urlscan.io logo urlscan.io
SecurityTrails logo

m-banckofamerica.com Open in urlscan Pro
2606:4700:3034::681b:a23d  Public Scan

Go To Rescan Add Verdict Report
URL: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Submission: On April 25 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3034::681b:a23d, located in United States and belongs to CLOUDFLARENET, US. The main domain is m-banckofamerica.com.
This is the only time m-banckofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2606:4700:303... 13335 (CLOUDFLAR...)
3 192.229.133.167 15133 (EDGECAST)
1 2 2a03:2880:f12... 32934 (FACEBOOK)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 23.111.11.182 33438 (HIGHWINDS2)
1 13.225.73.109 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
18 8
3    2606:4700:3034::681b:a23d (United States)

ASN13335 (CLOUDFLARENET, US)
m-banckofamerica.com
3    192.229.133.167 (United States)

ASN15133 (EDGECAST, US)
promo.bankofamerica.com
2    2a03:2880:f12d:84:face:b00c:0:14c9 (Ireland)

ASN32934 (FACEBOOK, US)
pixel.facebook.com
1    2606:4700:10::6814:432e (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.000webhost.com
1    23.111.11.182 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)
a.opmnstr.com
1    13.225.73.109 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-109.fra2.r.cloudfront.net
api.omappapi.com
1    2a00:1450:4001:818::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Domain Requested by
3 promo.bankofamerica.com m-banckofamerica.com
3 m-banckofamerica.com m-banckofamerica.com
2 pixel.facebook.com 1 redirects m-banckofamerica.com
1 ajax.googleapis.com a.opmnstr.com
1 api.omappapi.com a.opmnstr.com
1 a.opmnstr.com m-banckofamerica.com
1 cdn.000webhost.com m-banckofamerica.com
0 static.xx.fbcdn.net Failed m-banckofamerica.com
18 8

This site contains links to these domains. Also see Links.

Domain
www.bankofamerica.com
www.000webhost.com
Subject Issuer Validity Valid
campus.bankofamerica.com
Entrust Certification Authority - L1M		 2019-12-11 -
2020-12-11		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-04-15 -
2020-07-14		 3 months crt.sh
*.000webhost.com
COMODO RSA Domain Validation Secure Server CA		 2018-10-19 -
2020-12-17		 2 years crt.sh
*.opmnstr.com
Go Daddy Secure Certificate Authority - G2		 2019-04-11 -
2021-04-11		 2 years crt.sh
api.opmnstr.com
Amazon		 2020-04-09 -
2021-05-09		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Frame ID: C0DE16786FB52DD35CF28DEF14AD575D
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

18
Requests

44 %
HTTPS

57 %
IPv6

8
Domains

8
Subdomains

8
IPs

3
Countries

200 kB
Transfer

453 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://pixel.facebook.com/si/kappa/?Ko=p HTTP 302
  • https://pixel.facebook.com/si/kappa/stop/?Ka=AbHg9dV1EdGDlcWE&Kt=1587818712867&Ko=p

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/ 		40 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Protocol
HTTP/1.1
Server
2606:4700:3034::681b:a23d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
597e42751bdc53a35f6fb86eaa5d44d49a4d5256954f146cb8df0e2aea59dbec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
m-banckofamerica.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 25 Apr 2020 12:45:12 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=da0959821ee558fd26b04ef0c0e25fd6c1587818712; expires=Mon, 25-May-20 12:45:12 GMT; path=/; domain=.m-banckofamerica.com; HttpOnly; SameSite=Lax
Cache-Control
max-age=604800
Expires
Sat, 02 May 2020 12:45:12 GMT
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Request-ID
bc0b04475b87995437fc4f6aa9a3df01
CF-Cache-Status
DYNAMIC
Server
cloudflare
CF-RAY
589828e7ea2d1782-FRA
Content-Encoding
gzip
cf-request-id
0252f7e4f00000178224a5e200000001
main.css
promo.bankofamerica.com/advantage_banking/assets/styles/ 		47 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://promo.bankofamerica.com/advantage_banking/assets/styles/main.css
Requested by
Host: m-banckofamerica.com
URL: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.167 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (waw/17AD) /
Resource Hash
af7b3aa02480cb73b93aca4994720c5f3f1a08430450b693d0540bb72add6a7f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:;
Strict-Transport-Security max-age=31536000; includeSubdomains;, max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:;
content-encoding
gzip
etag
"bd8d-59bba63caa300-gzip"
age
340885
x-cache
HIT
status
200
strict-transport-security
max-age=31536000; includeSubdomains;, max-age=31536000; includeSubdomains;
content-length
8556
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge, IE=Edge
x-ec-custom-error
1
last-modified
Thu, 09 Jan 2020 19:55:24 GMT
server
ECS (waw/17AD)
x-frame-options
SAMEORIGIN, SAMEORIGIN
date
Sat, 25 Apr 2020 12:45:12 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
x-content-type-options
nosniff
expires
Fri, 26 Apr 2019 12:45:12 GMT
logo-bac-horiz-1.0.0.svg
promo.bankofamerica.com//global/assets/images/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.bankofamerica.com//global/assets/images/logo-bac-horiz-1.0.0.svg
Requested by
Host: m-banckofamerica.com
URL: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.167 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (ska/F706) /
Resource Hash
a47cdce3968d61ead724c86fb3a78423f83883085089011498e5925bec2a7ee2
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:;
Strict-Transport-Security max-age=31536000; includeSubdomains;, max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://m-banckofamerica.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:;
content-encoding
gzip
etag
"b89-59d61b1dd1d40-gzip"
age
18903
x-cache
HIT
status
200
strict-transport-security
max-age=31536000; includeSubdomains;, max-age=31536000; includeSubdomains;
content-length
1447
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge, IE=Edge
x-ec-custom-error
1
last-modified
Thu, 30 Jan 2020 20:56:45 GMT
server
ECS (ska/F706)
x-frame-options
SAMEORIGIN, SAMEORIGIN
date
Sat, 25 Apr 2020 12:45:12 GMT
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
x-content-type-options
nosniff
expires
Fri, 26 Apr 2019 12:45:12 GMT
cc-lRj.png
m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/cc-lRj.png
Requested by
Host: m-banckofamerica.com
URL: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Protocol
HTTP/1.1
Server
2606:4700:3034::681b:a23d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c652ed39e94eee8e09bea019d6832c0d18e2e2a55610dee09a5a93c108a03430
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 25 Apr 2020 12:45:12 GMT
X-Content-Type-Options
nosniff
CF-Cache-Status
HIT
Age
22215
Connection
keep-alive
Content-Length
94107
X-Xss-Protection
1; mode=block
X-Request-ID
3308bba1f0ce3a93bb865d16f8f43c4b
Last-Modified
Sat, 25 Apr 2020 04:31:14 GMT
Server
cloudflare
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=31536000
cf-request-id
0252f7e7110000178224a8c200000001
Accept-Ranges
bytes
CF-RAY
589828eb4c551782-FRA
Expires
Sun, 25 Apr 2021 06:34:57 GMT
/
pixel.facebook.com/si/kappa/stop/
Redirect Chain
  • https://pixel.facebook.com/si/kappa/?Ko=p
  • https://pixel.facebook.com/si/kappa/stop/?Ka=AbHg9dV1EdGDlcWE&Kt=1587818712867&Ko=p
67 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.facebook.com/si/kappa/stop/?Ka=AbHg9dV1EdGDlcWE&Kt=1587818712867&Ko=p
Requested by
Host: m-banckofamerica.com
URL: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://m-banckofamerica.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
x-fb-debug
Of30dMwt49ewK9yduFlVIaYPcahBoQIcCMhTp3Y0FDqrPSLMHuI8xgrHBuOEgiVuVqzMwg+pJAOIwdr17sx8gA==
content-encoding
br
x-content-type-options
nosniff
alt-svc
h3-27=":443"; ma=3600
x-frame-options
DENY
date
Sat, 25 Apr 2020 12:45:12 GMT, Sat, 25 Apr 2020 12:45:12 GMT
strict-transport-security
max-age=15552000; preload
content-type
image/png
status
200
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary
Accept-Encoding
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

pragma
no-cache
x-fb-debug
b8G0hh/gM3hDSYdbewf7zZMxcptIkE8v3Qytv+YV4SgyDg0Xv9xjVNYcWgFZ7rEbG1f+oKkALvmiRR1w3MenDA==
x-content-type-options
nosniff
status
302
x-frame-options
DENY
date
Sat, 25 Apr 2020 12:45:12 GMT, Sat, 25 Apr 2020 12:45:12 GMT
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
location
/si/kappa/stop/?Ka=AbHg9dV1EdGDlcWE&Kt=1587818712867&Ko=p
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
alt-svc
h3-27=":443"; ma=3600
content-length
0
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
ktVXW4FVYt4.js
static.xx.fbcdn.net/rsrc.php/v3/yt/r/ 		0
0
logo-bac-horiz-1.0.0.svg
promo.bankofamerica.com/global/assets/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.bankofamerica.com/global/assets/images/logo-bac-horiz-1.0.0.svg
Requested by
Host: m-banckofamerica.com
URL: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.167 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (waw/17B5) /
Resource Hash
a47cdce3968d61ead724c86fb3a78423f83883085089011498e5925bec2a7ee2
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:;
Strict-Transport-Security max-age=31536000; includeSubdomains;, max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://m-banckofamerica.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:;
content-encoding
gzip
etag
"b89-59d61b1dd1d40-gzip"
age
340917
x-cache
HIT
status
200
strict-transport-security
max-age=31536000; includeSubdomains;, max-age=31536000; includeSubdomains;
content-length
1447
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge, IE=Edge
x-ec-custom-error
1
last-modified
Thu, 30 Jan 2020 20:56:45 GMT
server
ECS (waw/17B5)
x-frame-options
SAMEORIGIN, SAMEORIGIN
date
Sat, 25 Apr 2020 12:45:12 GMT
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
x-content-type-options
nosniff
expires
Fri, 26 Apr 2019 12:45:12 GMT
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.000webhost.com/000webhost/logo/footer-powered-by-000webhost-white2.png
Requested by
Host: m-banckofamerica.com
URL: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:432e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
http://m-banckofamerica.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 12:45:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3433
cf-polished
origFmt=png, origSize=2046
status
200
content-disposition
inline; filename="footer-powered-by-000webhost-white2.webp"
x-hostinger-datacenter
srv
vary
Accept
content-length
1696
x-xss-protection
1; mode=block
last-modified
Wed, 15 Apr 2020 10:55:19 GMT
server
cloudflare
x-frame-options
sameorigin
etag
"5e96e817-7fe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000
content-type
image/webp
expires
Sat, 25 Apr 2020 16:45:12 GMT
cache-control
public, max-age=14400
x-hostinger-node
nl-srv-cdn2
cf-request-id
0252f7e71000001f4d061f1200000001
accept-ranges
bytes
cf-ray
589828eb4cd61f4d-FRA
cf-bgj
imgq:100,h2pri
api.min.js
a.opmnstr.com/app/js/ 		198 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.opmnstr.com/app/js/api.min.js
Requested by
Host: m-banckofamerica.com
URL: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.11.182 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
989e66ac173702f23dcd5078fa46b95b074c42448b206f40bb2f8748dcef1127

Request headers

Referer
http://m-banckofamerica.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 12:45:12 GMT
content-encoding
gzip
last-modified
Thu, 23 Apr 2020 16:53:56 GMT
server
NetDNA-cache/2.2
x-amz-request-id
27D87D6AD1D73E38
etag
W/"dc8fabcd15596d55462359e58907415f"
x-cache
HIT
content-type
application/javascript
status
200
cache-control
max-age=31104000
access-control-allow-origin
*
x-amz-id-2
DT7ZrKwmOpxNF9oP47Q9uJw9nKra/2GnfrhtPAS9xLgg5N5/4jvqDdk+yunBtWHz0vsb4cEa2UY=
expires
Tue, 20 Apr 2021 12:45:12 GMT
fond.png
m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/fond.png
Requested by
Host: m-banckofamerica.com
URL: http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
Protocol
HTTP/1.1
Server
2606:4700:3034::681b:a23d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0eb34017faf044ae8a66333482200375173cf0dc667c9a2e47fecff88a283a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://m-banckofamerica.com/wp-content/themes/twentytwenty/assets/fonts/inter/full/inf/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 25 Apr 2020 12:45:12 GMT
X-Content-Type-Options
nosniff
CF-Cache-Status
HIT
Age
22215
Connection
keep-alive
Content-Length
2866
X-Xss-Protection
1; mode=block
X-Request-ID
3395c1fc6c49c1804ee3f4e3f83e958c
Last-Modified
Sat, 25 Apr 2020 04:31:14 GMT
Server
cloudflare
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=31536000
cf-request-id
0252f7e72100001f191583f200000001
Accept-Ranges
bytes
CF-RAY
589828eb6e821f19-FRA
Expires
Sun, 25 Apr 2021 06:34:56 GMT
connections-regular-web-1.0.0.woff
promo.bankofamerica.com/global/assets/fonts/ 		0
0
connections-bold-web-1.0.0.woff
promo.bankofamerica.com/global/assets/fonts/ 		0
0
connections-italic-web-1.0.0.woff
promo.bankofamerica.com/global/assets/fonts/ 		0
0
connections-regular-web-1.0.0.ttf
promo.bankofamerica.com/global/assets/fonts/ 		0
0
connections-bold-web-1.0.0.ttf
promo.bankofamerica.com/global/assets/fonts/ 		0
0
connections-italic-web-1.0.0.ttf
promo.bankofamerica.com/global/assets/fonts/ 		0
0
f6brbmuxflyqoriatchv
api.omappapi.com/v2/embed/71036/ 		49 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.omappapi.com/v2/embed/71036/f6brbmuxflyqoriatchv
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.73.109 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-109.fra2.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
8d466c6617156bd98f4204582659a65b290b8044de3e85615b6c1824663bdf1b

Request headers

Referer
http://m-banckofamerica.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 12:45:13 GMT
content-encoding
gzip
x-cache-config
0 0
x-amz-cf-pop
FRA2-C2
x-cache-status
HIT
x-cache
Miss from cloudfront
status
200
access-control-allow-headers
X-CSRF-Token
x-optinmonster-campaign
f6brbmuxflyqoriatchv
x-user-agent
standard
server
Pagely Gateway/1.5.1
vary
Accept-Encoding, User-Agent
content-type
application/json;charset=utf-8
via
1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
access-control-expose-headers
X-OptinMonster-Campaign
access-control-allow-origin
*
x-amz-cf-id
ovBPdH2tNxRHowIFexMzxSqtOx6o0a4MvNSQGKrExbtHijs6oPLKjQ==
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.5.18/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://m-banckofamerica.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 17:38:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
155182
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
6490
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 23 Apr 2021 17:38:51 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/ktVXW4FVYt4.js
Domain
promo.bankofamerica.com
URL
https://promo.bankofamerica.com/global/assets/fonts/connections-regular-web-1.0.0.woff
Domain
promo.bankofamerica.com
URL
https://promo.bankofamerica.com/global/assets/fonts/connections-bold-web-1.0.0.woff
Domain
promo.bankofamerica.com
URL
https://promo.bankofamerica.com/global/assets/fonts/connections-italic-web-1.0.0.woff
Domain
promo.bankofamerica.com
URL
https://promo.bankofamerica.com/global/assets/fonts/connections-regular-web-1.0.0.ttf
Domain
promo.bankofamerica.com
URL
https://promo.bankofamerica.com/global/assets/fonts/connections-bold-web-1.0.0.ttf
Domain
promo.bankofamerica.com
URL
https://promo.bankofamerica.com/global/assets/fonts/connections-italic-web-1.0.0.ttf

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| envFlush object| Env number| __DEV__ function| check_cc object| elems function| getCookie undefined| wordpressAdminBody object| notification object| hostingerLogo undefined| mainContent object| wpSidebar object| wpTopBarRight undefined| googleFont undefined| css undefined| style undefined| sheet undefined| button undefined| link undefined| mainContentHolder undefined| h1Tag undefined| h2Tag undefined| paragraph undefined| list undefined| org_html undefined| new_html undefined| saleImage function| setImmediate function| clearImmediate function| OptinMonsterApp boolean| om_loaded object| f6brbmuxflyqoriatchv object| _omapp object| omf6brbmuxflyqoriatchv object| WebFont

3 Cookies

Domain/Path Name / Value
m-banckofamerica.com/ Name: _omappvs
Value: 1587818713085
m-banckofamerica.com/ Name: _omappvp
Value: rZrCn3b1JrNHcdj8kSL7ltmzs1N1ArVWVshbpHuvVi1Aks6xXJUYBb30bQxiaVRJNu5g6dj2mHwV6SSxurkLjpfknBLrThb2
.m-banckofamerica.com/ Name: __cfduid
Value: da0959821ee558fd26b04ef0c0e25fd6c1587818712

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block