urlscan.io logo urlscan.io
SecurityTrails logo

secure.bankofamerica.com Open in urlscan Pro
171.161.102.200  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://click.emcom.bankofamerica.com/deeplink/?qs=ee328772182f0047137470af95b3d99f91ed12e05fdfda71e6094dfdf20775797d84792fd8367ea5a41...
Effective URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCar...
Submission: On November 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 19 HTTP transactions. The main IP is 171.161.102.200, located in United States and belongs to BANKAMERICA, US. The main domain is secure.bankofamerica.com. The Cisco Umbrella rank of the primary domain is 15600.
TLS certificate: Issued by Entrust Certification Authority - L1M on May 2nd 2023. Valid for: a year.
This is the only time secure.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.111.42.50 14340 (SALESFORCE)
2 2 171.161.118.100 10794 (BANKAMERICA)
2 12 171.161.102.200 10794 (BANKAMERICA)
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
19 4
1    13.111.42.50 (United States)

ASN14340 (SALESFORCE, US)
PTR: click.emcom.bankofamerica.com
click.emcom.bankofamerica.com
2    171.161.118.100 (United States)

ASN10794 (BANKAMERICA, US)
www.bankofamerica.com
12    171.161.102.200 (United States)

ASN10794 (BANKAMERICA, US)
secure.bankofamerica.com
7    2606:4700::6812:82ec (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
Apex Domain
Subdomains		 Transfer
15 bankofamerica.com
click.emcom.bankofamerica.com — Cisco Umbrella Rank: 82132
www.bankofamerica.com — Cisco Umbrella Rank: 15159
secure.bankofamerica.com — Cisco Umbrella Rank: 15600
599 KB
7 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 342
139 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 590
295 B
0 demdex.net Failed
dpm.demdex.net Failed
19 4
Domain Requested by
12 secure.bankofamerica.com 2 redirects secure.bankofamerica.com
7 cdn.cookielaw.org secure.bankofamerica.com
cdn.cookielaw.org
2 www.bankofamerica.com 2 redirects
1 geolocation.onetrust.com cdn.cookielaw.org
1 click.emcom.bankofamerica.com 1 redirects
0 dpm.demdex.net Failed secure.bankofamerica.com
19 6

This site contains no links.

Subject Issuer Validity Valid
secure.bankofamerica.com
Entrust Certification Authority - L1M		 2023-05-02 -
2024-06-02		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Frame ID: 6A7503486627377A500868D44863139E
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://click.emcom.bankofamerica.com/deeplink/?qs=ee328772182f0047137470af95b3d99f91ed12e05fdfda71e6094dfdf207757... HTTP 302
    https://www.bankofamerica.com/deeplink/redirect.go?target=myrwrds_cc_avail&screen=MyRewards:CreditCards&ve... HTTP 301
    https://www.bankofamerica.com/myaccounts/public/brain/redirect.go?target=myrwrds_cc_avail&screen=MyRewards... HTTP 302
    https://secure.bankofamerica.com/myaccounts/public/brain/redirect.go?target=myrwrds_cc_avail&screen=MyRewards... HTTP 302
    https://secure.bankofamerica.com/login/sign-in/signOnScreen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=M... HTTP 301
    https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen... Page URL

Page Statistics

19
Requests

95 %
HTTPS

40 %
IPv6

4
Domains

6
Subdomains

4
IPs

1
Countries

732 kB
Transfer

2820 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click.emcom.bankofamerica.com/deeplink/?qs=ee328772182f0047137470af95b3d99f91ed12e05fdfda71e6094dfdf20775797d84792fd8367ea5a41879eaf2c9f5495370818f08f1d0923367e73f6ba749a1&target=myrwrds_cc_avail&screen=MyRewards:CreditCards&version=7.9.0 HTTP 302
    https://www.bankofamerica.com/deeplink/redirect.go?target=myrwrds_cc_avail&screen=MyRewards:CreditCards&version=7.9.0&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017 HTTP 301
    https://www.bankofamerica.com/myaccounts/public/brain/redirect.go?target=myrwrds_cc_avail&screen=MyRewards:CreditCards&version=7.9.0&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017 HTTP 302
    https://secure.bankofamerica.com/myaccounts/public/brain/redirect.go?target=myrwrds_cc_avail&screen=MyRewards:CreditCards&version=7.9.0&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017&channel=desktop HTTP 302
    https://secure.bankofamerica.com/login/sign-in/signOnScreen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017 HTTP 301
    https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request signOnV2Screen.go
secure.bankofamerica.com/login/sign-in/
Redirect Chain
  • https://click.emcom.bankofamerica.com/deeplink/?qs=ee328772182f0047137470af95b3d99f91ed12e05fdfda71e6094dfdf20775797d84792fd8367ea5a41879eaf2c9f5495370818f08f1d0923367e73f6ba749a1&target=myrwrds_cc...
  • https://www.bankofamerica.com/deeplink/redirect.go?target=myrwrds_cc_avail&screen=MyRewards:CreditCards&version=7.9.0&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_t...
  • https://www.bankofamerica.com/myaccounts/public/brain/redirect.go?target=myrwrds_cc_avail&screen=MyRewards:CreditCards&version=7.9.0&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewar...
  • https://secure.bankofamerica.com/myaccounts/public/brain/redirect.go?target=myrwrds_cc_avail&screen=MyRewards:CreditCards&version=7.9.0&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_re...
  • https://secure.bankofamerica.com/login/sign-in/signOnScreen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021...
  • https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_20...
35 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
409f54b52c32f6fb01a0e99670f71e6605ea7abc2d54ccce6eee63d07114478a
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache="set-cookie,set-cookie2",no-store, must-revalidate, max-age=0, private no-cache, no-store, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Language
de-DE
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Content-Type
text/html;charset=ISO-8859-1
Date
Tue, 14 Nov 2023 16:25:54 GMT
Expires
Wed, 31 Dec 1969 23:59:59 GMT
Keep-Alive
timeout=40, max=490
P3P
CP="CAO IND PHY ONL UNI FIN COM NAV INT DEM CNT STA POL HEA PRE GOV CUR ADM DEV TAI PSA PSD IVAi IVDi CONo TELo OUR SAMi OTRi"
Pragma
no-cache no-cache
Server
Oops
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-BOA-RequestID
ZVOfkjXtb1DXhw-zj10N9wAAAY0
X-Frame-Options
DENY SAMEORIGIN
X-Serviced-By
diM6vXDIT+lEZ4rRee5MYw==--PxG6UQGokj586Na51M60ow==

Redirect headers

Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Location
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Server
Oops
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Serviced-By
PxG6UQGokj586Na51M60ow==--NqVVd77/OGwA7oMKnC6v0g==
otSDKStub.js
cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/otSDKStub.js
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae7af88fff94ade13d5fb9cfa5581da810968e43e4848aa77838cea2d66308df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.bankofamerica.com/
Origin
https://secure.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 14 Nov 2023 16:25:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
43645
content-md5
zj32Cvf5RtLIH/3Db/yIDw==
content-length
6934
x-ms-lease-status
unlocked
last-modified
Mon, 06 Nov 2023 17:29:17 GMT
server
cloudflare
etag
0x8DBDEEDE7A605CB
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
aab3b981-e01e-0018-3ed6-10e6e4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
82609cf7ca9a65c5-FRA
expires
Wed, 15 Nov 2023 16:25:55 GMT
vipaa-v4-jawr.css
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.7/style/ 		447 KB
66 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.7/style/vipaa-v4-jawr.css
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
81b027af71f745247720e106cc3a674e9291ae024938973b7eba4e1ce959c4ef
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date
Tue, 14 Nov 2023 16:25:55 GMT
Age
168
X-BOA-RequestID
ZUrI_7oRCMViV8q_dnQJOwAAARw
X-Serviced-By
x7umcEog6WkwfD/VExRoQQ==--nAzaiaRffzjVsY5qx4ThuQ==
Connection
Keep-Alive
Content-Length
65675
Last-Modified
Wed, 25 Oct 2023 21:31:55 GMT
Server
Oops
ETag
"1008b-608912f3588fe"
Content-Type
text/css
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=500
Expires
Wed, 13 Nov 2024 16:23:08 GMT
vipaa-v4-jawr.js
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.7/script/ 		2 MB
355 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.7/script/vipaa-v4-jawr.js
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date
Tue, 14 Nov 2023 16:25:55 GMT
Age
165
X-BOA-RequestID
ZVOGRtG_vkaDOlPx5tF-IwAAAN8
X-Serviced-By
tMPZ3dMn9jiG1sH++jzLhw==--PxG6UQGokj586Na51M60ow==
Connection
Keep-Alive
Content-Length
361885
Last-Modified
Wed, 25 Oct 2023 21:31:55 GMT
Server
Oops
ETag
"5859d-608912f35812e"
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=499
Expires
Wed, 13 Nov 2024 16:23:11 GMT
jquery-migrate-custom.js
secure.bankofamerica.com/pa/global-assets/1.0/script/libraries/ 		10 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com/pa/global-assets/1.0/script/libraries/jquery-migrate-custom.js
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
507c9d07862848eb2252ea5aa73050168e57663e4b6887159e725017ae629386
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date
Tue, 14 Nov 2023 16:25:55 GMT
Last-Modified
Tue, 16 Aug 2022 09:04:27 GMT
Server
Oops
Age
703
ETag
"2753-5e6580913c7a1"
X-BOA-RequestID
ZUwGF2Xr2sZeyFYB_UUcQwAAAEs
X-Serviced-By
rNUcf7nVdkTfbvez8p2wiA==--n9msiBQK4Q3Ic2IAbHsKJw==
Content-Type
application/x-javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=500
Content-Length
10067
BofA_rgb.png
secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/ 		38 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/BofA_rgb.png
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date
Tue, 14 Nov 2023 16:25:56 GMT
Age
631
X-BOA-RequestID
ZUrJALoRCMViV8q_dnQJQQAAATA
X-Serviced-By
x7umcEog6WkwfD/VExRoQQ==--nAzaiaRffzjVsY5qx4ThuQ==
Connection
Keep-Alive
Content-Length
23389
Last-Modified
Tue, 05 Feb 2019 20:28:24 GMT
Server
Oops
ETag
"99fe-5812b73724a00"
Vary
Accept-Encoding
Content-Type
image/png
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=497
online-id-vipaa-module-enter-skin.js
secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/ 		52 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/online-id-vipaa-module-enter-skin.js
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
e730cb2acdc41d33187c23db8b32cf6c6964be83cce653fb0abaf77cd69fdb0b
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date
Tue, 14 Nov 2023 16:25:55 GMT
Last-Modified
Wed, 25 Oct 2023 21:31:55 GMT
Server
Oops
Age
673
ETag
"d006-608912f3abd06"
X-BOA-RequestID
ZVMPGIVWHiG4Ka0yLDfBuQAAANQ
X-Serviced-By
tpkTGj8hIWTBvaH0zCq5KA==--PxG6UQGokj586Na51M60ow==
Content-Type
application/x-javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=500
Content-Length
53254
mobile_llama.png
secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/mobile_llama.png
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date
Tue, 14 Nov 2023 16:25:55 GMT
Last-Modified
Tue, 16 Aug 2022 08:36:34 GMT
Server
Oops
Age
555
ETag
"4adf-5e657a56463dd"
X-BOA-RequestID
ZUrJALoRCMViV8q_dnQJQgAAAR8
X-Serviced-By
x7umcEog6WkwfD/VExRoQQ==--nAzaiaRffzjVsY5qx4ThuQ==
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=496
Content-Length
19167
cm-jawr.js
secure.bankofamerica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.7/script/ 		41 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.7/script/cm-jawr.js
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
e49851a126b4eac23416ee43bc11329b8cf2a857018e030191c4b649a975fb61
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date
Tue, 14 Nov 2023 16:25:56 GMT
Age
587
X-BOA-RequestID
ZUrJALoRCMViV8q_dnQJQAAAAVQ
X-Serviced-By
x7umcEog6WkwfD/VExRoQQ==--nAzaiaRffzjVsY5qx4ThuQ==
Connection
Keep-Alive
Content-Length
42027
Last-Modified
Wed, 25 Oct 2023 21:31:55 GMT
Server
Oops
ETag
"a42b-608912f3a3836"
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=498
Expires
Wed, 13 Nov 2024 16:16:10 GMT
pill.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/pill.png
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
6d608a9d27ae614aa0b16fe920f6a811bf6d4f320a5819b51d3edb9672912ad9
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date
Tue, 14 Nov 2023 16:25:56 GMT
Last-Modified
Wed, 25 Oct 2023 21:31:55 GMT
Server
Oops
Age
171
ETag
"7e6-608912f3af79e"
X-BOA-RequestID
ZUrJALoRCMViV8q_dnQJRgAAASs
X-Serviced-By
x7umcEog6WkwfD/VExRoQQ==--nAzaiaRffzjVsY5qx4ThuQ==
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=495
Content-Length
2022
72e99fdc-3ef1-452a-9b02-e35228fa4504.json
cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/72e99fdc-3ef1-452a-9b02-e35228fa4504.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c3a92b2467fdd1c1fb222cca4f289afee120170101f45e5e11242425f69557a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 14 Nov 2023 16:25:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
43108
content-md5
+eqZmJeXG8F98qiCxZdymg==
content-length
1575
x-ms-lease-status
unlocked
last-modified
Mon, 06 Nov 2023 17:29:17 GMT
server
cloudflare
etag
0x8DBDEEDE792329D
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
7d83a0db-301e-0079-69af-12c5a7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
82609cf81aff65c5-FRA
expires
Wed, 15 Nov 2023 16:25:55 GMT
vipaa-v4-jawr-print.css
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.7/style/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.7/style/vipaa-v4-jawr-print.css
Requested by
Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=myrwrds_cc_avail&version=7.9.0&screen=MyRewards:CreditCards&channel=desktop&cm_mmc=Cons-CC-Redemption-_-email-_-CE24EM007O_2021_redeem_rewards_cta_button_top-_-03289_cr_082017
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date
Tue, 14 Nov 2023 16:25:56 GMT
Age
135
X-BOA-RequestID
ZUrJALoRCMViV8q_dnQJRAAAARI
X-Serviced-By
x7umcEog6WkwfD/VExRoQQ==--nAzaiaRffzjVsY5qx4ThuQ==
Connection
Keep-Alive
Content-Length
1186
Last-Modified
Wed, 25 Oct 2023 21:31:55 GMT
Server
Oops
ETag
"4a2-608912f3588fe"
Content-Type
text/css
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=499
Expires
Wed, 13 Nov 2024 16:23:42 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		59 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://secure.bankofamerica.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 16:25:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
82609cf8cd7a1b93-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202308.1.0/ 		411 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83cd40d5b73b0f57037e3cae87a07f7312de87789af062a47bae94cba94bcc2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.bankofamerica.com/
Origin
https://secure.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 14 Nov 2023 16:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
2+I2Cj649lHjQKiedh8F2Q==
age
48983
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
101254
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:47 GMT
server
cloudflare
etag
0x8DBD50E45B16C1C
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
272d3c33-f01e-0049-2fb5-0e7b68000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
82609d01bf4465c5-FRA
en.json
cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/6aaf7b67-22aa-465a-a4ff-f9e4e43dc92c/ 		35 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/72e99fdc-3ef1-452a-9b02-e35228fa4504/6aaf7b67-22aa-465a-a4ff-f9e4e43dc92c/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13c2082fd9dad18107bb2dd29f06c4413bc6664ca54c931b5d72d686ace39a9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 14 Nov 2023 16:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
48983
content-md5
lSgafjDgEmZBxa2s1mjNgg==
content-length
10590
x-ms-lease-status
unlocked
last-modified
Mon, 06 Nov 2023 17:29:24 GMT
server
cloudflare
etag
0x8DBDEEDEB86A519
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f2cd6985-401e-00a8-4c35-14a72d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
82609d023fbd65c5-FRA
expires
Wed, 15 Nov 2023 16:25:56 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202308.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 14 Nov 2023 16:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
C2c3Qd8FHm1wstxOFHDJ2w==
age
34695
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:37 GMT
server
cloudflare
etag
0x8DBD50E3F9DEF08
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
a70993fa-601e-0080-31b5-0ec685000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
82609d02983965c5-FRA
otPcTab.json
cdn.cookielaw.org/scripttemplates/202308.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef692caebb708b665def2aad3beab4eca949689636103edd74069a60d6da5d59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 14 Nov 2023 16:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
W3M09FoULMOrbblf8iKnug==
age
38393
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13391
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:40 GMT
server
cloudflare
etag
0x8DBD50E412DA220
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
d0913218-b01e-0048-61cd-1224b4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
82609d02983c65c5-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202308.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 14 Nov 2023 16:25:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
c7xAZ9MSGAobGaTYg/Qtag==
age
30378
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
21861088-301e-0079-4ab5-0ec5a7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
82609d02983e65c5-FRA
id
dpm.demdex.net/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
dpm.demdex.net
URL
https://dpm.demdex.net/id?d_orgid=A9893BC75245B1D70A490D4D@AdobeOrg&d_ver=2

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Domain/Path Name / Value
.bankofamerica.com/ Name: SPID
Value: F2S2
.bankofamerica.com/ Name: SID
Value: 0025FF613C0065539F92
.secure.bankofamerica.com/ Name: TS017f5af8
Value: 01147007f7140a679b558521a804adb94329c010a05a89c1c35d72e97f550de7af58c1c7b2ca3daada0370a0a54be75837126f4559
secure.bankofamerica.com/ Name: JS_VIPAA
Value: 0000KVSODkqybAIwKozVYeLtASF:1e7bsgiqh
.bankofamerica.com/ Name: BOFA_LOCALE_COOKIE
Value: en-US

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.cookielaw.org
click.emcom.bankofamerica.com
dpm.demdex.net
geolocation.onetrust.com
secure.bankofamerica.com
www.bankofamerica.com
dpm.demdex.net
13.111.42.50
171.161.102.200
171.161.118.100
2606:4700:4400::6812:2089
2606:4700::6812:82ec
13c2082fd9dad18107bb2dd29f06c4413bc6664ca54c931b5d72d686ace39a9e
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
409f54b52c32f6fb01a0e99670f71e6605ea7abc2d54ccce6eee63d07114478a
507c9d07862848eb2252ea5aa73050168e57663e4b6887159e725017ae629386
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
6d608a9d27ae614aa0b16fe920f6a811bf6d4f320a5819b51d3edb9672912ad9
81b027af71f745247720e106cc3a674e9291ae024938973b7eba4e1ce959c4ef
83cd40d5b73b0f57037e3cae87a07f7312de87789af062a47bae94cba94bcc2f
8c3a92b2467fdd1c1fb222cca4f289afee120170101f45e5e11242425f69557a
ae7af88fff94ade13d5fb9cfa5581da810968e43e4848aa77838cea2d66308df
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
e49851a126b4eac23416ee43bc11329b8cf2a857018e030191c4b649a975fb61
e730cb2acdc41d33187c23db8b32cf6c6964be83cce653fb0abaf77cd69fdb0b
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ef692caebb708b665def2aad3beab4eca949689636103edd74069a60d6da5d59