urlscan.io logo urlscan.io
SecurityTrails logo

171.162.52.84 Open in urlscan Pro
171.162.52.84  Public Scan

Go To Rescan Add Verdict Report
URL: https://171.162.52.84/Login/Login
Submission: On June 10 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 17 HTTP transactions. The main IP is 171.162.52.84, located in United States and belongs to BOFABROKERDEALERSVCS, US. The main domain is 171.162.52.84.
TLS certificate: Issued by sveqpz1gwmlb01a.bankofamerica.com on May 31st 2017. Valid for: 10 years.
This is the only time 171.162.52.84 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 171.162.52.84 19886 (BOFABROKE...)
7 152.195.51.101 15133 (EDGECAST)
2 171.161.124.64 10794 (BANKAMERICA)
17 3
Apex Domain
Subdomains		 Transfer
7 bac-assets.com
scripts.benefitspt1.ml.bac-assets.com
859 KB
2 ml.com
www.benefits.ml.com — Cisco Umbrella Rank: 103197
16 KB
17 2
Domain Requested by
7 scripts.benefitspt1.ml.bac-assets.com 171.162.52.84
scripts.benefitspt1.ml.bac-assets.com
2 www.benefits.ml.com 171.162.52.84
17 2

This site contains links to these domains. Also see Links.

Domain
brokercheck.finra.org
rg.ml.com
go.ml.com
apps.apple.com
play.google.com
Subject Issuer Validity Valid
sveqpz1gwmlb01a.bankofamerica.com
sveqpz1gwmlb01a.bankofamerica.com		 2017-05-31 -
2027-05-29		 10 years crt.sh
styles.benefitspt1.ml.bac-assets.com
Entrust Certification Authority - L1M		 2024-03-21 -
2025-04-21		 a year crt.sh
www.benefits.ml.com
Entrust Certification Authority - L1M		 2024-03-21 -
2025-04-21		 a year crt.sh

This page contains 1 frames:

Primary Page: https://171.162.52.84/Login/Login
Frame ID: CBFAEA37CD8C6B11B8E1C27A76B9806C
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Benefits OnLine | Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div [^>]*class="[^"]*(?:small|medium|large)-\d{1,2} columns
Overall confidence: 100%
Detected patterns
  • require.*\.js

Page Statistics

17
Requests

53 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

924 kB
Transfer

1452 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
171.162.52.84/Login/ 		92 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.162.52.84 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
Software
/
Resource Hash
7b01dc6c6a8d7f42242c544d16fba7acea278c107864a7555b0565220442e846
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
26040
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Content-Type
text/html
Date
Mon, 10 Jun 2024 15:44:44 GMT
Expires
-1
Keep-Alive
timeout=30, max=500
Origin-Agent-Cluster
?0
Pragma
no-cache
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
babel-polyfill.js
scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/components/utilities/platform/ 		97 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/components/utilities/platform/babel-polyfill.js
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.51.101 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67C0) /
Resource Hash
a108985f6e9a607d6e1b8cb294cdad7bffb288589c3f9fa3768b84763b0af94d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
date
Mon, 10 Jun 2024 15:45:11 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Thu, 06 Jun 2024 18:01:49 GMT
server
ECS (frb/67C0)
etag
"42b0849a3bb8da1:0",BOL Etag
access-control-max-age
3600
content-type
application/javascript
origin-agent-cluster
?0
cache-control
public,max-age=2600000
access-control-allow-credentials
true
accept-ranges
bytes
content-length
99326
5cf4e604.css
scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/bundles/ 		687 KB
689 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/bundles/5cf4e604.css
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.51.101 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67C1) /
Resource Hash
8b7a529c4358c2b664185d478a28e0526e5d5dd7b98e135a1009de21830298c1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
date
Mon, 10 Jun 2024 15:44:46 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Thu, 06 Jun 2024 18:01:47 GMT
server
ECS (frb/67C1)
etag
"c03677993bb8da1:0",BOL Etag
access-control-max-age
3600
content-type
text/css
origin-agent-cluster
?0
cache-control
public,max-age=2600000
access-control-allow-credentials
true
accept-ranges
bytes
content-length
703810
require.js
scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/components/utilities/vendor/require/2.2.0/js/ 		25 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/components/utilities/vendor/require/2.2.0/js/require.js
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.51.101 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6760) /
Resource Hash
adab1708b4b053c52d06be506c9630c44bb6a4b986d03344d3cf91997c9e6ad6
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
date
Mon, 10 Jun 2024 15:45:11 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Thu, 06 Jun 2024 18:01:49 GMT
server
ECS (frb/6760)
etag
"f4339a9a3bb8da1:0",BOL Etag
access-control-max-age
3600
content-type
application/javascript
origin-agent-cluster
?0
cache-control
public,max-age=2600000
access-control-allow-credentials
true
accept-ranges
bytes
content-length
25968
styles.sparta.min.css
171.162.52.84/cdn/styles/themes/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://171.162.52.84/cdn/styles/themes/styles.sparta.min.css
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.162.52.84 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
Software
/
Resource Hash
2d64d25799056d8104ce09ae70105ccca934f1a36eac8fc0ef5361b934f48da2
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/Login/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 10 Jun 2024 15:44:44 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000
Last-Modified
Tue, 05 Oct 2021 21:03:51 GMT
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
ETag
"e863802cbad71:0",BOL Etag
Vary
Accept-Encoding
Content-Type
text/css
Origin-Agent-Cluster
?0
Cache-Control
public,max-age=2600000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=500
Content-Length
585
header.js
171.162.52.84/cdn/publish/spartajs/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://171.162.52.84/cdn/publish/spartajs/header.js
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.162.52.84 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
Software
/
Resource Hash
3e4234cf8afa86d24d1006a2c06b031dcd2083fc9a0e5de3bfe717aa6727e477
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/Login/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 10 Jun 2024 15:44:44 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Connection
Keep-Alive
Content-Length
2415
Pragma
no-cache
Last-Modified
Tue, 19 Mar 2024 17:19:42 GMT
ETag
"b216b3a1217ada1:0",BOL Etag
Vary
Accept-Encoding
Content-Type
application/javascript
Origin-Agent-Cluster
?0
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=500
Expires
-1
mp_linkcode.js
171.162.52.84/cdn/publish/spartajs/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://171.162.52.84/cdn/publish/spartajs/mp_linkcode.js
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.162.52.84 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
Software
/
Resource Hash
dd7e2b568fe5841e9e457081de8a27b8cd786d3bc50a0318657213bcba11c154
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/Login/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 10 Jun 2024 15:44:44 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000
Last-Modified
Fri, 04 Mar 2022 20:33:48 GMT
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
ETag
"895ed326730d81:0",BOL Etag
Vary
Accept-Encoding
Content-Type
application/javascript
Origin-Agent-Cluster
?0
Cache-Control
public,max-age=2600000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=500
Content-Length
1626
eventutility.js
171.162.52.84/cdn/publish/spartajs/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://171.162.52.84/cdn/publish/spartajs/eventutility.js
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.162.52.84 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
Software
/
Resource Hash
02081045955828089f979c88cb7c050e025bfc8f7bbc52a61e0d126aec54c5f4
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/Login/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 10 Jun 2024 15:44:44 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 30 Jun 2021 18:55:58 GMT
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
ETag
"9c784690e16dd71:0",BOL Etag
Vary
Accept-Encoding
Content-Type
application/javascript
Origin-Agent-Cluster
?0
Cache-Control
public,max-age=2600000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=500
Content-Length
912
index.js
171.162.52.84/cdn/publish/sparta/spa/widgets/loader/2.3.0/ 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://171.162.52.84/cdn/publish/sparta/spa/widgets/loader/2.3.0/index.js
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.162.52.84 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
Software
/
Resource Hash
36cac44d0c7bc397c1a20033e3441a30cd9bacd960b15eaa167e1842d0703d33
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/Login/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 10 Jun 2024 15:44:44 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 01 Apr 2024 18:05:02 GMT
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
ETag
"18cb2f1e5f84da1:0",BOL Etag
Vary
Accept-Encoding
Content-Type
application/javascript
Origin-Agent-Cluster
?0
Cache-Control
public,max-age=2600000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=500
Content-Length
6018
assets-images-site-bol-login-mobile-popup-bull-icon-and-logo-CSX4468b884.png
scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/images/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/images/assets-images-site-bol-login-mobile-popup-bull-icon-and-logo-CSX4468b884.png
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.51.101 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D5) /
Resource Hash
c4729705e6d25aa0ed2ed29b16709cf318e4a0a2d43977b0307dcda84d96f3ed
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
date
Mon, 10 Jun 2024 15:45:11 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Tue, 02 Apr 2024 15:01:48 GMT
server
ECS (frb/67D5)
etag
"484adaafe85da1:0",BOL Etag
access-control-max-age
3600
content-type
image/png
origin-agent-cluster
?0
cache-control
public,max-age=2600000
access-control-allow-credentials
true
accept-ranges
bytes
content-length
17526
btn-iphone-app.png
www.benefits.ml.com/CDN/Images/ 		5 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.benefits.ml.com/CDN/Images/btn-iphone-app.png
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.161.124.64 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
www-tx1.benefits.ml.com
Software
/
Resource Hash
8d69f8cd132a7ff3434c3a8f388350ac97b65d95e30a9fd4afe59bb55a0617eb
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 10 Jun 2024 15:44:45 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
traceresponse
00-fa11ea62761904ebff4487f0930ee4ed-2f31cd76b7eedb6d-01
Connection
Keep-Alive
Content-Length
5502
Last-Modified
Tue, 19 Jun 2018 14:51:55 GMT
x-dt-tracestate
fe4e8a5e-689769c7@dt
ETag
"76c73a11dd7d41:0",BOL Etag
Access-Control-Max-Age
3600
Content-Type
image/png
Access-Control-Allow-Origin
https://www.benefits.ml.com
Origin-Agent-Cluster
?0
Cache-Control
public,max-age=2600000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=463
btn-android-app.png
www.benefits.ml.com/CDN/Images/ 		6 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.benefits.ml.com/CDN/Images/btn-android-app.png
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.161.124.64 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
www-tx1.benefits.ml.com
Software
/
Resource Hash
b595883043dfd23597a766db0105f3f9e7745a24cad32a66d954e8afa82deb4d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 10 Jun 2024 15:44:46 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
traceresponse
00-0619a04bfcc1ebe188a089474370944d-33d59d4c77959f70-01
Connection
Keep-Alive
Content-Length
5862
Last-Modified
Tue, 19 Jun 2018 14:51:55 GMT
x-dt-tracestate
fe4e8a5e-689769c7@dt
ETag
"d91d3711dd7d41:0",BOL Etag
Access-Control-Max-Age
3600
Content-Type
image/png
Access-Control-Allow-Origin
https://www.benefits.ml.com
Origin-Agent-Cluster
?0
Cache-Control
public,max-age=2600000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=456
footer.js
171.162.52.84/cdn/publish/spartajs/ 		0
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://171.162.52.84/cdn/publish/spartajs/footer.js
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.162.52.84 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/Login/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 10 Jun 2024 15:44:46 GMT
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Last-Modified
Tue, 21 Sep 2021 13:08:03 GMT
ETag
"8f9abcb5e9aed71:0",BOL Etag
Content-Type
application/javascript
Origin-Agent-Cluster
?0
Cache-Control
public,max-age=2600000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=500
Content-Length
0
wait46x46.gif
171.162.52.84/CDN/Images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://171.162.52.84/CDN/Images/wait46x46.gif
Requested by
Host: 171.162.52.84
URL: https://171.162.52.84/Login/Login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.162.52.84 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
Software
/
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/Login/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 10 Jun 2024 15:45:12 GMT
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
ETag
BOL Etag
Content-Type
text/html
Origin-Agent-Cluster
?0
Cache-Control
public,max-age=2600000
Connection
Keep-Alive
Keep-Alive
timeout=30, max=500
Content-Length
1245
cnx-regular.woff2
scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/components/utilities/global/sparta-style-utility/3.2.4/font/cnx-regular/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/components/utilities/global/sparta-style-utility/3.2.4/font/cnx-regular/cnx-regular.woff2
Requested by
Host: scripts.benefitspt1.ml.bac-assets.com
URL: https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/bundles/5cf4e604.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.51.101 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
79f02d139cfd07f2a19e0a8831553b3de4627fcab371e18eb776af035465949b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/bundles/5cf4e604.css
Origin
https://171.162.52.84
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
date
Mon, 10 Jun 2024 15:45:13 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Tue, 02 Apr 2024 15:01:36 GMT
server
ECS (frb/6738)
etag
"ec714da8e85da1:0",BOL Etag
access-control-max-age
3600
content-type
font/x-woff2
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=2600000
access-control-allow-credentials
true
accept-ranges
bytes
content-length
11608
roboto-regular.woff2
scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/components/utilities/bol-global/bol-sparta-style-utility/1.0.0/font/roboto-regular/ 		15 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/components/utilities/bol-global/bol-sparta-style-utility/1.0.0/font/roboto-regular/roboto-regular.woff2
Requested by
Host: scripts.benefitspt1.ml.bac-assets.com
URL: https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/bundles/5cf4e604.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.51.101 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/673A) /
Resource Hash
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/bundles/5cf4e604.css
Origin
https://171.162.52.84
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
date
Mon, 10 Jun 2024 15:45:12 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Tue, 02 Apr 2024 15:01:19 GMT
server
ECS (frb/673A)
etag
"46ee449ee85da1:0",BOL Etag
access-control-max-age
3600
content-type
font/x-woff2
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=2600000
access-control-allow-credentials
true
accept-ranges
bytes
content-length
15736
1ff2b34c.js
scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/bundles/ 		464 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/bundles/1ff2b34c.js
Requested by
Host: scripts.benefitspt1.ml.bac-assets.com
URL: https://scripts.benefitspt1.ml.bac-assets.com/cdn/publish/sparta/login/spa-assets/components/utilities/vendor/require/2.2.0/js/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.51.101 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/669E) /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://171.162.52.84/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
date
Mon, 10 Jun 2024 15:45:12 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Thu, 06 Jun 2024 18:01:47 GMT
server
ECS (frb/669E)
etag
"38c674993bb8da1:0",BOL Etag
access-control-max-age
3600
content-type
application/javascript
origin-agent-cluster
?0
cache-control
public,max-age=2600000
access-control-allow-credentials
true
accept-ranges
bytes
content-length
1476834

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| setMDA boolean| isMDA object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| digitalData object| nucleusSpartaProperties function| createCSSBundleLink object| sparta function| requirejs function| require function| define object| theBody object| $bolt object| $bol object| $bolMobileNativeHeader boolean| enableWOGW boolean| MP_K401_Redirect object| MP321 object| $eventutility object| global undefined| handlebars object| spaParams object| spartaRequireLoop object| loopExecs object| required function| onLoopReady

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://171.162.52.84/CDN/Images/wait46x46.gif
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com testdata.coremetrics.com d.agkn.com players.brightcove.net resources.digital-cloud.medallia.com tags.tiqcdn.com gwm-ml.wsodqa.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; frame-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000