static/1000042/skins/web/i/	4 KB 5 KB	136ms 135ms	Image image/png	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Show image Full URL https://my.orienbank.tj/static/1000042/skins/web/i/c.png Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash dbf0cb5c8a4cea5ee47f584da5968fbf51a0f6a83c87538814c1cdd7f7c67763 Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx etag "5f93c323-11b1" x-frame-options SAMEORIGIN content-type image/png content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes x-robots-tag none content-length 4529 x-xss-protection 1; mode=block
GET H2	200	100527_1.png cdn.homebank.kz/crm/hb/1/	1 MB 1 MB	460ms 146ms	Image image/png	212.19.135.229 KAZAKHTELECOM-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.homebank.kz/crm/hb/1/100527_1.png Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 212.19.135.229 , Kazakhstan, ASN50482 (KAZAKHTELECOM-AS, KZ), Reverse DNS Software nginx / Resource Hash e244b32416c60d3dece3c364cb211c047e1a7b58599b06d9cf11b6aa4b3da563 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://my.orienbank.tj/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT content-encoding gzip last-modified Mon, 18 Jul 2022 04:11:10 GMT server nginx etag W/"62d4dd5e-152bd6" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000 strict-transport-security max-age=31536000; includeSubDomains; preload expires Thu, 31 Dec 2037 23:55:55 GMT
GET DATA	200 OK	truncated /	925 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash cb3cd1b5213655da57fd0b837a5fe0e613d982de02541405fd0da8dba839474b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Content-Type image/png
GET H2	200	segoeui.woff my.orienbank.tj/static/1000042/skins/web/css/f/	240 KB 241 KB	133ms 133ms	Font font/woff	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Full URL https://my.orienbank.tj/static/1000042/skins/web/css/f/segoeui.woff Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash 801b2cc85435509e921a8f3af879663fb4b7093ecf3c1d77a54197b70c831ab4 Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css Origin https://my.orienbank.tj accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx etag "5f93c323-3c050" x-frame-options SAMEORIGIN content-type font/woff content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes x-robots-tag none content-length 245840 x-xss-protection 1; mode=block
GET H2	200	segoeuib.woff my.orienbank.tj/static/1000042/skins/web/css/f/	232 KB 233 KB	258ms 258ms	Font font/woff	193.93.56.10 KAZCOMBANK-AS
General Check archive.org Show headers Download Go to Full URL https://my.orienbank.tj/static/1000042/skins/web/css/f/segoeuib.woff Requested by Host: my.orienbank.tj URL: https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 193.93.56.10 Almaty, Kazakhstan, ASN39433 (KAZCOMBANK-AS, KZ), Reverse DNS Software nginx / Resource Hash ecefcca01e112ea4c15fac62fe625f7825076ee95a071926f358b0f731184f63 Security Headers Name Value Content-Security-Policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://my.orienbank.tj/static/1000042/skins/web/css/index.min.css Origin https://my.orienbank.tj accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Thu, 21 Jul 2022 14:25:47 GMT x-content-type-options nosniff last-modified Sat, 24 Oct 2020 06:01:07 GMT server nginx etag "5f93c323-39f44" x-frame-options SAMEORIGIN content-type font/woff content-security-policy default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes x-robots-tag none content-length 237380 x-xss-protection 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.googletagmanager.com

URL

https://www.googletagmanager.com/gtag/js?id=UA-45532911-5

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| skypeDownloadPopup function| isSkypeInstalled function| skypeCheck function| setDsTimer function| dsTimer boolean| docLoaded function| CardNumberMask object| store string| dp_show_select_today string| dp_lang_clear_date object| dp_days object| dp_months string| ctx_ string| ctx_static string| token_name_ string| token_ object| jQuery112409463191963851809 string| ns3 number| dur2 number| perc

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			my.orienbank.tj/	1969-12-31 23:59:59	Name: newhb Value: EC90A0BF8ABC11DC7081DE305A7FA385
			my.orienbank.tj/	1970-01-20 13:25:49	Name: lang Value: ru

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://my.orienbank.tj/ Message: Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=UA-45532911-5' because it violates the following Content Security Policy directive: "script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.homebank.kz
my.orienbank.tj
www.googletagmanager.com
www.googletagmanager.com
193.93.56.10
212.19.135.229
0e909f06ec329fa2d037f4ccf6be8615f4a3aa4bc1804a401b481fed8a52c46b
380f409a1bc1f9def6af69e042dff4ead4b1dbe958afc25d1614b1f0fa1f5df7
3ac245240a8d310643b4ab07988c40f0c18a2968bc5d135c32bca99271cc7c1c
4073831e6ee90c90fbdab69b63b07c2014999449882f592b4134c50d01a150eb
65572fb841e9db19400e642b18224589dfa1ff7b1aa3d790cc2b3bbf028c7031
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
728f9d1ea651ebc844a474e724bb05b70bcb36a5c027f4d669c908df2b2cbc40
801b2cc85435509e921a8f3af879663fb4b7093ecf3c1d77a54197b70c831ab4
cb3cd1b5213655da57fd0b837a5fe0e613d982de02541405fd0da8dba839474b
dbf0cb5c8a4cea5ee47f584da5968fbf51a0f6a83c87538814c1cdd7f7c67763
e244b32416c60d3dece3c364cb211c047e1a7b58599b06d9cf11b6aa4b3da563
ecefcca01e112ea4c15fac62fe625f7825076ee95a071926f358b0f731184f63
f32b15699f25b3f81b9ab4756124b738a82c23aedef5d5cc1a229efda5ae2d96