secure.bankofamerica.com Open in urlscan Pro
171.159.116.200 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.emcom.bankofamerica.com/deeplink/?qs=bc90b147e1a4d64e36b9e99c2fc20c643006b351d221d556df28d985a5944e779a995816b72812bd9b5...
Effective URL:
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:...
Submission: On June 03 via manual (June 3rd 2022, 2:08:33 pm UTC) from US — Scanned from DE

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 2 domains to perform 28 HTTP transactions. The main IP is 171.159.116.200, located in United States and belongs to BANKAMERICA, US. The main domain is secure.bankofamerica.com. The Cisco Umbrella rank of the primary domain is 10333.
TLS certificate: Issued by Entrust Certification Authority - L1M on August 19th 2021. Valid for: a year.

This is the only time secure.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.111.42.50 13.111.42.50	22606 (EXACT-7) (EXACT-7)
2 2	171.159.116.100 171.159.116.100	10794 (BANKAMERICA) (BANKAMERICA)
2 20	171.159.116.200 171.159.116.200	10794 (BANKAMERICA) (BANKAMERICA)
1	54.155.94.243 54.155.94.243	16509 (AMAZON-02) (AMAZON-02)
1	34.249.67.192 34.249.67.192	16509 (AMAZON-02) (AMAZON-02)
1	3.217.219.242 3.217.219.242	14618 (AMAZON-AES) (AMAZON-AES)
1 2	3.86.136.12 3.86.136.12	14618 (AMAZON-AES) (AMAZON-AES)
2	34.226.239.202 34.226.239.202	14618 (AMAZON-AES) (AMAZON-AES)
1	52.201.202.47 52.201.202.47	14618 (AMAZON-AES) (AMAZON-AES)
1	52.207.70.124 52.207.70.124	14618 (AMAZON-AES) (AMAZON-AES)
1	171.159.116.101 171.159.116.101	10794 (BANKAMERICA) (BANKAMERICA)
28	10

1 13.111.42.50 (United States) 1 redirects

ASN22606 (EXACT-7, US)
PTR: click.emcom.bankofamerica.com

click.emcom.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 171.159.116.100 (United States) 2 redirects

ASN10794 (BANKAMERICA, US)

www.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 171.159.116.200 (United States) 2 redirects

ASN10794 (BANKAMERICA, US)

secure.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.155.94.243 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-94-243.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.67.192 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-67-192.eu-west-1.compute.amazonaws.com

target.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.217.219.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-219-242.compute-1.amazonaws.com

rail.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.86.136.12 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-86-136-12.compute-1.amazonaws.com

sofa.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.226.239.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-239-202.compute-1.amazonaws.com

boss.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.201.202.47 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-202-47.compute-1.amazonaws.com

aero.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.207.70.124 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-70-124.compute-1.amazonaws.com

dull.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 171.159.116.101 (United States)

ASN10794 (BANKAMERICA, US)

origin-bac-assets.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	bankofamerica.com 6 redirects click.emcom.bankofamerica.com — Cisco Umbrella Rank: 91044 www.bankofamerica.com — Cisco Umbrella Rank: 9436 secure.bankofamerica.com — Cisco Umbrella Rank: 10333 target.bankofamerica.com — Cisco Umbrella Rank: 18470 rail.bankofamerica.com — Cisco Umbrella Rank: 12997 sofa.bankofamerica.com — Cisco Umbrella Rank: 9370 boss.bankofamerica.com — Cisco Umbrella Rank: 12933 aero.bankofamerica.com — Cisco Umbrella Rank: 11315 dull.bankofamerica.com — Cisco Umbrella Rank: 12963 origin-bac-assets.bankofamerica.com — Cisco Umbrella Rank: 16173	950 KB
1	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 194	775 B
28	2

	Domain	Requested by
20	secure.bankofamerica.com	2 redirects secure.bankofamerica.com
2	boss.bankofamerica.com	rail.bankofamerica.com
2	sofa.bankofamerica.com	1 redirects secure.bankofamerica.com
2	www.bankofamerica.com	2 redirects
1	origin-bac-assets.bankofamerica.com	secure.bankofamerica.com
1	dull.bankofamerica.com	rail.bankofamerica.com
1	aero.bankofamerica.com	rail.bankofamerica.com
1	rail.bankofamerica.com	secure.bankofamerica.com
1	target.bankofamerica.com	secure.bankofamerica.com
1	dpm.demdex.net	secure.bankofamerica.com
1	click.emcom.bankofamerica.com	1 redirects
28	11

This site contains no links.

Subject Issuer	Validity	Valid
secure.bankofamerica.com Entrust Certification Authority - L1M	`2021-08-19` - `2022-08-19`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
target.bankofamerica.com Entrust Certification Authority - L1M	`2022-03-09` - `2023-03-09`	a year	crt.sh
rail.bankofamerica.com Entrust Certification Authority - L1M	`2021-07-15` - `2022-07-15`	a year	crt.sh
boss.bankofamerica.com Entrust Certification Authority - L1M	`2021-07-16` - `2022-07-16`	a year	crt.sh
aero.bankofamerica.com Entrust Certification Authority - L1M	`2021-07-16` - `2022-07-16`	a year	crt.sh
dull.bankofamerica.com Entrust Certification Authority - L1M	`2021-07-16` - `2022-07-16`	a year	crt.sh
origin-bac-assets.bankofamerica.com Entrust Certification Authority - L1M	`2021-11-03` - `2022-11-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
Frame ID: 0BA4DE500433E2D13717436D9C6A83D7
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://click.emcom.bankofamerica.com/deeplink/?qs=bc90b147e1a4d64e36b9e99c2fc20c643006b351d221d556df28d985a5944e7... HTTP 302
https://www.bankofamerica.com/deeplink/redirect.go?target=retailoffers&screen=BalanceGeneration:PurchaseOf... HTTP 301
https://www.bankofamerica.com/myaccounts/public/brain/redirect.go?target=retailoffers&screen=BalanceGenera... HTTP 302
https://secure.bankofamerica.com/myaccounts/public/brain/redirect.go?target=retailoffers&screen=BalanceGenera... HTTP 302
https://secure.bankofamerica.com/login/sign-in/signOnScreen.go?reason=hs_retailoffers&version=21.07.0&screen=... HTTP 301
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&scree... Page URL

Page Statistics

28
Requests

93 %
HTTPS

0 %
IPv6

2
Domains

11
Subdomains

10
IPs

2
Countries

945 kB
Transfer

2761 kB
Size

23
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.emcom.bankofamerica.com/deeplink/?qs=bc90b147e1a4d64e36b9e99c2fc20c643006b351d221d556df28d985a5944e779a995816b72812bd9b5f7d69325af6f05ca805c9c976a42bde575b293615abe4&target=retailoffers&screen=BalanceGeneration:PurchaseOffer&version=21.07.0 HTTP 302
https://www.bankofamerica.com/deeplink/redirect.go?target=retailoffers&screen=BalanceGeneration:PurchaseOffer&version=21.07.0&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_- HTTP 301
https://www.bankofamerica.com/myaccounts/public/brain/redirect.go?target=retailoffers&screen=BalanceGeneration:PurchaseOffer&version=21.07.0&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_- HTTP 302
https://secure.bankofamerica.com/myaccounts/public/brain/redirect.go?target=retailoffers&screen=BalanceGeneration:PurchaseOffer&version=21.07.0&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-&channel=desktop HTTP 302
https://secure.bankofamerica.com/login/sign-in/signOnScreen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_- HTTP 301
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_- Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://sofa.bankofamerica.com/eluminate?tid=6&ci=90010394&vn2=e4.0&st=1654265296814&vn1=4.2.7.1BOA&ec=utf-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1654267487228&pc=Y&jv=1.5&np0=Chrome%2520PDF%2520Plugin&np1=Chrome%2520PDF%2520Viewer&np2=Native%2520Client&je=n&sw=1600&sh=1200&pd=24&tz=0&ul=https%3A//secure.bankofamerica.com/login/sign-in/signOnV2Screen.go%3Freason%3Dhs_retailoffers%26version%3D21.07.0%26screen%3DBalanceGeneration%3APurchaseOffer%26channel%3Ddesktop%26cm_mmc%3DCons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_- HTTP 302
https://sofa.bankofamerica.com/cm?tid=6&ci=90010394&vn2=e4.0&st=1654265296814&vn1=4.2.7.1BOA&ec=utf-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1654267487228&pc=Y&jv=1.5&np0=Chrome%2520PDF%2520Plugin&np1=Chrome%2520PDF%2520Viewer&np2=Native%2520Client&je=n&sw=1600&sh=1200&pd=24&tz=0&ul=https%3A//secure.bankofamerica.com/login/sign-in/signOnV2Screen.go%3Freason%3Dhs_retailoffers%26version%3D21.07.0%26screen%3DBalanceGeneration%3APurchaseOffer%26channel%3Ddesktop%26cm_mmc%3DCons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-&cvdone=p

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request signOnV2Screen.go Show response
secure.bankofamerica.com/login/sign-in/
Redirect Chain

https://click.emcom.bankofamerica.com/deeplink/?qs=bc90b147e1a4d64e36b9e99c2fc20c643006b351d221d556df28d985a5944e779a995816b72812bd9b5f7d69325af6f05ca805c9c976a42bde575b293615abe4&target=retailoffe...
https://www.bankofamerica.com/deeplink/redirect.go?target=retailoffers&screen=BalanceGeneration:PurchaseOffer&version=21.07.0&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
https://www.bankofamerica.com/myaccounts/public/brain/redirect.go?target=retailoffers&screen=BalanceGeneration:PurchaseOffer&version=21.07.0&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_...
https://secure.bankofamerica.com/myaccounts/public/brain/redirect.go?target=retailoffers&screen=BalanceGeneration:PurchaseOffer&version=21.07.0&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activa...
https://secure.bankofamerica.com/login/sign-in/signOnScreen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24...
https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV...

34 KB
13 KB

243ms
243ms

Document
text/html

171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

0c676cb85183948b483436b377c485fcb47d51cc2333a1d5875c5bdaf75a14e5

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' boa-api.arkoselabs.com .bac-assets.com .tiqcdn.com .bankofamerica.com .baml.com .bofa.com .ml.com .merrill.com .merrilledge.com .mymerrill.com .ustrust.com .glance.net .glancecdn.net .myglance.net s3.amazonaws.com .cobrowse.oraclecloud.com .oraclecloud.com www.google-analytics.com .convertro.com idsync.rlcdn.com .coremetrics.com .brightcove.net .brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: .bac-assets.com .bankofamerica.com .glancecdn.net .cobrowse.oraclecloud.com .oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Max-Age: 3600
Cache-Control: no-cache="set-cookie,set-cookie2",no-store, must-revalidate, max-age=0, private no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Language: de-DE
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Content-Type: text/html;charset=ISO-8859-1
Date: Fri, 03 Jun 2022 14:08:14 GMT
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Keep-Alive: timeout=40, max=455
P3P: CP="CAO IND PHY ONL UNI FIN COM NAV INT DEM CNT STA POL HEA PRE GOV CUR ADM DEV TAI PSA PSD IVAi IVDi CONo TELo OUR SAMi OTRi"
Pragma: no-cache no-cache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-BOA-RequestID: YpoVzlXdnR99sqqQbSXeUAAAAik
X-Frame-Options: DENY SAMEORIGIN
X-Serviced-By: TugxRjehZpMhzlze+WeJzw==--m4PfFjCllk0igUoysy/t2A==

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Server: BigIP
Strict-Transport-Security: max-age=31536000
location: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-

GET
H/1.1 200
OK vipaa-v4-jawr.css
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/ 447 KB
65 KB 112ms
112ms Stylesheet
text/css 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

3e83083bfbd6c5b1c882ed14adcf21e9d89eb8530a3d09e9c598232e2f333d89

Security Headers

Name

Value

Content-Security-Policy

script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: "1006f-5dfa06a13f65e"
Age: 193
X-BOA-RequestID: Yo0aYCHBDP4wfuAA5nyHfwAAAmM
X-Serviced-By: qSxWHe5NfKlQBFKNlGX6uQ==--cMlGTST68DJOLS2SItC7iA==
Connection: Keep-Alive
Content-Length: 65647
Last-Modified: Sun, 22 May 2022 21:29:11 GMT
Date: Fri, 03 Jun 2022 14:08:14 GMT
Access-Control-Max-Age: 3600
Content-Type: text/css
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=499
Expires: Sat, 03 Jun 2023 14:05:02 GMT

GET
H/1.1 200
OK vipaa-v4-jawr.js Show response
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/script/ 1 MB
343 KB 534ms
321ms Script
application/x-javascript 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/script/vipaa-v4-jawr.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

acc2271d05a8e653a62e99e73bfb7e2b58c7fff3355081e38127a5c96c1caa6b

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: "55855-5dfa06a12b9f6"
Age: 549
X-BOA-RequestID: YpoQJRwvA-bSPQRg7kgQqAAAAd4
X-Serviced-By: 7HMmmRuapJ8POCiik3GnjA==--JET3YUxWIWjaeamF/8c0uQ==
Connection: Keep-Alive
Content-Length: 350293
Last-Modified: Sun, 22 May 2022 21:29:10 GMT
Date: Fri, 03 Jun 2022 14:08:15 GMT
Access-Control-Max-Age: 3600
Content-Type: application/x-javascript
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=413
Expires: Sat, 03 Jun 2023 13:59:07 GMT

GET
H/1.1 200
OK jquery-migrate-custom.js Show response
secure.bankofamerica.com/pa/global-assets/1.0/script/libraries/ 10 KB
11 KB 560ms
333ms Script
application/x-javascript 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/global-assets/1.0/script/libraries/jquery-migrate-custom.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

507c9d07862848eb2252ea5aa73050168e57663e4b6887159e725017ae629386

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: "2753-5df367f357a0a"
Age: 828
X-BOA-RequestID: YpoA-neAMu8GAVJo3gEHuQAAAaU
X-Serviced-By: qSxWHe5NfKlQBFKNlGX6uQ==--m4PfFjCllk0igUoysy/t2A==
Connection: Keep-Alive
Content-Length: 10067
Last-Modified: Tue, 17 May 2022 15:07:18 GMT
Date: Fri, 03 Jun 2022 14:08:15 GMT
Access-Control-Max-Age: 3600
Content-Type: application/x-javascript
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=404

GET
H/1.1 200
OK BofA_rgb.png
secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/ 38 KB
24 KB 113ms
113ms Image
image/png 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/BofA_rgb.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: "99fe-5812b73724a00"
Age: 192
X-BOA-RequestID: Yo0aYYE573p9VYPmXu63EQAAAeg
X-Serviced-By: qSxWHe5NfKlQBFKNlGX6uQ==--cMlGTST68DJOLS2SItC7iA==
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 23389
Last-Modified: Tue, 05 Feb 2019 20:28:24 GMT
Date: Fri, 03 Jun 2022 14:08:16 GMT
Access-Control-Max-Age: 3600
Content-Type: image/png
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=496

GET
H/1.1 200
OK online-id-vipaa-module-enter-skin.js Show response
secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/ 50 KB
51 KB 222ms
222ms Script
application/x-javascript 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/online-id-vipaa-module-enter-skin.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

22f94b2dd979877281efdae21a32127f751bd60e845715302cc733e8b9d467ab

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: "c619-5df3676f1b87b"
Age: 185
X-BOA-RequestID: Ypnx46gHOZZmwC3HFsKpmwAAAn4
X-Serviced-By: kkW3FjfCaiVldALL4OOljg==--toYRw+gmVxgHlYKmGyaBPw==
Connection: Keep-Alive
Content-Length: 50713
Last-Modified: Tue, 17 May 2022 15:05:00 GMT
Date: Fri, 03 Jun 2022 14:08:15 GMT
Access-Control-Max-Age: 3600
Content-Type: application/x-javascript
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=280

GET
H/1.1 200
OK cau-loginBehBio.js Show response
secure.bankofamerica.com/pa/components/utilities/ah-continuous-auth-util/1.1/deploy/ 8 KB
9 KB 112ms
111ms Script
application/x-javascript 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/components/utilities/ah-continuous-auth-util/1.1/deploy/cau-loginBehBio.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

9cfc7c4aa58848758fc5d7bff01f3512aef145cddd661217abd36720a378b812

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: "1f2d-5dfa06a22948f"
Age: 186
X-BOA-RequestID: YpoDfIri2wJOS-XTz1Uo6AAAAn4
X-Serviced-By: z0+MsWiE6yFI4bLYtC7ECw==--cMlGTST68DJOLS2SItC7iA==
Connection: Keep-Alive
Content-Length: 7981
Last-Modified: Sun, 22 May 2022 21:29:11 GMT
Date: Fri, 03 Jun 2022 14:08:15 GMT
Access-Control-Max-Age: 3600
Content-Type: application/x-javascript
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=497

GET
H/1.1 200
OK mobile_llama.png
secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/ 19 KB
20 KB 108ms
108ms Image
image/png 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/mobile_llama.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: "4adf-5df3676ef3bc3"
Age: 246
X-BOA-RequestID: YpoN0BwvA-bSPQRg7khMqAAAAaU
X-Serviced-By: 7HMmmRuapJ8POCiik3GnjA==--XZPBptZ1gxP8Ftbcmu50Mg==
Connection: Keep-Alive
Content-Length: 19167
Last-Modified: Tue, 17 May 2022 15:05:00 GMT
Date: Fri, 03 Jun 2022 14:08:16 GMT
Access-Control-Max-Age: 3600
Content-Type: image/png
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=457

GET
H/1.1 200
OK cm-jawr.js Show response
secure.bankofamerica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.3/script/ 41 KB
42 KB 112ms
112ms Script
application/x-javascript 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.3/script/cm-jawr.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

e49851a126b4eac23416ee43bc11329b8cf2a857018e030191c4b649a975fb61

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: "a42b-5dfa06a15946e"
Age: 521
X-BOA-RequestID: Yo0aYYE573p9VYPmXu63EAAAAeU
X-Serviced-By: qSxWHe5NfKlQBFKNlGX6uQ==--cMlGTST68DJOLS2SItC7iA==
Connection: Keep-Alive
Content-Length: 42027
Last-Modified: Sun, 22 May 2022 21:29:11 GMT
Date: Fri, 03 Jun 2022 14:08:15 GMT
Access-Control-Max-Age: 3600
Content-Type: application/x-javascript
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=497
Expires: Sat, 03 Jun 2023 13:59:35 GMT

GET
H/1.1 200
OK vipaa-v4-jawr-print.css
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/ 10 KB
3 KB 108ms
107ms Stylesheet
text/css 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr-print.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: "4a2-5dfa06a13eaa6"
Age: 190
X-BOA-RequestID: Yo0aYYE573p9VYPmXu63EwAAAek
X-Serviced-By: qSxWHe5NfKlQBFKNlGX6uQ==--cMlGTST68DJOLS2SItC7iA==
Connection: Keep-Alive
Content-Length: 1186
Last-Modified: Sun, 22 May 2022 21:29:11 GMT
Date: Fri, 03 Jun 2022 14:08:16 GMT
Access-Control-Max-Age: 3600
Content-Type: text/css
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=495
Expires: Sat, 03 Jun 2023 14:05:07 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 83 B
775 B 261ms
27ms XHR
application/json 54.155.94.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_orgid=A9893BC75245B1D70A490D4D@AdobeOrg&d_ver=2

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/script/vipaa-v4-jawr.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.155.94.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-155-94-243.eu-west-1.compute.amazonaws.com

Software

Resource Hash

826190201cbb9553bede1e1c3f8d6b8b622e6e5adece5d4175f4e6c5d74cc510

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v033-07def51ac.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Error: 198
X-TID: ZcEFWYCxSwY=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 104
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 json Show response
target.bankofamerica.com/m2/bankofamerica/mbox/ 7 KB
2 KB 217ms
42ms XHR
application/json 34.249.67.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://target.bankofamerica.com/m2/bankofamerica/mbox/json?mbox=target-global-mbox&mboxSession=ea4395427bdf4ba490a20120da1b05f1&mboxPC=&mboxPage=b4b2347ea6344bb88717d47d6d7b77c7&mboxRid=f343059258744218a507ce0a20ae0854&mboxVersion=1.8.0&mboxCount=1&mboxTime=1654265296664&mboxHost=secure.bankofamerica.com&mboxURL=https%3A%2F%2Fsecure.bankofamerica.com%2Flogin%2Fsign-in%2FsignOnV2Screen.go%3Freason%3Dhs_retailoffers%26version%3D21.07.0%26screen%3DBalanceGeneration%3APurchaseOffer%26channel%3Ddesktop%26cm_mmc%3DCons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-&mboxReferrer=&mboxXDomain=enabled&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=Intel%20Iris%20OpenGL%20Engine&at_property=2c28efc5-fc52-2eba-d89f-6f09359d852c&mboxState=No%20State%20Selected
Requested by: Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/script/vipaa-v4-jawr.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.67.192 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-67-192.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 319fcb62efb0d32bd7117a89b305fd6710e9c038e7c45229b5b0ec9d8d8469a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Jun 2022 14:08:16 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://secure.bankofamerica.com
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: f343059258744218a507ce0a20ae0854

GET
H/1.1 200
OK fsd-secure-esp-sprite.png
secure.bankofamerica.com/pa/components/modules/header-module/2.8/graphic/ 473 B
2 KB 112ms
111ms Image
image/png 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: "1d9-5df367a3e5387"
Age: 194
X-BOA-RequestID: Ypm5iEhj2pyKMCRD3YjnfQAAAlY
X-Serviced-By: ynMxr0WlI1enE8xHeszrkQ==--RQzgbQH4KgZMtXUMUum5yQ==
Connection: Keep-Alive
Content-Length: 473
Last-Modified: Tue, 17 May 2022 15:05:55 GMT
Date: Fri, 03 Jun 2022 14:08:16 GMT
Access-Control-Max-Age: 3600
Content-Type: image/png
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=499

GET
H/1.1 200
OK help-qm-fsd.png
secure.bankofamerica.com/pa/global-assets/1.0/graphic/ 3 KB
5 KB 112ms
111ms Image
image/png 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/global-assets/1.0/graphic/help-qm-fsd.png

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: "c94-5df367f060d66"
Age: 71
X-BOA-RequestID: Yo0aYoE573p9VYPmXu63FwAAAec
X-Serviced-By: qSxWHe5NfKlQBFKNlGX6uQ==--cMlGTST68DJOLS2SItC7iA==
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 3243
Last-Modified: Tue, 17 May 2022 15:07:15 GMT
Date: Fri, 03 Jun 2022 14:08:16 GMT
Access-Control-Max-Age: 3600
Content-Type: image/png
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=493
Expires: Sat, 03 Jun 2023 14:07:06 GMT

GET
H2 200 hover.js Show response
rail.bankofamerica.com/30306/ 59 KB
28 KB 698ms
102ms Script
application/x-javascript 3.217.219.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rail.bankofamerica.com/30306/hover.js?dt=login&r=0.17115380162148508

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/script/vipaa-v4-jawr.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.217.219.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-217-219-242.compute-1.amazonaws.com

Software

haile /

Resource Hash

5b159f039c46cf2141d1c3fbef293ab8f926e2364ea5d5b650ef125f2f06e634

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Jun 2022 14:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: haile
strict-transport-security: max-age=31536000
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
content-type: application/x-javascript
x-xss-protection: 1
pics-label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))

GET
H/1.1 200
OK sign-in-sprite.png
secure.bankofamerica.com/pa/global-assets/1.0/graphic/ 3 KB
4 KB 185ms
107ms Image
image/png 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/global-assets/1.0/graphic/sign-in-sprite.png

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: "c2f-5df367f104a7f"
Age: 527
X-BOA-RequestID: Ypm_QxkZA1_tNgn6iTNBCAAAAhg
X-Serviced-By: WOeCDyUyLt5YslrdrALAAw==--m4PfFjCllk0igUoysy/t2A==
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 3142
Last-Modified: Tue, 17 May 2022 15:07:16 GMT
Date: Fri, 03 Jun 2022 14:08:16 GMT
Access-Control-Max-Age: 3600
Content-Type: image/png
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=483
Expires: Sat, 03 Jun 2023 13:59:30 GMT

GET
H/1.1

200
OK

cm
sofa.bankofamerica.com/
Redirect Chain

https://sofa.bankofamerica.com/eluminate?tid=6&ci=90010394&vn2=e4.0&st=1654265296814&vn1=4.2.7.1BOA&ec=utf-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1654267487228&pc=Y&jv=1.5&...
https://sofa.bankofamerica.com/cm?tid=6&ci=90010394&vn2=e4.0&st=1654265296814&vn1=4.2.7.1BOA&ec=utf-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1654267487228&pc=Y&jv=1.5&np0=Chr...

43 B
620 B

395ms
97ms

Image
image/gif

3.86.136.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sofa.bankofamerica.com/cm?tid=6&ci=90010394&vn2=e4.0&st=1654265296814&vn1=4.2.7.1BOA&ec=utf-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1654267487228&pc=Y&jv=1.5&np0=Chrome%2520PDF%2520Plugin&np1=Chrome%2520PDF%2520Viewer&np2=Native%2520Client&je=n&sw=1600&sh=1200&pd=24&tz=0&ul=https%3A//secure.bankofamerica.com/login/sign-in/signOnV2Screen.go%3Freason%3Dhs_retailoffers%26version%3D21.07.0%26screen%3DBalanceGeneration%3APurchaseOffer%26channel%3Ddesktop%26cm_mmc%3DCons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-&cvdone=p
Requested by: Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
Protocol: HTTP/1.1
Server: 3.86.136.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-86-136-12.compute-1.amazonaws.com
Software: Apache /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 03 Jun 2022 14:08:18 GMT
Server: Apache
Vary: Host
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Connection: close
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 02 Jun 2022 14:08:18 GMT

Redirect headers

Location: /cm?tid=6&ci=90010394&vn2=e4.0&st=1654265296814&vn1=4.2.7.1BOA&ec=utf-8&pi=OLB%3ATool%3ASiteKey%3BSign_In&cg=OLB%3ATool%3ASiteKey&rnd=1654267487228&pc=Y&jv=1.5&np0=Chrome%2520PDF%2520Plugin&np1=Chrome%2520PDF%2520Viewer&np2=Native%2520Client&je=n&sw=1600&sh=1200&pd=24&tz=0&ul=https%3A//secure.bankofamerica.com/login/sign-in/signOnV2Screen.go%3Freason%3Dhs_retailoffers%26version%3D21.07.0%26screen%3DBalanceGeneration%3APurchaseOffer%26channel%3Ddesktop%26cm_mmc%3DCons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-&cvdone=p
Date: Fri, 03 Jun 2022 14:08:17 GMT
Server: Apache
Connection: close
Content-Length: 0
Vary: Host
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"

GET
H/1.1 200
OK gfootb-static-sprite.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ 48 KB
49 KB 156ms
112ms Image
image/png 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: "be1b-5df3679e6c56f"
Age: 546
X-BOA-RequestID: Ypnl7cmQxqbevgJFRsWE6wAAAH0
X-Serviced-By: kkW3FjfCaiVldALL4OOljg==--KTf0LqECSTeOCXs9wHQ1Pw==
Connection: Keep-Alive
Content-Length: 48667
Last-Modified: Tue, 17 May 2022 15:05:49 GMT
Date: Fri, 03 Jun 2022 14:08:16 GMT
Access-Control-Max-Age: 3600
Content-Type: image/png
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=440

GET
H/1.1 200
OK gfoot-home-icon.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ 144 B
1 KB 266ms
105ms Image
image/png 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/style/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: "90-5df3679e6b5cf"
Age: 91
X-BOA-RequestID: YpnEgjaVxSsW2LI4rVu1KgAAAnQ
X-Serviced-By: 6eu/Y22ECbOCKtU95tG29A==--XZPBptZ1gxP8Ftbcmu50Mg==
Connection: Keep-Alive
Content-Length: 144
Last-Modified: Tue, 17 May 2022 15:05:49 GMT
Date: Fri, 03 Jun 2022 14:08:17 GMT
Access-Control-Max-Age: 3600
Content-Type: image/png
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=500

GET
H/1.1 200
OK cnx-regular.woff
secure.bankofamerica.com/pa/global-assets/1.0/font/cnx-regular/ 82 KB
84 KB 120ms
112ms Font
application/octet-stream 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

1172386e1cd9f7fd9d7646df035d93473bbbf19e1b325fc54d9c2aa76e5a7a80

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
Origin: https://secure.bankofamerica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: "149f8-5df367ef7b584"
Age: 706
X-BOA-RequestID: YpVteh3y0NZiZcydSAbzggAAAIE
X-Serviced-By: kkW3FjfCaiVldALL4OOljg==--KTf0LqECSTeOCXs9wHQ1Pw==
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 84258
Last-Modified: Tue, 17 May 2022 15:07:14 GMT
Date: Fri, 03 Jun 2022 14:08:16 GMT
Access-Control-Max-Age: 3600
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Accept-Ranges: bytes
Expires: Sat, 03 Jun 2023 13:56:31 GMT

GET
H/1.1 200
OK cc.go Show response
secure.bankofamerica.com/login/sign-in/ 29 KB
31 KB 155ms
126ms XHR
text/text 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/login/sign-in/cc.go

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/script/vipaa-v4-jawr.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

8ee71bc102221e211569f78c76da32d515653fb931e1150bd75272ad885ff791

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Fri, 03 Jun 2022 14:08:17 GMT
Strict-Transport-Security: max-age=31536000
X-BOA-RequestID: YpoV0b4OeLy8iDz7jhjzjAAAAfI
X-Serviced-By: TugxRjehZpMhzlze+WeJzw==--m4PfFjCllk0igUoysy/t2A==
ADRUM_1: n:customer1_c9f06d96-8666-48c7-a71b-e7328388df1c
P3P: CP="CAO IND PHY ONL UNI FIN COM NAV INT DEM CNT STA POL HEA PRE GOV CUR ADM DEV TAI PSA PSD IVAi IVDi CONo TELo OUR SAMi OTRi"
Content-Disposition: inline
Connection: Keep-Alive
Content-Length: 30015
Pragma: no-cache
ADRUM_0: g:c31f09a4-61b7-4fc6-89ec-f6fd2f895555
Access-Control-Max-Age: 3600
Content-Language: de-DE
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Content-Type: text/text
Keep-Alive: timeout=40, max=252
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK iac Show response
secure.bankofamerica.com/login/rest/sas/sparta/v2/ 29 KB
14 KB 237ms
237ms XHR
text/plain 171.159.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/login/rest/sas/sparta/v2/iac?dfp=true&_=1654265296246

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.3/script/vipaa-v4-jawr.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

3736051fd9504a6be2bdb3b2d6089fe1e0b7cb687a48c84a60dcc2a243b66509

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

Accept: application/json
cache-control: no-cache
Referer: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?reason=hs_retailoffers&version=21.07.0&screen=BalanceGeneration:PurchaseOffer&channel=desktop&cm_mmc=Cons-CC-Activation-_-email-_-CV24EM015P_activate_offer_cta-_-
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
content-type: application/json

Response headers

Date: Fri, 03 Jun 2022 14:08:18 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
X-BOA-RequestID: YpoV0r4OeLy8iDz7jhj0VwAAAcU
X-Serviced-By: TugxRjehZpMhzlze+WeJzw==--m4PfFjCllk0igUoysy/t2A==
Connection: Keep-Alive
Pragma: no-cache
Access-Control-Max-Age: 3600
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Access-Control-Allow-Origin: https://secure.bankofamerica.com
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Access-Control-Allow-Credentials: true
Content-Type: text/plain
Keep-Alive: timeout=40, max=286
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 creanza.js Show response
boss.bankofamerica.com/30306/ 68 KB
32 KB 741ms
197ms Script
application/x-javascript 34.226.239.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://boss.bankofamerica.com/30306/creanza.js

Requested by

Host: rail.bankofamerica.com
URL: https://rail.bankofamerica.com/30306/hover.js?dt=login&r=0.17115380162148508

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.226.239.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-226-239-202.compute-1.amazonaws.com

Software

haile /

Resource Hash

18eadd9b18c9683cc783011b0dea364d875fa72a6b693d11bcbeecc799b8a6bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Jun 2022 14:08:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: haile
strict-transport-security: max-age=31536000
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
content-type: application/x-javascript
x-xss-protection: 1
pics-label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))

GET
H2 200 kurt.js Show response
aero.bankofamerica.com/30306/ 93 KB
42 KB 643ms
102ms Script
application/x-javascript 52.201.202.47
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://aero.bankofamerica.com/30306/kurt.js

Requested by

Host: rail.bankofamerica.com
URL: https://rail.bankofamerica.com/30306/hover.js?dt=login&r=0.17115380162148508

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.201.202.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-201-202-47.compute-1.amazonaws.com

Software

haile /

Resource Hash

82bbec06bee488e06f4c3d5163d068b527fe1285113f9c6665484bbf32bf9d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Jun 2022 14:08:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: haile
strict-transport-security: max-age=31536000
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
content-type: application/x-javascript
x-xss-protection: 1
pics-label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))

GET
H2 200 dis4.js Show response
boss.bankofamerica.com/30306/ 56 KB
26 KB 648ms
104ms Script
application/x-javascript 34.226.239.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://boss.bankofamerica.com/30306/dis4.js

Requested by

Host: rail.bankofamerica.com
URL: https://rail.bankofamerica.com/30306/hover.js?dt=login&r=0.17115380162148508

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.226.239.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-226-239-202.compute-1.amazonaws.com

Software

haile /

Resource Hash

7ee9edffb50082a680ee53db916a57435a937d747c1602256c9669cb55cef4af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Jun 2022 14:08:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: haile
strict-transport-security: max-age=31536000
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
content-type: application/x-javascript
x-xss-protection: 1
pics-label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))

GET
H2 200 porte.js Show response
dull.bankofamerica.com/boaa/ 78 KB
41 KB 639ms
100ms Script
application/x-javascript 52.207.70.124
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dull.bankofamerica.com/boaa/porte.js

Requested by

Host: rail.bankofamerica.com
URL: https://rail.bankofamerica.com/30306/hover.js?dt=login&r=0.17115380162148508

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.207.70.124 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-207-70-124.compute-1.amazonaws.com

Software

haile /

Resource Hash

0deaa5d14a97bb9f6d793ac1a9fd347e1a4f5d0487cb1fb75e5da2617ec649b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Jun 2022 14:08:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: haile
strict-transport-security: max-age=31536000
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
content-type: application/x-javascript
x-xss-protection: 1
pics-label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))

GET
H/1.1 200
OK 532e636f.js
origin-bac-assets.bankofamerica.com/nucleus/spa-assets/components/utilities/nucleus/extensions/bbvend1/2.0.0/js/ 28 KB
0 1242ms
121ms Script
application/x-javascript 171.159.116.101
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-bac-assets.bankofamerica.com/nucleus/spa-assets/components/utilities/nucleus/extensions/bbvend1/2.0.0/js/532e636f.js

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/utilities/ah-continuous-auth-util/1.1/deploy/cau-loginBehBio.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.116.101 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Fri, 03 Jun 2022 14:08:20 GMT
Content-Encoding: gzip
X-BOA-RequestID: YpoV1KokB8EHItAiI8Du3gAAAnQ
Transfer-Encoding: chunked
Connection: Keep-Alive
Last-Modified: Sun, 22 May 2022 01:25:31 GMT
X-Frame-Options: SAMEORIGIN
ETag: "b91cd-5df8f99777aba"
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Content-Type: application/x-javascript
Access-Control-Allow-Origin: https://www.bankofamerica.com
Cache-Control: max-age=26920000, public
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=497
Expires: Fri, 03 Jun 2022 14:08:21 GMT

GET callsign.js
origin-bac-assets.bankofamerica.com/nucleus/spa-assets/components/utilities/nucleus/extensions/callsign/2.0.0/js/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: origin-bac-assets.bankofamerica.com
URL: https://origin-bac-assets.bankofamerica.com/nucleus/spa-assets/components/utilities/nucleus/extensions/callsign/2.0.0/js/callsign.js

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
secure.bankofamerica.com/login/sign-in	1969-12-31 23:59:59	Name: adobeVisitorID Value: {"adobeMID":{"errors":[{"code":198,"msg":"Requests from this country are blocked by partner"}]}}
.bankofamerica.com/	1969-12-31 23:59:59	Name: SPID Value: Q1S2
.bankofamerica.com/	1969-12-31 23:59:59	Name: SID Value: 002E3670A400629A15CE
secure.bankofamerica.com/	1969-12-31 23:59:59	Name: TS0113be9e Value: 01611f353ca3831e11700bf00cda55574454aeed380dc2572187d2ff3c0a632cb5704a740bf403b5fcf2657953d67cdd8dd4fbfbe9
.bankofamerica.com/	1969-12-31 23:59:59	Name: TS016f37e7 Value: 01611f353ca3831e11700bf00cda55574454aeed380dc2572187d2ff3c0a632cb5704a740bf403b5fcf2657953d67cdd8dd4fbfbe9
secure.bankofamerica.com/	1969-12-31 23:59:59	Name: JS_VIPAA Value: 000071YOsR4EPFmHYb_i3d2HYEE:1e2khql1r
.bankofamerica.com/	1969-12-31 23:59:59	Name: BOFA_LOCALE_COOKIE Value: en-US
.bankofamerica.com/	1969-12-31 23:59:59	Name: check Value: true
.bankofamerica.com/	1969-12-31 23:59:59	Name: cmTPSet Value: Y
.target.bankofamerica.com/	1970-01-20 03:31:07	Name: bankofamerica!mboxSession Value: ea4395427bdf4ba490a20120da1b05f1
.target.bankofamerica.com/	1970-01-20 21:05:10	Name: bankofamerica!mboxPC Value: ea4395427bdf4ba490a20120da1b05f1.37_0
secure.bankofamerica.com/	1970-01-20 12:16:41	Name: _cc Value: MTZlMTlmZjctMGE2NC00Njdk
sofa.bankofamerica.com/	1970-01-25 14:59:24	Name: CoreID6 Value: 83021654265297009610268
sofa.bankofamerica.com/	1969-12-31 23:59:59	Name: TestSess3 Value: 83021654265297009610268
.bankofamerica.com/	1970-01-20 21:05:10	Name: mbox Value: session#ea4395427bdf4ba490a20120da1b05f1#1654267159\|PC#ea4395427bdf4ba490a20120da1b05f1.37_0#1717510099
.bankofamerica.com/	1969-12-31 23:59:59	Name: ___tk30306 Value: 0.8484780429824701
.bankofamerica.com/	1970-01-20 03:31:07	Name: CSID Value: ZWI3NzZjMDUtYzM1Zi00MDQ2LThhZmQtNjcxZjU3ODUzYTEwOjE2NTQyNjUyOTgyOTM=:7-7
.bankofamerica.com/	1969-12-31 23:59:59	Name: ccts Value: 3AbbOYIYftILRja5luY2gvMPzuYZyc+Z/G7jQVszvU8RBdqDV+HDoBIA2BZY7Ce0XRIgvzxoG59cXwr3SYKDrA==
sofa.bankofamerica.com/	1969-12-31 23:59:59	Name: 90010394_login Value: 1654265298277845343390010394
sofa.bankofamerica.com/	1969-12-31 23:59:59	Name: 90010394_reset Value: 1654265298
.bankofamerica.com/	1969-12-31 23:59:59	Name: LSESSIONID Value: eyJpIjoiUndDK0NYbnV2clUyejhJaDRFNXRVUT09IiwiZSI6Ikw0THBFZDkrZVUxMUlzRTZxak4wQlJ1ZTgwV3NHUXA5MEtkTDU4cmxzUml5eXhpUnRLeVhTSnpwXC9OTDZkQmxkbWZFeVRkOGFRYlN3a2xpc1g0WStMbzZCUnFrZk03NlNGTVlvNEQ1VGlVU0FLSnAzRGsyaDljNWNBdDVOdmRIc1EwNllNbm1iNU83Tk5rR1FHZXBnU3hpZGZrVlBGRVNEcFZuNFA1U2NVNTBTMVNIVHhwXC8waU1lUmU2XC9DeFhlUSJ9.e58d8fd7995da0b0.ZDM5YjFlYTg2MjEwZTZkYTRmZTVlMWU1MGY2ZjMyM2Y4NGQwNTBhYjJjOWMwOGExOGFmM2Q0NmZkNjlmYzExMA%3D%3D
.bankofamerica.com/	1969-12-31 23:59:59	Name: ___so30306 Value: eyJsc2giOjEwMDM1MDAyMzcsInJlZmVycmVyIjoiaHR0cHM6Ly9zZWN1cmUuYmFua29mYW1lcmljYS5jb20vbG9naW4vc2lnbi1pbi9zaWduT25WMlNjcmVlbi5nbz9yZWFzb249aHNfcmV0YWlsb2ZmZXJzJnZlcnNpb249MjEuMDcuMCZzY3JlZW49QmFsYW5jZUdlbmVyYXRpb246UHVyY2hhc2VPZmZlciZjaGFubmVsPWRlc2t0b3AmY21fbW1jPUNvbnMtQ0MtQWN0aXZhdGlvbi1fLWVtYWlsLV8tQ1YyNEVNMDE1UF9hY3RpdmF0ZV9vZmZlcl9jdGEtXy0iLCJzb3QiOiJsb2dpbiJ9
origin-bac-assets.bankofamerica.com/	1969-12-31 23:59:59	Name: TS01fc50a4 Value: 01cc89cf20bbcf1de5665890764b02b81049e2a44b90c7351153e69cf8dc3cf3669ae1a9a97a85517966dd4c1a62eb4aa9e2b2b9ef

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' boa-api.arkoselabs.com .bac-assets.com .tiqcdn.com .bankofamerica.com .baml.com .bofa.com .ml.com .merrill.com .merrilledge.com .mymerrill.com .ustrust.com .glance.net .glancecdn.net .myglance.net s3.amazonaws.com .cobrowse.oraclecloud.com .oraclecloud.com www.google-analytics.com .convertro.com idsync.rlcdn.com .coremetrics.com .brightcove.net .brightcove.com maps.googleapis.com www.paypalobjects.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: .bac-assets.com .bankofamerica.com .glancecdn.net .cobrowse.oraclecloud.com .oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aero.bankofamerica.com
boss.bankofamerica.com
click.emcom.bankofamerica.com
dpm.demdex.net
dull.bankofamerica.com
origin-bac-assets.bankofamerica.com
rail.bankofamerica.com
secure.bankofamerica.com
sofa.bankofamerica.com
target.bankofamerica.com
www.bankofamerica.com
origin-bac-assets.bankofamerica.com
13.111.42.50
171.159.116.100
171.159.116.101
171.159.116.200
3.217.219.242
3.86.136.12
34.226.239.202
34.249.67.192
52.201.202.47
52.207.70.124
54.155.94.243
0c676cb85183948b483436b377c485fcb47d51cc2333a1d5875c5bdaf75a14e5
0deaa5d14a97bb9f6d793ac1a9fd347e1a4f5d0487cb1fb75e5da2617ec649b4
1172386e1cd9f7fd9d7646df035d93473bbbf19e1b325fc54d9c2aa76e5a7a80
18eadd9b18c9683cc783011b0dea364d875fa72a6b693d11bcbeecc799b8a6bf
22f94b2dd979877281efdae21a32127f751bd60e845715302cc733e8b9d467ab
2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c
2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
319fcb62efb0d32bd7117a89b305fd6710e9c038e7c45229b5b0ec9d8d8469a1
3736051fd9504a6be2bdb3b2d6089fe1e0b7cb687a48c84a60dcc2a243b66509
3e83083bfbd6c5b1c882ed14adcf21e9d89eb8530a3d09e9c598232e2f333d89
507c9d07862848eb2252ea5aa73050168e57663e4b6887159e725017ae629386
5b159f039c46cf2141d1c3fbef293ab8f926e2364ea5d5b650ef125f2f06e634
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
7ee9edffb50082a680ee53db916a57435a937d747c1602256c9669cb55cef4af
826190201cbb9553bede1e1c3f8d6b8b622e6e5adece5d4175f4e6c5d74cc510
82bbec06bee488e06f4c3d5163d068b527fe1285113f9c6665484bbf32bf9d95
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
8ee71bc102221e211569f78c76da32d515653fb931e1150bd75272ad885ff791
9cfc7c4aa58848758fc5d7bff01f3512aef145cddd661217abd36720a378b812
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
acc2271d05a8e653a62e99e73bfb7e2b58c7fff3355081e38127a5c96c1caa6b
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e
e49851a126b4eac23416ee43bc11329b8cf2a857018e030191c4b649a975fb61
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

secure.bankofamerica.com Open in urlscan Pro 171.159.116.200 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

28 Requests

93 %HTTPS

0 %IPv6

2 Domains

11 Subdomains

10 IPs

2 Countries

945 kBTransfer

2761 kBSize

23 Cookies

0 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

secure.bankofamerica.com Open in urlscan Pro
171.159.116.200 Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

93 %
HTTPS

0 %
IPv6

2
Domains

11
Subdomains

10
IPs

2
Countries

945 kB
Transfer

2761 kB
Size

23
Cookies

28 HTTP transactions
0 data transactions