securemsg.bankofamerica.com Open in urlscan Pro
171.159.226.71 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://securemsg.bankofamerica.com/index.html
Effective URL:
https://securemsg.bankofamerica.com/index.html
Submission: On May 17 via manual (May 17th 2024, 5:57:33 am UTC) from US — Scanned from DE

Summary HTTP 17 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 17 HTTP transactions. The main IP is 171.159.226.71, located in United States and belongs to BANKAMERICA, US. The main domain is securemsg.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on March 21st 2024. Valid for: a year.

This is the only time securemsg.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	171.159.226.71 171.159.226.71	10794 (BANKAMERICA) (BANKAMERICA)
8	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	4

5 171.159.226.71 (United States)

ASN10794 (BANKAMERICA, US)

securemsg.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 312	146 KB
5	bankofamerica.com securemsg.bankofamerica.com	19 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 533	295 B
17	3

	Domain	Requested by
8	cdn.cookielaw.org	securemsg.bankofamerica.com cdn.cookielaw.org
5	securemsg.bankofamerica.com	securemsg.bankofamerica.com
1	geolocation.onetrust.com	cdn.cookielaw.org
17	3

This site contains links to these domains. Also see Links.

Domain
www.bankofamerica.com
business.bofa.com
secure.bankofamerica.com
www.onetrust.com

Subject Issuer	Validity	Valid
securemsg.bankofamerica.com Entrust Certification Authority - L1M	`2024-03-21` - `2025-04-21`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://securemsg.bankofamerica.com/index.html
Frame ID: CA702BFF5D01DF8DCA39B29451BBBE53
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank of America Secure Messaging Home Page

Page URL History Show full URLs

http://securemsg.bankofamerica.com/index.html HTTP 307
https://securemsg.bankofamerica.com/index.html Page URL

Detected technologies

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

17
Requests

82 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

166 kB
Transfer

613 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bankofamerica.com/contactus/contactus.go
Title: click here

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/content/documents/privacy/Cookie_Guide_eng.pdf
Title: Cookie Policy (PDF)

Search URL Search Domain Scan URL

URL: https://business.bofa.com/en-us/content/global-privacy-notices.html
Title: Institutional Privacy

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/security-center/privacy-overview/
Title: Consumer Privacy

Search URL Search Domain Scan URL

URL: https://secure.bankofamerica.com/customer/public/privacy.go?request_locale=en-US
Title: Privacy Page.

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/security-center/ccpa-disclosure/
Title: California Consumer Privacy Act Notice.

Search URL Search Domain Scan URL

URL: https://secure.bankofamerica.com/customer-preferences/public/personal-information-request/#!/page1/
Title: CA Personal Information Request form.

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://securemsg.bankofamerica.com/index.html HTTP 307
https://securemsg.bankofamerica.com/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index.html Show response
securemsg.bankofamerica.com/
Redirect Chain

http://securemsg.bankofamerica.com/index.html
https://securemsg.bankofamerica.com/index.html

7 KB
3 KB

895ms
130ms

Document
text/html

171.159.226.71
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://securemsg.bankofamerica.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.226.71 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

d61f57ad5e1a1de2a53027f363991320f9878bfdcb43e71c45d5c094d143225a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 2071
Content-Security-Policy: default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Content-Type: text/html
Date: Fri, 17 May 2024 05:57:19 GMT
ETag: "080ed6b3e75da1:0"
Last-Modified: Wed, 13 Mar 2024 12:03:12 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

Redirect headers

Location: https://securemsg.bankofamerica.com/index.html
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK pe.css
securemsg.bankofamerica.com/ 1 KB
1 KB 128ms
127ms Stylesheet
text/css 171.159.226.71
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://securemsg.bankofamerica.com/pe.css

Requested by

Host: securemsg.bankofamerica.com
URL: https://securemsg.bankofamerica.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.226.71 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

b68620a230e8feccbc80699c13972de49cfc2cc3e45af904d32ba4643c84c6c5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 13 Mar 2024 12:03:12 GMT
Date: Fri, 17 May 2024 05:57:19 GMT
ETag: "080ed6b3e75da1:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 610
X-Xss-Protection: 1; mode=block

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/consent/64af94a0-1d18-480d-8fd5-47286c4308bd-test/ 20 KB
7 KB 182ms
88ms Script
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/64af94a0-1d18-480d-8fd5-47286c4308bd-test/otSDKStub.js

Requested by

Host: securemsg.bankofamerica.com
URL: https://securemsg.bankofamerica.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/
Origin: https://securemsg.bankofamerica.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 17 May 2024 05:57:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: 1C7BuQ3LGAlBcdxyvs3Sgw==
content-length: 6884
x-ms-lease-status: unlocked
last-modified: Fri, 15 Mar 2024 22:03:31 GMT
server: cloudflare
etag: 0x8DC453BC08E0883
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 39f3869a-901e-004a-701f-a8710e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 88515ec559800487-FRA

GET
H/1.1 200
OK bofa_lo1_rgb.svg
securemsg.bankofamerica.com/ 11 KB
12 KB 255ms
127ms Image
image/svg+xml 171.159.226.71
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securemsg.bankofamerica.com/bofa_lo1_rgb.svg

Requested by

Host: securemsg.bankofamerica.com
URL: https://securemsg.bankofamerica.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.226.71 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

590d23038e1abd59d0629fcc8d5ac987178e7c47f2bd0992391e33d71394c8c2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Date: Fri, 17 May 2024 05:57:19 GMT
Last-Modified: Wed, 13 Mar 2024 12:03:12 GMT
ETag: "080ed6b3e75da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 11553
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK pill.svg
securemsg.bankofamerica.com/ 925 B
1 KB 378ms
131ms Image
image/svg+xml 171.159.226.71
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securemsg.bankofamerica.com/pill.svg

Requested by

Host: securemsg.bankofamerica.com
URL: https://securemsg.bankofamerica.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.226.71 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

6e40c58304e1ffed8e8fd32b05257620823b7dafcd99c782017075c734eb45ad

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Date: Fri, 17 May 2024 05:57:19 GMT
Last-Modified: Wed, 13 Mar 2024 12:03:12 GMT
ETag: "080ed6b3e75da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 925
X-Xss-Protection: 1; mode=block

GET
H2 200 64af94a0-1d18-480d-8fd5-47286c4308bd-test.json Show response
cdn.cookielaw.org/consent/64af94a0-1d18-480d-8fd5-47286c4308bd-test/ 5 KB
2 KB 93ms
92ms XHR
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/64af94a0-1d18-480d-8fd5-47286c4308bd-test/64af94a0-1d18-480d-8fd5-47286c4308bd-test.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/64af94a0-1d18-480d-8fd5-47286c4308bd-test/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9aafb7feb6865c0696dbf68fbb139bdb1f5c517019ca01fbdb47acbb202df2ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 17 May 2024 05:57:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: d2FnIZvkA7BkSdvT04JYSA==
content-length: 1765
x-ms-lease-status: unlocked
last-modified: Fri, 15 Mar 2024 22:03:31 GMT
server: cloudflare
etag: 0x8DC453BC0B3B338
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 45c5c1ea-501e-007e-171f-a8dea6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 88515ec5f9fe0487-FRA

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
295 B 154ms
62ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/64af94a0-1d18-480d-8fd5-47286c4308bd-test/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
accept: application/json
Referer: https://securemsg.bankofamerica.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 17 May 2024 05:57:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 88515ec71bcd3aa2-FRA
access-control-allow-headers: Content-Type

GET
H/1.1 404
Not Found favicon.ico
securemsg.bankofamerica.com/ 1 KB
2 KB 127ms
127ms Other
text/html 171.159.226.71
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://securemsg.bankofamerica.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.226.71 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/index.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Date: Fri, 17 May 2024 05:57:19 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Content-Length: 1245
X-Xss-Protection: 1; mode=block

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202401.1.0/ 429 KB
105 KB 52ms
52ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/64af94a0-1d18-480d-8fd5-47286c4308bd-test/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f075666e5f9e02cbe0365afe084529b44d65e3f7c28f9ec483a87e37d63120bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/
Origin: https://securemsg.bankofamerica.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 17 May 2024 05:57:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: g8NxcYp0IaoBIOhpMNVD1w==
age: 69748
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 106568
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 09:27:22 GMT
server: cloudflare
etag: 0x8DC3E88CB118B87
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f07642ca-b01e-0015-2124-772e30000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 88515ec78b4f0487-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/64af94a0-1d18-480d-8fd5-47286c4308bd-test/018df06d-99fa-74fe-8b36-0e6f708de64a/ 40 KB
12 KB 86ms
85ms Fetch
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/64af94a0-1d18-480d-8fd5-47286c4308bd-test/018df06d-99fa-74fe-8b36-0e6f708de64a/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202401.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0db623a3df7855c7340dabd8c588f3603afa11b5be5929ba475a7116b56516fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 17 May 2024 05:57:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: tX6Kwpg0OeTtbDk8j6mpxg==
content-length: 11854
x-ms-lease-status: unlocked
last-modified: Fri, 15 Mar 2024 22:03:40 GMT
server: cloudflare
etag: 0x8DC453BC5C80C1C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f4b3554b-201e-0035-1c1f-a8ef3c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 88515ec85c0f0487-FRA

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202401.1.0/assets/ 13 KB
3 KB 54ms
54ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202401.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 17 May 2024 05:57:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cY5y5oOgkrkmN13/L7bZ7g==
age: 69417
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 09:27:16 GMT
server: cloudflare
etag: 0x8DC3E88C74EAA0F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 65a5a011-a01e-0009-5d24-777c50000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 88515ec8ecb00487-FRA

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/202401.1.0/assets/v2/ 63 KB
13 KB 61ms
60ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.1.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202401.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d18f313f2489ed91cd15cf94a1e5668b8b0da8318f593d980228000a1757702f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 17 May 2024 05:57:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: YtaXBixFyq2CwF1kGBMxUw==
age: 799
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13587
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 09:27:18 GMT
server: cloudflare
etag: 0x8DC3E88C8D22A3A
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f6d30c4f-101e-009a-7e67-79a75a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 88515ec8ecb70487-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202401.1.0/assets/ 21 KB
4 KB 55ms
54ms Fetch
text/css 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202401.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 17 May 2024 05:57:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 799
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 09:27:27 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 6b648c69-b01e-002a-1024-77e693000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 88515ec8ecba0487-FRA

GET ot_close.svg
cdn.cookielaw.org/logos/static/ 0
0

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
526 B 294ms
294ms Fetch
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202401.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://securemsg.bankofamerica.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 17 May 2024 05:57:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 799
x-ms-lease-status: unlocked
last-modified: Thu, 16 May 2024 02:06:18 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 31428900-201e-0035-759f-a7ef3c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 88515ec97d210487-FRA

GET BOA.PNG
cdn.cookielaw.org/logos/9b1b72d0-06ef-4e7c-9b2a-e8bc09f34daf/5a21514a-3b71-4677-b52d-207b6f11ff68/fceb4368-db91-43cf-af24-36ac5b5badc2/ 0
0

GET powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/logos/static/ot_close.svg

Domain: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/logos/9b1b72d0-06ef-4e7c-9b2a-e8bc09f34daf/5a21514a-3b71-4677-b52d-207b6f11ff68/fceb4368-db91-43cf-af24-36ac5b5badc2/BOA.PNG

Domain: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			securemsg.bankofamerica.com/	1970-01-21 00:57:57	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+May+17+2024+07%3A57%3A29+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202401.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=83ca5066-2a29-4e47-86ad-22b22d4755dd&interactionCount=0&landingPath=https%3A%2F%2Fsecuremsg.bankofamerica.com%2Findex.html&groups=CCBA%3A1%2CC0001%3A1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://securemsg.bankofamerica.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://cdn.cookielaw.org/scripttemplates/202401.1.0/otBannerSdk.js(Line 6) Message: Refused to load the image 'https://cdn.cookielaw.org/logos/static/ot_close.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://securemsg.bankofamerica.com/index.html Message: Refused to load the image 'https://cdn.cookielaw.org/logos/9b1b72d0-06ef-4e7c-9b2a-e8bc09f34daf/5a21514a-3b71-4677-b52d-207b6f11ff68/fceb4368-db91-43cf-af24-36ac5b5badc2/BOA.PNG' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://securemsg.bankofamerica.com/index.html Message: Refused to load the image 'https://cdn.cookielaw.org/logos/static/powered_by_logo.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org;img-src 'self' data:; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.cookielaw.org
geolocation.onetrust.com
securemsg.bankofamerica.com
cdn.cookielaw.org
171.159.226.71
2606:4700:4400::ac40:9b77
2606:4700::6813:b234
0db623a3df7855c7340dabd8c588f3603afa11b5be5929ba475a7116b56516fb
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
590d23038e1abd59d0629fcc8d5ac987178e7c47f2bd0992391e33d71394c8c2
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6e40c58304e1ffed8e8fd32b05257620823b7dafcd99c782017075c734eb45ad
8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1
9aafb7feb6865c0696dbf68fbb139bdb1f5c517019ca01fbdb47acbb202df2ca
b68620a230e8feccbc80699c13972de49cfc2cc3e45af904d32ba4643c84c6c5
d18f313f2489ed91cd15cf94a1e5668b8b0da8318f593d980228000a1757702f
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d61f57ad5e1a1de2a53027f363991320f9878bfdcb43e71c45d5c094d143225a
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
f075666e5f9e02cbe0365afe084529b44d65e3f7c28f9ec483a87e37d63120bb

securemsg.bankofamerica.com Open in urlscan Pro 171.159.226.71 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

82 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

166 kBTransfer

613 kBSize

1 Cookies

8 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

1 Cookies

4 Console Messages

Security Headers

Indicators

securemsg.bankofamerica.com Open in urlscan Pro
171.159.226.71 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

82 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

166 kB
Transfer

613 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions