urlscan.io logo urlscan.io
SecurityTrails logo

miniature-resolute-camp.glitch.me Open in urlscan Pro
18.235.65.101  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://miniature-resolute-camp.glitch.me/
Effective URL: https://miniature-resolute-camp.glitch.me/
Submission: On April 29 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 5 domains to perform 39 HTTP transactions. The main IP is 18.235.65.101, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is miniature-resolute-camp.glitch.me.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 4th 2023. Valid for: a year.
This is the only time miniature-resolute-camp.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

IP Address AS Autonomous System
8 18.235.65.101 14618 (AMAZON-AES)
10 2606:4700::68... 13335 (CLOUDFLAR...)
14 171.159.118.200 10794 (BANKAMERICA)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 52.18.235.44 16509 (AMAZON-02)
1 52.72.120.107 14618 (AMAZON-AES)
2 54.158.171.243 14618 (AMAZON-AES)
1 171.159.118.100 10794 (BANKAMERICA)
39 9
8    18.235.65.101 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-65-101.compute-1.amazonaws.com
miniature-resolute-camp.glitch.me
10    2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
14    171.159.118.200 (United States)

ASN10794 (BANKAMERICA, US)
secure.bankofamerica.com
1    2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    52.18.235.44 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-235-44.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    52.72.120.107 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-120-107.compute-1.amazonaws.com
rail.bankofamerica.com
2    54.158.171.243 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-158-171-243.compute-1.amazonaws.com
aero.bankofamerica.com
1    171.159.118.100 (United States)

ASN10794 (BANKAMERICA, US)
www.bankofamerica.com
Apex Domain
Subdomains		 Transfer
18 bankofamerica.com
secure.bankofamerica.com — Cisco Umbrella Rank: 10899
rail.bankofamerica.com — Cisco Umbrella Rank: 22098
aero.bankofamerica.com — Cisco Umbrella Rank: 20405
www.bankofamerica.com — Cisco Umbrella Rank: 14231
816 KB
10 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 306
212 KB
8 glitch.me
miniature-resolute-camp.glitch.me
40 KB
1 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 233
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 535
295 B
39 5
Domain Requested by
14 secure.bankofamerica.com miniature-resolute-camp.glitch.me
secure.bankofamerica.com
10 cdn.cookielaw.org miniature-resolute-camp.glitch.me
cdn.cookielaw.org
8 miniature-resolute-camp.glitch.me miniature-resolute-camp.glitch.me
secure.bankofamerica.com
2 aero.bankofamerica.com secure.bankofamerica.com
aero.bankofamerica.com
1 www.bankofamerica.com
1 rail.bankofamerica.com secure.bankofamerica.com
1 dpm.demdex.net secure.bankofamerica.com
1 geolocation.onetrust.com cdn.cookielaw.org
39 8

This site contains links to these domains. Also see Links.

Domain
secure.bankofamerica.com
www.bankofamerica.com
business.bofa.com
www.onetrust.com
Subject Issuer Validity Valid
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2024-03-01 -
2024-12-31		 10 months crt.sh
secure.bankofamerica.com
Entrust Certification Authority - L1M		 2024-03-28 -
2025-04-28		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2024-10-26		 a year crt.sh
rail.bankofamerica.com
Entrust Certification Authority - L1M		 2024-04-05 -
2025-05-05		 a year crt.sh
aero.bankofamerica.com
Entrust Certification Authority - L1M		 2024-04-05 -
2025-05-05		 a year crt.sh
www.bankofamerica.com
Entrust Certification Authority - L1M		 2023-07-31 -
2024-08-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://miniature-resolute-camp.glitch.me/
Frame ID: DA444B0CFCCF0935A8484D25BE8F1AA7
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bank of America | Online Banking | Log In | User ID

Page URL History Show full URLs

  1. http://miniature-resolute-camp.glitch.me/ HTTP 307
    https://miniature-resolute-camp.glitch.me/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

39
Requests

97 %
HTTPS

25 %
IPv6

5
Domains

8
Subdomains

9
IPs

2
Countries

1069 kB
Transfer

4035 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://miniature-resolute-camp.glitch.me/ HTTP 307
    https://miniature-resolute-camp.glitch.me/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
miniature-resolute-camp.glitch.me/
Redirect Chain
  • http://miniature-resolute-camp.glitch.me/
  • https://miniature-resolute-camp.glitch.me/
32 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://miniature-resolute-camp.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.65.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-65-101.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
45ffb15ecf1ea56d3c6c84641f630cb07b43848b7e52d64a034669c908725b4b

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
32407
content-type
text/html; charset=utf-8
date
Mon, 29 Apr 2024 13:01:23 GMT
etag
"9d2aa8400391c30a312acb50fea5e01f"
last-modified
Sun, 28 Apr 2024 18:33:31 GMT
server
AmazonS3
x-amz-id-2
gPsV4vLXBPvbCIGA6Bi2c6M7x90Rfrd1NUVnZtIjiAaAA9dEk9+a76c2V6LQ+e1kCDoZn2ADeQY=
x-amz-request-id
XFFXXS8BQ2BATJFB
x-amz-server-side-encryption
AES256
x-amz-version-id
kRXbv_7kLWrryXnRQtnHWSAtUObmPxsp

Redirect headers

Location
https://miniature-resolute-camp.glitch.me/
Non-Authoritative-Reason
HttpsUpgrades
otSDKStub.js
cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/otSDKStub.js
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae7af88fff94ade13d5fb9cfa5581da810968e43e4848aa77838cea2d66308df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Origin
https://miniature-resolute-camp.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
34517
content-md5
zj32Cvf5RtLIH/3Db/yIDw==
content-length
6934
x-ms-lease-status
unlocked
last-modified
Mon, 06 Nov 2023 17:29:17 GMT
server
cloudflare
etag
0x8DBDEEDE7A605CB
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
09f2e800-b01e-0058-3a96-99e1dc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87bf7b039e7165a8-FRA
expires
Tue, 30 Apr 2024 13:01:24 GMT
vipaa-v4-jawr.css
secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/ 		447 KB
67 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr.css
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
81b027af71f745247720e106cc3a674e9291ae024938973b7eba4e1ce959c4ef
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:25 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
X-BOA-RequestID
Zi-aJdL3jKiSn7vo2s4CgQAAAAU
X-Serviced-By
yenR36+0EiK6iGwKzPQT9A==--2sng8r0d+5l8e+tbCnJt1g==
Connection
Keep-Alive
Content-Length
65675
Last-Modified
Fri, 08 Mar 2024 20:49:44 GMT
Server
Oops
ETag
"1008b-6132c54f25885"
Content-Type
text/css
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=439
Expires
Tue, 29 Apr 2025 13:01:25 GMT
vipaa-v4-jawr.js
secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/script/ 		2 MB
356 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/script/vipaa-v4-jawr.js
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
90b8c4a376464910aae2957ab16bc1e9db74a856809873ca78482a6ba7faa05d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:25 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
X-BOA-RequestID
Zi-aJZ5hAuCBRN6eSb6LXQAAARA
X-Serviced-By
7Lcf/JURwOij9FX5x0gpRg==--2sng8r0d+5l8e+tbCnJt1g==
Connection
Keep-Alive
Content-Length
361933
Last-Modified
Fri, 08 Mar 2024 20:49:44 GMT
Server
Oops
ETag
"585cd-6132c54f250b5"
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=404
Expires
Tue, 29 Apr 2025 13:01:25 GMT
jquery-migrate-custom.js
secure.bankofamerica.com//pa/global-assets/1.0/script/libraries/ 		10 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com//pa/global-assets/1.0/script/libraries/jquery-migrate-custom.js
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
507c9d07862848eb2252ea5aa73050168e57663e4b6887159e725017ae629386
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:25 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Last-Modified
Tue, 16 Aug 2022 09:04:27 GMT
Server
Oops
ETag
"2753-5e6580913c7a1"
X-BOA-RequestID
Zi-aJSQLidqcFRa_2C4v9AAAAHU
X-Serviced-By
35azveTP0hvW2ZEhTDzh1A==--2sng8r0d+5l8e+tbCnJt1g==
Content-Type
application/x-javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=267
Content-Length
10067
BofA_rgb.png
secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/ 		38 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/BofA_rgb.png
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Date
Mon, 29 Apr 2024 13:01:25 GMT
Age
261
X-BOA-RequestID
ZfimzCVuIgWo7r_8G_mXAQAAACs
X-Serviced-By
AX3pAD3wQ98DJ/pKLjKcJw==--cSncBxP2IlXx61Pc/LL19Q==
Connection
Keep-Alive
Content-Length
23389
Last-Modified
Tue, 05 Feb 2019 20:28:24 GMT
Server
Oops
ETag
"99fe-5812b73724a00"
Vary
Accept-Encoding
Content-Type
image/png
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=498
online-id-vipaa-module-enter-skin.js
secure.bankofamerica.com//pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/ 		53 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com//pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/online-id-vipaa-module-enter-skin.js
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
42a0204c02e6aa2b111e81dfe8db38ed35446b35d5b99cfecf0dd287690d9827
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:25 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Last-Modified
Thu, 08 Feb 2024 21:40:18 GMT
Server
Oops
ETag
"d231-610e5a857a7aa"
X-BOA-RequestID
Zi-aJdRSDwAjOoIFjq1B3wAAAno
X-Serviced-By
yenR36+0EiK6iGwKzPQT9A==--2sng8r0d+5l8e+tbCnJt1g==
Content-Type
application/x-javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=498
Content-Length
53809
mobile_llama.png
secure.bankofamerica.com//pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/ 		19 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com//pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/mobile_llama.png
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:25 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Last-Modified
Tue, 16 Aug 2022 08:36:34 GMT
Server
Oops
ETag
"4adf-5e657a56463dd"
X-BOA-RequestID
Zi-aJRQU9YTMLzLOHgzewgAAAZk
X-Serviced-By
T1oZGkQfFdZIE243MD6gyw==--2sng8r0d+5l8e+tbCnJt1g==
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=479
Content-Length
19167
cm-jawr.js
miniature-resolute-camp.glitch.me/pa/components/bundles/text-decompressed/xengine/VIPAA/9.9/script/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://miniature-resolute-camp.glitch.me/pa/components/bundles/text-decompressed/xengine/VIPAA/9.9/script/cm-jawr.js
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.65.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-65-101.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 13:01:25 GMT
cache-control
max-age=0
content-length
3674
pill.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/pill.png
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
6d608a9d27ae614aa0b16fe920f6a811bf6d4f320a5819b51d3edb9672912ad9
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Date
Mon, 29 Apr 2024 13:01:25 GMT
Last-Modified
Wed, 25 Oct 2023 21:31:55 GMT
Server
Oops
Age
434
ETag
"7e6-608912f3af79e"
X-BOA-RequestID
ZfimzCVuIgWo7r_8G_mXAwAAAEg
X-Serviced-By
AX3pAD3wQ98DJ/pKLjKcJw==--cSncBxP2IlXx61Pc/LL19Q==
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=499
Content-Length
2022
72e99fdc-3ef1-452a-9b02-e35228fa4504.json
cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/72e99fdc-3ef1-452a-9b02-e35228fa4504.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c3a92b2467fdd1c1fb222cca4f289afee120170101f45e5e11242425f69557a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
34516
content-md5
+eqZmJeXG8F98qiCxZdymg==
content-length
1575
x-ms-lease-status
unlocked
last-modified
Mon, 06 Nov 2023 17:29:17 GMT
server
cloudflare
etag
0x8DBDEEDE792329D
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
63b35780-201e-0038-7996-999d43000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87bf7b045f7265a8-FRA
expires
Tue, 30 Apr 2024 13:01:24 GMT
vipaa-v4-jawr-print.css
secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr-print.css
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:25 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
X-BOA-RequestID
Zi-aJQzMlnn8zlzuFeQMwQAAAMQ
X-Serviced-By
g8xhzg73QjjzqNxb3UmeKQ==--2sng8r0d+5l8e+tbCnJt1g==
Connection
Keep-Alive
Content-Length
1186
Last-Modified
Fri, 08 Mar 2024 20:49:44 GMT
Server
Oops
ETag
"4a2-6132c54f25885"
Content-Type
text/css
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=478
Expires
Tue, 29 Apr 2025 13:01:25 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		59 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept
application/json
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 13:01:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
87bf7b059b1b9ba1-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202308.1.0/ 		411 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27ff6f8b30f633a9e1954d6cc94756127292aa99560255e414bbb75b37416594
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Origin
https://miniature-resolute-camp.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
2+I2Cj649lHjQKiedh8F2Q==
age
34514
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
101254
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:47 GMT
server
cloudflare
etag
0x8DBD50E45B16C1C
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
6b739398-d01e-0095-4796-99d136000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87bf7b0c292265a8-FRA
en.json
cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/6aaf7b67-22aa-465a-a4ff-f9e4e43dc92c/ 		35 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/6aaf7b67-22aa-465a-a4ff-f9e4e43dc92c/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13c2082fd9dad18107bb2dd29f06c4413bc6664ca54c931b5d72d686ace39a9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
34513
content-md5
lSgafjDgEmZBxa2s1mjNgg==
content-length
10590
x-ms-lease-status
unlocked
last-modified
Mon, 06 Nov 2023 17:29:24 GMT
server
cloudflare
etag
0x8DBDEEDEB86A519
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
0a9f20c1-b01e-0093-4b96-99e289000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87bf7b0cca0465a8-FRA
expires
Tue, 30 Apr 2024 13:01:25 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202308.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
C2c3Qd8FHm1wstxOFHDJ2w==
age
34513
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:37 GMT
server
cloudflare
etag
0x8DBD50E3F9DEF08
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
f3c1dad0-601e-0039-6896-99c29f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87bf7b0f9e2c65a8-FRA
otPcTab.json
cdn.cookielaw.org/scripttemplates/202308.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef692caebb708b665def2aad3beab4eca949689636103edd74069a60d6da5d59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
W3M09FoULMOrbblf8iKnug==
age
34513
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13391
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:40 GMT
server
cloudflare
etag
0x8DBD50E412DA220
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
18b41016-601e-0006-0196-990a3c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87bf7b0f9e2d65a8-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202308.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
c7xAZ9MSGAobGaTYg/Qtag==
age
34513
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
165c13be-e01e-0045-6d96-99ec60000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87bf7b0f9e2e65a8-FRA
id
dpm.demdex.net/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_orgid=A9893BC75245B1D70A490D4D@AdobeOrg&d_ver=2
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/script/vipaa-v4-jawr.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.18.235.44 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-235-44.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72694a4700f9d812e46c665d6c4dc740eb95bf8b2a2f7673e51e22be232c3fc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

dcs
dcs-prod-irl1-1-v060-0a21924a3.edge-irl1.demdex.com 2 ms
pragma
no-cache
date
Mon, 29 Apr 2024 13:01:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-tid
R9UfxnwQQhw=
vary
Origin
content-type
application/json;charset=utf-8
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin
https://miniature-resolute-camp.glitch.me
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials
true
content-length
781
expires
Thu, 01 Jan 1970 00:00:00 UTC
hover.js
rail.bankofamerica.com/30306/ 		77 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rail.bankofamerica.com/30306/hover.js?dt=login&r=0.18000166486969627
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/script/vipaa-v4-jawr.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.72.120.107 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-120-107.compute-1.amazonaws.com
Software
haile /
Resource Hash
c6f38ae3bc9ea1f6d5e162fb283bb6f3358e379600efe4ee5f54b514818cfbab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 29 Apr 2024 13:01:27 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
server
haile
content-type
application/x-javascript
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-xss-protection
1
pics-label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
4aQ.js
aero.bankofamerica.com/30306/ 		74 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aero.bankofamerica.com/30306/4aQ.js?r=0.13182378117296256
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/script/vipaa-v4-jawr.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.158.171.243 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-171-243.compute-1.amazonaws.com
Software
haile /
Resource Hash
9d178f18b03db3adaece859cdf58e3188907a31499ecb489f54e271f49d9df19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 29 Apr 2024 13:01:27 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
server
haile
vary
Origin
access-control-allow-methods
GET, OPTIONS
content-type
application/x-javascript
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1
pics-label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
fsd-secure-esp-sprite.png
secure.bankofamerica.com//pa/components/modules/header-module/2.8/graphic/ 		473 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com//pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Last-Modified
Tue, 16 Aug 2022 08:48:42 GMT
Server
Oops
ETag
"1d9-5e657d0c8c396"
X-BOA-RequestID
Zi-aJ0xxuTrZFvgQRXoR3wAAAFg
X-Serviced-By
g8xhzg73QjjzqNxb3UmeKQ==--2sng8r0d+5l8e+tbCnJt1g==
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=477
Content-Length
473
help-qm-fsd.png
secure.bankofamerica.com//pa/global-assets/1.0/graphic/ 		3 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com//pa/global-assets/1.0/graphic/help-qm-fsd.png
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:27 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
X-BOA-RequestID
Zi-aJwzMlnn8zlzuFeQNPAAAAPA
X-Serviced-By
g8xhzg73QjjzqNxb3UmeKQ==--2sng8r0d+5l8e+tbCnJt1g==
Connection
Keep-Alive
Content-Length
3243
Last-Modified
Tue, 16 Aug 2022 09:03:59 GMT
Server
Oops
ETag
"c94-5e658076c55d3"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=476
Expires
Tue, 29 Apr 2025 13:01:27 GMT
gfootb-static-sprite.png
secure.bankofamerica.com//pa/components/modules/global-footer-module/2.5/graphic/ 		48 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com//pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Last-Modified
Tue, 16 Aug 2022 08:47:38 GMT
Server
Oops
ETag
"be1b-5e657ccf790c0"
X-BOA-RequestID
Zi-aJwzMlnn8zlzuFeQNQQAAALs
X-Serviced-By
g8xhzg73QjjzqNxb3UmeKQ==--2sng8r0d+5l8e+tbCnJt1g==
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=381
Content-Length
48667
gfoot-home-icon.png
secure.bankofamerica.com//pa/components/modules/global-footer-module/2.5/graphic/ 		144 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com//pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/style/vipaa-v4-jawr.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Last-Modified
Tue, 16 Aug 2022 08:47:37 GMT
Server
Oops
ETag
"90-5e657cce98aed"
X-BOA-RequestID
Zi-aJwzMlnn8zlzuFeQNPwAAANk
X-Serviced-By
g8xhzg73QjjzqNxb3UmeKQ==--2sng8r0d+5l8e+tbCnJt1g==
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=480
Content-Length
144
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
590 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
33016
x-ms-lease-status
unlocked
last-modified
Thu, 25 Apr 2024 20:00:14 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
16b9664b-301e-009d-4a96-99cb39000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87bf7b14ecb965a8-FRA
BOA.PNG
cdn.cookielaw.org/logos/9b1b72d0-06ef-4e7c-9b2a-e8bc09f34daf/5a21514a-3b71-4677-b52d-207b6f11ff68/fceb4368-db91-43cf-af24-36ac5b5badc2/ 		70 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/9b1b72d0-06ef-4e7c-9b2a-e8bc09f34daf/5a21514a-3b71-4677-b52d-207b6f11ff68/fceb4368-db91-43cf-af24-36ac5b5badc2/BOA.PNG
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69d3432300ba1610b3b7b677b5e821630636aae7f61c01e1058158e69701b2d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
jvB7VcShVhyScfVwMaUaWQ==
age
63369
content-length
71361
x-ms-lease-status
unlocked
last-modified
Thu, 13 Oct 2022 13:50:15 GMT
server
cloudflare
etag
0x8DAAD21DBA3A72F
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
556dcac7-d01e-002c-6f53-23d52c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87bf7b159b06975c-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 29 Apr 2024 13:01:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
45828
x-ms-lease-status
unlocked
last-modified
Thu, 25 Apr 2024 20:00:15 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
e7b30062-501e-008b-7b0c-983dee000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87bf7b159b0d975c-FRA
cnx-regular.woff
miniature-resolute-camp.glitch.me/pa/global-assets/1.0/font/cnx-regular/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://miniature-resolute-camp.glitch.me/pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.65.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-65-101.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Origin
https://miniature-resolute-camp.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 13:01:27 GMT
cache-control
max-age=0
content-length
3674
cc.go
miniature-resolute-camp.glitch.me/login/sign-in/ 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://miniature-resolute-camp.glitch.me/login/sign-in/cc.go
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/script/vipaa-v4-jawr.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.65.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-65-101.compute-1.amazonaws.com
Software
/
Resource Hash
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://miniature-resolute-camp.glitch.me/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 13:01:27 GMT
cache-control
max-age=0
content-length
3674
authhub-helper.js
miniature-resolute-camp.glitch.me/client/helper/spa-assets/components/utilities/client-helper/authhub-controller/authhub-helper/1.0.0/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://miniature-resolute-camp.glitch.me/client/helper/spa-assets/components/utilities/client-helper/authhub-controller/authhub-helper/1.0.0/js/authhub-helper.js
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/online-id-vipaa-module-enter-skin.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.65.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-65-101.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 13:01:27 GMT
cache-control
max-age=0
content-length
3674
script-manager-login.js
secure.bankofamerica.com/client/helper/spa-assets/components/utilities/client-helper/script-manager-login/2.0.0/js/ 		7 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com/client/helper/spa-assets/components/utilities/client-helper/script-manager-login/2.0.0/js/script-manager-login.js
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/online-id-vipaa-module-enter-skin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
1385393f70e7faa559830575660d9964a636d3b15a6994b28062b4cdb110cbc8
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:27 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
X-BOA-RequestID
Zi-aJwzMlnn8zlzuFeQNbwAAAOU
X-Serviced-By
g8xhzg73QjjzqNxb3UmeKQ==--2sng8r0d+5l8e+tbCnJt1g==
Connection
Keep-Alive
Content-Length
2213
Last-Modified
Fri, 01 Mar 2024 16:03:02 GMT
Server
Oops
ETag
"1a12-6129b82b67c2a"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Type
application/x-javascript
Cache-Control
max-age=26920000, public
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=404
Expires
Mon, 29 Apr 2024 13:01:28 GMT
cnx-regular.ttf
miniature-resolute-camp.glitch.me/pa/global-assets/1.0/font/cnx-regular/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://miniature-resolute-camp.glitch.me/pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf
Requested by
Host: miniature-resolute-camp.glitch.me
URL: https://miniature-resolute-camp.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.65.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-65-101.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Origin
https://miniature-resolute-camp.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 13:01:27 GMT
cache-control
max-age=0
content-length
3674
vendb.js
secure.bankofamerica.com/client/helper/spa-assets/components/utilities/client-helper/behbio/vendb/3.0.0/js/ 		780 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com/client/helper/spa-assets/components/utilities/client-helper/behbio/vendb/3.0.0/js/vendb.js
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/client/helper/spa-assets/components/utilities/client-helper/script-manager-login/2.0.0/js/script-manager-login.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
21d8774346a76334f7f55e9e4a742881cdd6bb5921914e397298d3a21a49c674
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:27 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
X-BOA-RequestID
Zi-aJ0xxuTrZFvgQRXoSBgAAAHo
X-Serviced-By
g8xhzg73QjjzqNxb3UmeKQ==--2sng8r0d+5l8e+tbCnJt1g==
Transfer-Encoding
chunked
Connection
Keep-Alive
Last-Modified
Sat, 09 Dec 2023 01:18:17 GMT
Server
Oops
ETag
"c2f2c-60c0979ca68bc"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Type
application/x-javascript
Cache-Control
max-age=26920000, public
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=453
Expires
Mon, 29 Apr 2024 13:01:28 GMT
iac
miniature-resolute-camp.glitch.me/login/rest/sas/sparta/v2/ 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://miniature-resolute-camp.glitch.me/login/rest/sas/sparta/v2/iac?dfp=true&_=1714395686322
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/script/vipaa-v4-jawr.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.65.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-65-101.compute-1.amazonaws.com
Software
/
Resource Hash
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json
Accept
application/json
cache-control
no-cache
Referer
https://miniature-resolute-camp.glitch.me/
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 13:01:27 GMT
cache-control
max-age=0
content-length
3674
log
miniature-resolute-camp.glitch.me/login/rest/sas/sparta/ui/event/ 		348 B
562 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://miniature-resolute-camp.glitch.me/login/rest/sas/sparta/ui/event/log
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/script/vipaa-v4-jawr.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.65.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-65-101.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
2c56ab99d001ff81aae4476e80be7f4aef1051319ad94082263ab2de814b68c4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
cache-control
no-cache
Referer
https://miniature-resolute-camp.glitch.me/
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 13:01:27 GMT
server
AmazonS3
x-amz-request-id
N8VXJ0X9DB0VM8F8
x-amz-id-2
7qqFr309+w9gEJmZTYd2pXUwLhiJT3IqZknvDbaAebISnO3tJVpICxDrGY4IrYWTZSGjDJjzhTU=
allow
HEAD, DELETE, GET, PUT
content-type
application/xml
3c7125a8-6ad8-4ed8-809a-ad1cbe4bcb70
https://miniature-resolute-camp.glitch.me/ 		185 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://miniature-resolute-camp.glitch.me/3c7125a8-6ad8-4ed8-809a-ad1cbe4bcb70
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1b745d23b485e6f8523c160f5ec3090ad3eb803a18827f5f6a64195549b2b6c7

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length
189098
Content-Type
C5ib
aero.bankofamerica.com/30306/ 		89 B
538 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aero.bankofamerica.com/30306/C5ib?d=ZW5jZEAwdFVOakNqTDFwVlBPcEdoMUtaY2l2dEJBOGNNbnFBNWVoUTFnd21ZQ2FiTjRkMThpakhtaFdpb05NMnVuUmFyR3NhcmNvNlY0ME1ySE84Z1NUMFp0L25UNkx3aERJOEo1QllNV3AyZm9kaXc1MzluMFpuYjFIZGRNeHZJcHhpQW9DRzdFajR4WWpkaEtCQ3NHRUdIM2Z0ckpoVjFVTE1VTGR3ZmNJMUdTZlpzZzJUcFRTb0diRTIrU1hCaWtIcUdmcnlOM1JFYW1LWXQwcGNNMGpXb2g3UFZianhPam1aVEJ3SlpwQlkwTGxkaDM2anRYejRzVThtQ20wQlVEbmZacWs5dFU5UWxtSUpSWFhqOGxuQy9DS3RsODBXMVVnM3RuVzdCNlBKVTE5eUVMdVpJSDBVeGdnWURXTGtqbUJrOTJWNWt4VmtqeFl6OFhUWDRYU0R5YW9vNUQrMGdVQ0JzQTFvOWNvUzVBM3AwMVJ3Q09WaUZrVHJzQTJDTnB2ZWJaWmp3SWJOM3hNWGlGc3djVCtVSC9UQVFib3l2NWhIaXZ6SE1ycDNZTW1QSGdGcmZ3VlJ0aHFQSm5ZNDZybkw0OURuWllGLzlpWmFUN2ltdVo2dks4NUxtaXM3Rm9lbkExRU5oNG5oLzlRdHdhTzZ2V0hOdDBDRjBFUkp4WUZPekZ1eEtITWpTUFdNUHNZM09GOGhrMlR0RDFWZnJYd3NtUEo1NXFsVzNLZU1VOWhvUkhTZTNqNUZETzgyVWdmUjlXdVJIbkM4OVFVc1l2SS9BVVU3TmpWSTRYZUcrbVJkRDBSTU51VGxnM1NyNzV6dz18Njg5NTkwMzkxNGEyOTI5OTgxNjRlNWE2YWYyZGViZGRmNjU4YmI2NjI0NmM0YjUyMzlmYzA0YmQ1NzJkY2I4MTA0YzliNmI0ZTlkMDJkN2Y1NjI2NTVkYWMyYTZjMmQ1NTIxNWRhYmZlNDFhZjA2YWFmMmM4ZjBhMWRiM2UxNmFiMGQwZjFjYTU0OTg1NTJiZDM3YmM5NTgxNmMzNmE3ZDIxMjkwNzYyNzIxYjIzMjcyY2IwODk3MmFkODZiNjdmNzFmNDg1NmZmYWYyNGJmZjA3ZWFiYTc3NTk3YjkxYzZiYmI3ZGE2NjQzZTNlOWJjMWEwZGZjODc5ZDg0YTgzNTczYWQyZmVlMDM5MGQ0ZjQ5ZGI0ZmEzOWM5Mzk0NzUwOTEwMGE5NjY0MWQ2YzQwMTBhMDhhOGE0OTZmZjY4ZjA1YjYwMzQ0NTI1ODc0ZTU2NGIxY2NlYzE0ZTU5ZDQ2NDY0Mzg1YWFiYjUzNTg2YTFkOGE4NjMwYzIwY2UyM2E4YWRiMzU5ZGFiYmMwNzc0OTg0MTNlMzU0ODNlYzc4YmRkYWJhYjJmNjE2YWNhYjE4OTBjMmRiOTc2MTllYjA5YzZlYjJhNTlmNDJlZDU5NTU2ZWVmZmUzM2EzOTJkYmU0NDhlOTI5ZjgwZDZmYTQyYjQ3MjExYTg3YTJjYWExNjJ8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fminiature-resolute-camp.glitch.me&LSESSIONID=eyJpIjoiNFREVElaejN4MVwvTjRJN1BEYmxjVHc9PSIsImUiOiJlTFJZQ2x1N3Fubm45TDlNeTRiM1JtQXRsZ2NHNXBEVlRVbStLZnFBUkJKMXduWUs2K1RrYnlIZ1dxTW1RbElMZ2NlXC9HYkl4Y29jZEh3WU9QQ1Vna25ZQ2xiV1wvdkEybnRaUWZuWmxITVNsaU5qb0tSOXNPdlFHU0Q0UzRTQXl1bTVQTEgzNHhHaUFZWWVpZHhtZUs2dz09In0%3D.ee2701a8ebaa1d08.MDg5NmE5YmUyYTU3Y2NiZDYwYzllNTM1NmE5NmViMGJkZjk4MWRlNWY0MmMyNDY5MGU1ZmQ5ZjY2YmQyNjU0Mw%3D%3D&t=jsonp&c=shqytyvpkqhrkivn&eu=https%3A%2F%2Fminiature-resolute-camp.glitch.me%2F
Requested by
Host: aero.bankofamerica.com
URL: https://aero.bankofamerica.com/30306/4aQ.js?r=0.13182378117296256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.158.171.243 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-171-243.compute-1.amazonaws.com
Software
haile /
Resource Hash
139e3c0382017c2a729617907fa95f676eaebcf91fc3d9633b53017e3fa999e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 29 Apr 2024 13:01:28 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
haile
content-type
text/javascript
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
content-length
89
x-xss-protection
1
pics-label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
favicon.ico
www.bankofamerica.com/pa/global-assets/1.0/graphic/ 		1 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.bankofamerica.com/pa/global-assets/1.0/graphic/favicon.ico?ts=20151018
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.118.100 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
1776ec2d36cfe2cab1aeffeb1d8d8eb4ccc53014fb6948c8ab46673df08bd7c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://miniature-resolute-camp.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 29 Apr 2024 13:01:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com;
X-BOA-RequestID
Zi-aKoDD6fe8C8UpMtkJkQAAAW4
X-Serviced-By
/pa/global-assets/1.0/graphic/favicon.ico--qzAJVSp5E8eNTvOUXo1oaw==--qoOhSKputZIxGFHV88rGSA==
Connection
Keep-Alive
Content-Length
429
Last-Modified
Tue, 16 Aug 2022 09:03:59 GMT
Server
Oops
ETag
"47e-5e658076a32f3"
Vary
Accept-Encoding
Content-Type
image/x-icon
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=442
Expires
Tue, 29 Apr 2025 13:01:30 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

455 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| OptanonWrapper string| boaVIPAAuseGzippedBundles string| boaVIPAAjawrEnabled string| dotcomURLPrefix string| pinRegexSwitch string| sbPinRegexSwitch string| newPwdStandardSwitch string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| OneTrustStub object| Optanon object| OneTrust object| boa string| jQueryVersion boolean| $scIsIE function| getInternetExplorerVersion number| $IEver function| windowSetup function| displayPopup function| boaLangSetup function| boaLocationReplace function| boaEqualHeight function| boaEqualWidth function| boaCenterAlign function| boaVerCheck function| boaTLUIFieldValidationError function| boaTLAddCustomEvent function| boaTLAddEvent object| dartTag function| dartFireOnClick function| dartFireOnClickWithoutNumParam function| dartFireOnClickSpecial function| boaOBORestricted function| asyncPrintCssInclude function| boaGetCookie function| boaSetCookie function| boaGetUrlParam object| selectBofa object| cfLoader object| boaBrowserDetect function| setFlexLayoutFooterHeight number| flexLayoutFooterHeightOriginal number| flexLayoutCenterContentHeightOriginal object| $flexLayoutFooterDiv object| $flexLayoutFooterInner object| targetParams string| bactmCookie string| mboxSelectedState object| adobeMID undefined| adobeMIDLTS string| d_orgid string| d_ver object| httpRequest function| aam_tnt_cb object| SessionTimeout object| XEngineWidgetFramework undefined| debug_g object| widgetActionArray_g object| widgetPageLocationArray_g object| widgetDivIdArray_g object| widgetDefaultContentArray_g undefined| callbackTimeoutId_g undefined| callbackJsonTimeoutId_g undefined| ranCallbackOnTimer_g undefined| callbackWidgetTimeoutId_g undefined| ranCallbackOnWidgetTimer_g number| receivedAdCounter_g undefined| ranWidgetCallbackOnTimer_g undefined| widgetCallbackTimeoutId_g undefined| widgetCallbackJsonTimeoutId_g string| snippetLoadImage function| callWidget function| sendJsonWidgetRequest function| callWidgetJSON function| callbackOnWidgetRequestTimeout function| widget_show function| clearTimeouts function| handleWidgetResponse function| sendJsonRequest function| widgetTimeoutCallBackFunction function| widgetErrorCallBackFunction function| displayDefaultContent function| handleResponse function| BofaJsHttp function| initializeTC function| callTouchClarity function| callbackOnTimeout function| callback function| intializeTCTimeOutContent function| fetchTouchClarityHtml function| convertToJSONString function| getAdditionalRequestParams function| trimValue function| debug function| boaMboxCreate function| createBOAOnClickBE function| createBOAImpressionBE function| createBOAImpression function| displayNonEcloOffer function| showTola function| renderTola function| getTolaData function| getMVTparams function| logBusinessEvent function| jsonpCallback function| removejscssfile function| loadjscssfile function| loadAllCssJsFiles function| checkDuplicateCsJsFile function| findjscssfile undefined| openSumState undefined| openSumStateUrl undefined| openState function| summaryWidgetLoaded function| setSummaryWidgetState string| $errorMessageContent object| EmbedVideoPlayerUtil string| SEP string| PAIR function| PM_FP_activeXDetect function| PM_FP_stripIllegalChars function| PM_FP_stripFullPath object| PM_FP_BrowserDetect function| PM_FP_FingerPrint function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| add_deviceprint function| PM_FP_urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_deviceprint_sk function| decrypt function| encryptA function| decryptA function| asyncEncryptField object| JSEncryptExports function| JSEncrypt object| CryptoJS undefined| otpAjaxRequest string| otpContainerID undefined| otpScriptNode undefined| otpLinkNode number| otpChildIndex string| acwServiceURL object| otpInitSettings function| showOTPWidget function| getBrowserType function| addPassMarkFlash2 boolean| isIE boolean| isWin boolean| isOpera function| ControlVersion function| GetSwfVer function| DetectFlashVer function| AC_AddExtension function| AC_Generateobj function| AC_FL_RunContent function| AC_GetArgs function| isBrowserIE function| isBrowserOpera function| getVersionString function| isExternalInterfaceCompatible function| isWidgetCompatible function| isSitekeyWidgetCompatible function| getSCookie function| glacier function| getIdentifier function| digestMessage function| getScriptTagInfo string| spwSafePassNonFlashUrl string| spwPageCode string| spwFormName string| spwDeviceIndex string| spwExpand string| spwDivId number| spwProgressBarEachPercent string| spwContainerID undefined| spwScriptNode undefined| spwLinkNode function| showNonFlashWidget object| spwProgressBar number| requiredMajorVersion number| requiredMinorVersion number| requiredRevision string| src string| width string| height string| application string| bgcolor function| showWidget function| actionECDParam object| $popupFsdHeader object| setupInterstitialModal function| actionOnlineIDParam function| actionModalParam undefined| vendorURL string| CONTEXT object| olbTnCModuleTwoScrollSkin number| lpfielderror function| validNumeriChars function| isValid function| verifySubmit function| redirectPage object| onlineidverifyEmail undefined| $ssnfirst undefined| $ssnmiddle undefined| $ssnlast object| onlineidverify function| checkLists function| trimVal object| passcodeVerifyEnroll function| processCoremetrics object| passcodeVerify object| $quickHelpBoaLangObj string| questionValue boolean| duplicateExists function| printContinue function| dualActionClick function| actionSplashParam string| requestAuthUrl string| moduleContext function| ajaxCheckBoxRequestCallBack boolean| speedBumpEnterKey string| opt string| opt480 function| englishOnlyPopUp function| SborOOLPopUp function| ORCCOutagePopUp function| openHelp function| openHelpWindow function| openHelpHeaderModelWindow function| openHelpHeaderNWWindow function| openNWHelpWindow function| MLOOLPopUp function| OOLPopUp function| showNestedLayer function| hideNestedLayer object| cmPageViewForModal string| csrfTokenHiddenValue string| isModalOpen string| isSBModalOpen string| SBLangPostfix string| SBPageLanguage function| removeSBChangePINPageLoadedIndicator string| defaultemailaddress string| createusererrormsg object| vipaaModalContentModuleCreateUserSkin function| validateEmail boolean| moduleLoad object| subUserModalContentModuleCreateUserSkinObj function| fullModelOnOpen function| fullModelOnClose function| loadmodallayer function| addCreateUserFormatError function| removeCreateUserFormatError function| callCoremetricsForCreateUserLib function| encryptSensitive object| modalContentVipaaDeleteSkin string| modalskwContainerID function| setupModalValidation number| ppwNonBlankFieldCount string| ppwNextButtonADAText string| ppwSpanishErrorText undefined| currentErrorElement object| eCLO function| validatePPWForm function| validateState function| updateNextButtonState function| trim function| resetPPWErrorBubble function| ppwAttachSubmitHandlers function| ppwError function| showError boolean| uciPilot number| widgetPageCode string| languagePrefURLUpdate object| AddSafePass object| SafePassMobileUpdateModal function| formatPhoneNumber function| placeOrderNavigation object| PlaceOrder function| callBackSPOTP number| totalNumOfPages number| currentPLPage number| targetPLPage string| settingsaddSafepass object| safePassSetSkin string| alertWidgetlanguage function| printSecurityTipsPDF function| sc_device_sort_asc function| sc_device_sort_desc string| corsSettings boolean| corsSupported boolean| usePost string| savedOIDHtml string| newOnlineID boolean| offsetFlag boolean| enrollEligible string| fpuserID string| fpEnabledStatus function| fidofpCheck function| checkFpEligibilityFn function| paintFpSection function| callToeach function| detectCors function| scRequestJSONPPOST function| scRequestJSONP function| jsonpRequestCallBack function| securityCenterChangeId function| securityCenterChangePwd function| clickChangeId function| clickChangePwd function| securityCenterDisplayQandA function| securityCenterValidateQandA function| securityCenterConfirmQandA function| clearSavedId function| editSecurityPreference function| oncloseFunc function| u2fmodalClose function| offsetTooltips function| getUrlParameter function| addServiceADAText object| $sideWellHelpBoaLangObj string| cipLabelErrorText string| cipSubmitButtonADAText string| cipButtonEnabledADAText string| cipButtonSubmittedADAText boolean| cipDOBFormatValid object| vipaaSubUserAMLCIPSkin object| vipaaSubUserEditProfileSkin string| currentDeviceId boolean| safePassFlag function| validateEditProfPhone function| loadServicesURL function| doSPWidgetCallback function| addFormatError function| removeFormatError function| callCoreMetricErrorLib function| sendToJavaScript function| changeUpandDownArrow boolean| isOBO undefined| targetModalId boolean| pageInitialized object| tpData undefined| revokedId string| tpsLanguage string| tpsRevokeButtonName string| tpsActiveStatusName string| tpsRevokedStatusName object| ModalApsMpModuleGetAppSkin function| MIDVal function| returnStateCookie function| $ function| jQuery object| boaGlobalData object| boaBrowserObject object| bactmErrArr object| vid function| targetPageParamsAll object| adobe function| mboxCreate function| mboxDefine function| mboxUpdate object| AuthHub function| applyFixPatches object| input object| KJUR object| Hex object| Base64 function| ASN1 object| matched object| browser object| boaPageDataJS object| theBody string| pageHostname boolean| captureScriptHashInfo string| captureMouseEvents number| maxMouseEvents string| ccPath string| _ia11 boolean| isFPEnabled string| FPInitAuthResponse function| enterOnlineIDFormSubmit function| triggerUiLogger boolean| enableDI string| windowsHelloSigninFailedTitle string| windowsHelloSigninFailedContent string| windowsHelloTempOffTitle string| windowsHelloTempOffContent string| windowsHelloCurrentlyOffTitle string| windowsHelloCurrentlyOffContent string| vipaaGISMaskingEnabled string| cmPageId string| cmCategoryId string| cmPageId_Modal string| cmSessionID object| appStepNumber object| appStepName object| appName string| testString number| cmFailure string| cmErrorMsg string| cmReqLocale string| locAppendage function| cmSetDD undefined| errorCode undefined| errorCodeCounter undefined| errorCodeIndex object| $boaLangObj object| $a number| version object| $flexBottomRow object| OOo object| passcodeCreateSkin object| $forgotModuleIdpwdSkin object| forgotIDPWdSkin object| _cc number| counter number| heartBeatIntervalMs number| maxCheckAttempts number| heartBeatEventsCounter string| heartBeatStatus number| heartBeatInterval object| errorList string| captureUrl function| sendCsidContext function| scriptLoadFunctions function| callOptionB function| uiLoggerCall function| startListen function| _setHeartBeatListener function| _checkHeartBeatStatus function| heartbeatapiCall function| loadIac string| pageUrl boolean| otacPage function| flushdataevents function| performFlush object| ___sc30306 object| ___so30306 function| aquarius number| CLIWHIT string| PSESSIONID string| SSESSIONID string| LSESSIONID object| __tp number| __gt object| cdwpb object| cdApi

8 Cookies

Domain/Path Name / Value
.bankofamerica.com/ Name: SPID
Value: Q2S2
.bankofamerica.com/ Name: SID
Value: 002ADF40D000662F9A25
.demdex.net/ Name: demdex
Value: 67708729876066016380016722039607590387
miniature-resolute-camp.glitch.me/ Name: adobeVisitorID
Value: {"adobeMID":{"d_mid":"67720855875587903630015435454423058062","id_sync_ttl":604800,"d_blob":"6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y","dcs_region":6,"d_ottl":7200,"ibs":[{"id":"477","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//idsync.rlcdn.com/365868.gif?partner_uid=67708729876066016380016722039607590387"]},{"id":"771","ttl":20160,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=Njc3MDg3Mjk4NzYwNjYwMTYzODAwMTY3MjIwMzk2MDc1OTAzODc="]},{"id":"903","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=miniature-resolute-camp.glitch.me&ttd_tpi=1"]},{"id":"23728","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//ssum.casalemedia.com/usermatchredir?s=183607&cb=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D23728%26dpuuid%3D__UID__"]},{"id":"30646","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=67708729876066016380016722039607590387&gdpr=0&gdpr_consent="]},{"id":"66013","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//get.truex.com/adobe/audience_manager/sync"]},{"id":"66757","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//usermatch.krxd.net/um/v2?partner=adobe&id=67708729876066016380016722039607590387"]},{"id":"302767","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//us-u.openx.net/w/1.0/cm?id=2b29b5e1-7836-48c4-a896-43668f76f459&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D302767%26dpuuid%3D%7BOPENX_ID%7D"]}],"subdomain":"bofa","tid":"R9UfxnwQQhw="}}
miniature-resolute-camp.glitch.me/ Name: DomainUrl
Value: https://miniature-resolute-camp.glitch.me
miniature-resolute-camp.glitch.me/ Name: LSESSIONID
Value: eyJpIjoiNFREVElaejN4MVwvTjRJN1BEYmxjVHc9PSIsImUiOiJlTFJZQ2x1N3Fubm45TDlNeTRiM1JtQXRsZ2NHNXBEVlRVbStLZnFBUkJKMXduWUs2K1RrYnlIZ1dxTW1RbElMZ2NlXC9HYkl4Y29jZEh3WU9QQ1Vna25ZQ2xiV1wvdkEybnRaUWZuWmxITVNsaU5qb0tSOXNPdlFHU0Q0UzRTQXl1bTVQTEgzNHhHaUFZWWVpZHhtZUs2dz09In0%3D.ee2701a8ebaa1d08.MDg5NmE5YmUyYTU3Y2NiZDYwYzllNTM1NmE5NmViMGJkZjk4MWRlNWY0MmMyNDY5MGU1ZmQ5ZjY2YmQyNjU0Mw%3D%3D
.miniature-resolute-camp.glitch.me/ Name: cdContextId
Value: 1
.miniature-resolute-camp.glitch.me/ Name: bmuid
Value: 1714395688210-A1E76ED2-5635-4186-A5F6-A59ABBDD501E

47 Console Messages

Source Level URL
Text
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://miniature-resolute-camp.glitch.me/pa/components/bundles/text-decompressed/xengine/VIPAA/9.9/script/cm-jawr.js
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/(Line 84)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/(Line 84)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/(Line 84)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
recommendation verbose URL: https://miniature-resolute-camp.glitch.me/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://secure.bankofamerica.com//pa/components/bundles/gzip-compressed/xengine/VIPAA/9.9/script/vipaa-v4-jawr.js(Line 1)
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://miniature-resolute-camp.glitch.me/client/helper/spa-assets/components/utilities/client-helper/authhub-controller/authhub-helper/1.0.0/js/authhub-helper.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://miniature-resolute-camp.glitch.me/pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://miniature-resolute-camp.glitch.me/pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://miniature-resolute-camp.glitch.me/login/rest/sas/sparta/v2/iac?dfp=true&_=1714395686322
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://miniature-resolute-camp.glitch.me/login/rest/sas/sparta/ui/event/log
Message:
Failed to load resource: the server responded with a status of 405 ()
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
worker error URL: https://miniature-resolute-camp.glitch.me/
Message:
Access to XMLHttpRequest at 'https://bup.bankofamerica.com/client/v3.1/web/wup?cid=barbie' from origin 'https://miniature-resolute-camp.glitch.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
worker error URL: https://miniature-resolute-camp.glitch.me/
Message:
Access to XMLHttpRequest at 'https://bup.bankofamerica.com/client/v3.1/web/wup?cid=barbie' from origin 'https://miniature-resolute-camp.glitch.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://miniature-resolute-camp.glitch.me/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aero.bankofamerica.com
cdn.cookielaw.org
dpm.demdex.net
geolocation.onetrust.com
miniature-resolute-camp.glitch.me
rail.bankofamerica.com
secure.bankofamerica.com
www.bankofamerica.com
171.159.118.100
171.159.118.200
18.235.65.101
2606:4700:4400::ac40:9b77
2606:4700::6813:b234
52.18.235.44
52.72.120.107
54.158.171.243
1385393f70e7faa559830575660d9964a636d3b15a6994b28062b4cdb110cbc8
139e3c0382017c2a729617907fa95f676eaebcf91fc3d9633b53017e3fa999e9
13c2082fd9dad18107bb2dd29f06c4413bc6664ca54c931b5d72d686ace39a9e
1776ec2d36cfe2cab1aeffeb1d8d8eb4ccc53014fb6948c8ab46673df08bd7c0
1b745d23b485e6f8523c160f5ec3090ad3eb803a18827f5f6a64195549b2b6c7
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
21d8774346a76334f7f55e9e4a742881cdd6bb5921914e397298d3a21a49c674
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c
27ff6f8b30f633a9e1954d6cc94756127292aa99560255e414bbb75b37416594
2c56ab99d001ff81aae4476e80be7f4aef1051319ad94082263ab2de814b68c4
2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
42a0204c02e6aa2b111e81dfe8db38ed35446b35d5b99cfecf0dd287690d9827
45ffb15ecf1ea56d3c6c84641f630cb07b43848b7e52d64a034669c908725b4b
507c9d07862848eb2252ea5aa73050168e57663e4b6887159e725017ae629386
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69d3432300ba1610b3b7b677b5e821630636aae7f61c01e1058158e69701b2d5
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
6d608a9d27ae614aa0b16fe920f6a811bf6d4f320a5819b51d3edb9672912ad9
72694a4700f9d812e46c665d6c4dc740eb95bf8b2a2f7673e51e22be232c3fc2
81b027af71f745247720e106cc3a674e9291ae024938973b7eba4e1ce959c4ef
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
8c3a92b2467fdd1c1fb222cca4f289afee120170101f45e5e11242425f69557a
90b8c4a376464910aae2957ab16bc1e9db74a856809873ca78482a6ba7faa05d
9d178f18b03db3adaece859cdf58e3188907a31499ecb489f54e271f49d9df19
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
ae7af88fff94ade13d5fb9cfa5581da810968e43e4848aa77838cea2d66308df
c6f38ae3bc9ea1f6d5e162fb283bb6f3358e379600efe4ee5f54b514818cfbab
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ef692caebb708b665def2aad3beab4eca949689636103edd74069a60d6da5d59