urlscan.io logo urlscan.io
SecurityTrails logo

api.bankmandiri.co.id Open in urlscan Pro
45.60.154.31  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://prime-amaznrenewalcs.138-68-135-85.cprapid.com/
Effective URL: https://api.bankmandiri.co.id/
Submission Tags: @ecarlesi threat phishing meta facebook Search All
Submission: On October 19 via api from IT — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 43 HTTP transactions. The main IP is 45.60.154.31, located in United States and belongs to INCAPSULA, US. The main domain is api.bankmandiri.co.id.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on December 27th 2023. Valid for: a year.
This is the only time api.bankmandiri.co.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 138.68.135.85 14061 (DIGITALOC...)
43 45.60.154.31 19551 (INCAPSULA)
43 1
Apex Domain
Subdomains		 Transfer
43 bankmandiri.co.id
api.bankmandiri.co.id
2 MB
1 cprapid.com
prime-amaznrenewalcs.138-68-135-85.cprapid.com
418 B
43 2
Domain Requested by
43 api.bankmandiri.co.id api.bankmandiri.co.id
1 prime-amaznrenewalcs.138-68-135-85.cprapid.com 1 redirects
43 2

This site contains links to these domains. Also see Links.

Domain
www.softwareag.com
Subject Issuer Validity Valid
api.bankmandiri.co.id
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-27 -
2025-01-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://api.bankmandiri.co.id/
Frame ID: 4DCB0A6AFCAD00692FD12A95275F5C82
Requests: 43 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Integration Server Administrator

Page URL History Show full URLs

  1. https://prime-amaznrenewalcs.138-68-135-85.cprapid.com/ HTTP 307
    https://api.bankmandiri.co.id/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

43
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

1585 kB
Transfer

5633 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://prime-amaznrenewalcs.138-68-135-85.cprapid.com/ HTTP 307
    https://api.bankmandiri.co.id/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
api.bankmandiri.co.id/
Redirect Chain
  • https://prime-amaznrenewalcs.138-68-135-85.cprapid.com/
  • https://api.bankmandiri.co.id/
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e7d7c9ba6937a724fc6c6e181968f537f339551ce937b08a79857fe47024842f
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
Content-Type
text/html; charset=utf-8
Pragma
no-cache
Strict-Transport-Security
max-age=16070400; includeSubDomains
Transfer-Encoding
chunked
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Iinfo
14-354131763-354131767 NNYN CT(171 353 0) RT(1729296685215 49) q(0 0 5 0) r(7 7) U12
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sat, 19 Oct 2024 00:11:24 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Location
https://api.bankmandiri.co.id
Pragma
no-cache
Server
Apache
styles.0ba5e6fcf6773fb937b5.css
api.bankmandiri.co.id/ 		781 KB
200 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/styles.0ba5e6fcf6773fb937b5.css
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
be3d9b2cac0ef703c770e750995c8fb51d4f2b01df21bc2e4c4d8a750d54a1e0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
14-354131763-354124785 2NYN RT(1729296685215 834) q(0 0 0 -1) r(7 7) U2
Cache-Control
private, max-age=604800
Content-Encoding
gzip
Pragma
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
runtime-es2015.746d40f00385b33f7f4b.js
api.bankmandiri.co.id/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
17fb50841ba117b93e61aeecc5ddb08c389ff5234f750c3d6594fe76f89d45c5
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://api.bankmandiri.co.id
Referer
https://api.bankmandiri.co.id/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
7-193490122-193488684 2NYN RT(1729296686091 46) q(0 0 0 -1) r(7 7) U2
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
polyfills-es2015.e9c1d819ba0a9fc2ec91.js
api.bankmandiri.co.id/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
8f0ea80e38264674ce8031cf6b7dcdee5be6c6c1be223deedf7fc2565865062a
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://api.bankmandiri.co.id
Referer
https://api.bankmandiri.co.id/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
10-130004123-130000514 2NYN RT(1729296686091 48) q(0 0 0 -1) r(7 7) U2
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
scripts.12f7020900410aa53845.js
api.bankmandiri.co.id/ 		259 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/scripts.12f7020900410aa53845.js
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
4fd1f566c79e0c1e3d3c918ad356b81a45aac1ebc93c4461f034211cb28f959d
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
5-145495118-145490855 2NYN RT(1729296686112 47) q(0 0 0 -1) r(7 7) U2
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
main-es2015.9a06387e3573e22ac4d3.js
api.bankmandiri.co.id/ 		3 MB
777 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/main-es2015.9a06387e3573e22ac4d3.js
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3f56004c84cfba05f5e8d01d6e2a0389d9b7baec498a604c84be35c517b943ec
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://api.bankmandiri.co.id
Referer
https://api.bankmandiri.co.id/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
11-184344336-184343592 2NYN RT(1729296686091 48) q(0 0 0 -1) r(7 7) U2
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
_Incapsula_Resource
api.bankmandiri.co.id/ 		82 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1323712485
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
33070386cb771f5ec3ffa3c92c384b519d45e65d9ccac88b32a233da36bad0fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Length
20203
Content-Type
application/javascript
csp_report
api.bankmandiri.co.id/ 		0
195 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/csp_report
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/plain
csp_report
api.bankmandiri.co.id/ 		0
277 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/csp_report
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/plain
csp_report
api.bankmandiri.co.id/ 		0
195 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/csp_report
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/plain
csp_report
api.bankmandiri.co.id/ 		0
195 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/csp_report
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/plain
csp_report
api.bankmandiri.co.id/ 		0
195 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/csp_report
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/plain
_Incapsula_Resource
api.bankmandiri.co.id/ 		1 B
196 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.bankmandiri.co.id/_Incapsula_Resource?SWKMTFSR=1&e=0.9634840364729098
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Length
1
Content-Type
text/plain
Roboto-Regular.770a8fca674a3550e241.woff
api.bankmandiri.co.id/ 		87 KB
88 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/Roboto-Regular.770a8fca674a3550e241.woff
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/styles.0ba5e6fcf6773fb937b5.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
62f8bf9bc3a64fac882bedecccd7e64b6520971b5864fd5a5a2177a4bcc8b735
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://api.bankmandiri.co.id
Referer
https://api.bankmandiri.co.id/styles.0ba5e6fcf6773fb937b5.css

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
14-354131763-354124785 2NNN RT(1729296685215 3771) q(0 0 0 -1) r(7 7) U2
Cache-Control
private, max-age=604800
Pragma
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Length
89432
X-XSS-Protection
1; mode=block
Content-Type
font/woff
X-Frame-Options
SAMEORIGIN
config.json
api.bankmandiri.co.id/assets/ 		5 B
702 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/config.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
8e1d794b49e35ea828279c6a8c95282bbb9a0787cf5c9385256c2cc9d17baeb7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
11-184344336-184344638 NNYN CT(172 174 0) RT(1729296686091 6012) q(0 0 3 -1) r(5 5) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
favicon.ico
api.bankmandiri.co.id/ 		10 KB
10 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
4fb328f12300f1a6d600fae3b6155445217ec5ed67c31173edd8cb202e8ebee3
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
14-354131763-354131767 SNNN RT(1729296685215 6916) q(0 0 0 -1) r(2 2) U2
Cache-Control
no-cache, no-store
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Length
10134
X-XSS-Protection
1; mode=block
Content-Type
image/x-icon
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/lib/i18n/common/ 		16 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/lib/i18n/common/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ed5ddc3d67a70394ff7c5a023793e21bae8eed4a76cd133568c98fd00103566e
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
11-184344336-184344638 SNYN RT(1729296686091 6593) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/lib/i18n/Login/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/lib/i18n/Login/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
54d6aca129fb72804f954e60ca485836418176b06ef64d383e2d3c8ad5933ae0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
14-354131763-354131767 SNYN RT(1729296685215 7469) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/leftHandNavbarPrimary/ 		1 KB
1017 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/leftHandNavbarPrimary/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ac9c8de93862f6d1b94fd8f9989b5e055779428edef6e0b89dfca76d1e2704ba
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
5-145495118-145495366 NNYN CT(172 174 0) RT(1729296686112 6573) q(0 0 4 -1) r(6 6) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/leftHandNavbarSecondary/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/leftHandNavbarSecondary/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
97e0f5cee995dd335aaddf54ec28027ac83e2b53780057a4e5cce3d60bbb80ef
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
10-130004123-130004275 NNYN CT(170 174 0) RT(1729296686091 6594) q(0 0 4 -1) r(6 6) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/masthead/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/masthead/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5279ebb152fa1669d31035965db990b49845b534c16c3d56cb4ef566f51a0394
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
7-193490122-193490612 NNYN CT(572 168 0) RT(1729296686091 7264) q(0 0 7 -1) r(9 9) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/dashboard/ 		31 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/dashboard/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
14261298e7e344cb4d6b28be3e39ab72d741843f031d8fbce5cdd6e351fa28a2
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
7-193490125-193490613 NNYN CT(571 177 0) RT(1729296686112 7245) q(0 0 8 -1) r(9 9) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/preferences/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/preferences/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f178f7e5598f2055b28fe3d9b5d15a761604a83a8ef09f33a0bab14357a958b4
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
14-354131763-354131767 SNYN RT(1729296685215 7704) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/internalDSPInfo/ 		19 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/internalDSPInfo/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e06d58e545cfee067933f49f59bbd477bc86d721780fe81cec37b4569fd525dd
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
11-184344336-184344638 SNYN RT(1729296686091 6829) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/about/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/about/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e03774dd9b30b2a924780364a1f201c4771a9fdc35877bead45b6dc9cdbae087
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
14-354131763-354131767 SNYN RT(1729296685215 7940) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/logs/ 		24 B
703 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/logs/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
70c35ca1a494ebdf133ba80a541f89faaf8839c718ad0bf82e5e16c49139fc13
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
11-184344336-184344638 SNYN RT(1729296686091 7063) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/monitoring/ 		14 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/monitoring/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
6656b557aaa4092a49eccd457aa3dcd9ef1ab435563bb56a102555a6739dad9c
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
10-130004123-130004275 SNYN RT(1729296686091 7173) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/security/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/security/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
cb0619a07bc539af9aac6a1db8536d64651a7dc5a10c1a920df5507291d86115
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
5-145495118-145495366 SNYN RT(1729296686112 7152) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/serviceinput/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/serviceinput/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
46b88392ff7ef29b20884880ff1494859f162c45d02368787a13469f7bbaefa8
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
11-184344336-184344638 SNYN RT(1729296686091 7290) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN
en.json
api.bankmandiri.co.id/assets/i18n/administratorSettings/ 		763 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/assets/i18n/administratorSettings/en.json
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
988a4e2c6592532029603fd099758befdfc582a468ebc4c873176f27c0cbbae9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://api.bankmandiri.co.id/
X-wM-AdminUI
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json

Response headers

X-Iinfo
14-354131763-0 0NNN RT(1729296685215 8173) q(0 -1 -1 -1) r(0 -1) B15(11,2356800,0) U18
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
no-cache
Content-Length
763
Content-Type
text/html
Connection
close
csp_report
api.bankmandiri.co.id/ 		0
195 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/csp_report
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/plain
2-es2015.30be044e7f804c57cf93.js
api.bankmandiri.co.id/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/2-es2015.30be044e7f804c57cf93.js
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3331e2ace24112f03a9de11cac9d1e2073cc78572ad2ae141e117b4757bc032d
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
10-130004123-129999055 2NYN RT(1729296686091 7407) q(0 0 0 -1) r(8 8) U2
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
csp_report
api.bankmandiri.co.id/ 		0
195 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/csp_report
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/plain
common-es2015.8b519235df697ace9a8f.js
api.bankmandiri.co.id/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/common-es2015.8b519235df697ace9a8f.js
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
9347b3c8cfeae3d97f3e130b07e0eda286a0028288cfc67006c637fcf3e17a09
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
11-184344336-184344239 2NYN RT(1729296686091 7521) q(0 0 0 -1) r(2 2) U2
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
csp_report
api.bankmandiri.co.id/ 		0
195 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/csp_report
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://api.bankmandiri.co.id/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
Cache-Control
no-cache, no-store
Content-Length
0
Content-Type
text/plain
8-es2015.99f8f487bb4a46886528.js
api.bankmandiri.co.id/ 		764 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/8-es2015.99f8f487bb4a46886528.js
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a108bc4753dd5e75fb7381a7e997e1491dd59112e405e0617546966cf6917a68
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
13-203433195-203420271 2NYN RT(1729296693589 44) q(0 0 0 -1) r(2 2) U2
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
ISLogoMasthead.svg
api.bankmandiri.co.id/assets/images/prod/ 		38 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.bankmandiri.co.id/assets/images/prod/ISLogoMasthead.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
4a21dc8203695a1f43db6b3609b77082a5feab01591188da789e6622fe3481bc
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
8-44395660-44395661 NNYN CT(166 168 0) RT(1729296693636 44) q(0 0 4 -1) r(6 6) U2
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
image/svg+xml
X-Frame-Options
SAMEORIGIN
favicon.ico
api.bankmandiri.co.id/WmAdmin/ 		738 B
1009 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/WmAdmin/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
30f41323748646b4406626e3935ad5503eecfbc2f3e8cc826a785d4ed7e1fcca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/WmAdmin/

Response headers

X-Iinfo
5-145495118-0 0NNN RT(1729296686112 7386) q(0 -1 -1 -1) r(0 -1) B16 U18
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
no-cache
Content-Length
738
Content-Type
text/html
Connection
close
favicon.ico
api.bankmandiri.co.id/WmAdmin/ 		736 B
1005 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/WmAdmin/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
2453d548fe1a3ca425a638f6a073f6fda8fcc51924e12bd5e9d65bad185b2bac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/WmAdmin/

Response headers

X-Iinfo
5-145495404-0 0NNN RT(1729296693479 66) q(0 -1 -1 -1) r(0 -1) B16 U18
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
no-cache
Content-Length
736
Content-Type
text/html
Connection
close
is_logo_stacked.png
api.bankmandiri.co.id/WmAdmin/assets/lib/images/ 		738 B
738 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.bankmandiri.co.id/WmAdmin/assets/lib/images/is_logo_stacked.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
2c9f500c25fdcf9bc0c3c1a7002f566842974f7dc18a562b9e67ddcdfe3698f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.bankmandiri.co.id/WmAdmin/

Response headers

X-Iinfo
7-193490125-0 2NNN RT(1729296686112 8432) q(0 -1 -1 -1) r(0 -1) B16 U18
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
no-cache
Content-Length
738
Content-Type
text/html
Connection
close
Roboto-Medium.eb797abfa6a5cca2463e.woff
api.bankmandiri.co.id/ 		88 KB
88 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/Roboto-Medium.eb797abfa6a5cca2463e.woff
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/styles.0ba5e6fcf6773fb937b5.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
580880b722038f126f4747444583e0117fd9a47ee1a8d16be74a216a4d0a16b5
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://api.bankmandiri.co.id
Referer
https://api.bankmandiri.co.id/styles.0ba5e6fcf6773fb937b5.css

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
8-44395660-44395279 2NNN RT(1729296693636 918) q(0 0 0 -1) r(2 2) U2
Cache-Control
private, max-age=604800
Pragma
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Length
89724
X-XSS-Protection
1; mode=block
Content-Type
font/woff
X-Frame-Options
SAMEORIGIN
Roboto-RegularItalic.33d48155cd9f38c64e71.woff
api.bankmandiri.co.id/ 		92 KB
93 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/Roboto-RegularItalic.33d48155cd9f38c64e71.woff
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/styles.0ba5e6fcf6773fb937b5.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f3e9008b7760eb26807b98e1c250efd0161f1411989e2d64f5ad2fdb08401f27
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://api.bankmandiri.co.id
Referer
https://api.bankmandiri.co.id/styles.0ba5e6fcf6773fb937b5.css

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
7-193490122-193487866 2NNN RT(1729296686091 8463) q(0 0 0 -1) r(2 2) U2
Cache-Control
private, max-age=604800
Pragma
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Length
94580
X-XSS-Protection
1; mode=block
Content-Type
font/woff
X-Frame-Options
SAMEORIGIN
dlt-icons.b73bddf9626c4aaa6fe1.ttf
api.bankmandiri.co.id/ 		43 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.bankmandiri.co.id/dlt-icons.b73bddf9626c4aaa6fe1.ttf?3d86bp
Requested by
Host: api.bankmandiri.co.id
URL: https://api.bankmandiri.co.id/styles.0ba5e6fcf6773fb937b5.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.154.31 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
8bebc2c324739be270644365957e0870a949712ec80b539518c0fd272a387c83
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://api.bankmandiri.co.id
Referer
https://api.bankmandiri.co.id/styles.0ba5e6fcf6773fb937b5.css

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Iinfo
10-130004123-130004275 SNYN RT(1729296686091 8464) q(0 0 0 -1) r(2 2) U12
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
X-CDN
Imperva
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report
X-XSS-Protection
1; mode=block
Content-Type
text/html
X-Frame-Options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

155 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _0x753d function| _0xd753 object| numberA object| webpackJsonp function| $localize function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched function| $ function| jQuery boolean| mCustomScrollbar object| __zone_symbol__loadfalse function| initialiseModal function| initialiseMultiSelect function| initialiseDragDrop function| initialisePanels function| initialiseList function| initialiseSlider function| initialiseTags function| initialiseBreadcrumbs function| initialiseTimePickerTypeA function| initialiseLeftNav function| initialiseTrees function| _ object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener function| eventListeners function| removeAllListeners

5 Cookies

Domain/Path Name / Value
prime-amaznrenewalcs.138-68-135-85.cprapid.com/ Name: PHPSESSID
Value: 558c068ad3bf2b65e80bdffe57e9550b
api.bankmandiri.co.id/ Name: ssnid
Value: aec8656d6ca746eebe71f23d9a2b281f
.bankmandiri.co.id/ Name: visid_incap_2122819
Value: o/XbrUKHR4OQonKXeQqUDS35EmcAAAAAQUIPAAAAAADLryebk6JccqCwOJLun8/i
.bankmandiri.co.id/ Name: incap_ses_875_2122819
Value: CxQmV73EpwUVhOud9J8kDC35EmcAAAAAWYU3U07+7XIpvREJnGMfXQ==
.bankmandiri.co.id/ Name: nlbi_2122819
Value: lE/2KuAL2DyVVka/J29IywAAAAA2deL17/2LrofAdqoF0AJR

13 Console Messages

Source Level URL
Text
security error URL: https://api.bankmandiri.co.id/
Message:
[Report Only] Refused to load the script 'https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://api.bankmandiri.co.id/
Message:
[Report Only] Refused to load the script 'https://api.bankmandiri.co.id/polyfills-es2015.e9c1d819ba0a9fc2ec91.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://api.bankmandiri.co.id/
Message:
[Report Only] Refused to load the script 'https://api.bankmandiri.co.id/scripts.12f7020900410aa53845.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://api.bankmandiri.co.id/
Message:
[Report Only] Refused to load the script 'https://api.bankmandiri.co.id/main-es2015.9a06387e3573e22ac4d3.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://api.bankmandiri.co.id/
Message:
[Report Only] Refused to load the script 'https://api.bankmandiri.co.id/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1323712485' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Message:
[Report Only] Refused to load the script 'https://api.bankmandiri.co.id/2-es2015.30be044e7f804c57cf93.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Message:
[Report Only] Refused to load the script 'https://api.bankmandiri.co.id/common-es2015.8b519235df697ace9a8f.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://api.bankmandiri.co.id/runtime-es2015.746d40f00385b33f7f4b.js
Message:
[Report Only] Refused to load the script 'https://api.bankmandiri.co.id/8-es2015.99f8f487bb4a46886528.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
network error URL: https://api.bankmandiri.co.id/assets/i18n/administratorSettings/en.json
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://api.bankmandiri.co.id/WmAdmin/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://api.bankmandiri.co.id/WmAdmin/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://api.bankmandiri.co.id/WmAdmin/assets/lib/images/is_logo_stacked.png
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
recommendation verbose URL: https://api.bankmandiri.co.id/WmAdmin/#/login?redirectURL=
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.bankmandiri.co.id
prime-amaznrenewalcs.138-68-135-85.cprapid.com
138.68.135.85
45.60.154.31
14261298e7e344cb4d6b28be3e39ab72d741843f031d8fbce5cdd6e351fa28a2
17fb50841ba117b93e61aeecc5ddb08c389ff5234f750c3d6594fe76f89d45c5
2453d548fe1a3ca425a638f6a073f6fda8fcc51924e12bd5e9d65bad185b2bac
2c9f500c25fdcf9bc0c3c1a7002f566842974f7dc18a562b9e67ddcdfe3698f5
30f41323748646b4406626e3935ad5503eecfbc2f3e8cc826a785d4ed7e1fcca
33070386cb771f5ec3ffa3c92c384b519d45e65d9ccac88b32a233da36bad0fd
3331e2ace24112f03a9de11cac9d1e2073cc78572ad2ae141e117b4757bc032d
3f56004c84cfba05f5e8d01d6e2a0389d9b7baec498a604c84be35c517b943ec
46b88392ff7ef29b20884880ff1494859f162c45d02368787a13469f7bbaefa8
4a21dc8203695a1f43db6b3609b77082a5feab01591188da789e6622fe3481bc
4fb328f12300f1a6d600fae3b6155445217ec5ed67c31173edd8cb202e8ebee3
4fd1f566c79e0c1e3d3c918ad356b81a45aac1ebc93c4461f034211cb28f959d
5279ebb152fa1669d31035965db990b49845b534c16c3d56cb4ef566f51a0394
54d6aca129fb72804f954e60ca485836418176b06ef64d383e2d3c8ad5933ae0
580880b722038f126f4747444583e0117fd9a47ee1a8d16be74a216a4d0a16b5
62f8bf9bc3a64fac882bedecccd7e64b6520971b5864fd5a5a2177a4bcc8b735
6656b557aaa4092a49eccd457aa3dcd9ef1ab435563bb56a102555a6739dad9c
70c35ca1a494ebdf133ba80a541f89faaf8839c718ad0bf82e5e16c49139fc13
8bebc2c324739be270644365957e0870a949712ec80b539518c0fd272a387c83
8e1d794b49e35ea828279c6a8c95282bbb9a0787cf5c9385256c2cc9d17baeb7
8f0ea80e38264674ce8031cf6b7dcdee5be6c6c1be223deedf7fc2565865062a
9347b3c8cfeae3d97f3e130b07e0eda286a0028288cfc67006c637fcf3e17a09
97e0f5cee995dd335aaddf54ec28027ac83e2b53780057a4e5cce3d60bbb80ef
988a4e2c6592532029603fd099758befdfc582a468ebc4c873176f27c0cbbae9
a108bc4753dd5e75fb7381a7e997e1491dd59112e405e0617546966cf6917a68
ac9c8de93862f6d1b94fd8f9989b5e055779428edef6e0b89dfca76d1e2704ba
be3d9b2cac0ef703c770e750995c8fb51d4f2b01df21bc2e4c4d8a750d54a1e0
cb0619a07bc539af9aac6a1db8536d64651a7dc5a10c1a920df5507291d86115
e03774dd9b30b2a924780364a1f201c4771a9fdc35877bead45b6dc9cdbae087
e06d58e545cfee067933f49f59bbd477bc86d721780fe81cec37b4569fd525dd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7d7c9ba6937a724fc6c6e181968f537f339551ce937b08a79857fe47024842f
ed5ddc3d67a70394ff7c5a023793e21bae8eed4a76cd133568c98fd00103566e
f178f7e5598f2055b28fe3d9b5d15a761604a83a8ef09f33a0bab14357a958b4
f3e9008b7760eb26807b98e1c250efd0161f1411989e2d64f5ad2fdb08401f27