spayuatmars.bmtest.om Open in urlscan Pro
134.0.202.117  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response spayuatmars.bmtest.om/	10 KB 12 KB	2429ms 261ms	Document text/html	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash ba7453c8509d8585e7457ec2d7d2a85920acfdeab487109666a5e1383233602b Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-store Connection Keep-Alive Content-Length 10593 Content-Security-Policy unsafe-inline' Content-Type text/html;charset=iso-8859-1 Date Mon, 16 Sep 2024 08:21:16 GMT EXPIRES Thu, 01 Jan 1970 00:00:00 GMT Keep-Alive timeout=370, max=1000 Permissions-Policy <Directive> <allowlist> Pragma no-cache Referrer-Policy <Directive> Server-Timing dtSInfo;desc="0", dtRpid;desc="-1902503546" Strict-Transport-Security max-age=63072000; includeSubDomains; preload max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-FRAME-OPTIONS SAMEORIGIN X-OneAgent-JS-Injection true X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	ruxitagentjs_ICA7NVfqrux_10297240712040816.js Show response spayuatmars.bmtest.om/	217 KB 83 KB	246ms 237ms	Script text/javascript	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/ruxitagentjs_ICA7NVfqrux_10297240712040816.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 622e9e6b0136a039c8f23225161f19a546bc2f1a4049206884ce828b0d4623e6 Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:16 GMT Strict-Transport-Security max-age=16070400; includeSubDomains Content-Encoding gzip Referrer-Policy <Directive> Last-Modified Wed, 03 Mar 2010 07:01:40 GMT Content-Type text/javascript; charset=utf-8 Cache-Control public, max-age=31536000, immutable Permissions-Policy <Directive> <allowlist> Connection Keep-Alive Keep-Alive timeout=370, max=999 Content-Length 84111 Expires Tue, 16 Sep 2025 08:21:16 GMT
GET H/1.1	200 OK	fonts.css spayuatmars.bmtest.om/css/	2 KB 3 KB	906ms 246ms	Stylesheet text/css	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/css/fonts.css Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash c195a12af5deccedd345db8fe44b86f6643637126f42a1bb9d427ed884ee3b22 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="643794178" Connection Keep-Alive Content-Length 2305 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:26 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type text/css Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=1000 EXPIRES 0
GET H/1.1	200 OK	responsive_bankmuscat.css spayuatmars.bmtest.om/css/	17 KB 17 KB	927ms 258ms	Stylesheet text/css	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/css/responsive_bankmuscat.css Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 69407c35093c54426cdfd968c859882693378a9a27827c5101f492fbf2928896 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-455961695" Connection Keep-Alive Content-Length 17105 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Tue, 02 Apr 2024 11:33:36 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type text/css Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=1000 EXPIRES 0
GET H/1.1	200 OK	styles_new2.css spayuatmars.bmtest.om/css/	16 KB 17 KB	932ms 258ms	Stylesheet text/css	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/css/styles_new2.css Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash efd625bc70348b5a2d211c005b7c42a73dce4560689485f772dd92b05956bf84 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-696297168" Connection Keep-Alive Content-Length 16700 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:30:26 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type text/css Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=1000 EXPIRES 0
GET H/1.1	200 OK	bew_responsive.css spayuatmars.bmtest.om/css/	19 KB 19 KB	935ms 262ms	Stylesheet text/css	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/css/bew_responsive.css Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 6452d491eb9d367a1227d5be24238e55211638376a0f265ed7b24544808bdf7f Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-9312864" Connection Keep-Alive Content-Length 18964 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Fri, 22 Mar 2024 06:01:04 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type text/css Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=1000 EXPIRES 0
GET H/1.1	200 OK	jquery-3.5.1.min.js Show response spayuatmars.bmtest.om/scripts/	87 KB 88 KB	944ms 256ms	Script application/javascript	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/scripts/jquery-3.5.1.min.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-1594805836" Connection Keep-Alive Content-Length 89476 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:26 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type application/javascript Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=1000 EXPIRES 0
GET H/1.1	200 OK	BANKMUSCAT_logo.png spayuatmars.bmtest.om/images/	5 KB 6 KB	232ms 232ms	Image image/png	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Show image Full URL https://spayuatmars.bmtest.om/images/BANKMUSCAT_logo.png Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 2082cb4bf503eaaac74023adc8d52f504f8e5c2450541cd3bdb7404180fd96df Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-1116000446" Connection Keep-Alive Content-Length 5622 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:20 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type image/png Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=999 EXPIRES 0
GET H/1.1	200 OK	pci_logo_footer.gif spayuatmars.bmtest.om/images/	4 KB 4 KB	242ms 241ms	Image image/gif	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Show image Full URL https://spayuatmars.bmtest.om/images/pci_logo_footer.gif Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 6457734c036f8e22175d54c50e28ff142c4d1d416c792d9a4aca5160f2d4d1de Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="96187602" Connection Keep-Alive Content-Length 3670 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:22 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type image/gif Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=998 EXPIRES 0
GET H/1.1	200 OK	norton_logo_footer.gif spayuatmars.bmtest.om/images/	3 KB 4 KB	228ms 227ms	Image image/gif	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Show image Full URL https://spayuatmars.bmtest.om/images/norton_logo_footer.gif Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash b96b60d9f25667ff1f8a0c03dc37a358268e7967ff369f337175a11ee30322d2 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-787795716" Connection Keep-Alive Content-Length 3387 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:20 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type image/gif Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=998 EXPIRES 0
GET H/1.1	200 OK	mastercard_logo_footer.gif spayuatmars.bmtest.om/images/	3 KB 4 KB	236ms 235ms	Image image/gif	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Show image Full URL https://spayuatmars.bmtest.om/images/mastercard_logo_footer.gif Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 1efac3ffe16342f25a4208a6e1e672d5e5827220fdbc66b17b9431485db4b0b4 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="1715629856" Connection Keep-Alive Content-Length 3286 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:20 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type image/gif Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=997 EXPIRES 0
GET H/1.1	200 OK	visa_logo_footer.gif spayuatmars.bmtest.om/images/	3 KB 4 KB	235ms 233ms	Image image/gif	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Show image Full URL https://spayuatmars.bmtest.om/images/visa_logo_footer.gif Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 43e7dcc3c7675eab7176a93bc689e681d7162d7b69d5af6ebc6ef495af5389c1 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-380594865" Connection Keep-Alive Content-Length 3062 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:20 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type image/gif Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=999 EXPIRES 0
GET H/1.1	200 OK	american_exp_footer.gif spayuatmars.bmtest.om/images/	3 KB 4 KB	239ms 230ms	Image image/gif	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Show image Full URL https://spayuatmars.bmtest.om/images/american_exp_footer.gif Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 5caa3edddcc64148d4f4aedbff04482b78d451e75ad1e70bd8070f198115a0b9 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="1400612548" Connection Keep-Alive Content-Length 3218 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:20 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type image/gif Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=998 EXPIRES 0
GET H/1.1	200 OK	bankmuscat_footer.js Show response spayuatmars.bmtest.om/scripts/modules/	2 KB 2 KB	239ms 238ms	Script application/javascript	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/scripts/modules/bankmuscat_footer.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 171d2ae83551232c250ac2b11084230727262881ea699f0e4da86eb88f5cc839 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-877001449" Connection Keep-Alive Content-Length 1673 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:26 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type application/javascript Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=999 EXPIRES 0
GET H3	200	conversion.js Show response www.googleadservices.com/pagead/	56 KB 20 KB	198ms 66ms	Script text/javascript	142.251.40.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS lga34s39-in-f2.1e100.net Software cafe / Resource Hash 7e02d82244afece4d81dbfa0318378cfe946de1cb062cc2c0ddb498f3ff3eb79 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 08:21:17 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20848 x-xss-protection 0 server cafe etag 13646012712460357126 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Mon, 16 Sep 2024 08:21:17 GMT
GET H/1.1	200 OK	jquery.validate.js Show response spayuatmars.bmtest.om/scripts/	49 KB 50 KB	237ms 235ms	Script application/javascript	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/scripts/jquery.validate.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash b11cdc2b54d163d7d727eb382b3964872b8758c61bec19818bdd74eb765c9c79 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-492365174" Connection Keep-Alive Content-Length 50670 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:26 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type application/javascript Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=999 EXPIRES 0
GET H/1.1	200 OK	additional-methods.js Show response spayuatmars.bmtest.om/scripts/	39 KB 39 KB	230ms 226ms	Script application/javascript	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/scripts/additional-methods.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash b77d933aa31cade756c0be585c7e50ff6419bb8725e102757a97b72f3edd0013 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-866562534" Connection Keep-Alive Content-Length 39481 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:26 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type application/javascript Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=997 EXPIRES 0
GET H/1.1	200 OK	jquery.jcryption1.js Show response spayuatmars.bmtest.om/scripts/	17 KB 18 KB	241ms 239ms	Script application/javascript	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/scripts/jquery.jcryption1.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash b5e7e61bc691c2afae0f4702beaedc915414face7d9ad8a99c38617c67d2bb05 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-1642584164" Connection Keep-Alive Content-Length 17375 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:26 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type application/javascript Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=998 EXPIRES 0
GET H/1.1	200 OK	bankmuscatLogin.js Show response spayuatmars.bmtest.om/scripts/modules/	6 KB 7 KB	238ms 238ms	Script application/javascript	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/scripts/modules/bankmuscatLogin.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 984d327c7b184bc81d6255df0a1f2db833c826c8c72bc8d8a8f377f23e14703f Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:17 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-2024907749" Connection Keep-Alive Content-Length 6412 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:26 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type application/javascript Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=996 EXPIRES 0
GET		cuw.min.js app.customer360.co/themes/ngCus/widget/js/	0 0
GET		cusWidget.min.js app.customer360.co/widgets/chat/js/	0 0
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/985023183/	5 KB 2 KB	121ms 53ms	Script text/javascript	142.251.40.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/985023183/?random=1726474878256&cv=9&fst=1726474878256&num=1&label=exDiCOGGxQMQz4XZ1QM&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fspayuatmars.bmtest.om%2F&tiba=SmartRoute%C2%AE%3A%20Merchant%20Login&hn=www.googleadservices.com&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS lga25s81-in-f2.1e100.net Software cafe / Resource Hash f24040f33af119babe5d210f265b3984e5912e078cfa6a19fa3c415117942bfa Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 08:21:18 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2325 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	opensans-regular.ttf spayuatmars.bmtest.om/fonts/	42 KB 43 KB	234ms 233ms	Font application/x-font-ttf	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/fonts/opensans-regular.ttf Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/css/fonts.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 0cc29657e4f853c141dd7ebcd70a278e460aa5a31789a8b9be97c12a494efd68 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/css/fonts.css Origin https://spayuatmars.bmtest.om User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:18 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-1724237956", dtTao;desc="1" Connection Keep-Alive Content-Length 42600 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:26 GMT ETag "1709731708:dtagent10297240712040816vK+C:dtagent10297240712040816vK+C" X-FRAME-OPTIONS SAMEORIGIN Content-Type application/x-font-ttf Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Timing-Allow-Origin * Keep-Alive timeout=370, max=998 EXPIRES 0
GET H/1.1	200 OK	jquery-3.5.1.min.js Show response spayuatmars.bmtest.om/scripts/	87 KB 88 KB	234ms 233ms	Script application/javascript	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/scripts/jquery-3.5.1.min.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:18 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-227019897" Connection Keep-Alive Content-Length 89476 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> Last-Modified Wed, 06 Mar 2024 13:28:26 GMT X-FRAME-OPTIONS SAMEORIGIN Content-Type application/javascript Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-cache, no-store, must-revalidate Permissions-Policy <Directive> <allowlist> Accept-Ranges bytes Keep-Alive timeout=370, max=999 EXPIRES 0
GET H3	200	/ www.google.com/pagead/1p-user-list/985023183/	42 B 64 B	103ms 44ms	Image image/gif	172.217.165.132 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/985023183/?random=1726474878256&cv=9&fst=1726473600000&num=1&label=exDiCOGGxQMQz4XZ1QM&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fspayuatmars.bmtest.om%2F&tiba=SmartRoute%C2%AE%3A%20Merchant%20Login&hn=www.googleadservices.com&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfnTDo9qLyuIyv8jfe_56ydG0HlT2EDA&random=2318249027&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.165.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS lga25s70-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 08:21:18 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.ca/pagead/1p-user-list/985023183/	42 B 64 B	93ms 47ms	Image image/gif	142.250.176.195 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.ca/pagead/1p-user-list/985023183/?random=1726474878256&cv=9&fst=1726473600000&num=1&label=exDiCOGGxQMQz4XZ1QM&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fspayuatmars.bmtest.om%2F&tiba=SmartRoute%C2%AE%3A%20Merchant%20Login&hn=www.googleadservices.com&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfnTDo9qLyuIyv8jfe_56ydG0HlT2EDA&random=2318249027&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.176.195 , United States, ASN15169 (GOOGLE, US), Reverse DNS lga34s37-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 08:21:18 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga.js Show response ssl.google-analytics.com/	45 KB 17 KB	113ms 33ms	Script text/javascript	2607:f8b0:4006:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.google-analytics.com/ga.js Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/scripts/modules/bankmuscatLogin.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:809::2008 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Mon, 16 Sep 2024 06:39:36 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 6102 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 17168 expires Mon, 16 Sep 2024 08:39:36 GMT
GET H2	200	__utm.gif ssl.google-analytics.com/r/	35 B 197 B	41ms 39ms	Image image/gif	2607:f8b0:4006:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=36496897&utmhn=spayuatmars.bmtest.om&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-ca&utmje=0&utmfl=-&utmdt=SmartRoute%C2%AE%3A%20Merchant%20Login&utmhid=1859096479&utmr=-&utmp=%2F&utmht=1726474879040&utmac=UA-21391758-6&utmcc=__utma%3D25601407.707868904.1726474879.1726474879.1726474879.1%3B%2B__utmz%3D25601407.1726474879.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1818393407&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:809::2008 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 08:21:19 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	404 Not Found	favicon.ico spayuatmars.bmtest.om/	2 KB 3 KB	238ms 237ms	Other text/html	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/favicon.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 1e7980f24ca02f23c5f231a6362d4e8e5cd02fbf13086f1cd020ea4de602d236 Security Headers Name Value Content-Security-Policy unsafe-inline' Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 08:21:19 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy unsafe-inline' X-OneAgent-JS-Injection true Server-Timing dtSInfo;desc="0", dtRpid;desc="-895331530" Connection Keep-Alive Content-Length 1833 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy <Directive> X-FRAME-OPTIONS SAMEORIGIN Content-Type text/html;charset=ISO-8859-1 Access-Control-Allow-Origin https://smartpay.bankmuscat.com Cache-Control no-store Permissions-Policy <Directive> <allowlist> Keep-Alive timeout=370, max=998 EXPIRES Thu, 01 Jan 1970 00:00:00 GMT
POST H/1.1	200 OK	rb_bf24332xda Show response spayuatmars.bmtest.om/	118 B 433 B	236ms 234ms	Fetch text/plain	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/rb_bf24332xda?type=js3&sn=v_4_srv_1_sn_B8417A699F6F095E7FDEF174A1A38F34_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1&svrid=1&flavor=post&vi=APMBTLOUNMMKANIBDMHRKRUVPAWHRWSA-0&modifiedSince=1724779902044&rf=https%3A%2F%2Fspayuatmars.bmtest.om%2F&bp=3&app=ea7c4b59f27d43eb&crc=3687693600&en=42qi0fyl&end=1 Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ruxitagentjs_ICA7NVfqrux_10297240712040816.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 9838312bedd67de37d4c2b4addd3ae32006fc820c514782a8aa235a76b3fd3f9 Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Mon, 16 Sep 2024 08:21:20 GMT Strict-Transport-Security max-age=16070400; includeSubDomains Referrer-Policy <Directive> Content-Type text/plain; charset=utf-8 Permissions-Policy <Directive> <allowlist> Connection Keep-Alive Keep-Alive timeout=370, max=997 Content-Length 118
POST H/1.1	200 OK	rb_bf24332xda Show response spayuatmars.bmtest.om/	118 B 433 B	241ms 239ms	Fetch text/plain	134.0.202.117 OMANTEL-NAP-AS Om...
General Check archive.org Show headers Download Go to Full URL https://spayuatmars.bmtest.om/rb_bf24332xda?type=js3&sn=v_4_srv_1_sn_B8417A699F6F095E7FDEF174A1A38F34_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1&svrid=1&flavor=post&vi=APMBTLOUNMMKANIBDMHRKRUVPAWHRWSA-0&modifiedSince=1724779902044&rf=https%3A%2F%2Fspayuatmars.bmtest.om%2F&bp=3&app=ea7c4b59f27d43eb&crc=3017038333&en=42qi0fyl&end=1 Requested by Host: spayuatmars.bmtest.om URL: https://spayuatmars.bmtest.om/ruxitagentjs_ICA7NVfqrux_10297240712040816.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM), Reverse DNS Software / Resource Hash 9838312bedd67de37d4c2b4addd3ae32006fc820c514782a8aa235a76b3fd3f9 Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains Request headers Referer https://spayuatmars.bmtest.om/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Mon, 16 Sep 2024 08:21:22 GMT Strict-Transport-Security max-age=16070400; includeSubDomains Referrer-Policy <Directive> Content-Type text/plain; charset=utf-8 Permissions-Policy <Directive> <allowlist> Connection Keep-Alive Keep-Alive timeout=370, max=996 Content-Length 118

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

app.customer360.co

URL

https://app.customer360.co/themes/ngCus/widget/js/cuw.min.js

Domain

app.customer360.co

URL

https://app.customer360.co/widgets/chat/js/cusWidget.min.js

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| BigInt object| dT_ object| dtrum object| dynatrace function| $ function| jQuery object| _cus360w object| _cusF object| _cus3 object| _cus object| google_tag_data function| GooglemKTybQhCsO number| google_conversion_snippets number| google_conversion_first_time number| biRadixBase number| biRadixBits number| bitsPerDigit number| biRadix number| biHalfRadix number| biRadixSquared number| maxDigitVal number| maxInteger number| dpl10 object| highBitMasks object| hexatrigesimalToChar object| hexToChar object| lowBitMasks function| setMaxDigits function| biFromDecimal function| biCopy function| biFromNumber function| reverseStr function| biToString function| biToDecimal function| digitToHex function| biToHex function| charToHex function| hexToDigit function| biFromHex function| biFromString function| biDump function| biAdd function| biSubtract function| biHighIndex function| biNumBits function| biMultiply function| biMultiplyDigit function| arrayCopy function| biShiftLeft function| biShiftRight function| biMultiplyByRadixPower function| biDivideByRadixPower function| biModuloByRadixPower function| biCompare function| biDivideModulo function| biDivide function| biModulo function| biMultiplyMod function| biPow function| biPowMod function| BarrettMu function| BarrettMu_modulo function| BarrettMu_multiplyMod function| BarrettMu_powMod object| _gaq object| _gat object| gaGlobal

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			spayuatmars.bmtest.om/	1969-12-31 23:59:59	Name: JSESSIONID Value: e1i29WYoLXZVX2tvcgPwTrY7NfcyNZ0opRDai3VW.uatsmrtapp2
			.bmtest.om/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_1_sn_B8417A699F6F095E7FDEF174A1A38F34_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1
			spayuatmars.bmtest.om/	1969-12-31 23:59:59	Name: TS01e0d381 Value: 01c48fc51451d61c69199454ce54b78c900d66606857450d74e114ada6fe35cf6750ca3eef5e45d9ed557f7fd63ab0024946ff2a522dbb4dc6ad16eef4a2daffc422df19ce
			.bmtest.om/	1969-12-31 23:59:59	Name: TS01973897 Value: 01c48fc514591ebf929736b15c2fe474eb4a839b7157450d74e114ada6fe35cf6750ca3eefa3fb551bae506b1b983ae0679083480b366d2fd8b9a3115b5050fc8dc772d024
			.bmtest.om/	1969-12-31 23:59:59	Name: rxVisitor Value: 1726474877308UHNNARU9QUSOGONJ2082AJIRI5H3JNV4
			.bmtest.om/	1969-12-31 23:59:59	Name: dtSa Value: -
			.doubleclick.net/	1970-01-20 23:34:35	Name: test_cookie Value: CheckForPermission
			.spayuatmars.bmtest.om/	1970-01-21 09:10:34	Name: __utma Value: 25601407.707868904.1726474879.1726474879.1726474879.1
			.spayuatmars.bmtest.om/	1969-12-31 23:59:59	Name: __utmc Value: 25601407
			.spayuatmars.bmtest.om/	1970-01-21 03:57:22	Name: __utmz Value: 25601407.1726474879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
			.spayuatmars.bmtest.om/	1970-01-20 23:34:35	Name: __utmt Value: 1
			.spayuatmars.bmtest.om/	1970-01-20 23:34:36	Name: __utmb Value: 25601407.1.10.1726474879
			.bmtest.om/	1969-12-31 23:59:59	Name: rxvt Value: 1726476679122|1726474877314
			.bmtest.om/	1969-12-31 23:59:59	Name: dtPC Value: 1$274877294_572h-vAPMBTLOUNMMKANIBDMHRKRUVPAWHRWSA-0e0

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	error	Message: Failed to set referrer policy: The value '<Directive>' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.
security	error	Message: Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
security	error	URL: https://spayuatmars.bmtest.om/ Message: The Content-Security-Policy directive name 'unsafe-inline'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
network	error	URL: https://app.customer360.co/themes/ngCus/widget/js/cuw.min.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://app.customer360.co/widgets/chat/js/cusWidget.min.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
recommendation	verbose	URL: https://spayuatmars.bmtest.om/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://spayuatmars.bmtest.om/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://spayuatmars.bmtest.om/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://spayuatmars.bmtest.om/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	unsafe-inline'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.customer360.co
googleads.g.doubleclick.net
spayuatmars.bmtest.om
ssl.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
app.customer360.co
134.0.202.117
142.250.176.195
142.251.40.162
142.251.40.226
172.217.165.132
2607:f8b0:4006:809::2008
0cc29657e4f853c141dd7ebcd70a278e460aa5a31789a8b9be97c12a494efd68
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
171d2ae83551232c250ac2b11084230727262881ea699f0e4da86eb88f5cc839
1e7980f24ca02f23c5f231a6362d4e8e5cd02fbf13086f1cd020ea4de602d236
1efac3ffe16342f25a4208a6e1e672d5e5827220fdbc66b17b9431485db4b0b4
2082cb4bf503eaaac74023adc8d52f504f8e5c2450541cd3bdb7404180fd96df
43e7dcc3c7675eab7176a93bc689e681d7162d7b69d5af6ebc6ef495af5389c1
5caa3edddcc64148d4f4aedbff04482b78d451e75ad1e70bd8070f198115a0b9
622e9e6b0136a039c8f23225161f19a546bc2f1a4049206884ce828b0d4623e6
6452d491eb9d367a1227d5be24238e55211638376a0f265ed7b24544808bdf7f
6457734c036f8e22175d54c50e28ff142c4d1d416c792d9a4aca5160f2d4d1de
69407c35093c54426cdfd968c859882693378a9a27827c5101f492fbf2928896
7e02d82244afece4d81dbfa0318378cfe946de1cb062cc2c0ddb498f3ff3eb79
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9838312bedd67de37d4c2b4addd3ae32006fc820c514782a8aa235a76b3fd3f9
984d327c7b184bc81d6255df0a1f2db833c826c8c72bc8d8a8f377f23e14703f
b11cdc2b54d163d7d727eb382b3964872b8758c61bec19818bdd74eb765c9c79
b5e7e61bc691c2afae0f4702beaedc915414face7d9ad8a99c38617c67d2bb05
b77d933aa31cade756c0be585c7e50ff6419bb8725e102757a97b72f3edd0013
b96b60d9f25667ff1f8a0c03dc37a358268e7967ff369f337175a11ee30322d2
ba7453c8509d8585e7457ec2d7d2a85920acfdeab487109666a5e1383233602b
c195a12af5deccedd345db8fe44b86f6643637126f42a1bb9d427ed884ee3b22
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd625bc70348b5a2d211c005b7c42a73dce4560689485f772dd92b05956bf84
f24040f33af119babe5d210f265b3984e5912e078cfa6a19fa3c415117942bfa
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d