URL: https://spayuatmars.bmtest.om/
Submission: On September 16 via api from OM — Scanned from CA

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 31 HTTP transactions. The main IP is 134.0.202.117, located in Muscat, Oman and belongs to OMANTEL-NAP-AS OmanTel NAP, OM. The main domain is spayuatmars.bmtest.om.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 23rd 2024. Valid for: a year.
This is the only time spayuatmars.bmtest.om was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
23 134.0.202.117 28885 (OMANTEL-N...)
1 142.251.40.226 15169 (GOOGLE)
1 142.251.40.162 15169 (GOOGLE)
1 172.217.165.132 15169 (GOOGLE)
1 142.250.176.195 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
31 7
Apex Domain
Subdomains
Transfer
23 bmtest.om
spayuatmars.bmtest.om
517 KB
2 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 905
17 KB
1 google.ca
www.google.ca — Cisco Umbrella Rank: 10940
64 B
1 google.com
www.google.com — Cisco Umbrella Rank: 3
64 B
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 45
2 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 91
20 KB
0 customer360.co Failed
app.customer360.co Failed
31 7
Domain Requested by
23 spayuatmars.bmtest.om spayuatmars.bmtest.om
2 ssl.google-analytics.com spayuatmars.bmtest.om
1 www.google.ca spayuatmars.bmtest.om
1 www.google.com spayuatmars.bmtest.om
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com spayuatmars.bmtest.om
0 app.customer360.co Failed spayuatmars.bmtest.om
31 7

This site contains links to these domains. Also see Links.

Domain
www.bankmuscat.com
trustsealinfo.verisign.com
Subject Issuer Validity Valid
*.bmtest.om
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-23 -
2025-07-29
a year crt.sh
*.googleadservices.com
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.g.doubleclick.net
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.google.com
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.google.ca
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.google-analytics.com
WR2
2024-08-12 -
2024-11-04
3 months crt.sh

This page contains 1 frames:

Primary Page: https://spayuatmars.bmtest.om/
Frame ID: 244D68A612AFE0AA3BDD796B7D6EF542
Requests: 31 HTTP requests in this frame

Screenshot

Page Title

SmartRoute®: Merchant Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

31
Requests

94 %
HTTPS

17 %
IPv6

7
Domains

7
Subdomains

7
IPs

2
Countries

557 kB
Transfer

741 kB
Size

14
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
spayuatmars.bmtest.om/
10 KB
12 KB
Document
General
Full URL
https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
ba7453c8509d8585e7457ec2d7d2a85920acfdeab487109666a5e1383233602b
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-store
Connection
Keep-Alive
Content-Length
10593
Content-Security-Policy
unsafe-inline'
Content-Type
text/html;charset=iso-8859-1
Date
Mon, 16 Sep 2024 08:21:16 GMT
EXPIRES
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=370, max=1000
Permissions-Policy
<Directive> <allowlist>
Pragma
no-cache
Referrer-Policy
<Directive>
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-1902503546"
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
SAMEORIGIN
X-OneAgent-JS-Injection
true
X-XSS-Protection
1; mode=block
ruxitagentjs_ICA7NVfqrux_10297240712040816.js
spayuatmars.bmtest.om/
217 KB
83 KB
Script
General
Full URL
https://spayuatmars.bmtest.om/ruxitagentjs_ICA7NVfqrux_10297240712040816.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
622e9e6b0136a039c8f23225161f19a546bc2f1a4049206884ce828b0d4623e6
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:16 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
Referrer-Policy
<Directive>
Last-Modified
Wed, 03 Mar 2010 07:01:40 GMT
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, max-age=31536000, immutable
Permissions-Policy
<Directive> <allowlist>
Connection
Keep-Alive
Keep-Alive
timeout=370, max=999
Content-Length
84111
Expires
Tue, 16 Sep 2025 08:21:16 GMT
fonts.css
spayuatmars.bmtest.om/css/
2 KB
3 KB
Stylesheet
General
Full URL
https://spayuatmars.bmtest.om/css/fonts.css
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
c195a12af5deccedd345db8fe44b86f6643637126f42a1bb9d427ed884ee3b22
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="643794178"
Connection
Keep-Alive
Content-Length
2305
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:26 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=1000
EXPIRES
0
responsive_bankmuscat.css
spayuatmars.bmtest.om/css/
17 KB
17 KB
Stylesheet
General
Full URL
https://spayuatmars.bmtest.om/css/responsive_bankmuscat.css
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
69407c35093c54426cdfd968c859882693378a9a27827c5101f492fbf2928896
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-455961695"
Connection
Keep-Alive
Content-Length
17105
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Tue, 02 Apr 2024 11:33:36 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=1000
EXPIRES
0
styles_new2.css
spayuatmars.bmtest.om/css/
16 KB
17 KB
Stylesheet
General
Full URL
https://spayuatmars.bmtest.om/css/styles_new2.css
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
efd625bc70348b5a2d211c005b7c42a73dce4560689485f772dd92b05956bf84
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-696297168"
Connection
Keep-Alive
Content-Length
16700
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:30:26 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=1000
EXPIRES
0
bew_responsive.css
spayuatmars.bmtest.om/css/
19 KB
19 KB
Stylesheet
General
Full URL
https://spayuatmars.bmtest.om/css/bew_responsive.css
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
6452d491eb9d367a1227d5be24238e55211638376a0f265ed7b24544808bdf7f
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-9312864"
Connection
Keep-Alive
Content-Length
18964
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Fri, 22 Mar 2024 06:01:04 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=1000
EXPIRES
0
jquery-3.5.1.min.js
spayuatmars.bmtest.om/scripts/
87 KB
88 KB
Script
General
Full URL
https://spayuatmars.bmtest.om/scripts/jquery-3.5.1.min.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-1594805836"
Connection
Keep-Alive
Content-Length
89476
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:26 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=1000
EXPIRES
0
BANKMUSCAT_logo.png
spayuatmars.bmtest.om/images/
5 KB
6 KB
Image
General
Full URL
https://spayuatmars.bmtest.om/images/BANKMUSCAT_logo.png
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
2082cb4bf503eaaac74023adc8d52f504f8e5c2450541cd3bdb7404180fd96df
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-1116000446"
Connection
Keep-Alive
Content-Length
5622
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:20 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=999
EXPIRES
0
pci_logo_footer.gif
spayuatmars.bmtest.om/images/
4 KB
4 KB
Image
General
Full URL
https://spayuatmars.bmtest.om/images/pci_logo_footer.gif
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
6457734c036f8e22175d54c50e28ff142c4d1d416c792d9a4aca5160f2d4d1de
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="96187602"
Connection
Keep-Alive
Content-Length
3670
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:22 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/gif
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=998
EXPIRES
0
norton_logo_footer.gif
spayuatmars.bmtest.om/images/
3 KB
4 KB
Image
General
Full URL
https://spayuatmars.bmtest.om/images/norton_logo_footer.gif
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
b96b60d9f25667ff1f8a0c03dc37a358268e7967ff369f337175a11ee30322d2
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-787795716"
Connection
Keep-Alive
Content-Length
3387
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:20 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/gif
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=998
EXPIRES
0
mastercard_logo_footer.gif
spayuatmars.bmtest.om/images/
3 KB
4 KB
Image
General
Full URL
https://spayuatmars.bmtest.om/images/mastercard_logo_footer.gif
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
1efac3ffe16342f25a4208a6e1e672d5e5827220fdbc66b17b9431485db4b0b4
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="1715629856"
Connection
Keep-Alive
Content-Length
3286
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:20 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/gif
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=997
EXPIRES
0
visa_logo_footer.gif
spayuatmars.bmtest.om/images/
3 KB
4 KB
Image
General
Full URL
https://spayuatmars.bmtest.om/images/visa_logo_footer.gif
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
43e7dcc3c7675eab7176a93bc689e681d7162d7b69d5af6ebc6ef495af5389c1
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-380594865"
Connection
Keep-Alive
Content-Length
3062
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:20 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/gif
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=999
EXPIRES
0
american_exp_footer.gif
spayuatmars.bmtest.om/images/
3 KB
4 KB
Image
General
Full URL
https://spayuatmars.bmtest.om/images/american_exp_footer.gif
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
5caa3edddcc64148d4f4aedbff04482b78d451e75ad1e70bd8070f198115a0b9
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="1400612548"
Connection
Keep-Alive
Content-Length
3218
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:20 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/gif
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=998
EXPIRES
0
bankmuscat_footer.js
spayuatmars.bmtest.om/scripts/modules/
2 KB
2 KB
Script
General
Full URL
https://spayuatmars.bmtest.om/scripts/modules/bankmuscat_footer.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
171d2ae83551232c250ac2b11084230727262881ea699f0e4da86eb88f5cc839
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-877001449"
Connection
Keep-Alive
Content-Length
1673
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:26 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=999
EXPIRES
0
conversion.js
www.googleadservices.com/pagead/
56 KB
20 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
7e02d82244afece4d81dbfa0318378cfe946de1cb062cc2c0ddb498f3ff3eb79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 08:21:17 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20848
x-xss-protection
0
server
cafe
etag
13646012712460357126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 16 Sep 2024 08:21:17 GMT
jquery.validate.js
spayuatmars.bmtest.om/scripts/
49 KB
50 KB
Script
General
Full URL
https://spayuatmars.bmtest.om/scripts/jquery.validate.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
b11cdc2b54d163d7d727eb382b3964872b8758c61bec19818bdd74eb765c9c79
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-492365174"
Connection
Keep-Alive
Content-Length
50670
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:26 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=999
EXPIRES
0
additional-methods.js
spayuatmars.bmtest.om/scripts/
39 KB
39 KB
Script
General
Full URL
https://spayuatmars.bmtest.om/scripts/additional-methods.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
b77d933aa31cade756c0be585c7e50ff6419bb8725e102757a97b72f3edd0013
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-866562534"
Connection
Keep-Alive
Content-Length
39481
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:26 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=997
EXPIRES
0
jquery.jcryption1.js
spayuatmars.bmtest.om/scripts/
17 KB
18 KB
Script
General
Full URL
https://spayuatmars.bmtest.om/scripts/jquery.jcryption1.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
b5e7e61bc691c2afae0f4702beaedc915414face7d9ad8a99c38617c67d2bb05
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-1642584164"
Connection
Keep-Alive
Content-Length
17375
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:26 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=998
EXPIRES
0
bankmuscatLogin.js
spayuatmars.bmtest.om/scripts/modules/
6 KB
7 KB
Script
General
Full URL
https://spayuatmars.bmtest.om/scripts/modules/bankmuscatLogin.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
984d327c7b184bc81d6255df0a1f2db833c826c8c72bc8d8a8f377f23e14703f
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:17 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-2024907749"
Connection
Keep-Alive
Content-Length
6412
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:26 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=996
EXPIRES
0
cuw.min.js
app.customer360.co/themes/ngCus/widget/js/
0
0

cusWidget.min.js
app.customer360.co/widgets/chat/js/
0
0

/
googleads.g.doubleclick.net/pagead/viewthroughconversion/985023183/
5 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/985023183/?random=1726474878256&cv=9&fst=1726474878256&num=1&label=exDiCOGGxQMQz4XZ1QM&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fspayuatmars.bmtest.om%2F&tiba=SmartRoute%C2%AE%3A%20Merchant%20Login&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
f24040f33af119babe5d210f265b3984e5912e078cfa6a19fa3c415117942bfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 16 Sep 2024 08:21:18 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
opensans-regular.ttf
spayuatmars.bmtest.om/fonts/
42 KB
43 KB
Font
General
Full URL
https://spayuatmars.bmtest.om/fonts/opensans-regular.ttf
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/css/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
0cc29657e4f853c141dd7ebcd70a278e460aa5a31789a8b9be97c12a494efd68
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/css/fonts.css
Origin
https://spayuatmars.bmtest.om
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:18 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-1724237956", dtTao;desc="1"
Connection
Keep-Alive
Content-Length
42600
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:26 GMT
ETag
"1709731708:dtagent10297240712040816vK+C:dtagent10297240712040816vK+C"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/x-font-ttf
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Timing-Allow-Origin
*
Keep-Alive
timeout=370, max=998
EXPIRES
0
jquery-3.5.1.min.js
spayuatmars.bmtest.om/scripts/
87 KB
88 KB
Script
General
Full URL
https://spayuatmars.bmtest.om/scripts/jquery-3.5.1.min.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:18 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-227019897"
Connection
Keep-Alive
Content-Length
89476
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
Last-Modified
Wed, 06 Mar 2024 13:28:26 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-cache, no-store, must-revalidate
Permissions-Policy
<Directive> <allowlist>
Accept-Ranges
bytes
Keep-Alive
timeout=370, max=999
EXPIRES
0
/
www.google.com/pagead/1p-user-list/985023183/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/985023183/?random=1726474878256&cv=9&fst=1726473600000&num=1&label=exDiCOGGxQMQz4XZ1QM&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fspayuatmars.bmtest.om%2F&tiba=SmartRoute%C2%AE%3A%20Merchant%20Login&hn=www.googleadservices.com&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfnTDo9qLyuIyv8jfe_56ydG0HlT2EDA&random=2318249027&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.165.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s70-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 16 Sep 2024 08:21:18 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/985023183/
42 B
64 B
Image
General
Full URL
https://www.google.ca/pagead/1p-user-list/985023183/?random=1726474878256&cv=9&fst=1726473600000&num=1&label=exDiCOGGxQMQz4XZ1QM&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fspayuatmars.bmtest.om%2F&tiba=SmartRoute%C2%AE%3A%20Merchant%20Login&hn=www.googleadservices.com&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfnTDo9qLyuIyv8jfe_56ydG0HlT2EDA&random=2318249027&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 16 Sep 2024 08:21:18 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga.js
ssl.google-analytics.com/
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/scripts/modules/bankmuscatLogin.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 16 Sep 2024 06:39:36 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6102
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17168
expires
Mon, 16 Sep 2024 08:39:36 GMT
__utm.gif
ssl.google-analytics.com/r/
35 B
197 B
Image
General
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=36496897&utmhn=spayuatmars.bmtest.om&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-ca&utmje=0&utmfl=-&utmdt=SmartRoute%C2%AE%3A%20Merchant%20Login&utmhid=1859096479&utmr=-&utmp=%2F&utmht=1726474879040&utmac=UA-21391758-6&utmcc=__utma%3D25601407.707868904.1726474879.1726474879.1726474879.1%3B%2B__utmz%3D25601407.1726474879.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1818393407&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 16 Sep 2024 08:21:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
favicon.ico
spayuatmars.bmtest.om/
2 KB
3 KB
Other
General
Full URL
https://spayuatmars.bmtest.om/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
1e7980f24ca02f23c5f231a6362d4e8e5cd02fbf13086f1cd020ea4de602d236
Security Headers
Name Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 08:21:19 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
unsafe-inline'
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-895331530"
Connection
Keep-Alive
Content-Length
1833
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
<Directive>
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/html;charset=ISO-8859-1
Access-Control-Allow-Origin
https://smartpay.bankmuscat.com
Cache-Control
no-store
Permissions-Policy
<Directive> <allowlist>
Keep-Alive
timeout=370, max=998
EXPIRES
Thu, 01 Jan 1970 00:00:00 GMT
rb_bf24332xda
spayuatmars.bmtest.om/
118 B
433 B
Fetch
General
Full URL
https://spayuatmars.bmtest.om/rb_bf24332xda?type=js3&sn=v_4_srv_1_sn_B8417A699F6F095E7FDEF174A1A38F34_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1&svrid=1&flavor=post&vi=APMBTLOUNMMKANIBDMHRKRUVPAWHRWSA-0&modifiedSince=1724779902044&rf=https%3A%2F%2Fspayuatmars.bmtest.om%2F&bp=3&app=ea7c4b59f27d43eb&crc=3687693600&en=42qi0fyl&end=1
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/ruxitagentjs_ICA7NVfqrux_10297240712040816.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
9838312bedd67de37d4c2b4addd3ae32006fc820c514782a8aa235a76b3fd3f9
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Mon, 16 Sep 2024 08:21:20 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Referrer-Policy
<Directive>
Content-Type
text/plain; charset=utf-8
Permissions-Policy
<Directive> <allowlist>
Connection
Keep-Alive
Keep-Alive
timeout=370, max=997
Content-Length
118
rb_bf24332xda
spayuatmars.bmtest.om/
118 B
433 B
Fetch
General
Full URL
https://spayuatmars.bmtest.om/rb_bf24332xda?type=js3&sn=v_4_srv_1_sn_B8417A699F6F095E7FDEF174A1A38F34_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1&svrid=1&flavor=post&vi=APMBTLOUNMMKANIBDMHRKRUVPAWHRWSA-0&modifiedSince=1724779902044&rf=https%3A%2F%2Fspayuatmars.bmtest.om%2F&bp=3&app=ea7c4b59f27d43eb&crc=3017038333&en=42qi0fyl&end=1
Requested by
Host: spayuatmars.bmtest.om
URL: https://spayuatmars.bmtest.om/ruxitagentjs_ICA7NVfqrux_10297240712040816.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
134.0.202.117 Muscat, Oman, ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM),
Reverse DNS
Software
/
Resource Hash
9838312bedd67de37d4c2b4addd3ae32006fc820c514782a8aa235a76b3fd3f9
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Referer
https://spayuatmars.bmtest.om/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Mon, 16 Sep 2024 08:21:22 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Referrer-Policy
<Directive>
Content-Type
text/plain; charset=utf-8
Permissions-Policy
<Directive> <allowlist>
Connection
Keep-Alive
Keep-Alive
timeout=370, max=996
Content-Length
118

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
app.customer360.co
URL
https://app.customer360.co/themes/ngCus/widget/js/cuw.min.js
Domain
app.customer360.co
URL
https://app.customer360.co/widgets/chat/js/cusWidget.min.js

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| BigInt object| dT_ object| dtrum object| dynatrace function| $ function| jQuery object| _cus360w object| _cusF object| _cus3 object| _cus object| google_tag_data function| GooglemKTybQhCsO number| google_conversion_snippets number| google_conversion_first_time number| biRadixBase number| biRadixBits number| bitsPerDigit number| biRadix number| biHalfRadix number| biRadixSquared number| maxDigitVal number| maxInteger number| dpl10 object| highBitMasks object| hexatrigesimalToChar object| hexToChar object| lowBitMasks function| setMaxDigits function| biFromDecimal function| biCopy function| biFromNumber function| reverseStr function| biToString function| biToDecimal function| digitToHex function| biToHex function| charToHex function| hexToDigit function| biFromHex function| biFromString function| biDump function| biAdd function| biSubtract function| biHighIndex function| biNumBits function| biMultiply function| biMultiplyDigit function| arrayCopy function| biShiftLeft function| biShiftRight function| biMultiplyByRadixPower function| biDivideByRadixPower function| biModuloByRadixPower function| biCompare function| biDivideModulo function| biDivide function| biModulo function| biMultiplyMod function| biPow function| biPowMod function| BarrettMu function| BarrettMu_modulo function| BarrettMu_multiplyMod function| BarrettMu_powMod object| _gaq object| _gat object| gaGlobal

14 Cookies

Domain/Path Name / Value
spayuatmars.bmtest.om/ Name: JSESSIONID
Value: e1i29WYoLXZVX2tvcgPwTrY7NfcyNZ0opRDai3VW.uatsmrtapp2
.bmtest.om/ Name: dtCookie
Value: v_4_srv_1_sn_B8417A699F6F095E7FDEF174A1A38F34_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1
spayuatmars.bmtest.om/ Name: TS01e0d381
Value: 01c48fc51451d61c69199454ce54b78c900d66606857450d74e114ada6fe35cf6750ca3eef5e45d9ed557f7fd63ab0024946ff2a522dbb4dc6ad16eef4a2daffc422df19ce
.bmtest.om/ Name: TS01973897
Value: 01c48fc514591ebf929736b15c2fe474eb4a839b7157450d74e114ada6fe35cf6750ca3eefa3fb551bae506b1b983ae0679083480b366d2fd8b9a3115b5050fc8dc772d024
.bmtest.om/ Name: rxVisitor
Value: 1726474877308UHNNARU9QUSOGONJ2082AJIRI5H3JNV4
.bmtest.om/ Name: dtSa
Value: -
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.spayuatmars.bmtest.om/ Name: __utma
Value: 25601407.707868904.1726474879.1726474879.1726474879.1
.spayuatmars.bmtest.om/ Name: __utmc
Value: 25601407
.spayuatmars.bmtest.om/ Name: __utmz
Value: 25601407.1726474879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.spayuatmars.bmtest.om/ Name: __utmt
Value: 1
.spayuatmars.bmtest.om/ Name: __utmb
Value: 25601407.1.10.1726474879
.bmtest.om/ Name: rxvt
Value: 1726476679122|1726474877314
.bmtest.om/ Name: dtPC
Value: 1$274877294_572h-vAPMBTLOUNMMKANIBDMHRKRUVPAWHRWSA-0e0

9 Console Messages

Source Level URL
Text
rendering error
Message:
Failed to set referrer policy: The value '<Directive>' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
security error URL: https://spayuatmars.bmtest.om/
Message:
The Content-Security-Policy directive name 'unsafe-inline'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
network error URL: https://app.customer360.co/themes/ngCus/widget/js/cuw.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://app.customer360.co/widgets/chat/js/cusWidget.min.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
recommendation verbose URL: https://spayuatmars.bmtest.om/
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
recommendation verbose URL: https://spayuatmars.bmtest.om/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation verbose URL: https://spayuatmars.bmtest.om/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://spayuatmars.bmtest.om/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.customer360.co
googleads.g.doubleclick.net
spayuatmars.bmtest.om
ssl.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
app.customer360.co
134.0.202.117
142.250.176.195
142.251.40.162
142.251.40.226
172.217.165.132
2607:f8b0:4006:809::2008
0cc29657e4f853c141dd7ebcd70a278e460aa5a31789a8b9be97c12a494efd68
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
171d2ae83551232c250ac2b11084230727262881ea699f0e4da86eb88f5cc839
1e7980f24ca02f23c5f231a6362d4e8e5cd02fbf13086f1cd020ea4de602d236
1efac3ffe16342f25a4208a6e1e672d5e5827220fdbc66b17b9431485db4b0b4
2082cb4bf503eaaac74023adc8d52f504f8e5c2450541cd3bdb7404180fd96df
43e7dcc3c7675eab7176a93bc689e681d7162d7b69d5af6ebc6ef495af5389c1
5caa3edddcc64148d4f4aedbff04482b78d451e75ad1e70bd8070f198115a0b9
622e9e6b0136a039c8f23225161f19a546bc2f1a4049206884ce828b0d4623e6
6452d491eb9d367a1227d5be24238e55211638376a0f265ed7b24544808bdf7f
6457734c036f8e22175d54c50e28ff142c4d1d416c792d9a4aca5160f2d4d1de
69407c35093c54426cdfd968c859882693378a9a27827c5101f492fbf2928896
7e02d82244afece4d81dbfa0318378cfe946de1cb062cc2c0ddb498f3ff3eb79
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9838312bedd67de37d4c2b4addd3ae32006fc820c514782a8aa235a76b3fd3f9
984d327c7b184bc81d6255df0a1f2db833c826c8c72bc8d8a8f377f23e14703f
b11cdc2b54d163d7d727eb382b3964872b8758c61bec19818bdd74eb765c9c79
b5e7e61bc691c2afae0f4702beaedc915414face7d9ad8a99c38617c67d2bb05
b77d933aa31cade756c0be585c7e50ff6419bb8725e102757a97b72f3edd0013
b96b60d9f25667ff1f8a0c03dc37a358268e7967ff369f337175a11ee30322d2
ba7453c8509d8585e7457ec2d7d2a85920acfdeab487109666a5e1383233602b
c195a12af5deccedd345db8fe44b86f6643637126f42a1bb9d427ed884ee3b22
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd625bc70348b5a2d211c005b7c42a73dce4560689485f772dd92b05956bf84
f24040f33af119babe5d210f265b3984e5912e078cfa6a19fa3c415117942bfa
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d