urlscan.io logo urlscan.io
SecurityTrails logo

www.blackrock.com Open in urlscan Pro
23.38.134.116  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.blackrock.com/gateway2/document-center/
Effective URL: https://www.blackrock.com/authplatform/user/signin
Submission: On June 25 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 1 domains to perform 36 HTTP transactions. The main IP is 23.38.134.116, located in Sydney, Australia and belongs to AKAMAI-AS, US. The main domain is www.blackrock.com. The Cisco Umbrella rank of the primary domain is 143511.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 16th 2023. Valid for: a year.
This is the only time www.blackrock.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 31 23.38.134.116 16625 (AKAMAI-AS)
3 15.197.151.86 16509 (AMAZON-02)
1 1 69.52.13.199 31747 (BLACKROCK...)
36 3
Apex Domain
Subdomains		 Transfer
35 blackrock.com
www.blackrock.com — Cisco Umbrella Rank: 143511
login.blackrock.com — Cisco Umbrella Rank: 461995
blackrock.com — Cisco Umbrella Rank: 56070
3 MB
36 1
Domain Requested by
31 www.blackrock.com 1 redirects www.blackrock.com
3 login.blackrock.com www.blackrock.com
1 blackrock.com 1 redirects
36 3

This site contains no links.

Subject Issuer Validity Valid
*.blackrock.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-16 -
2024-11-16		 a year crt.sh
login.blackrock.com
Entrust Certification Authority - L1K		 2023-07-18 -
2024-08-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.blackrock.com/authplatform/user/signin
Frame ID: A06A765F4FEA14E9E1178D1D9E04F367
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. https://www.blackrock.com/gateway2/document-center/ Page URL
  2. https://blackrock.com/authplatform/user/signin/?issuer_uri=https%3A%2F%2Flogin.blackrock.com%2Foau... HTTP 301
    https://www.blackrock.com/authplatform/user/signin/?issuer_uri=https%3A%2F%2Flogin.blackrock.com%2Foau... HTTP 302
    https://www.blackrock.com/authplatform/user/signin Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

36
Requests

92 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

3
IPs

2
Countries

2856 kB
Transfer

9372 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.blackrock.com/gateway2/document-center/ Page URL
  2. https://blackrock.com/authplatform/user/signin/?issuer_uri=https%3A%2F%2Flogin.blackrock.com%2Foauth2%2Faus7uws47fcdUMInx357&client_id=0oa7v6ndtrYFPjnxy357&redirect_uri=https%3A%2F%2Fwww.blackrock.com%2Fgateway2%2Fdocument-center&code_challenge=HvHRVtHQH-g3o4yrehdPl1dZMkWvGpcBU_nMmMKLIJ4&code_challenge_method=S256&nonce=C8CbIpXusKHO1KrOo2oiSVJj8gaeOBwpGsP9jef02Oizj1EXvGBk5rwXA276WrpW&scope=openid+profile+email+offline_access&state=eyJnd1ZlcnNpb24iOm51bGx9&disable_forgot_password=false&aladdin_auth=false&disable_registration=true&inv_type_hint=ind&site=gateway HTTP 301
    https://www.blackrock.com/authplatform/user/signin/?issuer_uri=https%3A%2F%2Flogin.blackrock.com%2Foauth2%2Faus7uws47fcdUMInx357&client_id=0oa7v6ndtrYFPjnxy357&redirect_uri=https%3A%2F%2Fwww.blackrock.com%2Fgateway2%2Fdocument-center&code_challenge=HvHRVtHQH-g3o4yrehdPl1dZMkWvGpcBU_nMmMKLIJ4&code_challenge_method=S256&nonce=C8CbIpXusKHO1KrOo2oiSVJj8gaeOBwpGsP9jef02Oizj1EXvGBk5rwXA276WrpW&scope=openid+profile+email+offline_access&state=eyJnd1ZlcnNpb24iOm51bGx9&disable_forgot_password=false&aladdin_auth=false&disable_registration=true&inv_type_hint=ind&site=gateway HTTP 302
    https://www.blackrock.com/authplatform/user/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.blackrock.com/gateway2/document-center/ 		6 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
10af57baeb5ad1a7011db2b59c8815e82387ea777e486938b1dab9f101e0dfea
Security Headers
Name Value
Content-Security-Policy default-src https://www.blackrock.com/akam/13/ https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache,public
content-encoding
gzip
content-length
2349
content-security-policy
default-src https://www.blackrock.com/akam/13/ https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
content-type
text/html; charset=UTF-8
date
Tue, 25 Jun 2024 00:29:45 GMT
etag
W/"6661879a-1583"
expires
Tue, 25 Jun 2024 00:29:44 GMT
last-modified
Thu, 06 Jun 2024 09:55:38 GMT
server
istio-envoy
strict-transport-security
max-age=31536000;preload
vary
Accept-Encoding
x-akamai-transformed
9 2085 0 pmb=mTOE,3
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
x-frame-options
SAMEORIGIN
x-host-ref
gateway-content-service-live-6b558c4bbc-m9rvt/gateway-content-service
x-region-ref
musw2
x-xss-protection
1; mode=block
blackrock_logo_72.png
www.blackrock.com/gateway2/document-center/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.blackrock.com/gateway2/document-center/blackrock_logo_72.png
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:46 GMT
content-encoding
br
x-host-ref
gateway-content-service-live-6b558c4bbc-m9rvt/gateway-content-service
x-envoy-upstream-service-time
1
x-region-ref
musw2
content-length
1928
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 06 Jun 2024 09:55:38 GMT
server
istio-envoy
etag
W/"6661879a-1583"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
expires
Tue, 25 Jun 2024 00:29:46 GMT
3fe91856
www.blackrock.com/akam/13/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/akam/13/3fe91856
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
036fb15ccc5b704d3ae81d69da598f26e849d38272ffd877c00b44ca78a76169

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 25 Jun 2024 00:29:45 GMT
content-encoding
gzip
last-modified
Thu, 22 Feb 2024 19:36:51 GMT
etag
"dcb92ac2e45db4961b7d0e097bd03c761e70db5e77269f83161ff647468dd7d6"
stored-attribute-sha-checksum
036fb15ccc5b704d3ae81d69da598f26e849d38272ffd877c00b44ca78a76169
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=21600
content-length
8773
expires
Tue, 25 Jun 2024 00:29:45 GMT
runtime.43b1938e3e7bd57e.js
www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/runtime.43b1938e3e7bd57e.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
d56bb1cdcbd4f05247ef7157ba8b8b2ac846f3bc0d76b6ab57b0bad2b1db94f3
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Origin
https://www.blackrock.com
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:45 GMT
content-encoding
br
x-host-ref
gateway-content-service-live-6b558c4bbc-g2mf6/gateway-content-service
x-envoy-upstream-service-time
12
x-region-ref
musw2
content-length
700
x-xss-protection
1; mode=block
last-modified
Thu, 06 Jun 2024 09:55:38 GMT
server
istio-envoy
etag
W/"6661879a-498"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=1591
polyfills.428a41439ca16a88.js
www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/ 		98 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/polyfills.428a41439ca16a88.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
d370cc4abcac88c3007dc4be6a488b5d072cd0bc0451f5c33cf65a7e2fc47369
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Origin
https://www.blackrock.com
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:45 GMT
content-encoding
gzip
x-host-ref
gateway-content-service-live-6b558c4bbc-g2mf6/gateway-content-service
x-envoy-upstream-service-time
12
x-region-ref
musw2
content-length
36500
x-xss-protection
1; mode=block
last-modified
Thu, 06 Jun 2024 09:55:38 GMT
server
istio-envoy
etag
W/"6661879a-1884f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=77
scripts.81a751b8783281a6.js
www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/ 		33 B
556 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/scripts.81a751b8783281a6.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
9a29b8681b97bd5ed22677d0ae804dedbf6a219d3550e653ef6ad50b7ad243e1
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:45 GMT
content-encoding
br
x-host-ref
gateway-content-service-live-6b558c4bbc-g2mf6/gateway-content-service
x-envoy-upstream-service-time
15
x-region-ref
musw2
content-length
38
x-xss-protection
1; mode=block
last-modified
Thu, 06 Jun 2024 09:55:38 GMT
server
istio-envoy
etag
W/"6661879a-21"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=1646
main.a681f9dec97db188.js
www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/ 		6 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/main.a681f9dec97db188.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
8762a1a4866d06004fdb35194de88e9ddcf2d3c6cb972ba5b39ed74f506d77f3
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Origin
https://www.blackrock.com
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:45 GMT
content-encoding
gzip
x-host-ref
gateway-content-service-live-6b558c4bbc-g2mf6/gateway-content-service
x-envoy-upstream-service-time
12
x-region-ref
musw2
content-length
1947351
x-xss-protection
1; mode=block
last-modified
Thu, 06 Jun 2024 09:55:38 GMT
server
istio-envoy
etag
W/"6661879a-5ca925"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=1700
AQAB
www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/ 		213 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b2c7254c5fb1f335121f004205ee223a66092f488bd8ede1adc521756d8d901a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 00:29:45 GMT
content-encoding
br
last-modified
Mon, 29 Apr 2024 18:42:15 GMT
etag
"6cd2b6c8c0a97cd95ae3a6accc2aa2aa6b3867e073ef5c1b4027a38d2b94ff2e"
stored-attribute-sha-checksum
b2c7254c5fb1f335121f004205ee223a66092f488bd8ede1adc521756d8d901a
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=21600, max-age=21600
content-length
77713
styles.391eb8814397b9fb.css
www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/ 		394 KB
69 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/styles.391eb8814397b9fb.css
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
c0d853b1ae4804e7ac5fc136813d4c222e860c6165f50726f1be75a8f5456a5f
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:45 GMT
content-encoding
gzip
x-host-ref
gateway-content-service-live-6b558c4bbc-g2mf6/gateway-content-service
x-envoy-upstream-service-time
11
x-region-ref
musw2
content-length
69979
x-xss-protection
1; mode=block
last-modified
Thu, 06 Jun 2024 09:55:38 GMT
server
istio-envoy
etag
W/"6661879a-62767"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=477
BLKFort-Book.7235e28bb88caa77.woff
www.blackrock.com/gateway2/document-center/ 		60 KB
61 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/gateway2/document-center/BLKFort-Book.7235e28bb88caa77.woff
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/document-center/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Origin
https://www.blackrock.com
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:46 GMT
x-host-ref
gateway-content-service-live-6b558c4bbc-m9rvt/gateway-content-service
x-envoy-upstream-service-time
1
x-region-ref
musw2
content-length
61896
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 06 Jun 2024 09:55:37 GMT
server
istio-envoy
etag
"66618799-f1c8"
x-frame-options
SAMEORIGIN
content-type
font/woff
access-control-allow-origin
https://www.blackrock.com
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Tue, 25 Jun 2024 00:29:46 GMT
AQAB
www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/ 		18 B
675 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.blackrock.com/gateway2/document-center/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 25 Jun 2024 00:29:46 GMT
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.blackrock.com
access-control-allow-credentials
true
x_req_id
d4e20b7c-e462-482c-88da-6d88017251b2
access-control-allow-headers
Content-Type
content-length
18
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		157 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
me
login.blackrock.com/api/v1/sessions/ 		163 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.blackrock.com/api/v1/sessions/me
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/polyfills.428a41439ca16a88.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; connect-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com blackrock.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; style-src 'unsafe-inline' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; frame-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com login.okta.com *.vidyard.com api-d659d5d1.duosecurity.com; img-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' blackrock.okta.com login.blackrock.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://www.blackrock.com/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZnoPehcmGzyT9TtlD9vTSAAACQw
Date
Tue, 25 Jun 2024 00:29:46 GMT
content-security-policy
default-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; connect-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com blackrock.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; style-src 'unsafe-inline' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; frame-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com login.okta.com *.vidyard.com api-d659d5d1.duosecurity.com; img-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' blackrock.okta.com login.blackrock.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
x-rate-limit-limit
3000
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
2987
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://www.blackrock.com
x-rate-limit-reset
1719275394
access-control-allow-credentials
true
cache-control
no-cache, no-store
Keep-Alive
timeout=5, max=100
expires
0
pixel_3fe91856
www.blackrock.com/akam/13/ 		0
566 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/akam/13/pixel_3fe91856
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/polyfills.428a41439ca16a88.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.blackrock.com/gateway2/document-center/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 25 Jun 2024 00:29:46 GMT
content-length
0
content-type
text/html
favicon.ico
www.blackrock.com/ 		894 B
722 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/gateway2/document-center/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self';
content-encoding
gzip
date
Tue, 25 Jun 2024 00:29:46 GMT
last-modified
Wed, 16 Mar 2011 19:43:24 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/x-icon
p3p
CP="CAO PSA OUR"
rmt
0
accept-ranges
bytes
content-length
469
x-xss-protection
1; mode=block
Primary Request signin
www.blackrock.com/authplatform/user/
Redirect Chain
  • https://blackrock.com/authplatform/user/signin/?issuer_uri=https%3A%2F%2Flogin.blackrock.com%2Foauth2%2Faus7uws47fcdUMInx357&client_id=0oa7v6ndtrYFPjnxy357&redirect_uri=https%3A%2F%2Fwww.blackrock....
  • https://www.blackrock.com/authplatform/user/signin/?issuer_uri=https%3A%2F%2Flogin.blackrock.com%2Foauth2%2Faus7uws47fcdUMInx357&client_id=0oa7v6ndtrYFPjnxy357&redirect_uri=https%3A%2F%2Fwww.blackr...
  • https://www.blackrock.com/authplatform/user/signin
11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/user/signin
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/gateway2/resources/9.4.0-rc.0/apps/document-center/main.a681f9dec97db188.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
060a318d4cc768cb5646d479a93e7d70380ce8fc9ddc028d7db88237941e029b
Security Headers
Name Value
Content-Security-Policy default-src https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
https://www.blackrock.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
private, max-age=0, no-cache, no-store
content-encoding
gzip
content-language
en-US
content-length
3992
content-security-policy
default-src https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-B9dYYqE+H3zSHkn/cT45/w=='
content-type
text/html;charset=UTF-8
date
Tue, 25 Jun 2024 00:29:48 GMT
server
istio-envoy
strict-transport-security
max-age=31536000;preload
vary
accept-encoding
x-akamai-transformed
9 4500 0 pmb=mTOE,1
x-content-type-options
nosniff
x-envoy-upstream-service-time
26
x-frame-options
SAMEORIGIN
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-region-ref
musw2
x-request-id
19010d32d80
x-xss-protection
1; mode=block

Redirect headers

cache-control
private, max-age=0, no-cache, no-store
content-language
en-US
content-length
0
content-security-policy
default-src https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-CsXHhu0IgXYWvTkIlABD0A=='
date
Tue, 25 Jun 2024 00:29:48 GMT
location
https://www.blackrock.com/authplatform/user/signin
server
istio-envoy
strict-transport-security
max-age=31536000;preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
227
x-frame-options
SAMEORIGIN
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-region-ref
musw2
x-request-id
19010d32d72
x-xss-protection
1; mode=block
okta-sign-in.min-32082203138e95c3496af212b9076cd4.css
www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/css/ 		229 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/css/okta-sign-in.min-32082203138e95c3496af212b9076cd4.css
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
a932f3ea1af48ec1a56e13ae68234fb7c2deac867a72715df976262d9c8c64cb
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-BK5iQ6okLf0TYnC9jmvJ+w=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
30
x-region-ref
musw2
content-length
34169
x-xss-protection
1; mode=block
x-request-id
19010d32d83
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=31535942
accept-ranges
bytes
up-blk-448a076406d7f4766405d46d1f81090a.css
www.blackrock.com/authplatform/assets/css/ 		310 KB
51 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/css/up-blk-448a076406d7f4766405d46d1f81090a.css
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
ca94ae9b0c7ecb566734bdb133fd499b1d073ace970dd4326ea929e2085e1c16
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-gEAeXLsIYVUH3DxDjKTOSQ=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
31
x-region-ref
musw2
x-xss-protection
1; mode=block
x-request-id
19010d32d86
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=31535994
accept-ranges
bytes
blackrock-logo-nav-white-990c18f15fbb94ab8a519fc2ac37fe43.png
www.blackrock.com/authplatform/assets/images/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.blackrock.com/authplatform/assets/images/blackrock-logo-nav-white-990c18f15fbb94ab8a519fc2ac37fe43.png
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
9d35e2e14df3cf8c5407b826f38a4a94d06c940081abc03cbebbe398007186af
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-Di4dVdPyjSkFFNhF1vURTw=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
1
x-region-ref
musw2
content-length
4977
x-xss-protection
1; mode=block
x-request-id
19010d32d85
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"990c18f15fbb94ab8a519fc2ac37fe43"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=7182
accept-ranges
bytes
expires
Tue, 25 Jun 2024 02:29:31 GMT
jquery.min-b61aa6e2d68d21b3546b5b418bf0e9c3.js
www.blackrock.com/authplatform/assets/third-party/jquery-3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/third-party/jquery-3.5.1/jquery.min-b61aa6e2d68d21b3546b5b418bf0e9c3.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Origin
https://www.blackrock.com
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-ja5rF2Uo22Gbk9g35i8n4g=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
5
x-region-ref
musw2
content-length
30964
x-xss-protection
1; mode=block
x-request-id
19010d32d87
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"b61aa6e2d68d21b3546b5b418bf0e9c3"
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
public, max-age=31535948
accept-ranges
bytes
jquery.validate.min-5861a036c2de6c2df26749fe41d57605.js
www.blackrock.com/authplatform/assets/third-party/jquery-validate-1.19.5/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/third-party/jquery-validate-1.19.5/jquery.validate.min-5861a036c2de6c2df26749fe41d57605.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-JTnN4ESYdFhnLbnE9yWCrw=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
2
x-region-ref
musw2
content-length
7924
x-xss-protection
1; mode=block
x-request-id
19010d32d90
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"5861a036c2de6c2df26749fe41d57605"
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
public, max-age=31535985
accept-ranges
bytes
popper.min-b1dbc64f8b1dfe0c089dd55b09bbbc72.js
www.blackrock.com/authplatform/assets/third-party/popper-1.12.9/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/third-party/popper-1.12.9/popper.min-b1dbc64f8b1dfe0c089dd55b09bbbc72.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
193a81e8713370250a88db26a3b201df9f841cba4a212b567ff994693bc1bf22
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Origin
https://www.blackrock.com
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-u8cFex4AEerVOPmyiIIQnw=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
3
x-region-ref
musw2
content-length
6924
x-xss-protection
1; mode=block
x-request-id
19010d32d88
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"b1dbc64f8b1dfe0c089dd55b09bbbc72"
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
okta-sign-in-no-jquery-572e337e904000b028ba5362b8a06905.js
www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/js/ 		2 MB
392 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/js/okta-sign-in-no-jquery-572e337e904000b028ba5362b8a06905.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
d6839ac85413499562ba792469a999bb988c174c2e86775f9e66a5b20243ddf8
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-FWK8O87lL69A2P8ilw5Jxw=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
14
x-region-ref
musw2
x-xss-protection
1; mode=block
x-request-id
19010d32d8e
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"572e337e904000b028ba5362b8a06905"
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
public, max-age=31535945
accept-ranges
bytes
url-polyfill-d75b8c028835f67a9c2be3ce10d9ab83.js
www.blackrock.com/authplatform/assets/third-party/url-polyfill-1.1.5/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/third-party/url-polyfill-1.1.5/url-polyfill-d75b8c028835f67a9c2be3ce10d9ab83.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
12f355afd37b8dbc4160dab556f81ce0e05c488be120c4b1e2bd4c47e69e3c20
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-psRHdzX524vsKqlXbMYlow=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
2
x-region-ref
musw2
content-length
3197
x-xss-protection
1; mode=block
x-request-id
19010d32d82
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"d75b8c028835f67a9c2be3ce10d9ab83"
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
public, max-age=31535982
accept-ranges
bytes
RainUI-10bd4a4973984db669bf407ecca96480.js
www.blackrock.com/authplatform/assets/js/ 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/js/RainUI-10bd4a4973984db669bf407ecca96480.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
f4a43b911fe2219d44fb1e7000f3f2313aca9fb31bb71d1b673b852d75a77e06
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-OlSBKAFHFtntUwnqZtrMGg=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
3
x-region-ref
musw2
content-length
6357
x-xss-protection
1; mode=block
x-request-id
19010d32d8d
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"10bd4a4973984db669bf407ecca96480"
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
public, max-age=31535941
accept-ranges
bytes
main-fd920a26d4468759af3bdc3ce1b9e2f6.js
www.blackrock.com/authplatform/assets/js/ 		15 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/js/main-fd920a26d4468759af3bdc3ce1b9e2f6.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
2f22ff3d2f0027deb04388f0c22400b40ffc6501b6832f1f8ed1a056a7e7b8a3
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-ot7NZqIB/xP+KQw1njDCQQ=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
2
x-region-ref
musw2
content-length
3548
x-xss-protection
1; mode=block
x-request-id
19010d32d84
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"fd920a26d4468759af3bdc3ce1b9e2f6"
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
user-auth-814aea3e46dfc11ca7884da3d5e308c4.js
www.blackrock.com/authplatform/assets/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/js/user-auth-814aea3e46dfc11ca7884da3d5e308c4.js
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
d6d8994beda4f40fade4f01854ba0315375c855d90c64dc168aff2670db21933
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
date
Tue, 25 Jun 2024 00:29:49 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-n8t1P6QInPrIYj7xslvZ9g=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
1
x-region-ref
musw2
content-length
2397
x-xss-protection
1; mode=block
x-request-id
19010d32d8a
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"814aea3e46dfc11ca7884da3d5e308c4"
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
AQAB
www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/ 		213 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/user/signin
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b2c7254c5fb1f335121f004205ee223a66092f488bd8ede1adc521756d8d901a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 00:29:48 GMT
content-encoding
br
last-modified
Mon, 29 Apr 2024 18:42:15 GMT
etag
"6cd2b6c8c0a97cd95ae3a6accc2aa2aa6b3867e073ef5c1b4027a38d2b94ff2e"
stored-attribute-sha-checksum
b2c7254c5fb1f335121f004205ee223a66092f488bd8ede1adc521756d8d901a
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=21600, max-age=21600
content-length
77713
me
login.blackrock.com/api/v1/sessions/ 		163 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.blackrock.com/api/v1/sessions/me
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/assets/third-party/jquery-3.5.1/jquery.min-b61aa6e2d68d21b3546b5b418bf0e9c3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
974f97dc3c7c32f67c37bdacce300feb5cc1c1ea369af155f62ef72cfc1eb59c
Security Headers
Name Value
Content-Security-Policy default-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; connect-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com blackrock.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; style-src 'unsafe-inline' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; frame-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com login.okta.com *.vidyard.com api-d659d5d1.duosecurity.com; img-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' blackrock.okta.com login.blackrock.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Okta-XsrfToken
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://www.blackrock.com/
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZnoPfhcmGzyT9TtlD9vTaAAACQw
Date
Tue, 25 Jun 2024 00:29:50 GMT
content-security-policy
default-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; connect-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com blackrock.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; style-src 'unsafe-inline' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; frame-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com login.okta.com *.vidyard.com api-d659d5d1.duosecurity.com; img-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' blackrock.okta.com login.blackrock.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
x-rate-limit-limit
3000
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
2985
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://www.blackrock.com
x-rate-limit-reset
1719275394
access-control-allow-credentials
true
cache-control
no-cache, no-store
Keep-Alive
timeout=5, max=99
expires
0
favicon.ico
www.blackrock.com/authplatform/ 		894 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
b3bc6c6810d7ddf58a413a1323523dd1b405cfdfa4a1d89eea7d9dc184e33541
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/user/signin
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:50 GMT
content-encoding
br
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-5Vlx3cFpaTyXbqm1pCnhkA=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
1
x-region-ref
musw2
content-length
490
x-xss-protection
1; mode=block
x-request-id
19010d32d9b
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type
image/x-icon
cache-control
max-age=31536000
expires
Wed, 25 Jun 2025 00:29:50 GMT
me
login.blackrock.com/api/v1/sessions/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login.blackrock.com/api/v1/sessions/me
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; connect-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com blackrock.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; style-src 'unsafe-inline' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; frame-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com login.okta.com *.vidyard.com api-d659d5d1.duosecurity.com; img-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' blackrock.okta.com login.blackrock.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-okta-xsrftoken
Access-Control-Request-Method
GET
Origin
https://www.blackrock.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Length
0
Date
Tue, 25 Jun 2024 00:29:50 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
accept-ch
Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
x-okta-xsrftoken,Content-Type
access-control-allow-methods
DELETE, GET, OPTIONS
access-control-allow-origin
https://www.blackrock.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cache-control
no-cache, no-store
content-security-policy
default-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; connect-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com blackrock.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; style-src 'unsafe-inline' 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com; frame-src 'self' blackrock.okta.com blackrock-admin.okta.com login.blackrock.com login.okta.com *.vidyard.com api-d659d5d1.duosecurity.com; img-src 'self' blackrock.okta.com login.blackrock.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' blackrock.okta.com login.blackrock.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin
x-frame-options
SAMEORIGIN
x-okta-request-id
ZnoPfqPDFr3pMp8Uo0zkAgAAC04
x-rate-limit-limit
50000
x-rate-limit-remaining
49996
x-rate-limit-reset
1719275441
x-xss-protection
0
fontawesome-webfont-af7ae505a9eed503f8b8e6982036873e.woff2
www.blackrock.com/authplatform/assets/fonts/ 		39 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/fonts/fontawesome-webfont-af7ae505a9eed503f8b8e6982036873e.woff2?v=4.7.0
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/assets/css/up-blk-448a076406d7f4766405d46d1f81090a.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/assets/css/up-blk-448a076406d7f4766405d46d1f81090a.css
Origin
https://www.blackrock.com
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:51 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-eJi/ruRSj6uva+0BMDRKpA=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
2
x-region-ref
musw2
content-length
77160
x-xss-protection
1; mode=block
x-request-id
19010d32d9c
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"af7ae505a9eed503f8b8e6982036873e"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://www.blackrock.com
cache-control
public, max-age=31535988
accept-ranges
bytes
BLKFort-Extrabold-47933bc0888be0f9b22bbe5ed2880f98.woff2
www.blackrock.com/authplatform/assets/fonts/blk-fort/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.blackrock.com/authplatform/assets/fonts/blk-fort/BLKFort-Extrabold-47933bc0888be0f9b22bbe5ed2880f98.woff2
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/assets/css/up-blk-448a076406d7f4766405d46d1f81090a.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
dc193d3eceb8576a310e88aaa25c4dde16a6a4b5a1809472755791d507d36e4c
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/assets/css/up-blk-448a076406d7f4766405d46d1f81090a.css
Origin
https://www.blackrock.com
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:51 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-FFjuWfD3M8jZxsi8GxPQUA=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
2
x-region-ref
musw2
content-length
48728
x-xss-protection
1; mode=block
x-request-id
19010d32d9d
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"47933bc0888be0f9b22bbe5ed2880f98"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://www.blackrock.com
cache-control
public, max-age=31535944
accept-ranges
bytes
BLKFort-Book-97f67d9f1f0ad7529eada91caa738b5b.woff2
www.blackrock.com/authplatform/assets/fonts/blk-fort/ 		0
0
checkbox-sign-in-widget-7846b2f8c6d0a7ca69fdd3d3c294e92d.png
www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/img/ui/forms/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/img/ui/forms/checkbox-sign-in-widget-7846b2f8c6d0a7ca69fdd3d3c294e92d.png
Requested by
Host: www.blackrock.com
URL: https://www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/css/okta-sign-in.min-32082203138e95c3496af212b9076cd4.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.134.116 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-134-116.deploy.static.akamaitechnologies.com
Software
istio-envoy /
Resource Hash
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/css/okta-sign-in.min-32082203138e95c3496af212b9076cd4.css
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000;preload
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
x-content-type-options
nosniff
date
Tue, 25 Jun 2024 00:29:51 GMT
content-security-policy-report-only
default-src https:; font-src https: data:; img-src https: data:; base-uri 'self'; object-src 'self'; media-src https: 'self'; child-src https: 'self'; worker-src https: 'self'; frame-ancestors 'self'; style-src https: 'self' 'unsafe-inline'; script-src https: 'nonce-shaYSWx73XdHOlv74Jc1TA=='
x-host-ref
cwp-atmos-live-7d8c587b7b-8x4qw/microservice
x-envoy-upstream-service-time
2
x-region-ref
musw2
content-length
3141
x-xss-protection
1; mode=block
x-request-id
19010d32d9e
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
istio-envoy
etag
W/"7846b2f8c6d0a7ca69fdd3d3c294e92d"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=7167
accept-ranges
bytes
expires
Tue, 25 Jun 2024 02:29:18 GMT
montserrat-light-webfont-6225f3ca44b83090833064727a09cc95.woff
www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/font/ 		0
0
montserrat-regular-webfont-8f2822b73b5f9c106c6f2e0db820bcbb.woff
www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/font/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.blackrock.com
URL
https://www.blackrock.com/authplatform/assets/fonts/blk-fort/BLKFort-Book-97f67d9f1f0ad7529eada91caa738b5b.woff2
Domain
www.blackrock.com
URL
https://www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/font/montserrat-light-webfont-6225f3ca44b83090833064727a09cc95.woff
Domain
www.blackrock.com
URL
https://www.blackrock.com/authplatform/assets/third-party/okta-signin-widget-5.16.1/font/montserrat-regular-webfont-8f2822b73b5f9c106c6f2e0db820bcbb.woff

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| $ function| jQuery function| Popper object| regeneratorRuntime function| setImmediate function| clearImmediate object| Backbone function| jQueryCourage object| u2f function| OktaSignIn

10 Cookies

Domain/Path Name / Value
www.blackrock.com/authplatform Name: JSESSIONID
Value: AF93A20C42ED4387AFBC438A65BA7A15
www.blackrock.com/authplatform Name: STICKY_SESSION_COOKIE_ATMOS_LIVE
Value: "c29a3fd767757ada"
www.blackrock.com/gateway2 Name: STICKY_SESSION_COOKIE_GATEWAY_CONTENT_SERVICE_LIVE
Value: "9b93821914cbed0d"
.blackrock.com/ Name: _abck
Value: 82B418446DC7A8B6EAC1FD988CFBA9D5~0~YAAQjvI3F5oVCEOQAQAACXbMTAzMS4lCrjw264UM31w3ystAgBQ+SoN+lmDA8IhqhJfnyuwF2qG7tkfx8aBc0w66LdNhz4FpEjSoSn9/JH4mRefM8NJPWFbgBSHDgh3HaO6HXZIbTEAtq5IU0qmRHbyQSSpycNPvYxX7fSN7z4PfjjYWe7uIBd2mnTyt9YQ7BPdO28SqT+5Yw4jZgV1vRCZ8jiLK8Xsm5M69noNGCQwI9U+ae4h2lzuW7MmvmEO9SuGWQbWaO3poa8Pfzmx7gXBHTPmAxzbW0gr5j8GSKsg3g+PvHMk++Xf1m9k100gz2h2bKmT8B8uxcUyXAPEJa6/EI+FMmtLieHt2WF6EhxwOY7AgiPLqiRHWozgKwd8rc8M5OZKgHG4KiiS3sg+u/H/VlmDOAyFN75j1~-1~||0||~-1
.blackrock.com/ Name: ak_bmsc
Value: 21ABBE4BBA74C73A50377657C485443E~000000000000000000000000000000~YAAQjvI3F8QVCEOQAQAALnfMTBg7AZqAl+kSltqJD5OtqjiVKK0RBS5R7dZpCokHmo0SrJNb+A0XaT7SX3UtGOekDsQIj9uYoZdf4tCYACF4PNKoz9PEAPBbB1LPU21fT/C3FdmXnUtl332XKI4NyndPTq+ECYS4oupcDsnUtPfriAIyadXrV4wT9lCOQ86UJdeVhVUDJRXPdqYPR7WK1461M1vWFsmnrnEN4/mOJB37GDfcsra+nJ2oUQTCjyOfEOwYJfjHEkWrt8FgjEESp7gyWGFId9D0r73u9kapl3DDdcjsS+9aGP+SM1GhyGm9SpQ88FkvUz4lOlxJWfZdfMwDLREhsfMjdaC7ExNvIeZTk2KR4sSKUKALGoruRdzvNc37uK0kHQglZSpaVFHcEju2ZqbKBiI7mCOK+3aqIHOSMvRU0MuZ5859XdtAWdEwDe7vFHjYvCdRwV0G0js7ldE=
login.blackrock.com/ Name: JSESSIONID
Value: FF89EDC06AA2F4F026647352B0D1EC5C
www.blackrock.com/ Name: okta-oauth-nonce
Value: C8CbIpXusKHO1KrOo2oiSVJj8gaeOBwpGsP9jef02Oizj1EXvGBk5rwXA276WrpW
www.blackrock.com/ Name: okta-oauth-state
Value: eyJnd1ZlcnNpb24iOm51bGx9
.blackrock.com/ Name: bm_sv
Value: 1700D00A45B58CF954DEAFFB99A899C7~YAAQjvI3FwIXCEOQAQAAgH/MTBhoB2BPU11D+DP5E9GSVxkFURnKJkg7oX98upZun28Lp1UpLIAYSUJ4KtcXkAsm42lDm1j+12eU/KKa1DMl8dolQ6KGBiLKQXDACVSiW6tAuTbUj2iM1EMX3uDz2pH434cr69MdadEGOhJq8iy6+1tsn7RJQAW781hjl4e26o/M3KupbJWZUCUButEXDqxMiOK3tHm5Lv9JCmSyO1c6RYGxGWg7umN1IT77wGY9jtu2~1
.blackrock.com/ Name: bm_sz
Value: B612DDBB25B32E7CBC1EE19C43DDA187~YAAQjvI3FwMXCEOQAQAAgH/MTBiSDv+5pqRCUOpNYtQ2c0Qe/4Ecwb7MQZiTVhfX5g8Kn39UhY//V5UAk9IA7FA3nZpbjo4F6ZC9746iH/zQg6VuHpQUzQrV9YEAilsVCdgmpQQRs1yyW8wPlPxzN5xxsX59VNuwfAC9YZp2QXniHeMKpHfmV14skvbkTp2WDE+9aPIDnjPINw1QXVzcvbkU6Esyex5Cx2cJwqsadBdlt4haNqhbmsT9/3JUWAH/8apElWKSCPa86HMjGATOrX6xxT03VPiyNHonVCQi6Hf/qzmHKScpDOn5JBm5QUHxzBslXbfhoKz/6s5Ovbs/nABZDh2RPCJQQRfwqLQ+zKHUBfJpOpoQrdcemZSB4O2PXQYw//XFacakkNPEgNQf+UsS+pNTPaM/K2XA5g==~3420486~3682883

2 Console Messages

Source Level URL
Text
network error URL: https://login.blackrock.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://login.blackrock.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https://www.blackrock.com/akam/13/ https://www.blackrock.com/KGV4/Juyl/aFqp/j2/hPfw/9rupGckX6t/RiQhYUIC/AU8-YjMO/AQAB https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' *.walkme.com data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com;
Strict-Transport-Security max-age=31536000;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blackrock.com
login.blackrock.com
www.blackrock.com
www.blackrock.com
15.197.151.86
23.38.134.116
69.52.13.199
036fb15ccc5b704d3ae81d69da598f26e849d38272ffd877c00b44ca78a76169
060a318d4cc768cb5646d479a93e7d70380ce8fc9ddc028d7db88237941e029b
10af57baeb5ad1a7011db2b59c8815e82387ea777e486938b1dab9f101e0dfea
12f355afd37b8dbc4160dab556f81ce0e05c488be120c4b1e2bd4c47e69e3c20
193a81e8713370250a88db26a3b201df9f841cba4a212b567ff994693bc1bf22
270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820
2f22ff3d2f0027deb04388f0c22400b40ffc6501b6832f1f8ed1a056a7e7b8a3
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
8762a1a4866d06004fdb35194de88e9ddcf2d3c6cb972ba5b39ed74f506d77f3
974f97dc3c7c32f67c37bdacce300feb5cc1c1ea369af155f62ef72cfc1eb59c
9a29b8681b97bd5ed22677d0ae804dedbf6a219d3550e653ef6ad50b7ad243e1
9d35e2e14df3cf8c5407b826f38a4a94d06c940081abc03cbebbe398007186af
a932f3ea1af48ec1a56e13ae68234fb7c2deac867a72715df976262d9c8c64cb
b2c7254c5fb1f335121f004205ee223a66092f488bd8ede1adc521756d8d901a
b3bc6c6810d7ddf58a413a1323523dd1b405cfdfa4a1d89eea7d9dc184e33541
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
c0d853b1ae4804e7ac5fc136813d4c222e860c6165f50726f1be75a8f5456a5f
ca94ae9b0c7ecb566734bdb133fd499b1d073ace970dd4326ea929e2085e1c16
d370cc4abcac88c3007dc4be6a488b5d072cd0bc0451f5c33cf65a7e2fc47369
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2
d56bb1cdcbd4f05247ef7157ba8b8b2ac846f3bc0d76b6ab57b0bad2b1db94f3
d6839ac85413499562ba792469a999bb988c174c2e86775f9e66a5b20243ddf8
d6d8994beda4f40fade4f01854ba0315375c855d90c64dc168aff2670db21933
dc193d3eceb8576a310e88aaa25c4dde16a6a4b5a1809472755791d507d36e4c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f4a43b911fe2219d44fb1e7000f3f2313aca9fb31bb71d1b673b852d75a77e06