urlscan.io logo urlscan.io
SecurityTrails logo

vtm.bankofamerica.com Open in urlscan Pro
171.161.40.123  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://vtm-dr-new.bankofamerica.com/
Effective URL: https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping...
Submission: On May 24 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 16 HTTP transactions. The main IP is 171.161.40.123, located in United States and belongs to BANKAMERICA, US. The main domain is vtm.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on June 7th 2021. Valid for: a year.
This is the only time vtm.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 171.159.226.58 10794 (BANKAMERICA)
1 1 171.161.146.123 10794 (BANKAMERICA)
1 9 171.161.40.123 10794 (BANKAMERICA)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
16 5
2    171.159.226.58 (United States)

ASN10794 (BANKAMERICA, US)
vtm-dr-new.bankofamerica.com
1    171.161.146.123 (United States)

ASN10794 (BANKAMERICA, US)
PTR: fedsso-pf-rtx-ext-vip.bankofamerica.com
fedsso.bankofamerica.com
9    171.161.40.123 (United States)

ASN10794 (BANKAMERICA, US)
vtm.bankofamerica.com
6    2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
Apex Domain
Subdomains		 Transfer
12 bankofamerica.com
vtm-dr-new.bankofamerica.com
fedsso.bankofamerica.com — Cisco Umbrella Rank: 177775
vtm.bankofamerica.com
264 KB
6 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 501
114 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 824
398 B
16 3
Domain Requested by
9 vtm.bankofamerica.com 1 redirects vtm-dr-new.bankofamerica.com
vtm.bankofamerica.com
6 cdn.cookielaw.org vtm.bankofamerica.com
cdn.cookielaw.org
2 vtm-dr-new.bankofamerica.com 1 redirects
1 geolocation.onetrust.com cdn.cookielaw.org
1 fedsso.bankofamerica.com 1 redirects
16 5

This site contains links to these domains. Also see Links.

Domain
www.bofaml.com
www.onetrust.com
Subject Issuer Validity Valid
vtm.bankofamerica.com
Entrust Certification Authority - L1M		 2021-06-07 -
2022-06-07		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2022-05-01 -
2023-05-01		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-01-12 -
2023-01-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Frame ID: D8BEB33F74621641E240F0C51D7FEF04
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

LoginBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://vtm-dr-new.bankofamerica.com/ Page URL
  2. https://vtm-dr-new.bankofamerica.com/vtm/Home.do HTTP 302
    https://fedsso.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A2977VTMEXTERNAL&redire... HTTP 302
    https://vtm.bankofamerica.com/vtm/auth/login.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2F... HTTP 302
    https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/a... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

16
Requests

100 %
HTTPS

40 %
IPv6

3
Domains

5
Subdomains

5
IPs

1
Countries

373 kB
Transfer

730 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://vtm-dr-new.bankofamerica.com/ Page URL
  2. https://vtm-dr-new.bankofamerica.com/vtm/Home.do HTTP 302
    https://fedsso.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A2977VTMEXTERNAL&redirect_uri=https%3A%2F%2Fvtm-dr-new.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZTQiLCJzdWZmaXgiOiJTWTVPR0EuMTY1MzY4NjY4OSJ9..DQv1xF9z-L46nNagte2Jhg.PlEuwT6M9f4s_DEXHX30t2qsWNPwAiP7NwnDN6UMmLxnLN2Y34FFWq25Q_8jI_xa0koYFV04VJJXB3QHrn_FwLCTv8yf1QCcH-2SreWJUkGXTexyh2xKCK2cSrUdUUfj.p3VFLlH9HNyyS4fAXv55zA&nonce=9eJTW8pZyNOWfu0DRYyBlftHrPLWEvYSuXSKZUfr2Kc&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fvtm-dr-new.bankofamerica.com%2Fvtm%2FHome.do&vnd_pi_application_name=A2977VTMEXTERNAL HTTP 302
    https://vtm.bankofamerica.com/vtm/auth/login.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2F2UX3F%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fvtm-dr-new.bankofamerica.com%2Fvtm%2FHome.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL HTTP 302
    https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
vtm-dr-new.bankofamerica.com/ 		260 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vtm-dr-new.bankofamerica.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.226.58 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Upgrade, Keep-Alive
Content-Length
260
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Content-Type
text/html
Date
Tue, 24 May 2022 21:24:49 GMT
ETag
"104-5dde1863471c0"
Keep-Alive
timeout=5, max=512
Last-Modified
Sat, 30 Apr 2022 16:19:32 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Upgrade
h2,h2c
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Primary Request login
vtm.bankofamerica.com/vtm/auth/
Redirect Chain
  • https://vtm-dr-new.bankofamerica.com/vtm/Home.do
  • https://fedsso.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A2977VTMEXTERNAL&redirect_uri=https%3A%2F%2Fvtm-dr-new.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUY...
  • https://vtm.bankofamerica.com/vtm/auth/login.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2F2UX3F%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fvtm-dr-new...
  • https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Hom...
212 KB
214 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Requested by
Host: vtm-dr-new.bankofamerica.com
URL: https://vtm-dr-new.bankofamerica.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.40.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
a48364350ac7946801ed7d85733ba943f524528d76ed344d3c3c6c08535466a1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vtm-dr-new.bankofamerica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Language
de-DE
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Content-Type
text/html; charset=ISO-8859-1
Date
Tue, 24 May 2022 21:24:51 GMT
Keep-Alive
timeout=5, max=511
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
SAMEORIGIN SAMEORIGIN
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Upgrade, Keep-Alive
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Date
Tue, 24 May 2022 21:24:51 GMT
Keep-Alive
timeout=5, max=512
Location
/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Upgrade
h2,h2c
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
common.js
vtm.bankofamerica.com/vtm/script/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vtm.bankofamerica.com/vtm/script/common.js
Requested by
Host: vtm.bankofamerica.com
URL: https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.40.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
8d1e7b36d52548c7087598bae92448145e651a90930ce8ee4214e756b856cfa6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 21:24:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 28 Apr 2022 03:11:14 GMT
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Upgrade
h2,h2c
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
text/javascript
Keep-Alive
timeout=5, max=512
Content-Length
3021
X-XSS-Protection
1; mode=block
boa_cookies.js
vtm.bankofamerica.com/vtm/script/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vtm.bankofamerica.com/vtm/script/boa_cookies.js
Requested by
Host: vtm.bankofamerica.com
URL: https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.40.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
85d7617a73ac11496cac54b28c3c42cfe3de7dd3cbdf4d434094f8821fc8bf97
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 21:24:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 28 Apr 2022 03:11:14 GMT
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Content-Type
text/javascript
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=510
Content-Length
1837
X-XSS-Protection
1; mode=block
global.css
vtm.bankofamerica.com/vtm/css/ 		9 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://vtm.bankofamerica.com/vtm/css/global.css
Requested by
Host: vtm.bankofamerica.com
URL: https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.40.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
35f99049c51ece9202df0f516a23db3bfb55c28e26954d3d815c0c369a231cb1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 21:24:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 28 Apr 2022 03:11:14 GMT
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Content-Type
text/css
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=511
Content-Length
8863
X-XSS-Protection
1; mode=block
dragiframe.js
vtm.bankofamerica.com/vtm/script/ 		15 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vtm.bankofamerica.com/vtm/script/dragiframe.js
Requested by
Host: vtm.bankofamerica.com
URL: https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.40.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
c0a8a36e79932e05bab99f2e19b49154c0d7777279575f11db39106bb0dba010
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 21:24:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 28 Apr 2022 03:11:14 GMT
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Content-Type
text/javascript
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=509
Content-Length
14986
X-XSS-Protection
1; mode=block
logo.jpg
vtm.bankofamerica.com/vtm/images/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vtm.bankofamerica.com/vtm/images/logo.jpg
Requested by
Host: vtm.bankofamerica.com
URL: https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.40.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
c3ba12fc557a6864c47d10867785b22f9c6aa95e2abdae3ab34e0c65b29cf79b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 21:24:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 28 Apr 2022 03:11:14 GMT
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/jpeg
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=510
Content-Length
6982
X-XSS-Protection
1; mode=block
shim.gif
vtm.bankofamerica.com/vtm/images/ 		43 B
891 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vtm.bankofamerica.com/vtm/images/shim.gif
Requested by
Host: vtm.bankofamerica.com
URL: https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.40.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 21:24:52 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 28 Apr 2022 03:11:14 GMT
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/gif
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=508
Content-Length
43
X-XSS-Protection
1; mode=block
logo_bofa_ml_white.jpg
vtm.bankofamerica.com/vtm/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vtm.bankofamerica.com/vtm/images/logo_bofa_ml_white.jpg
Requested by
Host: vtm.bankofamerica.com
URL: https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.40.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
ba5078120596bd89a7ff3cf89d6470b9c78cda51ab963178fd35edb95292b5c2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/vtm/auth/login?resumePath=https://fedsso.bankofamerica.com/as/2UX3F/resume/as/authorization.ping&vnd_pi_requested_resource=https://vtm-dr-new.bankofamerica.com/vtm/Home.do&vnd_pi_application_name=A2977VTMEXTERNAL&client_id=A2977VTMEXTERNAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 24 May 2022 21:24:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 28 Apr 2022 03:11:14 GMT
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Upgrade
h2,h2c
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
image/jpeg
Keep-Alive
timeout=5, max=512
Content-Length
2854
X-XSS-Protection
1; mode=block
otSDKStub.js
cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/otSDKStub.js
Requested by
Host: vtm.bankofamerica.com
URL: https://vtm.bankofamerica.com/vtm/script/boa_cookies.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2644089b943508719c3186cb84c122435c6cd94c0d076998a68a64cee57e0229
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://vtm.bankofamerica.com/
Origin
https://vtm.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 May 2022 21:24:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
hQHLOKwwbZEMxao4/1YKSg==
vary
Accept-Encoding
content-length
5817
x-ms-lease-status
unlocked
last-modified
Thu, 27 May 2021 14:15:44 GMT
server
cloudflare
etag
0x8D92119EADE1A3F
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
48f12834-401e-0015-70e8-671a7f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
710919c42a6401f0-ZRH
expires
Wed, 25 May 2022 01:24:52 GMT
b58ebc44-d4fd-422f-9fe8-6c929c5ef37a.json
cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e0307bd3af255d757d9e38dd9cfaa452ae5b483bea25c14aa5407f93f0bdd19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 May 2022 21:24:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
iYxw8nuhYkBanY6YVHGS9Q==
vary
Accept-Encoding
content-length
1446
x-ms-lease-status
unlocked
last-modified
Thu, 27 May 2021 14:15:44 GMT
server
cloudflare
etag
0x8D92119EAE4F962
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ba5d33ee-801e-0021-5b15-68b5d7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
710919c47ae701f0-ZRH
expires
Wed, 25 May 2022 01:24:52 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		193 B
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 24 May 2022 21:24:52 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
710919c53c360200-ZRH
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.18.0/ 		377 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf8fce049c8e10f0a036f50f5eb7c8dde06dc5bee833635f9db82de6f51f2418
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://vtm.bankofamerica.com/
Origin
https://vtm.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 May 2022 21:24:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cIchS4lr7UaDx9LQCq2apA==
vary
Accept-Encoding
content-length
85787
x-ms-lease-status
unlocked
last-modified
Mon, 24 May 2021 01:24:55 GMT
server
cloudflare
etag
0x8D91E52BCFB1A90
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d00e2a7a-b01e-004f-4be8-671cfe000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
710919c57c2a01f0-ZRH
en.json
cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/ba3f940e-03b2-45a5-a1a8-87aac991842e/ 		22 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/ba3f940e-03b2-45a5-a1a8-87aac991842e/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5a144a723cffdfcdd836dc5b581d072c6a5ffe3ea60a3d608e6c657e64528ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 May 2022 21:24:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ygNWaVNO06PS4LSaMxG18A==
vary
Accept-Encoding
content-length
7994
x-ms-lease-status
unlocked
last-modified
Thu, 27 May 2021 14:15:47 GMT
server
cloudflare
etag
0x8D92119EC7310B8
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
50bf1c30-b01e-0066-6970-6e6abc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
710919c60ce101f0-ZRH
expires
Wed, 25 May 2022 01:24:52 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/6.18.0/assets/ 		12 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.18.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb1fa7363d6e4772f7c49d67f031d68f209e66de6c3c05aade6fdc57a02505c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 May 2022 21:24:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
MrQfM8mTXwqoZ1+V6sXNuw==
vary
Accept-Encoding
content-length
2938
x-ms-lease-status
unlocked
last-modified
Mon, 24 May 2021 01:24:48 GMT
server
cloudflare
etag
0x8D91E52B88C8775
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
d1187c13-f01e-0025-1015-684055000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
710919c67d5f01f0-ZRH
otPcPanel.json
cdn.cookielaw.org/scripttemplates/6.18.0/assets/v2/ 		47 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.18.0/assets/v2/otPcPanel.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbd89775249b84792efdf669aeb157ad3e8d8e8e7f5d4d5b4a2c74e199bddc39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vtm.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 May 2022 21:24:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
2g8ZYN+WBSlZ/5k1miqWvg==
vary
Accept-Encoding
content-length
11471
x-ms-lease-status
unlocked
last-modified
Mon, 24 May 2021 01:24:49 GMT
server
cloudflare
etag
0x8D91E52B990E2B7
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
eabdf4c7-901e-001c-7115-6800f1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
710919c67d6201f0-ZRH
truncated
/ 		817 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

280 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| startProgressBar function| stopProgressBar function| openwin function| displayByClass function| displayByPartialClass function| displayUsdCcy function| displayExpandedGroups function| trimString function| lTrimString function| rTrimString function| lookupElement function| do_encrypt function| do_encode number| SUPPORTED_ALGS number| missingBytes number| dbits number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| bnClone function| bnIntValue function| bnByteValue function| bnShortValue function| bnpChunkSize function| bnSigNum function| bnpToRadix function| bnpFromRadix function| bnpFromNumber function| bnToByteArray function| bnEquals function| bnMin function| bnMax function| bnpBitwiseTo function| op_and function| bnAnd function| op_or function| bnOr function| op_xor function| bnXor function| op_andnot function| bnAndNot function| bnNot function| bnShiftLeft function| bnShiftRight function| lbit function| bnGetLowestSetBit function| cbit function| bnBitCount function| bnTestBit function| bnpChangeBit function| bnSetBit function| bnClearBit function| bnFlipBit function| bnpAddTo function| bnAdd function| bnSubtract function| bnMultiply function| bnDivide function| bnRemainder function| bnDivideAndRemainder function| bnpDMultiply function| bnpDAddOffset function| NullExp function| nNop function| nMulTo function| nSqrTo function| bnPow function| bnpMultiplyLowerTo function| bnpMultiplyUpperTo function| Barrett function| barrettConvert function| barrettRevert function| barrettReduce function| barrettSqrTo function| barrettMulTo function| bnModPow function| bnGCD function| bnpModInt function| bnModInverse object| lowprimes number| lplim function| bnIsProbablePrime function| bnpMillerRabin number| ERR_NO_ERROR number| ERR_INVALID_PIN_LENGTH number| ERR_INVALID_PIN number| ERR_INVALID_PIN_BLOCK number| ERR_INVALID_RANDOM_NUMBER_LENGTH number| ERR_INVALID_RANDOM_NUMBER number| ERR_INVALID_HASH number| ERR_INVALID_OPERATION number| ERR_RSA_ENCRYPTION number| ERR_INVALID_PIN_MESSAGE_LENGTH number| ERR_INVALID_RSA_KEY_LENGTH number| ERR_INVALID_RSA_KEY number| MAX_PIN_STRING_SIZE number| MIN_PIN_STRING_SIZE number| PIN_BLOCK_FILL_CHARACTER number| FMT_2_CONTROL_BYTE number| FMT_12_CONTROL_BYTE number| ISO_FORMAT_2_TYPE number| ISO_FORMAT_12_TYPE number| MAX_NUMERIC_PIN_STRING_SIZE number| MAX_NUMERIC_PIN_BYTE_SIZE number| DECIMAL_RADIX number| NUM_OF_BYTES_IN_FMT2_PIN_BLOCK number| NUM_OF_BYTES_PER_CNTRL_AND_PIN_LENGTH number| NUM_OF_BYTES_PER_WORD number| RSA_MODULUS_SIZE_IN_BYTES number| SHA1_HASH_SIZE_IN_BYTES number| SHA2_256_HASH_SIZE_IN_BYTES number| SHA2_384_HASH_SIZE_IN_BYTES number| SHA2_512_HASH_SIZE_IN_BYTES number| OAEP_SHA1_OFFSET_IN_BYTES number| OAEP_SHA2_256_OFFSET_IN_BYTES number| OAEP_SHA2_384_OFFSET_IN_BYTES number| OAEP_SHA2_512_OFFSET_IN_BYTES number| MIN_PIN_MESSAGE_SIZE_IN_BYTES number| MAX_PIN_MESSAGE_SIZE_IN_BYTES number| ENCODED_MESSAGE_SIZE_IN_BYTES number| DATA_BLOCK_SIZE_IN_BYTES number| HASH_ALGO_SIZE_IN_BYTES number| ONE_PIN_BLOCK_IN_MESSAGE number| NUM_OF_NIBBLES_PER_BYTE number| MIN_PIN_BLOCK_SIZE number| MIN_RANDOM_NUMBER_STRING_LENGTH number| ENCODING_PARAMETER_SIZE_IN_BYTES string| C_String string| P_String undefined| MODULUS_STRING undefined| EXPONENT_STRING boolean| isPublicKeyDataValid string| encryptedMsg string| MOD string| EXP function| EncryptedMessage undefined| PinString function| PINBlock function| aCopy function| fillByteArray function| IsLetterOrDigitOrSpecial function| IsLetterOrDigit number| PINLengthInBytes object| pinMessageArray number| pinMessageLength number| MAX_MESSAGE_SIZE_IN_BYTES function| PINMessage function| PINMessage2 function| addPinBlockToMessageArray function| addRandomStringToMessageArray string| encodedMsg string| P function| OAEPEncodedMessage function| randomString function| parseBigInt function| aCopyStr function| xorByteArrays function| doOAEPEncoding function| I2OSP function| MGF function| ifValidHex function| validate_Mod_Exp function| clearData function| initialisePublicKeyData function| OBM_GetEncodingParameter function| OBM_GetEncryptedPassword function| OBM_EncryptPassword_Ex function| OBM_EncryptPassword function| OBM_EncryptChangePassword function| OBM_EncryptChangePassword_Ex function| toString function| s2hex function| $ function| jQuery function| jsSHA function| submitloginForm function| submitCheckForm function| doLoad function| keyPress string| OT_KEY string| ENV_NAME number| isProd function| isCookieAllowed function| launchCookieCenter string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer boolean| DIF_dragging string| DIF_iframeBeingDragged object| DIF_iframeObjects object| DIF_iframeWindows object| DIF_iframeMouseDownLeft object| DIF_iframeMouseDownTop object| DIF_pageMouseDownLeft object| DIF_pageMouseDownTop object| DIF_handles number| DIF_highestZIndex boolean| DIF_raiseSelectedIframe boolean| DIF_allowDragOffScreen function| bringSelectedIframeToTop function| allowDragOffScreen function| addHandle function| DIF_getEventPosition function| DIF_getIframeId function| DIF_getObjectXY function| getSrcElement function| isHandleClicked function| DIF_begindrag function| DIF_enddrag function| DIF_mouseMove function| DIF_iframemove function| DIF_drag undefined| ns4 undefined| ie4 boolean| ns6 function| openIt function| openConfirm function| showError function| showConfirm function| closeDialog function| closeConfirmDialog function| restoreConfirm function| jsonFeed object| otStubData object| OneTrustStub number| timeb object| Optanon object| OneTrust

9 Cookies

Domain/Path Name / Value
vtm-dr-new.bankofamerica.com/ Name: TS01db6032
Value: 0176872a98f4e6dd66d449a755839ff8ee0a2be738c0e92aded3c6b8841c4087f541eb00097f79a3bb2587d7eedc50c40cb6e94714
vtm-dr-new.bankofamerica.com/ Name: nonce.SY5OGA.1653686689
Value: 594e4198-d992-4ed5-840b-d7f91a2870f2
fedsso.bankofamerica.com/ Name: PF
Value: Me8SKHiiF4WiiFGXDaZg9a
fedsso.bankofamerica.com/ Name: bac_persist
Value: 358952357.24515.0000
.bankofamerica.com/ Name: _bofalid
Value: x0n4Jd1BXvqHDa++vnCMNtXW1U5nCl4UjGj4lGBrZaY=
.fedsso.bankofamerica.com/ Name: TS0196f782
Value: 014074c58284ee2daae201035f74234cca807d9cb7479314a6c622558d05fb993d0cc8658ef704049e13fb9be0e271efb7253c3fbebb68a4b1e7e4d5559445b2878009e555f535985e3c14eb614714fdfc60f3301d884ae5a89edae2eec54a4260901009e6
vtm.bankofamerica.com/ Name: TS0101bd35
Value: 011e45b90950545b05724127544d2b5627e53b52ceeb5b6a6f5b841e23664dacf5c8b4e787fc02fd7ac0e720c4d58a31dfd690229a
vtm.bankofamerica.com/ Name: JSESSIONID
Value: j-T39VM8CGNuLZa7HyK8eosp4TlyjhEIubVawhXo3FMFq8Bv2VZx!1048382470
.vtm.bankofamerica.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Tue+May+24+2022+21%3A24%3A52+GMT%2B0000+(GMT)&version=6.18.0&hosts=&consentId=2c5bf319-0c2d-4383-95d3-63106223eec1&interactionCount=0&landingPath=https%3A%2F%2Fvtm.bankofamerica.com%2Fvtm%2Fauth%2Flogin%3FresumePath%3Dhttps%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2F2UX3F%2Fresume%2Fas%2Fauthorization.ping%26vnd_pi_requested_resource%3Dhttps%3A%2F%2Fvtm-dr-new.bankofamerica.com%2Fvtm%2FHome.do%26vnd_pi_application_name%3DA2977VTMEXTERNAL%26client_id%3DA2977VTMEXTERNAL&groups=C0001%3A1

2 Console Messages

Source Level URL
Text
javascript warning URL: https://vtm.bankofamerica.com/vtm/script/boa_cookies.js(Line 11)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://vtm.bankofamerica.com/vtm/script/boa_cookies.js(Line 11)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.cookielaw.org/consent/b58ebc44-d4fd-422f-9fe8-6c929c5ef37a/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' https://cdn.cookielaw.org *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block