demo-commerce.bankmega.com Open in urlscan Pro
103.222.239.194  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response demo-commerce.bankmega.com/	7 KB 4 KB	3650ms 318ms	Document text/html	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash 2f7cf01840f488d3dba19d9f9bf306d2b5ed14f4d973e6878061ce68f3585139 Security Headers Name Value Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src *; default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Length 2677 Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src *; default-src https: data: 'unsafe-inline' 'unsafe-eval' Content-Type text/html; charset=utf-8 Cross-Origin-Embedder-Policy unsafe-none Cross-Origin-Opener-Policy unsafe-none Cross-Origin-Resource-Policy cross-origin Date Sat, 06 Jan 2024 15:33:22 GMT ETag "4oqybnjtwn5su" Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Keep-Alive timeout=5 Permissions-Policy geolocation=() Referrer-Policy origin strict-origin-when-cross-origin Strict-Transport-Security max-age=16070400; includeSubDomains Vary Accept-Encoding X-Content-Type-Options nosniff nosniff X-Frame-Options DENY X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	50efa1d1144f55c4.css demo-commerce.bankmega.com/_next/static/css/	49 KB 10 KB	283ms 282ms	Stylesheet text/css	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/css/50efa1d1144f55c4.css Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash 1e7aca6b8b5b5f533dfd79c58b938295745876c9e488dbf35167358445df65d5 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:23 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Content-Encoding gzip Connection keep-alive Content-Length 9589 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"c304-18c80091eae" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	webpack-c124fa0e2a05ac2f.js Show response demo-commerce.bankmega.com/_next/static/chunks/	2 KB 3 KB	284ms 284ms	Script application/javascript	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/chunks/webpack-c124fa0e2a05ac2f.js Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash dc22a44674452ec9de3b07797533af469aee0ae6fd9d049ce919ea26d0f9cb65 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:23 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Connection keep-alive Content-Length 2515 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"9d3-18c80091eb2" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	framework-5666885447fdc3cc.js Show response demo-commerce.bankmega.com/_next/static/chunks/	138 KB 139 KB	539ms 273ms	Script application/javascript	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/chunks/framework-5666885447fdc3cc.js Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash 39905d3d4badf88532fdc2aa18cb6fc26c57382caa8a05fe0a8365b70fc2eb8f Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:23 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Connection keep-alive Content-Length 141048 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"226f8-18c80091eb2" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	main-58bb77b8307ac094.js Show response demo-commerce.bankmega.com/_next/static/chunks/	115 KB 116 KB	546ms 279ms	Script application/javascript	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/chunks/main-58bb77b8307ac094.js Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash 041ca0e64540d3b61f434ddb7b49def29d51aef694ff340aa452b09b76674e04 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:23 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Connection keep-alive Content-Length 117899 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"1cc8b-18c80091eae" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	_app-65fd147975278240.js Show response demo-commerce.bankmega.com/_next/static/chunks/pages/	61 KB 62 KB	870ms 284ms	Script application/javascript	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/chunks/pages/_app-65fd147975278240.js Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash bef1f4f43795a7c9cc838b9b388d8610d056c94e5c7650970f3507197ab16a08 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:23 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Connection keep-alive Content-Length 62188 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"f2ec-18c80091eae" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	1664-0f64cda904873597.js Show response demo-commerce.bankmega.com/_next/static/chunks/	7 KB 8 KB	872ms 286ms	Script application/javascript	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/chunks/1664-0f64cda904873597.js Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash d2b23d679a6052ab2288f88d33e04bd33f6b59012d5d0e78b08c76ea00ce220a Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:23 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Connection keep-alive Content-Length 7243 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"1c4b-18c80091eb6" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	5551-dd9bc78ab0c5d754.js Show response demo-commerce.bankmega.com/_next/static/chunks/	21 KB 22 KB	607ms 285ms	Script application/javascript	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/chunks/5551-dd9bc78ab0c5d754.js Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash e1d56e50f6d54c83867a7d18cd164f32cd789827bce711d6e6633e0b0a90956d Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:23 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Connection keep-alive Content-Length 21795 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"5523-18c80091eb6" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	index-7ad16d15c2df78b4.js Show response demo-commerce.bankmega.com/_next/static/chunks/pages/	7 KB 8 KB	888ms 279ms	Script application/javascript	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/chunks/pages/index-7ad16d15c2df78b4.js Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash 6127f14fa1bb908e6543838e156d8a043d5e74ec8039d2028efa5baff77d0be8 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:24 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Connection keep-alive Content-Length 7101 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"1bbd-18c80091eb2" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	_buildManifest.js Show response demo-commerce.bankmega.com/_next/static/Vu0IRxC8Vo5DJd0hc1PjF/	5 KB 6 KB	279ms 279ms	Script application/javascript	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/Vu0IRxC8Vo5DJd0hc1PjF/_buildManifest.js Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash 6ccafee79f5ad48af86174c1c0114cbadbc61bdadfc35b2b453eaf5b0d4aad7e Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:24 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Connection keep-alive Content-Length 5533 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"159d-18c80091eae" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	_ssgManifest.js Show response demo-commerce.bankmega.com/_next/static/Vu0IRxC8Vo5DJd0hc1PjF/	77 B 1 KB	278ms 278ms	Script application/javascript	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/_next/static/Vu0IRxC8Vo5DJd0hc1PjF/_ssgManifest.js Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ Origin https://demo-commerce.bankmega.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Date Sat, 06 Jan 2024 15:33:24 GMT Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Connection keep-alive Content-Length 77 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Tue, 19 Dec 2023 03:05:30 GMT ETag W/"4d-18c80091eae" Vary Accept-Encoding X-Frame-Options SAMEORIGIN Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=31536000, immutable Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Accept-Ranges bytes Keep-Alive timeout=5
GET H2	200	css2 fonts.googleapis.com/	11 KB 1 KB	107ms 43ms	Stylesheet text/css	2607:f8b0:4004:c06::5f GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/_next/static/css/50efa1d1144f55c4.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash a5a263756e794d5ad9a686025bb4174bd55dbbca9635748b247a8a527e89354c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://demo-commerce.bankmega.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sat, 06 Jan 2024 15:33:28 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sat, 06 Jan 2024 14:45:12 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 06 Jan 2024 15:33:28 GMT
GET H/1.1	200 OK	gaktau2.jpg demo-commerce.bankmega.com/assets/img/	219 KB 221 KB	762ms 559ms	Image image/jpeg	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Show image Full URL https://demo-commerce.bankmega.com/assets/img/gaktau2.jpg Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash 50ffb06adedf812078749681bf33589f53446c6d2c6df892996144be320aea72 Security Headers Name Value Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src *;, default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff, nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer https://demo-commerce.bankmega.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src *;, default-src https: data: 'unsafe-inline' 'unsafe-eval' Date Sat, 06 Jan 2024 15:33:23 GMT X-Content-Type-Options nosniff, nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Cross-Origin-Embedder-Policy unsafe-none Cross-Origin-Resource-Policy cross-origin Connection keep-alive Content-Length 224606 X-XSS-Protection 1; mode=block Referrer-Policy origin, strict-origin-when-cross-origin Last-Modified Thu, 12 Oct 2023 08:13:20 GMT Cross-Origin-Opener-Policy unsafe-none ETag W/"36d5e-18b22f28100" X-Frame-Options DENY Content-Type image/jpeg Cache-Control public, max-age=0 Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Permissions-Policy geolocation=() Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	session Show response demo-commerce.bankmega.com/api/auth/	2 B 1 KB	415ms 414ms	Fetch application/json	103.222.239.194 IDNIC-BANKMEGA-AS...
General Check archive.org Show headers Download Go to Full URL https://demo-commerce.bankmega.com/api/auth/session Requested by Host: demo-commerce.bankmega.com URL: https://demo-commerce.bankmega.com/_next/static/chunks/pages/_app-65fd147975278240.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.222.239.194 Bintaro, Indonesia, ASN135447 (IDNIC-BANKMEGA-AS-ID PT. Bank Mega Tbk, ID), Reverse DNS pgcheckoutdev.bankmega.com Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src *;, default-src https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff, nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://demo-commerce.bankmega.com/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Content-Type application/json Response headers Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src *;, default-src https: data: 'unsafe-inline' 'unsafe-eval' Date Sat, 06 Jan 2024 15:33:24 GMT X-Content-Type-Options nosniff, nosniff Strict-Transport-Security max-age=16070400; includeSubDomains Cross-Origin-Embedder-Policy unsafe-none Cross-Origin-Resource-Policy cross-origin Connection keep-alive Content-Length 2 X-XSS-Protection 1; mode=block Referrer-Policy origin, strict-origin-when-cross-origin Cross-Origin-Opener-Policy unsafe-none ETag "bwc9mymkdm2" X-Frame-Options DENY Vary Accept-Encoding Content-Type application/json; charset=utf-8 Feature-Policy fullscreen 'self'; geolocation *; vibrate 'none'; payment 'none'; sync-xhr 'self'; microphone 'self' https://ibank.bankmega.com Permissions-Policy geolocation=() Keep-Alive timeout=5

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| webpackChunk_N_E function| __next_set_public_path__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| regeneratorRuntime object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			demo-commerce.bankmega.com/	1969-12-31 23:59:59	Name: next-auth.csrf-token Value: 12aaae5d186ccb379dd6683fbac78336926eb2aaa304e1191919e1c3f865c5df%7C0591ed0714e35a790c9af6745c2083e2a1dd7acc2379e3e99eb96a8a640ca967
			demo-commerce.bankmega.com/	1969-12-31 23:59:59	Name: next-auth.callback-url Value: http%3A%2F%2F10.95.1.45%3A4000
			.demo-commerce.bankmega.com/	1969-12-31 23:59:59	Name: TS0108ec33 Value: 01a0b620b80f4f92d13dde2ecf04d990e091a62d8c4ff38123ba6f21591e947b52d7a0c6fb35fa30656a8a486174f7ed1c7b206fc1cffdc3dce7001f4057939b831485512d684cd76f95f2b0cb8a19cfa1b051d4c0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
security	warning	Message: Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: geolocation. Values defined in Permissions-Policy header will be used.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src *; default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

demo-commerce.bankmega.com
fonts.googleapis.com
103.222.239.194
2607:f8b0:4004:c06::5f
041ca0e64540d3b61f434ddb7b49def29d51aef694ff340aa452b09b76674e04
1e7aca6b8b5b5f533dfd79c58b938295745876c9e488dbf35167358445df65d5
2f7cf01840f488d3dba19d9f9bf306d2b5ed14f4d973e6878061ce68f3585139
39905d3d4badf88532fdc2aa18cb6fc26c57382caa8a05fe0a8365b70fc2eb8f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
50ffb06adedf812078749681bf33589f53446c6d2c6df892996144be320aea72
6127f14fa1bb908e6543838e156d8a043d5e74ec8039d2028efa5baff77d0be8
6ccafee79f5ad48af86174c1c0114cbadbc61bdadfc35b2b453eaf5b0d4aad7e
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
a5a263756e794d5ad9a686025bb4174bd55dbbca9635748b247a8a527e89354c
bef1f4f43795a7c9cc838b9b388d8610d056c94e5c7650970f3507197ab16a08
d2b23d679a6052ab2288f88d33e04bd33f6b59012d5d0e78b08c76ea00ce220a
dc22a44674452ec9de3b07797533af469aee0ae6fd9d049ce919ea26d0f9cb65
e1d56e50f6d54c83867a7d18cd164f32cd789827bce711d6e6633e0b0a90956d