urlscan.io logo urlscan.io
SecurityTrails logo

thevault.bankofamerica.com Open in urlscan Pro
18.212.46.115  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://thevault.bankofamerica.com/
Effective URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Submission: On November 12 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 18 HTTP transactions. The main IP is 18.212.46.115, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is thevault.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on December 16th 2020. Valid for: a year.
This is the only time thevault.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 15 18.212.46.115 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
18 5
Domain Requested by
15 thevault.bankofamerica.com 1 redirects thevault.bankofamerica.com
2 fonts.googleapis.com thevault.bankofamerica.com
1 fonts.gstatic.com fonts.googleapis.com
1 maxcdn.bootstrapcdn.com thevault.bankofamerica.com
18 4

This site contains links to these domains. Also see Links.

Domain
fedsso.bankofamerica.com
Subject Issuer Validity Valid
thevault.bankofamerica.com
Entrust Certification Authority - L1M		 2020-12-16 -
2021-12-16		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Frame ID: E1368258E01A5F79262D1563DDFDBE42
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bank Of America - Login/Registration

Page URL History Show full URLs

  1. https://thevault.bankofamerica.com/ HTTP 302
    https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False Page URL

Page Statistics

18
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

792 kB
Transfer

2117 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://thevault.bankofamerica.com/ HTTP 302
    https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request CS.aspx
thevault.bankofamerica.com/
Redirect Chain
  • https://thevault.bankofamerica.com/
  • https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
26 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0 ASP.NET
Resource Hash
2b3b15bae913bad751035aa9056951bcd4cd2347977686ec5a56fb81927caca8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
content-security-policy
frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
feature-policy
geolocation 'none'
referrer-policy
same-origin
content-security-policy-report-only
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals
x-content-type-options
nosniff nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
ARR/3.0 ASP.NET
date
Fri, 12 Nov 2021 19:54:51 GMT
content-length
10981

Redirect headers

cache-control
no-store, no-cache
content-type
text/html; charset=utf-8
location
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
content-security-policy
frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
feature-policy
geolocation 'none'
referrer-policy
same-origin
content-security-policy-report-only
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals
x-content-type-options
nosniff nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
ARR/3.0 ASP.NET
date
Fri, 12 Nov 2021 19:54:51 GMT
content-length
204
css
fonts.googleapis.com/ 		5 KB
598 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Muli:400,400i,600,700,800
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
48cbfcefaff850997abb051be6c6abb36d19b709fb0111c9cc4f8b4d343e8fdf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
clear
x-xss-protection
0
last-modified
Fri, 12 Nov 2021 19:57:40 GMT
server
ESF
date
Fri, 12 Nov 2021 19:57:40 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 12 Nov 2021 19:57:40 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 12 Nov 2021 19:57:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 617
age
3121060
cdn-cachedat
2021-07-24 08:09:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
1b00e9671224b437bf3914cf33baf521
cf-ray
6ad254a60bc52b29-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
css
fonts.googleapis.com/ 		2 KB
876 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7888a75eac5f8b9dc4c448f10e8dc9030fcae612cb236f1a9e9700d56ae6ef34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
clear
x-xss-protection
0
last-modified
Fri, 12 Nov 2021 19:54:56 GMT
server
ESF
date
Fri, 12 Nov 2021 19:57:40 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 12 Nov 2021 19:57:40 GMT
FrontEnd_SkinFamily95d064ebfc61f5728c9cff21393e3b27.css
thevault.bankofamerica.com/ClientFiles/COR/Styles/TEMP_SFf17b3e/ 		604 KB
117 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://thevault.bankofamerica.com/ClientFiles/COR/Styles/TEMP_SFf17b3e/FrontEnd_SkinFamily95d064ebfc61f5728c9cff21393e3b27.css
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
94fcb47ee05b32ef9b2e4e2540af46d708b06d0acd6e57131b7aae87e5a5fac7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff, nosniff
last-modified
Fri, 12 Nov 2021 08:01:23 GMT
x-powered-by
ARR/3.0, ASP.NET
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
date
Fri, 12 Nov 2021 19:54:51 GMT
accept-ranges
bytes
content-length
119217
etag
"80cbf07b9bd7d71:0"
Fonts_92239b8ec19c7495d2ae99d44e368940.css
thevault.bankofamerica.com/ClientFiles/COR/Styles/TEMP_SFf17b3e/ 		175 KB
132 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://thevault.bankofamerica.com/ClientFiles/COR/Styles/TEMP_SFf17b3e/Fonts_92239b8ec19c7495d2ae99d44e368940.css
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
2873a0cda07835725f6bbc0bd42b63eadaecf87f889e49b5d7d71acb28299ec7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff, nosniff
last-modified
Fri, 12 Nov 2021 08:01:38 GMT
x-powered-by
ARR/3.0, ASP.NET
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
date
Fri, 12 Nov 2021 19:54:51 GMT
accept-ranges
bytes
content-length
135471
etag
"09de1849bd7d71:0"
637626261340000000.js
thevault.bankofamerica.com/Include/TEMP3/ 		961 KB
257 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://thevault.bankofamerica.com/Include/TEMP3/637626261340000000.js
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
af24aef02e570903dda39e13bff93a263c9bb81ae9ca50e5cb03ac882e1db2f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff, nosniff
last-modified
Fri, 12 Nov 2021 08:01:15 GMT
x-powered-by
ARR/3.0, ASP.NET
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
date
Fri, 12 Nov 2021 19:54:51 GMT
accept-ranges
bytes
content-length
262942
etag
"80172c779bd7d71:0"
ajax-loader.gif
thevault.bankofamerica.com/ClientFiles/COR/Images/ 		740 B
854 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thevault.bankofamerica.com/ClientFiles/COR/Images/ajax-loader.gif
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
c03648d5942c77a33eff64037c96e24ce8dbce2c877d9163e041ea2e36b83608
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff, nosniff
last-modified
Fri, 05 Feb 2021 19:19:23 GMT
x-powered-by
ARR/3.0, ASP.NET
content-type
image/gif
cache-control
max-age=2592000
date
Fri, 12 Nov 2021 19:54:53 GMT
accept-ranges
bytes
content-length
740
etag
"802f72cff3fbd61:0"
BA8MSC1154.png
thevault.bankofamerica.com/Assets/V2/ChFCQTFTNTAwMDAwMDAwMDAwNxIGVFJNaXNjGiVcVFJNaXNjXDI0XDExXDc2XGM3XDdmXEJBOE1TQzExNTQucG5nIgQIARAP~/3MFy4DjEUYAnsMrJ/3MFy4DjEUYAnsMrJ/ 		117 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thevault.bankofamerica.com/Assets/V2/ChFCQTFTNTAwMDAwMDAwMDAwNxIGVFJNaXNjGiVcVFJNaXNjXDI0XDExXDc2XGM3XDdmXEJBOE1TQzExNTQucG5nIgQIARAP~/3MFy4DjEUYAnsMrJ/3MFy4DjEUYAnsMrJ/BA8MSC1154.png
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
4b16b4b03ef955fa49990fe07ace74441526df8e824e0d2817a985f244a5cfd5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
x-content-type-options
nosniff, nosniff
x-powered-by
ARR/3.0, ASP.NET
content-security-policy-report-only
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals
date
Fri, 12 Nov 2021 19:54:53 GMT
content-disposition
inline; filename=BA8MSC1154.png;
content-length
119470
x-xss-protection
1; mode=block
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
etag
"9f7382012dbca16c"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
public, max-age=86400
feature-policy
geolocation 'none'
accept-ranges
bytes
BA5MSC2585.png
thevault.bankofamerica.com/Assets/V2/ChFCQTFTNTAwMDAwMDAwMDAwNxIGVFJNaXNjGiVcVFJNaXNjXDRiXDk3XDNlXDU5XGU3XEJBNU1TQzI1ODUucG5nIgQIARAP~/Kci26FaKKtnWydqK/Kci26FaKKtnWydqK/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thevault.bankofamerica.com/Assets/V2/ChFCQTFTNTAwMDAwMDAwMDAwNxIGVFJNaXNjGiVcVFJNaXNjXDRiXDk3XDNlXDU5XGU3XEJBNU1TQzI1ODUucG5nIgQIARAP~/Kci26FaKKtnWydqK/Kci26FaKKtnWydqK/BA5MSC2585.png
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
2ec1b1a5cbb6c8497581a6e38afc5e2144ed9d52bcbd17e6cd987f785172caff
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
x-content-type-options
nosniff, nosniff
x-powered-by
ARR/3.0, ASP.NET
content-security-policy-report-only
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals
date
Fri, 12 Nov 2021 19:54:53 GMT
content-disposition
inline; filename=BA5MSC2585.png;
content-length
6467
x-xss-protection
1; mode=block
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
etag
"9f7382012dbca16c"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
public, max-age=86400
feature-policy
geolocation 'none'
accept-ranges
bytes
Blank.gif
thevault.bankofamerica.com/ClientFiles/COR/Images/Cortex3/ 		154 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thevault.bankofamerica.com/ClientFiles/COR/Images/Cortex3/Blank.gif
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/ClientFiles/COR/Styles/TEMP_SFf17b3e/FrontEnd_SkinFamily95d064ebfc61f5728c9cff21393e3b27.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
b10f11e04cdcb585e127ffda10a7b66a6b69170f2d42438346db4d0c2ab3c2c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/ClientFiles/COR/Styles/TEMP_SFf17b3e/FrontEnd_SkinFamily95d064ebfc61f5728c9cff21393e3b27.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff, nosniff
last-modified
Fri, 05 Feb 2021 19:19:23 GMT
x-powered-by
ARR/3.0, ASP.NET
content-type
image/gif
cache-control
max-age=2592000
date
Fri, 12 Nov 2021 19:54:53 GMT
accept-ranges
bytes
content-length
154
etag
"802f72cff3fbd61:0"
transparent_pixel.png
thevault.bankofamerica.com/ClientFiles/COR/Images/ 		110 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thevault.bankofamerica.com/ClientFiles/COR/Images/transparent_pixel.png
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
859e0d54ce7aae5de46f9ac67a24313fed8bd042baa8cd3135a1395db5aef5c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff, nosniff
last-modified
Fri, 05 Feb 2021 19:19:23 GMT
x-powered-by
ARR/3.0, ASP.NET
content-type
image/png
cache-control
max-age=2592000
date
Fri, 12 Nov 2021 19:54:53 GMT
accept-ranges
bytes
content-length
110
etag
"802f72cff3fbd61:0"
OLXMSC3092.png
thevault.bankofamerica.com/Assets/V2/ChFCQTFTNTAwMDAwMDAwMDAwNxIGVFJNaXNjGiVcVFJNaXNjXGYzXDZkXDM2XDZiXDA0XE9MWE1TQzMwOTIucG5nIgQIARAP~/9O2aiDaRg8JKHqtn/9O2aiDaRg8JKHqtn/ 		247 B
323 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thevault.bankofamerica.com/Assets/V2/ChFCQTFTNTAwMDAwMDAwMDAwNxIGVFJNaXNjGiVcVFJNaXNjXGYzXDZkXDM2XDZiXDA0XE9MWE1TQzMwOTIucG5nIgQIARAP~/9O2aiDaRg8JKHqtn/9O2aiDaRg8JKHqtn/OLXMSC3092.png
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
3c02368c0b5a99314831f8b6853fe64d936f35ac44452d334dc3747e81033dfa
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
x-content-type-options
nosniff, nosniff
x-powered-by
ARR/3.0, ASP.NET
content-security-policy-report-only
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals
date
Fri, 12 Nov 2021 19:54:53 GMT
content-disposition
inline; filename=OLXMSC3092.png;
content-length
247
x-xss-protection
1; mode=block
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
etag
"9f7382012dbca16c"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
public, max-age=86400
feature-policy
geolocation 'none'
accept-ranges
bytes
OLXMSC3088.png
thevault.bankofamerica.com/Assets/V2/ChFCQTFTNTAwMDAwMDAwMDAwNxIGVFJNaXNjGiVcVFJNaXNjXGFhXDliXGI1XGI4XGVhXE9MWE1TQzMwODgucG5nIgQIARAP~/fueuCUvlu@esu1Kx/fueuCUvlu@esu1Kx/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thevault.bankofamerica.com/Assets/V2/ChFCQTFTNTAwMDAwMDAwMDAwNxIGVFJNaXNjGiVcVFJNaXNjXGFhXDliXGI1XGI4XGVhXE9MWE1TQzMwODgucG5nIgQIARAP~/fueuCUvlu@esu1Kx/fueuCUvlu@esu1Kx/OLXMSC3088.png
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
99c53addc6c6081e32779304fc593a7ebad97830769cd117455d264f3a1c4e5a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
x-content-type-options
nosniff, nosniff
x-powered-by
ARR/3.0, ASP.NET
content-security-policy-report-only
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals
date
Fri, 12 Nov 2021 19:54:53 GMT
content-disposition
inline; filename=OLXMSC3088.png;
content-length
1110
x-xss-protection
1; mode=block
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
etag
"9f7382012dbca16c"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
public, max-age=86400
feature-policy
geolocation 'none'
accept-ranges
bytes
truncated
/ 		43 KB
43 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
01b5e4649abf23b4ea9e95ed92be027a3074e90f92e05d58f99d3b4572d4fde7

Request headers

Referer
Origin
https://thevault.bankofamerica.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
font/opentype
truncated
/ 		43 KB
43 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b666aa084f85c32458c7f0069bddba76d5a278c2b4c44d15432c1a5521090d7e

Request headers

Referer
Origin
https://thevault.bankofamerica.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
font/opentype
7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v22/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTLGLQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:400,400i,600,700,800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://thevault.bankofamerica.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 12 Nov 2021 02:58:14 GMT
x-content-type-options
nosniff
age
61166
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
clear
content-length
31120
x-xss-protection
0
last-modified
Wed, 15 Jul 2020 20:50:02 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 12 Nov 2022 02:58:14 GMT
637626261340000000_dyn.js
thevault.bankofamerica.com/Include/TEMP3/ 		58 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://thevault.bankofamerica.com/Include/TEMP3/637626261340000000_dyn.js?version=MjAyMS0wOC0yMCAwNDoyNjozNi4wMDA
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/Include/TEMP3/637626261340000000.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
93c04942ddce28aee55baebca0d29253fe64191d16c18489b369edf0b1702027
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff, nosniff
last-modified
Fri, 12 Nov 2021 08:01:15 GMT
x-powered-by
ARR/3.0, ASP.NET
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
date
Fri, 12 Nov 2021 19:54:53 GMT
accept-ranges
bytes
content-length
17811
etag
"80172c779bd7d71:0"
AlterSession.aspx
thevault.bankofamerica.com/htm/ 		0
60 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://thevault.bankofamerica.com/htm/AlterSession.aspx?BrowserTimezoneOffset=0
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/Include/TEMP3/637626261340000000.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
referrer-policy
same-origin
x-powered-by
ARR/3.0, ASP.NET
date
Fri, 12 Nov 2021 19:54:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/html
x-xss-protection
1; mode=block
cache-control
no-store, no-cache
feature-policy
geolocation 'none'
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy-report-only
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals
content-length
0
x-content-type-options
nosniff, nosniff
Resolution.aspx
thevault.bankofamerica.com/htm/ 		13 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://thevault.bankofamerica.com/htm/Resolution.aspx?W=1600&H=1200&dummy=1636747063369
Requested by
Host: thevault.bankofamerica.com
URL: https://thevault.bankofamerica.com/Include/TEMP3/637626261340000000.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.212.46.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-212-46-115.compute-1.amazonaws.com
Software
/ ARR/3.0, ASP.NET
Resource Hash
c932ee77b51a2d96efe71d299cc26852cd12e7abc0a7f2cef7622803cd0bacbc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
content-encoding
gzip
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
x-powered-by
ARR/3.0, ASP.NET
date
Fri, 12 Nov 2021 19:54:54 GMT
vary
Accept-Encoding
content-type
text/html; charset=utf-8
x-xss-protection
1; mode=block
cache-control
no-store, no-cache
feature-policy
geolocation 'none'
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy-report-only
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals
content-length
5936
x-content-type-options
nosniff, nosniff

Verdicts & Comments Add Verdict or Comment

258 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler boolean| CSPEnabled function| UtilsLoadScript function| UtilsEvalScripts function| UtilsEvalScriptsWithResult function| UtilsValidateNonceAlt function| UtilsValidateNonce function| CSP function| DOMChangesQueue function| FastArray function| $Elt function| $E function| $PI function| $S function| $SetStyle function| $SetCss function| $AddClass function| $RemoveClass function| $ReplaceClass function| $HasClass function| $SwitchClass function| $Control function| $AddEvent function| $AddAction function| $LS function| $LE function| CacheMgr function| ConstProperties function| ConstValues function| ControlHeap function| ControlMgr function| ControlsUtils function| CtrlEventMgr function| CtrlEvent function| Dependency function| HistoryMgr function| ImageMgr function| PositionItem function| GetHeightIFrame function| GetWidthIFrame function| getStyle function| PositionMgr function| PostRenderMgr function| PreRenderMgr function| Point function| ResizeMgr function| Collection function| EventItem function| EventTable function| RegisterControlEvent function| RegisterButtonEvent function| RegisterButtonClickDblClickEvent function| RegisterTextAreaEvent function| RegisterImageEvent function| TriggerItem function| TriggerTable function| VFormInfoItem function| VFormInfoTable function| DraggableItem function| DroppableItem function| FramesMgr function| MultipleSelectionMgr function| SelectionItem function| StackMgr function| StringBuilder function| StyleMgr function| WaitingPopupMgr function| ClearAction function| CloseWindowAction function| ExecuteScriptAction function| ParamValueUpdateAction function| RefreshMgrAction function| BlurAdvEvent function| BlurEvent function| ChangeEvent function| ClickDeferredMgr function| ClickDeferredEvent function| ClickEvent function| ClickOutEvent function| DragFilesInBrowserEvent function| FocusEvent function| MouseDownEvent function| OrientationChangeEvent function| OutEvent function| OverEvent function| ScrollDownEvent function| ScrollUpEvent function| ShortcutEvent function| ShowEvent function| SwipeEvent function| WindowExitEvent function| WindowResizeEvent function| AutoCompContainer function| AutoCompInvokedWithChar function| AutoCompletionProperties function| AutoCompMultiEntry function| AutoCompTextarea function| ComplexAutoCompProperties function| AttachZoomForImage function| AttachZoomForLabel function| HandleAttachZoom function| HandleAyncAttachZoom function| AttachZoom function| SetImageResponsive function| GetParentWidth function| IsInEditMode function| AutoExpandHeight function| AutoScaleProperties function| AutoScroll function| ClassProperties function| ClearCacheProperties function| ClipboardProperties function| CommandProperties function| M5ServerContextMenuHandler function| CustomScrollbarProperties function| DeactivateBackProperties function| DefaultActionProperties function| DeferInject function| DragProperties function| DropProperties function| DynamicChildrenVisibilityMgr function| DynamicChildrenVisibilityProperties function| EditableTable function| EffectProperties function| FileNameOnDropProperties function| FixedPos function| FixedProperties function| FocusProperties function| FoldProperties function| FreeHtmlContainer function| HyperlinkProperties function| InPlaceEditorProperties function| LoadingAjaxMgr function| LoadingAjaxProperties function| LoadingPostBackMgr function| LoadingPostBackProperties function| LoadingProperties function| MatrixEventProperties function| MenuProperties function| MenuGroupMgr function| MountMgr function| MountProperties function| MultipleSourcesProperties function| PositionGroupProperties function| RelativeProperties function| ReorderProperties function| RequiredProperties function| ResizableProperties function| ResizeProperties function| RulerProperties function| ScrollProperties function| ScrollbarMgr function| ScrollTargetProperties function| ScrollTargetMgr function| SelectAllProperties function| SelectionProperties function| SequenceLoadingProperties function| SequenceLoadingMgr function| SlideShowProperties function| TempSourceProperties function| TooltipProperties object| TooltipMgr function| UserDropImagesProperties function| ZoomProperties function| AudioCtrl function| AudioPlayer function| AutoCompletionCtrl function| ButtonCtrl function| ChartCtrl function| CheckBoxCtrl function| CropCtrl function| DataTableCtrl function| DateCtrl function| DropDownListCtrl function| FlashCtrl function| HiddenCtrl function| HyperlinkCtrl function| ImageCtrl function| LabelCtrl function| MapCtrl function| MapMarkerCtrl function| MenuMgr function| MenuCtrl function| PanelAdvancedCtrl function| PanelCtrl function| PanelColCtrl function| PanelPopupCtrl function| PanelTableCtrl function| ParameterBoolCtrl function| ParameterEnumCtrl function| ParameterStrCtrl function| ParameterNumCtrl function| ParamControl object| ParamMgr function| Popup function| RadioButtonListCtrl function| RatingCtrl function| SlideshowCtrl function| SlideshowMgr function| TextAreaCtrl function| TextBoxCtrl function| TextBoxPasswordCtrl function| TimeCtrl function| UploadCtrl function| UploadFieldCtrl function| VideoCtrl function| GetHtml5Player object| Param boolean| M3IECompatMode object| Utils number| giContextMenuCounter object| Matrix3 string| sLocH function| widgetsAutocomplete object| DragDropMgr object| DragDropReorderMgr object| TranslationMode object| SimpleTooltip object| swfobject object| VFormEffects object| WysiwygManager object| AutoCompletionMgr boolean| bMyZoomDarkMode object| SizeLearningMgr object| UserDropImagesPropertiesMgr object| addthis_share object| CollaborationManager object| Effect object| NodeJsModule object| NodeJsExports function| ElementQueries function| ResizeSensor object| moStyleCache object| DebugTooltip object| exprEval function| $ function| jQuery function| tmpl function| uuidv4 object| clipboard function| mediumZoom object| EventControlAction_ClickHandlers function| PreloadMgr object| iziToast object| store function| M3PrepareLBPicker function| getCaretCoordinates object| Prism function| CodeHighlight function| M5ContextMenuHander object| DynamicTemplatesMgr boolean| UseBootstrap number| iWidth number| iHeight function| BarRating

5 Cookies

Domain/Path Name / Value
thevault.bankofamerica.com/ Name: BA1-Session__162A16FE
Value: 34bld0bzyxynqu50lwi0cjoc
thevault.bankofamerica.com/ Name: CortexCID_BA1
Value: 4S0788556867Ep4J
thevault.bankofamerica.com/ Name: rdrl
Value: 4ijOONGYnUciWFiugcND+YTaztqrC3nSLO4eLe0FLxBhTBxT62JC4BWMrl1kRNiGefOud0u8Atwo6iSP0MLcjA==
thevault.bankofamerica.com/ Name: rdrs
Value: 4ijOONGYnUciWFiugcND+YTaztqrC3nSLO4eLe0FLxBhTBxT62JC4BWMrl1kRNiGeyYukcKxF/zBbSxWT3qQ6g==
thevault.bankofamerica.com/ Name: BA1-Session__162A16FE-Alt
Value: 34bld0bzyxynqu50lwi0cjoc

3 Console Messages

Source Level URL
Text
security error URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False
Message:
The Content Security Policy directive 'sandbox' is ignored when delivered in a report-only policy.
security error URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False(Line 11)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-3/dgcxQQeVb1T5rMG7xo7MTkUdK/yvLdVmkfP0vEaVo='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://thevault.bankofamerica.com/CS.aspx?VP3=LoginRegistration&L=True&R=False(Line 11)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-ZptI7LkBLQRJb9agpb0CzNTNoINONgbqVLRCehbSpLY='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self';frame-src orangelogic-my.sharepoint.com checkout.stripe.com js.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com esqa.moneris.com moneris.com www3.moneris.com bcove.video players.brightcove.net 'self';object-src 'none';base-uri 'self';form-action 'self';script-src https: 'self' blob: google-analytics.com js.stripe.com checkout.stripe.com 'nonce-ZWEwY2NmMDExMWNhOTIxZDEzMmQzZGE2NjA2Nzg3ODI=' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
thevault.bankofamerica.com
18.212.46.115
2606:4700::6812:bcf
2a00:1450:4001:809::2003
2a00:1450:4001:80e::200a
01b5e4649abf23b4ea9e95ed92be027a3074e90f92e05d58f99d3b4572d4fde7
2873a0cda07835725f6bbc0bd42b63eadaecf87f889e49b5d7d71acb28299ec7
2b3b15bae913bad751035aa9056951bcd4cd2347977686ec5a56fb81927caca8
2ec1b1a5cbb6c8497581a6e38afc5e2144ed9d52bcbd17e6cd987f785172caff
3c02368c0b5a99314831f8b6853fe64d936f35ac44452d334dc3747e81033dfa
48cbfcefaff850997abb051be6c6abb36d19b709fb0111c9cc4f8b4d343e8fdf
4b16b4b03ef955fa49990fe07ace74441526df8e824e0d2817a985f244a5cfd5
7888a75eac5f8b9dc4c448f10e8dc9030fcae612cb236f1a9e9700d56ae6ef34
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
859e0d54ce7aae5de46f9ac67a24313fed8bd042baa8cd3135a1395db5aef5c6
8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d
93c04942ddce28aee55baebca0d29253fe64191d16c18489b369edf0b1702027
94fcb47ee05b32ef9b2e4e2540af46d708b06d0acd6e57131b7aae87e5a5fac7
99c53addc6c6081e32779304fc593a7ebad97830769cd117455d264f3a1c4e5a
af24aef02e570903dda39e13bff93a263c9bb81ae9ca50e5cb03ac882e1db2f4
b10f11e04cdcb585e127ffda10a7b66a6b69170f2d42438346db4d0c2ab3c2c1
b666aa084f85c32458c7f0069bddba76d5a278c2b4c44d15432c1a5521090d7e
c03648d5942c77a33eff64037c96e24ce8dbce2c877d9163e041ea2e36b83608
c932ee77b51a2d96efe71d299cc26852cd12e7abc0a7f2cef7622803cd0bacbc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855