urlscan.io logo urlscan.io
SecurityTrails logo

bca-paylater-2024.fbzsa.com Open in urlscan Pro
2606:4700:3032::6815:32d8  Public Scan

Go To Rescan Add Verdict Report
URL: https://bca-paylater-2024.fbzsa.com/
Submission: On May 27 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 30 IPs in 6 countries across 24 domains to perform 114 HTTP transactions. The main IP is 2606:4700:3032::6815:32d8, located in United States and belongs to CLOUDFLARENET, US. The main domain is bca-paylater-2024.fbzsa.com.
TLS certificate: Issued by GTS CA 1P5 on May 13th 2024. Valid for: 3 months.
This is the only time bca-paylater-2024.fbzsa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
25 2606:4700:303... 13335 (CLOUDFLAR...)
16 2a00:1450:400... 15169 (GOOGLE)
7 3.1.51.228 16509 (AMAZON-02)
18 202.6.211.21 17450 (IDNIC-BCA...)
2 3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a04:4e42::485 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a04:4e42:600... 54113 (FASTLY)
1 4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 202.6.208.99 17450 (IDNIC-BCA...)
5 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 146.75.120.157 54113 (FASTLY)
1 108.138.40.116 16509 (AMAZON-02)
5 95.100.146.11 20940 (AKAMAI-ASN1)
4 104.244.42.69 13414 (TWITTER)
4 104.244.42.67 13414 (TWITTER)
1 142.250.185.130 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 159.89.194.33 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 15.197.193.217 16509 (AMAZON-02)
1 52.223.40.198 16509 (AMAZON-02)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
114 30
25    2606:4700:3032::6815:32d8 (United States)

ASN13335 (CLOUDFLARENET, US)
bca-paylater-2024.fbzsa.com
16    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
7    3.1.51.228 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-1-51-228.ap-southeast-1.compute.amazonaws.com
sdk.me.bca.meiro.io
me.bca.meiro.io
18    202.6.211.21 (Jakarta, Indonesia)

ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID)
PTR: bca.co.id
www.bca.co.id
3    2606:4700::6811:f7cb (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
4    2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
2    202.6.208.99 (Jakarta, Indonesia)

ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID)
halo.bca.co.id
5    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    108.138.40.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-40-116.muc50.r.cloudfront.net
js.adsrvr.org
5    95.100.146.11 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-100-146-11.deploy.static.akamaitechnologies.com
analytics.tiktok.com
4    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
4    104.244.42.67 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    159.89.194.33 (Singapore, Singapore)

ASN14061 (DIGITALOCEAN-ASN, US)
bca.cdp.meiro.io
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
insight.adsrvr.org
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
25 fbzsa.com
bca-paylater-2024.fbzsa.com
23 KB
20 bca.co.id
www.bca.co.id — Cisco Umbrella Rank: 199500
halo.bca.co.id — Cisco Umbrella Rank: 307899
2 MB
16 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
428 KB
8 meiro.io
sdk.me.bca.meiro.io — Cisco Umbrella Rank: 322459
me.bca.meiro.io — Cisco Umbrella Rank: 284774
bca.cdp.meiro.io — Cisco Umbrella Rank: 562302
51 KB
5 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 712
141 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
21 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
region1.analytics.google.com — Cisco Umbrella Rank: 3095
2 KB
4 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 882
2 KB
4 t.co
t.co — Cisco Umbrella Rank: 717
1009 B
3 adsrvr.org
js.adsrvr.org — Cisco Umbrella Rank: 1370
match.adsrvr.org — Cisco Umbrella Rank: 358
insight.adsrvr.org — Cisco Umbrella Rank: 691
5 KB
3 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 361
fonts.googleapis.com — Cisco Umbrella Rank: 33
82 KB
3 unpkg.com
unpkg.com — Cisco Umbrella Rank: 771
151 KB
2 gstatic.com
fonts.gstatic.com
www.gstatic.com
257 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
3 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 7810
127 B
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
286 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
80 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 126
2 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 801
15 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 776
30 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1103
18 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 310
24 KB
0 Failed
function sub() { [native code] }. Failed
0 githubusercontent.com Failed
raw.githubusercontent.com Failed
114 24
Domain Requested by
25 bca-paylater-2024.fbzsa.com bca-paylater-2024.fbzsa.com
18 www.bca.co.id bca-paylater-2024.fbzsa.com
www.bca.co.id
16 www.googletagmanager.com bca-paylater-2024.fbzsa.com
www.googletagmanager.com
6 me.bca.meiro.io analytics.tiktok.com
5 analytics.tiktok.com bca-paylater-2024.fbzsa.com
analytics.tiktok.com
5 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
4 analytics.twitter.com bca-paylater-2024.fbzsa.com
4 t.co bca-paylater-2024.fbzsa.com
4 www.google.com 1 redirects bca-paylater-2024.fbzsa.com
www.gstatic.com
3 unpkg.com 2 redirects bca-paylater-2024.fbzsa.com
2 www.facebook.com bca-paylater-2024.fbzsa.com
2 www.google.de bca-paylater-2024.fbzsa.com
2 connect.facebook.net bca-paylater-2024.fbzsa.com
connect.facebook.net
2 halo.bca.co.id bca-paylater-2024.fbzsa.com
halo.bca.co.id
2 maps.googleapis.com bca-paylater-2024.fbzsa.com
analytics.tiktok.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 insight.adsrvr.org js.adsrvr.org
1 match.adsrvr.org bca-paylater-2024.fbzsa.com
1 www.gstatic.com www.google.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com www.bca.co.id
1 bca.cdp.meiro.io analytics.tiktok.com
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 js.adsrvr.org www.googletagmanager.com
1 static.ads-twitter.com bca-paylater-2024.fbzsa.com
1 code.jquery.com bca-paylater-2024.fbzsa.com
1 maxcdn.bootstrapcdn.com bca-paylater-2024.fbzsa.com
1 cdn.jsdelivr.net bca-paylater-2024.fbzsa.com
1 sdk.me.bca.meiro.io bca-paylater-2024.fbzsa.com
0 www.bca.co.idhttps Failed
0 raw.githubusercontent.com Failed bca-paylater-2024.fbzsa.com
114 33
Subject Issuer Validity Valid
fbzsa.com
GTS CA 1P5		 2024-05-13 -
2024-08-11		 3 months crt.sh
*.google-analytics.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
sdk.me.bca.meiro.io
R3		 2024-03-27 -
2024-06-25		 3 months crt.sh
bca.co.id
DigiCert EV RSA CA G2		 2024-03-15 -
2025-03-21		 a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh
bootstrapcdn.com
GTS CA 1P5		 2024-05-25 -
2024-08-23		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
upload.video.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
halo.bca.co.id
Sectigo RSA Extended Validation Secure Server CA		 2023-08-31 -
2024-08-30		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-03-05 -
2024-06-03		 3 months crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-07-19		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2024-04-23 -
2025-05-25		 a year crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
t.co
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-16 -
2024-10-14		 a year crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-19 -
2024-09-17		 a year crt.sh
*.googleadservices.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
bca.cdp.meiro.io
R3		 2024-05-23 -
2024-08-21		 3 months crt.sh
*.gstatic.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.google.de
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://bca-paylater-2024.fbzsa.com/
Frame ID: 8E01662E881526468950812840348F69
Requests: 108 HTTP requests in this frame

Frame: https://halo.bca.co.id/buzz-widget-new/
Frame ID: A7C5430D75ED5EFE89C5E18B9F722F02
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LeZcXchAAAAAITCDrk6oXMPM2w6YExcSu-u6KSx&co=aHR0cHM6Ly9iY2EtcGF5bGF0ZXItMjAyNC5mYnpzYS5jb206NDQz&hl=de&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=ec34qtszmlor
Frame ID: 189ABAB0662BD29972C52573EE8305CB
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=alem7ov&ref=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&upid=2qvxqt5&upv=1.1.0
Frame ID: 13E1679CD7488DF336FD65D469222C5B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BCA - Paylater BCA

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

114
Requests

96 %
HTTPS

60 %
IPv6

24
Domains

33
Subdomains

30
IPs

6
Countries

3468 kB
Transfer

6292 kB
Size

21
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26
  • https://unpkg.com/html5-qrcode HTTP 302
  • https://unpkg.com/html5-qrcode@2.3.8 HTTP 302
  • https://unpkg.com/html5-qrcode@2.3.8/html5-qrcode.min.js
Request Chain 73
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/757037349/?random=838355340&cv=11&fst=1716770538734&bg=ffffff&guid=ON&async=1&gtm=45be45m0v884534247z872581663za201zb72581663&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&label=_FtvCKORstoBEKXy_egC&hn=www.googleadservices.com&frm=0&tiba=BCA%20-%20Paylater%20BCA&value=1&npa=1&pscdl=noapi&auid=1410029801.1716770539&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&eitems=ChEI8LvLsgYQ3N6khPWr17udARIdABevwuWDavlUIoAFRz1ZGCzZ2NL2pVmpUCBKMDc&pscrd=IhMIm__-0MyshgMVj6CDBx24Jg5BMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6JGh0dHBzOi8vYmNhLXBheWxhdGVyLTIwMjQuZmJ6c2EuY29tLw HTTP 302
  • https://www.google.com/pagead/1p-conversion/757037349/?random=838355340&cv=11&fst=1716770538734&bg=ffffff&guid=ON&async=1&gtm=45be45m0v884534247z872581663za201zb72581663&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&label=_FtvCKORstoBEKXy_egC&hn=www.googleadservices.com&frm=0&tiba=BCA%20-%20Paylater%20BCA&value=1&npa=1&pscdl=noapi&auid=1410029801.1716770539&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIm__-0MyshgMVj6CDBx24Jg5BMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6JGh0dHBzOi8vYmNhLXBheWxhdGVyLTIwMjQuZmJ6c2EuY29tLw&is_vtc=1&cid=CAQSGwDaQooLuz7WqopMEPTYHbZAq3FXIovVXCyPbg&eitems=ChEI8LvLsgYQ3N6khPWr17udARIdABevwuUfGD7vcvbkaHBm8eJB3Rt1q6JymLsF830&random=1767752515 HTTP 302
  • https://www.google.de/pagead/1p-conversion/757037349/?random=838355340&cv=11&fst=1716770538734&bg=ffffff&guid=ON&async=1&gtm=45be45m0v884534247z872581663za201zb72581663&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&label=_FtvCKORstoBEKXy_egC&hn=www.googleadservices.com&frm=0&tiba=BCA%20-%20Paylater%20BCA&value=1&npa=1&pscdl=noapi&auid=1410029801.1716770539&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIm__-0MyshgMVj6CDBx24Jg5BMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6JGh0dHBzOi8vYmNhLXBheWxhdGVyLTIwMjQuZmJ6c2EuY29tLw&is_vtc=1&cid=CAQSGwDaQooLuz7WqopMEPTYHbZAq3FXIovVXCyPbg&eitems=ChEI8LvLsgYQ3N6khPWr17udARIdABevwuUfGD7vcvbkaHBm8eJB3Rt1q6JymLsF830&random=1767752515&ipr=y

114 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bca-paylater-2024.fbzsa.com/ 		109 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90b451e34c6a8d09b9bf23e8253494be49071e81f9e4cdde89059d07aeceecb7

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
88a1f6d22cfb8f2d-FRA
content-encoding
br
content-type
text/html
date
Mon, 27 May 2024 00:42:17 GMT
last-modified
Tue, 27 Feb 2024 23:10:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M0nfdniS2D0Tncyi6vMBtS8BS6WW3%2FAUMQ4qYOKokl7JNUMNksrxM6f7Ehn8pTy5hgl3uqj9UsDhnlPhqsOv%2BS0FenrRcYLNHm9mBXK%2BPl06204ZyeS6uPKWMwGiG4iMYlQP72%2FhCB2D4r0cbpUzSlpfPR%2FOBQwjxeM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
jquery-3.4.1.min.js
bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/jquery-3.4.1.min.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2sq039xYPeerVyUj4j%2BoIH2Wb3vTaQgOle4hmUaTXaYLZAEsWniBNoMADb3NggdPt2LmY9hO0oSRQaTW12Y0Aa59m2h8LtTRXrqAjj4IozHabdYpMMeURVBTHMCqW7EWLP9U%2F0E0kpLogW7KbQCFoAkTsjDVkduOSRk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d5ef858f2d-FRA
alt-svc
h3=":443"; ma=86400
jquery.validate.min.js
bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/jquery.validate.min.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sH2akdXQ65L1z4krVDxwheB5qVwcU%2FAs4gaMfwLjIuJpDJ09jJPP7%2Bg7Ye1YmPaFbl%2Fq%2BRbdkmlMavQWFJO6hLB%2Fr74OC8mc0ptu%2BtsYgrr%2FTVUronQOS2cBnx1W4GT18DJKOmAbuowqFtMHtSvfLakrQ6gCnr42hpY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d5ef8a8f2d-FRA
alt-svc
h3=":443"; ma=86400
jquery.validate.unobtrusive.min.js
bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/jquery.validate.unobtrusive.min.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ar9Ntp2wYXYIzAi0SKULIuUv6%2BwmOrbjRCHWd9K7ZYU7LCbOGolkPqi5dCRw68J5G7Q0ob%2Faqq65gdvJyXCCpbeJAvbdmgIZpmyk54P8mnE096uk8MZdeHTQgFwUn15qnQo05bd74%2B1G7y30Vn%2FnBS5j4BULk2DQSIE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d5ef8f8f2d-FRA
alt-svc
h3=":443"; ma=86400
jquery.unobtrusive-ajax.min.js
bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/jquery.unobtrusive-ajax.min.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1jIBEG11GfmDp1xuEjkJL8bYWEcOZXsQ6X3UY7ZlWBu6ax0q8qVNh8cYsEhnaj3x%2Bi5d%2B8qBZKMlYF2ueRMTqbWWm2w5UjVAIGs0oMYa3VGt0Dt2XtOoA20h1ERGxAf11eHRicuHa%2Biz2QBPs87g0ZpDzVJKAgSsHYU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d5ef908f2d-FRA
alt-svc
h3=":443"; ma=86400
form.validate.js
bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/form.validate.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1BLcIXpnXZLJlSAm%2Bizmf8EATAv%2FqxR4V600BzTKjhmE3LInwZ5xl1WEtqgSogNsM3H5IM2QgccVaC0ue18CLP6%2Fab7afPLMb3IyUhYETixzLt3W2HDYR9k7D7W3giyDf%2FFi91k4R%2FLJ9rzSQzxxJgISw18MwlMJZjs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d5ef948f2d-FRA
alt-svc
h3=":443"; ma=86400
form.tracking.js
bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/form.tracking.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hi2snPJagUc4cUt11tCyBNHt4%2BuQhSg6t1nli%2Bv6Kl8Msbnolorc83%2BCCtVB99YnRIOZnXZYbZeUptFGA6DFFvnJEzvzVGvmfIMA142j7X3FKsg3Y%2BOO5%2FYoq9qJVz582e1vgMXSIN5mmAG4xGkybxBvOqIhHIclpCQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d5ef958f2d-FRA
alt-svc
h3=":443"; ma=86400
form.conditions.js
bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/form.conditions.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8L2%2B%2FRmDZkh7uk5i7RHPQtdiWRsylZPLRLLC4GdvDbqI4I8N%2FtF%2FPYCBr5%2FNoluTAKg43fkeC8OXeh%2FUr7OzI2%2Bz78EAWH3YPndVVtYgUSnABu4MdTZJAIB9FebpMlKyWdB93MmvkgpLV4nVYggp9gK0QRN1uBphA7Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d5ef978f2d-FRA
alt-svc
h3=":443"; ma=86400
gtm.js
www.googletagmanager.com/ 		620 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KGCJ5M
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
713bade3423c016e834fc826f26f7d9bf64a1de6fe6b64a543d41b6b44a4f78c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
145756
x-xss-protection
0
last-modified
Mon, 27 May 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 27 May 2024 00:42:18 GMT
/
sdk.me.bca.meiro.io/ 		227 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.me.bca.meiro.io/
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.1.51.228 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-51-228.ap-southeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
767ca799fe9aedd3a2eaa079ac87a18e9c5c707ff6c6c66a8327b608edddf453

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
gzip
last-modified
Thu, 23 May 2024 08:09:27 GMT
server
nginx
etag
W/"664ef9b7-38aaf"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1800, public
expires
Mon, 27 May 2024 01:12:19 GMT
VisitorIdentification.js
bca-paylater-2024.fbzsa.com/layouts/system/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/layouts/system/VisitorIdentification.js
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PuUQeU51xEh8%2FXKgQMU%2Ff4%2BrT0Z9clTfXzXMDQCiYkSSiqz93dzJ8XQFMds1tOrjlSuQZMV1BZCjrGB6EFFgOUeJOOi88ME8ZktpauJL5IIc%2B8xEn5D%2FxyL0Z9wrCNPGNeB3GbEK6tz%2BIVDkaO5SEWSaH2eOlZOG4O8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d5ffa08f2d-FRA
alt-svc
h3=":443"; ma=86400
app.css
www.bca.co.id/css/ 		617 KB
620 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/css/app.css?v=5.2
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
e1731103cb5281161b7716b646984ba8048747c912f6c54cbaae04faf68aaf43
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:12 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Fri, 24 Sep 2021 08:30:08 GMT
X-Content-Type-Options
nosniff
ETag
"028e1611eb1d71:0"
Content-Type
text/css
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Content-Length
631625
X-XSS-Protection
1; mode=block
bca-custom.css
www.bca.co.id/css/ 		21 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/css/bca-custom.css?v=5.2
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
22c15bb8c286dd2927b25f70f29ecd8d60b513e5ff903be3a34c4c59df105d7d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:07 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 27 Sep 2023 06:52:54 GMT
X-Content-Type-Options
nosniff
ETag
"027563dff1d91:0"
Content-Type
text/css
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Content-Length
21105
X-XSS-Protection
1; mode=block
select2.css
www.bca.co.id/css/ 		15 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/css/select2.css?v=5.2
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
00a115912d72cd26711687dbc617762f89f173c188259beb1ee1536f072d35fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:12 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Tue, 23 Feb 2021 11:05:22 GMT
X-Content-Type-Options
nosniff
ETag
"0578c7d39d71:0"
Content-Type
text/css
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Content-Length
15826
X-XSS-Protection
1; mode=block
custom.css
www.bca.co.id/css/ 		1 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/css/custom.css?v=5.2
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
8b8b286c8a28fd3cf5c750163fcce392e5e4931168c92d60c932baecc642474b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:07 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Tue, 02 Mar 2021 08:25:52 GMT
X-Content-Type-Options
nosniff
ETag
"02832a83dfd71:0"
Content-Type
text/css
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Content-Length
1511
X-XSS-Protection
1; mode=block
logo-bca.svg
www.bca.co.id/-/media/Feature/Header/Header-Logo/ 		69 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bca.co.id/-/media/Feature/Header/Header-Logo/logo-bca.svg?v=1
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
c976d013d44175675919cc661dcac427f48f541b793ce04c1570f267e065e1b3
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:07 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 04 Sep 2023 03:53:04 GMT
X-Content-Type-Options
nosniff
ETag
cc11b6bed675463c9201184be4b7da72
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="logo-bca.svg"
Accept-Ranges
bytes
Content-Length
70236
X-XSS-Protection
1; mode=block
20231002-paylater-thu.jpg
www.bca.co.id/id/individu/layanan/e-banking/mybca/-/media/Feature/Promo/Thumbnail/2023/10/ 		33 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bca.co.id/id/individu/layanan/e-banking/mybca/-/media/Feature/Promo/Thumbnail/2023/10/20231002-paylater-thu.jpg?h=294&w=360&hash=18D1B6EED92AF2932C99404BB96CBAAF
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
0b5c1848b70a7d984598a4dd14d3c85e95a0864c72e8dbac2fc12f1d42a83305
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:07 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Fri, 27 Oct 2023 10:03:32 GMT
X-Content-Type-Options
nosniff
ETag
ca299563259f4ad9b9c05c2a8bdaa5dc
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="20231002-paylater-thu.jpg"
Accept-Ranges
bytes
Content-Length
33462
X-XSS-Protection
1; mode=block
email-decode.min.js
bca-paylater-2024.fbzsa.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 22 May 2024 09:02:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"664db4b7-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dozsc1jSTvf9vy%2FREozHW%2FcwGeDn297t7zF3%2BcaNLmUZoolYoFnhe2vpNsmmDf%2F7QK7Y3lcAB5Lh24I0fBkkr8R4y37EZm2dexhbLjTX2lGw1nYGZrbtvri%2FNlpQIiYOy7nLwCesxBKg2iYaZeEAjDPPvhMrrs7hrso%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
88a1f6d9ba6a8f2d-FRA
expires
Wed, 29 May 2024 00:42:18 GMT
optimized-min.js
www.bca.co.id/-/media/Base-Themes/Core-Libraries/scripts/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/-/media/Base-Themes/Core-Libraries/scripts/optimized-min.js?t=20231218T032627Z
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
8a7482615b4dc028fcb13f859b20b83c874673e006f74efeb3063a4e8cac3a65
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:12 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 18 Dec 2023 03:32:55 GMT
X-Content-Type-Options
nosniff
ETag
a6116ef909174e9fad7fa7ffce88e04c
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="optimized-min.js"
Accept-Ranges
bytes
Content-Length
1102802
X-XSS-Protection
1; mode=block
optimized-min.js
www.bca.co.id/-/media/Base-Themes/XA-API/Scripts/ 		2 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/-/media/Base-Themes/XA-API/Scripts/optimized-min.js?t=
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
4b5013c1e9a922e188e0d6f3903aad0c81a64c231d976d869c8b0f35be0b133d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:12 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 02 Sep 2020 04:52:37 GMT
X-Content-Type-Options
nosniff
ETag
73374e4a4b90463d94a7452b1c06fe0e
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="optimized-min.js"
Accept-Ranges
bytes
Content-Length
1689
X-XSS-Protection
1; mode=block
optimized-min.js
www.bca.co.id/-/media/Base-Themes/Main-Theme/scripts/ 		3 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/-/media/Base-Themes/Main-Theme/scripts/optimized-min.js?t=
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
a36338e2015fbe5e6f570cb35a9e0305a4f4d40bace6713fce1edbaefc9cf44f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:12 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 02 Sep 2020 04:52:37 GMT
X-Content-Type-Options
nosniff
ETag
0d7dff89f18d4e04b8e213c7197017c7
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="optimized-min.js"
Accept-Ranges
bytes
Content-Length
2640
X-XSS-Protection
1; mode=block
optimized-min.js
www.bca.co.id/-/media/Base-Themes/Google-Maps-JS-Connector/Scripts/ 		5 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/-/media/Base-Themes/Google-Maps-JS-Connector/Scripts/optimized-min.js?t=
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
4692d4d1124e4fdde548b916c88189b6e07462d9d24cdd5c6ca8f2a2fcb2af56
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:12 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 02 Sep 2020 04:52:38 GMT
X-Content-Type-Options
nosniff
ETag
b06211c0083041adb3ace72ca94d5cf3
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="optimized-min.js"
Accept-Ranges
bytes
Content-Length
4913
X-XSS-Protection
1; mode=block
optimized-min.js
www.bca.co.id/-/media/Base-Themes/Maps/Scripts/ 		9 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/-/media/Base-Themes/Maps/Scripts/optimized-min.js?t=
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
427e57ed3ad640f4ddefe4a7aeb116746506151fd0d227f8f34e40cb3350e45f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:08 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 02 Sep 2020 04:52:38 GMT
X-Content-Type-Options
nosniff
ETag
d44475184b5f4b7e883107cf7f80d189
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="optimized-min.js"
Accept-Ranges
bytes
Content-Length
8845
X-XSS-Protection
1; mode=block
optimized-min.js
www.bca.co.id/-/media/Base-Themes/SearchTheme/Scripts/ 		77 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/-/media/Base-Themes/SearchTheme/Scripts/optimized-min.js?t=20210420T153720Z
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
0528ac0510190720ca908525504da943fd9458073f12538508e008c5dd959d52
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:13 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Tue, 20 Apr 2021 15:37:20 GMT
X-Content-Type-Options
nosniff
ETag
b666aa5522464cf79aeab5a21d15574b
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="optimized-min.js"
Accept-Ranges
bytes
Content-Length
78864
X-XSS-Protection
1; mode=block
optimized-min.js
www.bca.co.id/-/media/Base-Themes/Components-Theme/Scripts/ 		52 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/-/media/Base-Themes/Components-Theme/Scripts/optimized-min.js?t=20210420T153721Z
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
3ccfef488ea331570ce292a9d17c1b211703b10522146eb5098c2590e45dd753
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:08 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Tue, 20 Apr 2021 15:37:21 GMT
X-Content-Type-Options
nosniff
ETag
31df322c77894954b4176b6b392a16f9
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="optimized-min.js"
Accept-Ranges
bytes
Content-Length
53454
X-XSS-Protection
1; mode=block
optimized-min.js
www.bca.co.id/-/media/Base-Themes/Resolve-Conflicts/Scripts/ 		19 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/-/media/Base-Themes/Resolve-Conflicts/Scripts/optimized-min.js?t=
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
1b631c545e0e9acda2fa9adef7ce9415a95fc6a325ea80268d1793bf913180ae
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:08 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 02 Sep 2020 04:52:38 GMT
X-Content-Type-Options
nosniff
ETag
09bf82874e1e4dc084882553f6cc0fb2
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="optimized-min.js"
Accept-Ranges
bytes
Content-Length
19
X-XSS-Protection
1; mode=block
html5-qrcode.min.js
raw.githubusercontent.com/mebjas/html5-qrcode/master/minified/ 		0
0
html5-qrcode.min.js
unpkg.com/html5-qrcode@2.3.8/
Redirect Chain
  • https://unpkg.com/html5-qrcode
  • https://unpkg.com/html5-qrcode@2.3.8
  • https://unpkg.com/html5-qrcode@2.3.8/html5-qrcode.min.js
367 KB
151 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/html5-qrcode@2.3.8/html5-qrcode.min.js
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Server
2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
660b12437b1d747e3e68b8be0685c08cb728140110ad213f167b14b66f8b1d8e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://bca-paylater-2024.fbzsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
6417722
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HRWFHEHTC5CPCEK2CAEPFPRV-fra
server
cloudflare
etag
"5ba44-48AGyg4D4UXFgIJHGrZRQV72RN0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
88a1f6da380d71df-FRA

Redirect headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
via
1.1 fly.io
cf-cache-status
HIT
fly-request-id
01HRWFHDCZ9QEPW6H62HH5XGKZ-fra
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
6417730
server
cloudflare
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/html5-qrcode@2.3.8/html5-qrcode.min.js
cache-control
public, max-age=31536000
cf-ray
88a1f6da1fff71df-FRA
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/ 		77 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 27 May 2024 00:42:18 GMT
x-content-type-options
nosniff
content-encoding
br
age
2915581
x-jsd-version
5.0.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
23925
x-served-by
cache-fra-eddf8230030-FRA
x-jsd-version-type
version
etag
W/"1339c-XbTEDbxr09liPumKIGHdJliFzy4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/ 		59 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
871
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
6422375
cdn-cachedat
10/31/2023 18:51:50
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"02d223393e00c273efdcb1ade8f4f8b1"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
b3bd091d36d3aaa8ce89af0da90a6662
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
88a1f6d9d8829207-FRA
cdn-requestpullsuccess
True
jquery-3.5.1.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.5.1.min.js
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2626711
x-cache
HIT, HIT
content-length
30879
x-served-by
cache-lga21981-LGA, cache-fra-eddf8230065-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1716770539.547489,VS0,VE0
etag
W/"28feccc0-15d84"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
9, 508977
api.js
www.google.com/recaptcha/ 		1 KB
948 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b41e2aeede535ac85f5df5d9372090a3640bd3b6c27839188aae426f3da77860
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 27 May 2024 00:42:18 GMT
enterprise.js
www.google.com/recaptcha/ 		2 KB
1015 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?render=6LeZcXchAAAAAITCDrk6oXMPM2w6YExcSu-u6KSx&v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
8fe2b4d0a7e136d724d6a03272f65bbb3dcfc0b2d70f6e40cf0a4b27a88e37c4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 27 May 2024 00:42:18 GMT
vendor.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/vendor.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BEGAASLHpd6TehTKFW3Zw9Nokookzewfdiqbu03GJqA%2B6DSC7icMAhicIkXq2yNDbL5ptLGBcY9RyyEBmwtiJGpoNWFvkW76DOMyyaUcQ3%2BB8rKq31HJ3a0dODVFxFusrYzwy%2B1s4JdIIMEF7wCUNOnEUdwSGfF6t3Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba6d8f2d-FRA
alt-svc
h3=":443"; ma=86400
highstock.js
bca-paylater-2024.fbzsa.com/js/js-external/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/js-external/highstock.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3bDbgrI0lDnenKtn0g16QrQ6vTNUUCFEqeixBiD2hoCoKwfo2ZujXiiBNOhXgqPQWxlwzzcJkCl2bEjD646JuCpeE%2BoUO0XshHNlNXvQwm%2BQOS8xfVEmcKvH9S0uZio7K%2FJWBKeBW4uummYXL09ozs%2BytT3tZxSYc8Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba708f2d-FRA
alt-svc
h3=":443"; ma=86400
bca-about.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/bca-about.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrYHr1RGiJ3n4ljFUeIv3q6WMKww%2BGv58AMxNKjJQFeYuU0TCFSEtlaN0OBw3NLCSwikptKN6cybAlWQIuee64MtdQXTP7%2FyIMnSjeB2cFScEWYeujCk72hMvILrWXWYZHX56BMk%2Bep0OO7dwGC84Sz1W57flcodKhE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba728f2d-FRA
alt-svc
h3=":443"; ma=86400
app.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/app.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ov2OUCUSZcgasdl6bSiNkiNiYeGstefwttoBf0ssUNm8LoDa8%2B1gAZI%2FMkQ%2Bul9urR4IbYeW1UdUwihIDT6haQfCk4YbAoYLdOucztoTFNN%2FAxOEIo0AIiXT60E5JR2xyp%2Bqdze03vRY6Jy7Dg99K4KbvpvX5cmnGyc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba748f2d-FRA
alt-svc
h3=":443"; ma=86400
custom-script.js
bca-paylater-2024.fbzsa.com/js/js-external/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/js-external/custom-script.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FLu4lonT%2Bf0i40z9GyOAyk1ZeE004wi05SXWRVcAIcTcDRyy0cdtfLBn5NjVet1rlX36dLMv0HtOcxOvFkuoNcIE2luFDLfyYWyn9%2BJqYV5m6yikKfr4XPesIRJ2hgPFZMprSJYpAVMt1DBvccJkIRvnijoiACiCbLk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba758f2d-FRA
alt-svc
h3=":443"; ma=86400
select2.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/select2.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8gWSCL34E2FMlyJ62ZIrB6mb2ij7RJ%2F2s7hfdcB1BiMfcjWQtVjDo1Sra0EXnF4ucPeDTa3Kh3fViBzwHs2bINmMNpEMijGuiZAG605doUuv9%2FtdDDzvL1e2Fzshj59FYdavruwXALEz5wOiXYqq4PlNjOloSxo3sCE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba768f2d-FRA
alt-svc
h3=":443"; ma=86400
select2-custom.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/select2-custom.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dMp6FdDaZe1JqZL5GyoZMDy8DxwbENX1EjT2TmFEg6n3xYc%2Fk1EK4Un0E9lWRcw3nI8bY%2FyOaI6pDkSr7h6RAvsN89ugkzEQ14n%2Be2Rp6aG75Akfb%2Ff5E%2BtSpfcdkp8D%2FeYh3A5EJrPbsOuSWhu%2BS58DicZULEOCRJY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba778f2d-FRA
alt-svc
h3=":443"; ma=86400
bca-custom.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/bca-custom.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YSZNU%2B%2BRnzcJX%2FKBkDfyF1DfBeuvyLpM2ICLW7aLteyi8xb6iUTAwlKKVdk%2BCHvp3jhwz3wAHpDO5UOXMGHpRSJytJMiWVNsddzx%2FI9QFnTtHD1iqI%2Br07gLVtddwhN9hrUFCmey3RnOXSgXQFkKcEQMjtGX959Q1wg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba788f2d-FRA
alt-svc
h3=":443"; ma=86400
bcapromo.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/bcapromo.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NY9xr6bHNVlt%2BpPClGkZwfhky5AVtEyksmEyBmJlF3DaVyFoj5M%2B7eqDilAF9zHOyYL4uL0bbcoVW8L6Cirq30ar06p1V1lR2YszCnXV%2FYXDiAXF1K73JXp%2BZzOT1wG7xPB0W2bLwRxJUz26SEWk9JJ1oitLvMQ8VBQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba7a8f2d-FRA
alt-svc
h3=":443"; ma=86400
bcakurs.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/bcakurs.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4OzoDpNYcE4DA3kwHEYAFttJlr4%2BCjFbmvPW3BjC3Xq744HSouUojcvqJm%2Ff7LURcLLaBXafd2V9azCVdO%2Bk%2B9HzmAfR27c6nY6E9Xo0rPfOmNVVCUskAYGD7murHVlSukFUw0JIR778IzsTKYO5dcE4BzX4xr9PJMk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba7b8f2d-FRA
alt-svc
h3=":443"; ma=86400
jszip.min.js
bca-paylater-2024.fbzsa.com/js/js-external/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/js-external/jszip.min.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FAtrSl7Ee%2BXWgflHA8vToJNm1g%2FAQwXURc3K0BG%2FE6SPz5KClqSXgO0OcuIBpHcv076MApv0xyPzjVma73DakssfOnZ8SqYt5gwHmn6YFUDj95BA9GzeE5lkoKkv86sbmNWoOL1G74X4PgcY%2BkA2s0Jvu4jgqUjYALU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba7c8f2d-FRA
alt-svc
h3=":443"; ma=86400
jszip-utils.min.js
bca-paylater-2024.fbzsa.com/js/js-external/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/js-external/jszip-utils.min.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PJkNe%2BTSBmeTnVmS0WppgquAXYfga76ErXGipFHLT0NaPGNXb1xH0Hf1NYnV%2B8Ni1YFtZqHaYDWXUxsXIhp8xnUvcEHvukFRtzvgb0DsLuL76UwEvCiQpWpWU2Y10LC4zZ0AI62rGxy%2FBGsuCH0pbEVcyzGU5%2BXrmtE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba7e8f2d-FRA
alt-svc
h3=":443"; ma=86400
FileSaver.min.js
bca-paylater-2024.fbzsa.com/js/js-external/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/js-external/FileSaver.min.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2FsfqR1GVGIyHG%2B9yplHWLFxRwwJ84%2FSkcGYaRiDC9DHClzF9tbVCssE2j2NyiKseI01vDGY8BPv26uCe7P5ixjH0Tf65EeXcZHjxyeDgAjPm1unZ66uk2P8C304bvDetb509E8ULzpdGfexhCCW3bWxHLZM89jMBQw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba808f2d-FRA
alt-svc
h3=":443"; ma=86400
bcareport.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/bcareport.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:19 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oOwts69Xm5V6H9wfWcUHIzurERUjryU%2BVxbdxU6flDqwi6I%2FgkpZ7ZUsTJsq6qQAsRlWGGBMTJirg2F5YmPRkhn4l1rlfGDFj7fBlu3FfOia5OGkzEFM47hPqwabvts4ZYUBhhf0BLsxZ2uAwyMG8MXi6Cc2H1G%2FlSY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba818f2d-FRA
alt-svc
h3=":443"; ma=86400
sxa-search.js
bca-paylater-2024.fbzsa.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bca-paylater-2024.fbzsa.com/js/sxa-search.js?v=6
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:32d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RO1KGvce%2Fs8foE0BueRi80KfVlihPWjvkaGAAnE791of1M%2F8ooEJsT0VcdBVjujKLu24Lf6atG4SxtYZzIkiWIgR2qsOa7WsW%2BR%2FYC55T1RhIWWuzWHhbcOVqdVHocfcOv3Nni5pCGvGu%2BGZ88RCe9kuoeUyouIyUco%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
cf-ray
88a1f6d9ba828f2d-FRA
alt-svc
h3=":443"; ma=86400
js
maps.googleapis.com/maps/api/ 		245 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyDbZrK6aTI9hICWyLGCyjUO9TDLhCGWgxY&callback=initMap&libraries=places
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
01e11e6522b0f8b541c8c8c119534079d4ce58acf7ed6c59b3cb8aa8a40b9e8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Accept-Language, Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81816
x-xss-protection
0
buzzwidget.js
halo.bca.co.id/buzz-widget-new/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://halo.bca.co.id/buzz-widget-new/buzzwidget.js
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.6.208.99 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
Software
nginx /
Resource Hash
607fd301916265741ead6cf699ed7b55973646d2fec4e61bad600ea7e7c2e772
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: https://*.bca.co.id wss://chat.halo.bca.co.id https://*.halo.bca.co.id https://unpkg.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bca.co.id https://*.halo.bca.co.id https://*.google.com https://*.googleapis.com https://www.gstatic.com https://unpkg.com https://fe-expo2024.kelolain.id ; img-src https://*.halo.bca.co.id https://*.bca.co.id https://www.bcamf.co.id https://www.mylifeguard.id https://www.bcalife.co.id https://unpkg.com https://fe-expo2024.kelolain.id data: blob:; style-src 'self' 'unsafe-inline' https://*.bca.co.id https://*.halo.bca.co.id https://unpkg.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://*.bca.co.id https://*.halo.bca.co.id https://*.gstatic.com https://*.googleapis.com https://unpkg.com data:; frame-src https://*.bca.co.id https://*.halo.bca.co.id https://*.google.com https://www.gstatic.com https://unpkg.com; frame-ancestors 'self' https://*.bca.co.id https://www.bcamf.co.id https://www.mylifeguard.id https://www.bcalife.co.id https://unpkg.com https://fe-expo2024.kelolain.id ; object-src 'self' blob: https://*.halo.bca.co.id https://*.bca.co.id
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 27 May 2024 00:42:21 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src 'self' blob: https://*.bca.co.id wss://chat.halo.bca.co.id https://*.halo.bca.co.id https://unpkg.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bca.co.id https://*.halo.bca.co.id https://*.google.com https://*.googleapis.com https://www.gstatic.com https://unpkg.com https://fe-expo2024.kelolain.id ; img-src https://*.halo.bca.co.id https://*.bca.co.id https://www.bcamf.co.id https://www.mylifeguard.id https://www.bcalife.co.id https://unpkg.com https://fe-expo2024.kelolain.id data: blob:; style-src 'self' 'unsafe-inline' https://*.bca.co.id https://*.halo.bca.co.id https://unpkg.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://*.bca.co.id https://*.halo.bca.co.id https://*.gstatic.com https://*.googleapis.com https://unpkg.com data:; frame-src https://*.bca.co.id https://*.halo.bca.co.id https://*.google.com https://www.gstatic.com https://unpkg.com; frame-ancestors 'self' https://*.bca.co.id https://www.bcamf.co.id https://www.mylifeguard.id https://www.bcalife.co.id https://unpkg.com https://fe-expo2024.kelolain.id ; object-src 'self' blob: https://*.halo.bca.co.id https://*.bca.co.id
Connection
keep-alive
Content-Length
1431
X-XSS-Protection
1; mode=block
Pragma
public
last-modified
Mon, 18 Mar 2024 08:22:56 GMT
Server
nginx
etag
W/"65f7f9e0-b29"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
cache-control
max-age=2592000, public
Expires
Wed, 26 Jun 2024 00:42:21 GMT
destination
www.googletagmanager.com/gtag/ 		313 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-757037349&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGCJ5M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8ddc8e5739e9cf33e8e866bd559b81abfbd2da10efa66203c7bc5f4bafe88e4d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97302
x-xss-protection
0
last-modified
Mon, 27 May 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 27 May 2024 00:42:18 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGCJ5M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 27 May 2024 00:29:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
790
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 27 May 2024 02:29:08 GMT
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 27 May 2024 00:42:18 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1326, tbw=2777, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
ecTRBFI8JerPIqarT3Etrpc5sSZ/ohoFzN7+hKJy4jVcDd4LyVRnz7W4d6so9OXLw5BW2FvzobcQfl1U4vM/zQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
last-modified
Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption
AES256
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15412
x-served-by
cache-iad-kiad7000168-IAD, cache-fra-etou8220092-FRA
up_loader.1.1.0.js
js.adsrvr.org/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGCJ5M
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.40.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-40-116.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
424ce4e99e7476fca8e9d27d6c15b60466ab7cf1c7d7c896e1c63f7cd6a818c8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 26 May 2024 05:49:34 GMT
Content-Encoding
gzip
Via
1.1 75964e4626dd702b8dac2690031df25a.cloudfront.net (CloudFront)
Last-Modified
Mon, 20 May 2024 07:02:23 GMT
Server
AmazonS3
X-Amz-Cf-Pop
MUC50-P2
Age
67964
ETag
W/"a60a4e2650f94da6f243b9518761b381"
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
T9LG9LkGal1hyJ3mugKWgKbncG16YVGKzXXkydTxpQiaY0vAtAeKAg==
js
www.googletagmanager.com/gtag/ 		313 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-757037349
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGCJ5M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
081260c12947e5c0f15988c1bca9e2ac159183f4315a0709ddb2bca51c3f6475
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97264
x-xss-protection
0
last-modified
Mon, 27 May 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 27 May 2024 00:42:18 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CD39B5BC77UB4VGBRIEG&lib=ttq
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.11 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-11.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2242fe2eb148e9f979e1169f84db50e0ba99d4eaa7917b4efe49e8e392719861

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
6126dbed.499b3800
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240527004218B7D5A43E20408DD9486A-6E1B9B1F5B6AF2DD-00
x-cache
TCP_MISS from a95-100-146-7.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
x-parent-response-time
104,95.100.146.7
server-timing
cdn-cache; desc=MISS, edge; dur=94, origin; dur=10, inner; dur=4
content-length
1835
pragma
no-cache
server
nginx
x-tt-logid
20240527004218B7D5A43E20408DD9486A
x-cache-remote
TCP_MISS from a184-28-17-77.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
10,184.28.17.77
x-tt-trace-host
015116bf029a518fcd998963dc452ba0d46b1ca106f8bcdc210b826f62bc2d4e68e0f24fb3b180ec88bdd90f7f95bd1054f84f2b2be87787ed00d32276f5762bea293dd80fadde6faaf44bc5e1a403aadb8ee7eada74288462d5e51859b3dba84e357897be4e62407865266d9fb9a43f30
expires
Mon, 27 May 2024 00:42:18 GMT
adsct
t.co/1/i/ 		43 B
205 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=39b24373-b9b0-47f6-86f6-52560f79f75b&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe082142-8a8e-43f2-9f25-3427f250ab84&tw_document_href=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&tw_iframe_status=0&txn_id=o27bt&type=javascript&version=2.3.30
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
189
date
Mon, 27 May 2024 00:42:18 GMT
strict-transport-security
max-age=0
server
tsa_f
content-type
image/gif;charset=utf-8
x-transaction-id
038c83a65ac931bc
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
904938020210b37ecd31802d0ab819741c62497cbdb941cac501d57019170ec0
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
568 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=39b24373-b9b0-47f6-86f6-52560f79f75b&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe082142-8a8e-43f2-9f25-3427f250ab84&tw_document_href=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&tw_iframe_status=0&txn_id=o27bt&type=javascript&version=2.3.30
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
114
date
Mon, 27 May 2024 00:42:18 GMT
strict-transport-security
max-age=631138519
server
tsa_f
content-type
image/gif;charset=utf-8
x-transaction-id
abb9c61bee8be576
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
75fec60902878cbd167b5c9315ccad769772134a3d80049c0eb24403d3e9bd23
content-length
43
adsct
t.co/1/i/ 		43 B
203 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=6da2f61b-cdce-4b6b-a11f-25501bdba49a&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe082142-8a8e-43f2-9f25-3427f250ab84&tw_document_href=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&tw_iframe_status=0&txn_id=o20ro&type=javascript&version=2.3.30
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
182
date
Mon, 27 May 2024 00:42:17 GMT
strict-transport-security
max-age=0
server
tsa_f
content-type
image/gif;charset=utf-8
x-transaction-id
5ec16c9408c3c83e
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
904938020210b37ecd31802d0ab819741c62497cbdb941cac501d57019170ec0
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
725 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=6da2f61b-cdce-4b6b-a11f-25501bdba49a&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe082142-8a8e-43f2-9f25-3427f250ab84&tw_document_href=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&tw_iframe_status=0&txn_id=o20ro&type=javascript&version=2.3.30
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
107
date
Mon, 27 May 2024 00:42:17 GMT
strict-transport-security
max-age=631138519
server
tsa_f
content-type
image/gif;charset=utf-8
x-transaction-id
3066b24954a88d92
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
75fec60902878cbd167b5c9315ccad769772134a3d80049c0eb24403d3e9bd23
content-length
43
adsct
t.co/1/i/ 		43 B
374 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=302a3657-a004-4449-9637-7d54fc01930a&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe082142-8a8e-43f2-9f25-3427f250ab84&tw_document_href=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&tw_iframe_status=0&txn_id=o6o34&type=javascript&version=2.3.30
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
113
date
Mon, 27 May 2024 00:42:18 GMT
strict-transport-security
max-age=0
server
tsa_f
content-type
image/gif;charset=utf-8
x-transaction-id
84e99a653604486c
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
904938020210b37ecd31802d0ab819741c62497cbdb941cac501d57019170ec0
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=302a3657-a004-4449-9637-7d54fc01930a&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe082142-8a8e-43f2-9f25-3427f250ab84&tw_document_href=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&tw_iframe_status=0&txn_id=o6o34&type=javascript&version=2.3.30
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
178
date
Mon, 27 May 2024 00:42:18 GMT
strict-transport-security
max-age=631138519
server
tsa_f
content-type
image/gif;charset=utf-8
x-transaction-id
8094c7c7b9d5f64e
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
75fec60902878cbd167b5c9315ccad769772134a3d80049c0eb24403d3e9bd23
content-length
43
adsct
t.co/1/i/ 		43 B
227 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=94449d35-8a06-41f4-9fb4-5d20801583a2&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe082142-8a8e-43f2-9f25-3427f250ab84&tw_document_href=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&tw_iframe_status=0&txn_id=o1kiz&type=javascript&version=2.3.30
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
107
date
Mon, 27 May 2024 00:42:17 GMT
strict-transport-security
max-age=0
server
tsa_f
content-type
image/gif;charset=utf-8
x-transaction-id
edea1d53dc9f161b
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
904938020210b37ecd31802d0ab819741c62497cbdb941cac501d57019170ec0
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
547 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=94449d35-8a06-41f4-9fb4-5d20801583a2&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe082142-8a8e-43f2-9f25-3427f250ab84&tw_document_href=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&tw_iframe_status=0&txn_id=o1kiz&type=javascript&version=2.3.30
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
177
date
Mon, 27 May 2024 00:42:18 GMT
strict-transport-security
max-age=631138519
server
tsa_f
content-type
image/gif;charset=utf-8
x-transaction-id
ea845e4d4705b2a2
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
75fec60902878cbd167b5c9315ccad769772134a3d80049c0eb24403d3e9bd23
content-length
43
collect
www.google-analytics.com/j/ 		3 B
216 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1433233896&t=pageview&_s=1&dl=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&dp=%2F&ul=de-de&de=windows-1252&dt=BCA%20-%20Paylater%20BCA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAACgGK~&jid=2103351463&gjid=2086165160&cid=1415214161.1716770539&tid=UA-72706651-1&_gid=1970402860.1716770539&_r=1&_slc=1&gtm=45He45m0n71KGCJ5Mv72581663za200&cd4=2024-05-27T02%3A42%3A18.651%2B02%3A00&cd8=5b8d98e3-baa2-45d6-a3a1-fc9a649e468d&cd9=GTM-KGCJ5M&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&cd5=1415214161.1716770539&cd6=pageview&npa=1&z=1622529938&cd7=561
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/757037349/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/757037349/?random=1716770538734&cv=11&fst=1716770538734&bg=ffffff&guid=ON&async=1&gtm=45be45m0v884534247z872581663za201zb72581663&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&label=_FtvCKORstoBEKXy_egC&hn=www.googleadservices.com&frm=0&tiba=BCA%20-%20Paylater%20BCA&value=1&bttype=purchase&npa=1&pscdl=noapi&auid=1410029801.1716770539&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-757037349&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
53f1f76236e748bbf6ba92f8fe494b6b7243ef7687f33bc455b27af0ab1214d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1688
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
2328672930699003
connect.facebook.net/signals/config/ 		97 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2328672930699003?v=2.9.156&r=stable&domain=bca-paylater-2024.fbzsa.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
68fc78bef2dc585d37430d466817254527615eb4e91350161246409612463e14
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 27 May 2024 00:42:18 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=12, rtx=2, c=49, mss=1326, tbw=63352, tp=-1, tpl=-1, uplat=110, ullat=0
pragma
public
x-fb-debug
QPUNTkr9RShaKrGW4owpTW6NcX8IvaDa68vu0quFAqIGwA4NndEmHllkH9E0seV6H0kZWebOQ7wwrpA/cd5jCg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
td
www.googletagmanager.com/ 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/td?id=AW-757037349&v=3&t=t&pid=1278178038&dl=bca-paylater-2024.fbzsa.com%2F&tdp=AW-757037349;84534247;0;0;0&frm=0&rtg=84534247&rlo=23&slo=23&z=0
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
server
Golfe2
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=gtm.init_consent&eid=-1&h=Ag&mtd=__e0&mec=__e2&z=0
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=gtm.init&eid=0&h=Ag&tr=1ogtadsdatatos.1ogt1pdatav2.1ccdadsfirst.1ccdpreautopii.1ccdemform.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ogtconvdef.1ccdadd1pdata.1ccdadd1pdata.1ccdadslast&ti=2ogtadsdatatos.2ogt1pdatav2.2ccdadsfirst.2ccdpreautopii.2ccdemform.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ccdadd1pdata.2ccdadd1pdata.2ccdadslast&mec=__e4&z=0
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=*&eid=1&u=AAAAAAAI&h=Ag&tr=1rep&ti=1rep&mec=__e6&z=0
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=gtag.config&eid=81&u=AAAAAAAIAAAAACA&ut=Ag&h=Ag&epr=1AW&mec=__e6&z=0
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&e=gtm.init&eid=0&u=AAAAAAAIAAAAACA&ut=Ag&h=Ag&tr=5ogtadsdatatos.5ogt1pdatav2.5ccdadsfirst.5ccdpreautopii.5ccdemform.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ogtconvdef.5ccdadd1pdata.5ccdadd1pdata.5ccdadslast&ti=2ogtadsdatatos.2ogt1pdatav2.2ccdadsfirst.2ccdpreautopii.2ccdemform.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ogtconvdef.2ccdadd1pdata.2ccdadd1pdata.2ccdadslast&mec=__e6&z=0
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:18 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
/
www.google.de/pagead/1p-conversion/757037349/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/757037349/?random=838355340&cv=11&fst=1716770538734&bg=ffffff&guid=ON&async=1&gtm=45be45m0v884534247z872581663za201zb72581663&gcd=13...
  • https://www.google.com/pagead/1p-conversion/757037349/?random=838355340&cv=11&fst=1716770538734&bg=ffffff&guid=ON&async=1&gtm=45be45m0v884534247z872581663za201zb72581663&gcd=13l3l3l2l1&dma_cps=syph...
  • https://www.google.de/pagead/1p-conversion/757037349/?random=838355340&cv=11&fst=1716770538734&bg=ffffff&guid=ON&async=1&gtm=45be45m0v884534247z872581663za201zb72581663&gcd=13l3l3l2l1&dma_cps=sypha...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/757037349/?random=838355340&cv=11&fst=1716770538734&bg=ffffff&guid=ON&async=1&gtm=45be45m0v884534247z872581663za201zb72581663&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&label=_FtvCKORstoBEKXy_egC&hn=www.googleadservices.com&frm=0&tiba=BCA%20-%20Paylater%20BCA&value=1&npa=1&pscdl=noapi&auid=1410029801.1716770539&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIm__-0MyshgMVj6CDBx24Jg5BMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6JGh0dHBzOi8vYmNhLXBheWxhdGVyLTIwMjQuZmJ6c2EuY29tLw&is_vtc=1&cid=CAQSGwDaQooLuz7WqopMEPTYHbZAq3FXIovVXCyPbg&eitems=ChEI8LvLsgYQ3N6khPWr17udARIdABevwuUfGD7vcvbkaHBm8eJB3Rt1q6JymLsF830&random=1767752515&ipr=y
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://bca-paylater-2024.fbzsa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:18 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/757037349/?random=838355340&cv=11&fst=1716770538734&bg=ffffff&guid=ON&async=1&gtm=45be45m0v884534247z872581663za201zb72581663&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&label=_FtvCKORstoBEKXy_egC&hn=www.googleadservices.com&frm=0&tiba=BCA%20-%20Paylater%20BCA&value=1&npa=1&pscdl=noapi&auid=1410029801.1716770539&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQJKFXRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIm__-0MyshgMVj6CDBx24Jg5BMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6JGh0dHBzOi8vYmNhLXBheWxhdGVyLTIwMjQuZmJ6c2EuY29tLw&is_vtc=1&cid=CAQSGwDaQooLuz7WqopMEPTYHbZAq3FXIovVXCyPbg&eitems=ChEI8LvLsgYQ3N6khPWr17udARIdABevwuUfGD7vcvbkaHBm8eJB3Rt1q6JymLsF830&random=1767752515&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
main.MWYzNGIxOWM4MA.js
analytics.tiktok.com/i18n/pixel/static/ 		334 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWYzNGIxOWM4MA.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CD39B5BC77UB4VGBRIEG&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.11 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-11.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
994c6d28f0d2028431bc146ae2941c96b58352c98f4510d5958a01dc0335de30

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
499b3857
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240523141221D033E1B13AADC236EB7C
x-tt-trace-id
00-240523141221D033E1B13AADC236EB7C-74EFF4075670666A-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a95-100-146-7.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01fbd6299cafc88bcfd19074f653667998e4d907bd2a04ffc38843a538c23ab7229b0872481a7a2e0e526161defe796c1c61a872fb6401c5e692daef1288dbaf37e948a642e01ed6ca7d23f62eecd6c1661b1019a5101e5889d32a73450e65a82f
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=19
content-length
99391
/
www.facebook.com/tr/ 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2328672930699003&ev=PageView&dl=https%3A%2F%2Fbca-paylater-2024.fbzsa.com&rl=&if=false&ts=1716770538884&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4124&fbp=fb.1.1716770538883.1410088136&pm=1&hrl=8df6e7&ler=empty&cdl=API_unavailable&it=1716770538747&coo=false&cs_cc=1&ccs=1633822450320128&cas=7446729415396343%2C5782807648509568%2C6309758049072274%2C6122300031124464%2C5288355694617677%2C4636606879738278%2C2712545595429423&rqm=GET
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1326, tbw=2781, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 27 May 2024 00:42:18 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=2328672930699003&ev=PageView&dl=https%3A%2F%2Fbca-paylater-2024.fbzsa.com&rl=&if=false&ts=1716770538884&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4124&fbp=fb.1.1716770538883.1410088136&pm=1&hrl=8df6e7&ler=empty&cdl=API_unavailable&it=1716770538747&coo=false&cs_cc=1&ccs=1633822450320128&cas=7446729415396343%2C5782807648509568%2C6309758049072274%2C6122300031124464%2C5288355694617677%2C4636606879738278%2C2712545595429423&rqm=FGET
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x0def70ed139b2670","source_keys":["1","2"]},{"key_piece":"0x403e34a06b877ec0","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Mon, 27 May 2024 00:42:19 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1326, tbw=3098, tp=-1, tpl=-1, uplat=162, ullat=0
pragma
no-cache
x-fb-debug
ED1XFa+wrVQ9y4ysceJmadykvj3zCJ2D6wR5U+xJe98DevSDdu9mJnNIApPPwfArHJFj7tqohLGjKmGB2NqV/Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
identify_ce1d8843.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_ce1d8843.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWYzNGIxOWM4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.11 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-11.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
499b388a
date
Mon, 27 May 2024 00:42:18 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202405211400004921B73057AEA54992F5
x-tt-trace-id
00-2405211400004921B73057AEA54992F5-1CF37C4A3995B7A2-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a95-100-146-7.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
011c392bbe4263fce2d1f814ffc06cf6baf1ca2b39d7702bb6117f3b5652c9e5a2a3efc28f8f0634a18b6e7f8b08bc3fa8b026b3cc7072dbcbfe0625562db2d91a69a8b7fa95cd4a8949e86f11846413b37118a93b9e43dd410ee2e0a982c816c4
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
39654
pixel
analytics.tiktok.com/api/v2/ 		0
700 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWYzNGIxOWM4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.11 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-11.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
499b3892
date
Mon, 27 May 2024 00:42:19 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240527004219001A45BBDA387CDD39B5-167828A58B4BF887-00
x-cache
TCP_MISS from a95-100-146-7.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
server-timing
inner; dur=26, cdn-cache; desc=MISS, edge; dur=5, origin; dur=129
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240527004219001A45BBDA387CDD39B5
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
129,95.100.146.7
x-tt-trace-host
015116bf029a518fcd998963dc452ba0d4c5f81fc28161fa0294b82f165527dcce5353bbac9356eb088c259e6297d15d0722ad19c3528cdb808156b252a1056281dd2a7c51047a29368b649c0276118db8025736609011625876f35fb64b6a5c09
access-control-allow-headers
Authorization,*
expires
Mon, 27 May 2024 00:42:19 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
844 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWYzNGIxOWM4MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.11 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-11.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
db18ae1a.499b3921
date
Mon, 27 May 2024 00:42:19 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2405270042197EA92569D6BE18D625EF-141E64C177869E87-00
x-cache
TCP_MISS from a95-100-146-7.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
x-parent-response-time
122,95.100.146.7
server-timing
cdn-cache; desc=MISS, edge; dur=107, origin; dur=27, inner; dur=23
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202405270042197EA92569D6BE18D625EF
x-cache-remote
TCP_MISS from a23-48-100-139.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
27,23.48.100.139
x-tt-trace-host
015116bf029a518fcd998963dc452ba0d444e6d21024f55f7eb3a749f872764978c5c5affce577b78320ec412077f746db76eb145adafa69e6df9bdf770d778bf02e8d7d770a43b8ffb933150a78eec522e009940df412fe33043f9fe5bd951da3be462061642799f6c0d6ce78449d7928
access-control-allow-headers
Authorization,*
expires
Mon, 27 May 2024 00:42:19 GMT
/
me.bca.meiro.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://me.bca.meiro.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.1.51.228 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-51-228.ap-southeast-1.compute.amazonaws.com
Software
Meiro Producer /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-meiro-inbound-user-ids-consent,x-meiro-user-id-consent
Access-Control-Request-Method
POST
Origin
https://bca-paylater-2024.fbzsa.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-meiro-inbound-user-ids-consent,x-meiro-user-id-consent
access-control-allow-methods
GET,POST,HEAD,PUT,DELETE,PATCH
access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
date
Mon, 27 May 2024 00:42:20 GMT
server
Meiro Producer
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ip_lookup
bca.cdp.meiro.io/wbs/ 		30 B
155 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bca.cdp.meiro.io/wbs/ip_lookup
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWYzNGIxOWM4MA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.194.33 Singapore, Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Python/3.9 aiohttp/3.7.4.post0 /
Resource Hash
cbeebc000ace587d0ec530e11fa1439052d9cae5af1411453f69505557166ebb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
date
Mon, 27 May 2024 00:42:21 GMT
server
Python/3.9 aiohttp/3.7.4.post0
content-length
30
content-type
application/json; charset=utf-8
/
me.bca.meiro.io/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://me.bca.meiro.io/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWYzNGIxOWM4MA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.1.51.228 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-51-228.ap-southeast-1.compute.amazonaws.com
Software
Meiro Producer /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Meiro-User-Id-Consent
true
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json; charset=utf-8
Referer
https://bca-paylater-2024.fbzsa.com/
X-Meiro-Inbound-User-Ids-Consent
true
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
date
Mon, 27 May 2024 00:42:21 GMT
access-control-allow-credentials
true
server
Meiro Producer
content-length
0
vary
Origin
/
me.bca.meiro.io/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://me.bca.meiro.io/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWYzNGIxOWM4MA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.1.51.228 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-51-228.ap-southeast-1.compute.amazonaws.com
Software
Meiro Producer /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Meiro-User-Id-Consent
true
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json; charset=utf-8
Referer
https://bca-paylater-2024.fbzsa.com/
X-Meiro-Inbound-User-Ids-Consent
true
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
date
Mon, 27 May 2024 00:42:21 GMT
access-control-allow-credentials
true
server
Meiro Producer
content-length
0
vary
Origin
/
me.bca.meiro.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://me.bca.meiro.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.1.51.228 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-51-228.ap-southeast-1.compute.amazonaws.com
Software
Meiro Producer /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-meiro-inbound-user-ids-consent,x-meiro-user-id-consent
Access-Control-Request-Method
POST
Origin
https://bca-paylater-2024.fbzsa.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-meiro-inbound-user-ids-consent,x-meiro-user-id-consent
access-control-allow-methods
GET,POST,HEAD,PUT,DELETE,PATCH
access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
date
Mon, 27 May 2024 00:42:21 GMT
server
Meiro Producer
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
/
me.bca.meiro.io/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://me.bca.meiro.io/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWYzNGIxOWM4MA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.1.51.228 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-51-228.ap-southeast-1.compute.amazonaws.com
Software
Meiro Producer /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Meiro-User-Id-Consent
true
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json; charset=utf-8
Referer
https://bca-paylater-2024.fbzsa.com/
X-Meiro-Inbound-User-Ids-Consent
true
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
date
Mon, 27 May 2024 00:42:21 GMT
access-control-allow-credentials
true
server
Meiro Producer
content-length
0
vary
Origin
/
me.bca.meiro.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://me.bca.meiro.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.1.51.228 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-51-228.ap-southeast-1.compute.amazonaws.com
Software
Meiro Producer /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-meiro-inbound-user-ids-consent,x-meiro-user-id-consent
Access-Control-Request-Method
POST
Origin
https://bca-paylater-2024.fbzsa.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-meiro-inbound-user-ids-consent,x-meiro-user-id-consent
access-control-allow-methods
GET,POST,HEAD,PUT,DELETE,PATCH
access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
date
Mon, 27 May 2024 00:42:21 GMT
server
Meiro Producer
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
css
fonts.googleapis.com/ 		17 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700&display=swap
Requested by
Host: www.bca.co.id
URL: https://www.bca.co.id/css/app.css?v=5.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
851699a18b631a7bd68efc99598701293a6065b463fced7b68d8d6d9227bd8e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.bca.co.id/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 27 May 2024 00:42:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 26 May 2024 23:42:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 27 May 2024 00:42:23 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://fonts.googleapis.com/
Origin
https://bca-paylater-2024.fbzsa.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 22:45:56 GMT
x-content-type-options
nosniff
age
179787
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 24 May 2025 22:45:56 GMT
cordon-bleu.ttf
www.bca.co.id/fonts/ 		83 KB
86 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bca.co.id/fonts/cordon-bleu.ttf?dtjpka
Requested by
Host: www.bca.co.id
URL: https://www.bca.co.id/css/app.css?v=5.2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
5cf910e559cd667300a66d7451eb4137a87df635dc5fa07b3fd3fc3eb0bfa362
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.bca.co.id/
Origin
https://bca-paylater-2024.fbzsa.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:12 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 07 Dec 2020 04:23:52 GMT
X-Content-Type-Options
nosniff
ETag
"03c7dc450ccd61:0"
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Content-Length
85448
X-XSS-Protection
1; mode=block
money.svg
www.bca.co.id/-/media/Feature/Iconography/BLUE/SVG/32/ 		5 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bca.co.id/-/media/Feature/Iconography/BLUE/SVG/32/money.svg?v=1
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
9d7054a5ea5cac544855670baf5414c4f66f93bdfc423e5b362fdc53eb1d4d3e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:16 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Fri, 19 Apr 2024 11:23:30 GMT
X-Content-Type-Options
nosniff
ETag
5111a2f5b74c45e48fa8c864658dc6e6
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Content-Disposition
inline; filename="money.svg"
Accept-Ranges
bytes
Content-Length
4948
X-XSS-Protection
1; mode=block
otomasi
www.bca.co.id/-/media//Feature/Iconography/BLUE/SVG/32/ 		3 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bca.co.id/-/media//Feature/Iconography/BLUE/SVG/32/otomasi
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
bbde1deb77af8f10f6abb6fcc3f322e4f12c8c0317effd07be04cfe80b660e82
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:16 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Fri, 19 Apr 2024 11:28:10 GMT
X-Content-Type-Options
nosniff
ETag
b68f5f52caf14cb9a88584b3a0b88e83
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=599375
Content-Disposition
inline; filename="otomasi.svg"
Accept-Ranges
bytes
Content-Length
2951
X-XSS-Protection
1; mode=block
currency
www.bca.co.id/-/media//Feature/Iconography/BLUE/SVG/32/ 		3 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bca.co.id/-/media//Feature/Iconography/BLUE/SVG/32/currency
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.6.211.21 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
bca.co.id
Software
/
Resource Hash
dc5e5e7a051f9808d423b2d2675b3164fe68a2a3b3ee988c23ef9f771c28e6bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typeform.com/ https://pro.fontawesome.com/ https://*.vercel.app/ https://me.ttd.meiro.io/ https://analytics.tiktok.com/ https://*.appsflyer.com/ https://bankbca.api.useinsider.com/ https://www.googleadservices.com/ https://*.doubleclick.net/ https://me.bca.meiro.io/ https://sdk.me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://googleads.g.doubleclick.net/ https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.bca.co.id/ https://*.gstatic.com/ https://www.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://www.w3.org/ https://*.youtube.com/ https://www.googletagmanager.com/ wss://fas101.bca.co.id/ wss://fas201.bca.co.id/ wss://fas301.bca.co.id/ https://stats.g.doubleclick.net/ https://www.google.co.id/ https://halo.bca.co.id/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://*.jquery.com/ https://*.jsdelivr.net/ https://cdn.amplitude.com/ https://umkmfest-prod.oss-ap-southeast-5.aliyuncs.com/ https://js.adsrvr.org/ https://www.instagram.com/ https://cdp.bca.meiro.app/ data: blob:;frame-ancestors 'self' https://webform.bca.co.id https://wifi.bca.co.id https://*.apps.pcf.dti.co.id https://mybca.bca.co.id https://pilot.mybca.bca.co.id https://*.apps.cpf2.intra.bca https://*.apps.cpf3.intra.bca https://*.klikbca.com https://ibank.klikbca.com:*/ https://*.dmundus.net https://*.umundus.net;frame-src 'self' https://*.bca.co.id https://www.youtube.com https://*.doubleclick.net/ https://*.typeform.com/ https://*.google.com https://*.adsrvr.org/ https://tpc.googlesyndication.com/ https://*.facebook.com/ https://www.instagram.com/;font-src 'self' 'unsafe-eval' 'unsafe-inline' https://pro.fontawesome.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.jsdelivr.net/ https://*.bca.co.id/ data:;connect-src 'self' 'unsafe-eval' https://stats.g.doubleclick.net/ https://*.run.app https://www.google-analytics.com/ https://analytics.tiktok.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleapis.com/ https://me.bca.meiro.io/ https://bca.cdp.meiro.io/ https://*.appsflyer.com/ https://wa.onelink.me/ https://api.amplitude.com/;object-src 'self';
Date
Mon, 27 May 2024 00:41:16 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Last-Modified
Tue, 12 Sep 2023 08:27:29 GMT
X-Content-Type-Options
nosniff
ETag
c5b6fd656cb447a484fbe316248cf7c5
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=600087
Content-Disposition
inline; filename="currency.svg"
Accept-Ranges
bytes
Content-Length
3356
X-XSS-Protection
1; mode=block
recaptcha__de.js
www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/ 		526 KB
209 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?v=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4689d94dc41ea32f15bc7f216bf276e4cc0dd5125057ecd3d793b4d1daee8a4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Origin
https://bca-paylater-2024.fbzsa.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 26 May 2024 22:05:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9417
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
213445
x-xss-protection
0
last-modified
Mon, 20 May 2024 04:00:47 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 26 May 2025 22:05:29 GMT
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWYzNGIxOWM4MA.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
/
halo.bca.co.id/buzz-widget-new/ Frame A7C5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://halo.bca.co.id/buzz-widget-new/
Requested by
Host: halo.bca.co.id
URL: https://halo.bca.co.id/buzz-widget-new/buzzwidget.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.6.208.99 Jakarta, Indonesia, ASN17450 (IDNIC-BCA-ID PT Bank Central Asia, Tbk, ID),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: https://*.bca.co.id wss://chat.halo.bca.co.id https://*.halo.bca.co.id https://unpkg.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bca.co.id https://*.halo.bca.co.id https://*.google.com https://*.googleapis.com https://www.gstatic.com https://unpkg.com https://fe-expo2024.kelolain.id ; img-src https://*.halo.bca.co.id https://*.bca.co.id https://www.bcamf.co.id https://www.mylifeguard.id https://www.bcalife.co.id https://unpkg.com https://fe-expo2024.kelolain.id data: blob:; style-src 'self' 'unsafe-inline' https://*.bca.co.id https://*.halo.bca.co.id https://unpkg.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://*.bca.co.id https://*.halo.bca.co.id https://*.gstatic.com https://*.googleapis.com https://unpkg.com data:; frame-src https://*.bca.co.id https://*.halo.bca.co.id https://*.google.com https://www.gstatic.com https://unpkg.com; frame-ancestors 'self' https://*.bca.co.id https://www.bcamf.co.id https://www.mylifeguard.id https://www.bcalife.co.id https://unpkg.com https://fe-expo2024.kelolain.id ; object-src 'self' blob: https://*.halo.bca.co.id https://*.bca.co.id
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://bca-paylater-2024.fbzsa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
490
Content-Security-Policy
default-src 'self' blob: https://*.bca.co.id wss://chat.halo.bca.co.id https://*.halo.bca.co.id https://unpkg.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bca.co.id https://*.halo.bca.co.id https://*.google.com https://*.googleapis.com https://www.gstatic.com https://unpkg.com https://fe-expo2024.kelolain.id ; img-src https://*.halo.bca.co.id https://*.bca.co.id https://www.bcamf.co.id https://www.mylifeguard.id https://www.bcalife.co.id https://unpkg.com https://fe-expo2024.kelolain.id data: blob:; style-src 'self' 'unsafe-inline' https://*.bca.co.id https://*.halo.bca.co.id https://unpkg.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://*.bca.co.id https://*.halo.bca.co.id https://*.gstatic.com https://*.googleapis.com https://unpkg.com data:; frame-src https://*.bca.co.id https://*.halo.bca.co.id https://*.google.com https://www.gstatic.com https://unpkg.com; frame-ancestors 'self' https://*.bca.co.id https://www.bcamf.co.id https://www.mylifeguard.id https://www.bcalife.co.id https://unpkg.com https://fe-expo2024.kelolain.id ; object-src 'self' blob: https://*.halo.bca.co.id https://*.bca.co.id
Content-Type
text/html
Date
Mon, 27 May 2024 00:42:29 GMT
Referrer-Policy
strict-origin
Server
nginx
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
etag
"65f7f9cc-1ea"
last-modified
Mon, 18 Mar 2024 08:22:36 GMT
generic
match.adsrvr.org/track/cmf/ 		70 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=r6frfy6&ttd_tpi=1&ttd_puid=2693807b-b660-4100-b132-f4d70d59df36
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:26 GMT
server
Kestrel
content-length
70
content-type
image/gif
anchor
www.google.com/recaptcha/enterprise/ Frame 189A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LeZcXchAAAAAITCDrk6oXMPM2w6YExcSu-u6KSx&co=aHR0cHM6Ly9iY2EtcGF5bGF0ZXItMjAyNC5mYnpzYS5jb206NDQz&hl=de&v=joHA60MeME-PNviL59xVH9zs&size=invisible&cb=ec34qtszmlor
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-vWGvaKIrbTflGb4fj8A43A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://bca-paylater-2024.fbzsa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-vWGvaKIrbTflGb4fj8A43A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 27 May 2024 00:42:26 GMT
expires
Mon, 27 May 2024 00:42:26 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=gtm.dom&eid=82&u=AgAAAAAIAAAAACA&ut=Ag&h=Ag&mec=__e8&z=0
Requested by
Host: bca-paylater-2024.fbzsa.com
URL: https://bca-paylater-2024.fbzsa.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:26 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
up
insight.adsrvr.org/track/ Frame 13E1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://insight.adsrvr.org/track/up?adv=alem7ov&ref=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&upid=2qvxqt5&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://bca-paylater-2024.fbzsa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-length
0
content-type
text/html
date
Mon, 27 May 2024 00:42:29 GMT
server
Kestrel
destination
www.googletagmanager.com/gtag/ 		279 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=G-VGT5RK8TMQ&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGCJ5M
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b1b15f4f1b8ac1b57ee02e974f23045c337a6197672b43230a00d06f9b1e9c97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:29 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
97337
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 27 May 2024 00:42:29 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1433233896&t=event&ni=1&_s=1&dl=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&dp=%2F&ul=de-de&de=windows-1252&dt=BCA%20-%20Paylater%20BCA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=50&el=%2F&_u=aGDACEABBAAAACgGKAC~&jid=&gjid=&cid=1415214161.1716770539&tid=UA-72706651-1&_gid=1970402860.1716770539&gtm=45He45m0n71KGCJ5Mv72581663za200&cd4=2024-05-27T02%3A42%3A29.750%2B02%3A00&cd8=22ef6807-4f8a-46b3-a21f-58830dd3b876&cd9=GTM-KGCJ5M&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&cd5=1415214161.1716770539&cd6=event&npa=1&z=1225110596&cd7=561
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 26 May 2024 03:24:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
76676
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=*&eid=83&u=AgAAAAAIAAAAACA&ut=Ag&h=Ag&mec=__e10&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:29 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1433233896&t=event&ni=1&_s=1&dl=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&dp=%2F&ul=de-de&de=windows-1252&dt=BCA%20-%20Paylater%20BCA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=75&el=%2F&_u=aGDACEABBAAAACgGKAC~&jid=&gjid=&cid=1415214161.1716770539&tid=UA-72706651-1&_gid=1970402860.1716770539&gtm=45He45m0n71KGCJ5Mv72581663za200&cd4=2024-05-27T02%3A42%3A29.754%2B02%3A00&cd8=0ba18ba9-b0be-4bfe-b939-bfa7e99d8895&cd9=GTM-KGCJ5M&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&cd5=1415214161.1716770539&cd6=event&npa=1&z=699646873&cd7=560
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 26 May 2024 03:24:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
76676
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=gtm.scrollDepth&eid=84&u=AgAAAAAIAAAAACA&ut=Ag&h=Ag&mec=__e12&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:29 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1433233896&t=event&ni=1&_s=1&dl=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&dp=%2F&ul=de-de&de=windows-1252&dt=BCA%20-%20Paylater%20BCA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=100&el=%2F&_u=aGDACEABBAAAACgGKAC~&jid=&gjid=&cid=1415214161.1716770539&tid=UA-72706651-1&_gid=1970402860.1716770539&gtm=45He45m0n71KGCJ5Mv72581663za200&cd4=2024-05-27T02%3A42%3A29.757%2B02%3A00&cd8=4485eac4-97ca-4dd7-aa0a-7e27cc1fd4c8&cd9=GTM-KGCJ5M&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&cd5=1415214161.1716770539&cd6=event&npa=1&z=1134365932&cd7=562
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 26 May 2024 03:24:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
76676
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=gtm.scrollDepth&eid=86&u=AgAAAAAIAAAAACA&ut=Ag&h=Ag&mec=__e14&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:29 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
collect
region1.analytics.google.com/g/ 		0
262 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-VGT5RK8TMQ&gtm=45je45m0v888609927z872581663za200zb72581663&_p=1716770537910&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1415214161.1716770539&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1716770549&sct=1&seg=0&dl=https%3A%2F%2Fbca-paylater-2024.fbzsa.com%2F&dt=BCA%20-%20Paylater%20BCA&en=page_load_time&_fv=1&_ss=1&epn.loading_time_sec=12.48&tfd=12544
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-VGT5RK8TMQ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:29 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
262 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-VGT5RK8TMQ&cid=1415214161.1716770539&gtm=45je45m0v888609927z872581663za200zb72581663&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-VGT5RK8TMQ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:29 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bca-paylater-2024.fbzsa.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VGT5RK8TMQ&cid=1415214161.1716770539&gtm=45je45m0v888609927z872581663za200zb72581663&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1246660673
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 27 May 2024 00:42:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=gtm.scrollDepth&eid=88&u=AgAAAAAIAAAAACA&ut=Ag&h=Ag&mec=__e16&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:29 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
favicon-bca.png
www.bca.co.idhttps//www.bca.co.id/-/media/Feature/Default-BCA/ 		0
0
a
www.googletagmanager.com/ 		0
11 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?id=AW-757037349&v=3&t=t&pid=1278178038&cv=1&rv=45m0&tc=78&es=1&e=*&eid=95&u=AgAAAAAIAAAAACA&ut=Ag&h=Ag&mec=__e20&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://bca-paylater-2024.fbzsa.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 27 May 2024 00:42:30 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
raw.githubusercontent.com
URL
https://raw.githubusercontent.com/mebjas/html5-qrcode/master/minified/html5-qrcode.min.js
Domain
www.bca.co.idhttps
URL
https://www.bca.co.idhttps//www.bca.co.id/-/media/Feature/Default-BCA/favicon-bca.png

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| dataLayer object| config object| script function| callback object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| fbq function| _fbq function| twq string| TiktokAnalyticsObject object| ttq object| regeneratorRuntime object| twttr object| gaplugins object| gaGlobal object| gaData function| _ga_originalSendHitTask object| GooglebQhCsO function| ttd_dom_ready function| TTDUniversalPixelApi object| ttdPixel function| gtag object| SIGNAL_TYPE object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| MeiroEvents function| $ function| jQuery function| $xa function| moment function| _ object| html5 object| Modernizr function| Galleria object| FullCalendar function| Hammer object| Backbone function| SearchIndex function| Bloodhound boolean| mCustomScrollbar object| mejs function| MediaElement object| HtmlMediaElement function| onYouTubePlayerAPIReady function| DefaultPlayer function| MediaElementPlayer function| dmAsyncInit object| XA string| facetName object| __Html5QrcodeLibrary__ function| Html5QrcodeScanner function| Html5Qrcode object| Html5QrcodeSupportedFormats object| Html5QrcodeScannerState object| Html5QrcodeScanType number| uidEvent object| bootstrap function| listener function| embedBuzz function| docReady object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google object| module$exports$mapsapi$geometry$spherical object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView boolean| initialzied object| recaptcha object| closure_lm_117844 function| onYouTubeIframeAPIReady

21 Cookies

Domain/Path Name / Value
.fbzsa.com/ Name: _gid
Value: GA1.2.1970402860.1716770539
.fbzsa.com/ Name: _gat_UA-72706651-1
Value: 1
.fbzsa.com/ Name: _gcl_au
Value: 1.1.1410029801.1716770539
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.tiktok.com/ Name: _ttp
Value: 2h1ndV47NLxJvnhQfyPCAcy3B8L
.fbzsa.com/ Name: _fbp
Value: fb.1.1716770538883.1410088136
.t.co/ Name: muc_ads
Value: 937ce20d-5d90-4614-973d-6deee6326b30
.fbzsa.com/ Name: _tt_enable_cookie
Value: 1
.fbzsa.com/ Name: _ttp
Value: -XNjirTGhzLSCuTPVrlQjhr_oSX
.twitter.com/ Name: guest_id_marketing
Value: v1%3A171677053884077803
.twitter.com/ Name: guest_id_ads
Value: v1%3A171677053884077803
.twitter.com/ Name: personalization_id
Value: "v1_vThikhdG6+YJwZSJ7pRlTQ=="
.twitter.com/ Name: guest_id
Value: v1%3A171677053884077803
.fbzsa.com/ Name: meiro_user_id_js
Value: 2693807b-b660-4100-b132-f4d70d59df36
.fbzsa.com/ Name: meiro_session_id_js
Value: MTcxNjc3MDU0MDE1MyYyNjkzODA3Yi1iNjYwLTQxMDAtYjEzMi1mNGQ3MGQ1OWRmMzY=
.fbzsa.com/ Name: meiro_session_id_used_ts_js
Value: 1716770541158
halo.bca.co.id/ Name: f0885fcc53b34fcc96bb99a2fe52ab2b
Value: 3f51a64667b83177c10e0f823216b1ed
.fbzsa.com/ Name: meiro_synced_fb_cid
Value: 1716770538883.1410088136
.fbzsa.com/ Name: meiro_synced_ga_cid
Value: 1415214161.1716770539
.fbzsa.com/ Name: _ga
Value: GA1.1.1415214161.1716770539
.fbzsa.com/ Name: _ga_VGT5RK8TMQ
Value: GS1.1.1716770549.1.0.1716770549.60.0.0

54 Console Messages

Source Level URL
Text
network error URL: https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/jquery.validate.min.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/form.tracking.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/form.validate.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/form.conditions.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/jquery.unobtrusive-ajax.min.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/jquery-3.4.1.min.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/sitecore%20modules/Web/ExperienceForms/scripts/jquery.validate.unobtrusive.min.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/layouts/system/VisitorIdentification.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/sxa-search.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://bca-paylater-2024.fbzsa.com/js/js-external/jszip.min.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/js-external/custom-script.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/js-external/FileSaver.min.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/js-external/jszip-utils.min.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/vendor.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/select2-custom.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/js-external/highstock.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/select2.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/bcakurs.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/app.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/bca-about.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/bca-custom.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/bcapromo.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://bca-paylater-2024.fbzsa.com/js/bcareport.js?v=6
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error
Message:
Refused to frame 'https://halo.bca.co.id/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://*.bca.co.id https://www.bcamf.co.id https://www.mylifeguard.id https://www.bcalife.co.id https://unpkg.com https://fe-expo2024.kelolain.id".
other warning URL: https://bca-paylater-2024.fbzsa.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://www.bca.co.idhttps//www.bca.co.id/-/media/Feature/Default-BCA/favicon-bca.png
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.tiktok.com
analytics.twitter.com
bca-paylater-2024.fbzsa.com
bca.cdp.meiro.io
cdn.jsdelivr.net
code.jquery.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
halo.bca.co.id
insight.adsrvr.org
js.adsrvr.org
maps.googleapis.com
match.adsrvr.org
maxcdn.bootstrapcdn.com
me.bca.meiro.io
raw.githubusercontent.com
region1.analytics.google.com
sdk.me.bca.meiro.io
static.ads-twitter.com
stats.g.doubleclick.net
t.co
unpkg.com
www.bca.co.id
www.bca.co.idhttps
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
raw.githubusercontent.com
www.bca.co.idhttps
104.244.42.67
104.244.42.69
108.138.40.116
142.250.185.130
146.75.120.157
15.197.193.217
159.89.194.33
2001:4860:4802:34::36
202.6.208.99
202.6.211.21
2606:4700:3032::6815:32d8
2606:4700::6811:f7cb
2606:4700::6812:acf
2a00:1450:4001:800::2003
2a00:1450:4001:802::200a
2a00:1450:4001:80b::2004
2a00:1450:4001:812::2003
2a00:1450:4001:81c::2002
2a00:1450:4001:81d::200a
2a00:1450:4001:827::2003
2a00:1450:4001:827::200e
2a00:1450:4001:82f::2008
2a00:1450:400c:c06::9b
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:600::649
2a04:4e42::485
3.1.51.228
52.223.40.198
95.100.146.11
00a115912d72cd26711687dbc617762f89f173c188259beb1ee1536f072d35fd
01e11e6522b0f8b541c8c8c119534079d4ce58acf7ed6c59b3cb8aa8a40b9e8c
0528ac0510190720ca908525504da943fd9458073f12538508e008c5dd959d52
081260c12947e5c0f15988c1bca9e2ac159183f4315a0709ddb2bca51c3f6475
0b5c1848b70a7d984598a4dd14d3c85e95a0864c72e8dbac2fc12f1d42a83305
1b631c545e0e9acda2fa9adef7ce9415a95fc6a325ea80268d1793bf913180ae
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2242fe2eb148e9f979e1169f84db50e0ba99d4eaa7917b4efe49e8e392719861
22c15bb8c286dd2927b25f70f29ecd8d60b513e5ff903be3a34c4c59df105d7d
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3ccfef488ea331570ce292a9d17c1b211703b10522146eb5098c2590e45dd753
424ce4e99e7476fca8e9d27d6c15b60466ab7cf1c7d7c896e1c63f7cd6a818c8
427e57ed3ad640f4ddefe4a7aeb116746506151fd0d227f8f34e40cb3350e45f
4689d94dc41ea32f15bc7f216bf276e4cc0dd5125057ecd3d793b4d1daee8a4f
4692d4d1124e4fdde548b916c88189b6e07462d9d24cdd5c6ca8f2a2fcb2af56
4b5013c1e9a922e188e0d6f3903aad0c81a64c231d976d869c8b0f35be0b133d
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
53f1f76236e748bbf6ba92f8fe494b6b7243ef7687f33bc455b27af0ab1214d6
5cf910e559cd667300a66d7451eb4137a87df635dc5fa07b3fd3fc3eb0bfa362
607fd301916265741ead6cf699ed7b55973646d2fec4e61bad600ea7e7c2e772
660b12437b1d747e3e68b8be0685c08cb728140110ad213f167b14b66f8b1d8e
68fc78bef2dc585d37430d466817254527615eb4e91350161246409612463e14
713bade3423c016e834fc826f26f7d9bf64a1de6fe6b64a543d41b6b44a4f78c
767ca799fe9aedd3a2eaa079ac87a18e9c5c707ff6c6c66a8327b608edddf453
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
851699a18b631a7bd68efc99598701293a6065b463fced7b68d8d6d9227bd8e7
8a7482615b4dc028fcb13f859b20b83c874673e006f74efeb3063a4e8cac3a65
8b8b286c8a28fd3cf5c750163fcce392e5e4931168c92d60c932baecc642474b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ddc8e5739e9cf33e8e866bd559b81abfbd2da10efa66203c7bc5f4bafe88e4d
8fe2b4d0a7e136d724d6a03272f65bbb3dcfc0b2d70f6e40cf0a4b27a88e37c4
90b451e34c6a8d09b9bf23e8253494be49071e81f9e4cdde89059d07aeceecb7
994c6d28f0d2028431bc146ae2941c96b58352c98f4510d5958a01dc0335de30
9d7054a5ea5cac544855670baf5414c4f66f93bdfc423e5b362fdc53eb1d4d3e
a36338e2015fbe5e6f570cb35a9e0305a4f4d40bace6713fce1edbaefc9cf44f
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1b15f4f1b8ac1b57ee02e974f23045c337a6197672b43230a00d06f9b1e9c97
b41e2aeede535ac85f5df5d9372090a3640bd3b6c27839188aae426f3da77860
bbde1deb77af8f10f6abb6fcc3f322e4f12c8c0317effd07be04cfe80b660e82
c976d013d44175675919cc661dcac427f48f541b793ce04c1570f267e065e1b3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbeebc000ace587d0ec530e11fa1439052d9cae5af1411453f69505557166ebb
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03
dc5e5e7a051f9808d423b2d2675b3164fe68a2a3b3ee988c23ef9f771c28e6bc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1731103cb5281161b7716b646984ba8048747c912f6c54cbaae04faf68aaf43
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d