urlscan.io logo urlscan.io
SecurityTrails logo

insight.bankofamerica.com Open in urlscan Pro
171.161.146.128  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://insightapi.bankofamerica.com/
Effective URL: https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fr...
Submission: On April 01 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 171.161.146.128, located in United States and belongs to BANKAMERICA, US. The main domain is insight.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on January 23rd 2023. Valid for: a year.
This is the only time insight.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 6 171.161.146.128 10794 (BANKAMERICA)
1 1 171.161.146.123 10794 (BANKAMERICA)
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 2
Apex Domain
Subdomains		 Transfer
7 bankofamerica.com
insightapi.bankofamerica.com
fedsso.bankofamerica.com — Cisco Umbrella Rank: 241952
insight.bankofamerica.com
45 KB
1 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 433
9 KB
5 2
Domain Requested by
4 insight.bankofamerica.com insight.bankofamerica.com
2 insightapi.bankofamerica.com 2 redirects
1 cdn.cookielaw.org insight.bankofamerica.com
1 fedsso.bankofamerica.com 1 redirects
5 4

This site contains links to these domains. Also see Links.

Domain
markets.ml.com
brokercheck.finra.org
Subject Issuer Validity Valid
bofamlinsight.bankofamerica.com
Entrust Certification Authority - L1M		 2023-01-23 -
2024-02-09		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh

This page contains 1 frames:

Primary Page: https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
Frame ID: 03637A7F70E03BF83788E907650BFDD4
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BofA InsightUnifiedIcon-clearing

Page URL History Show full URLs

  1. http://insightapi.bankofamerica.com/ HTTP 302
    https://insightapi.bankofamerica.com/ HTTP 302
    https://fedsso.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71258INSIGHTMOBILEAPP&... HTTP 302
    https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

5
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

4
Subdomains

2
IPs

1
Countries

49 kB
Transfer

179 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://insightapi.bankofamerica.com/ HTTP 302
    https://insightapi.bankofamerica.com/ HTTP 302
    https://fedsso.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71258INSIGHTMOBILEAPP&redirect_uri=https%3A%2F%2Finsightapi.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZXkiLCJzdWZmaXgiOiJ4aUNKOWsuMTY4MDU5MzYxNCJ9..c8I5jANaM7CskNMqmXb2Ig.pdJE-aE1Kt8uWBDJ9XmbC0Jmi9XNHZZ1QhYzQJsjfZ92eewqIqNTlJ4LyZQsdJZMAywqMCN5V5egYO-g-EbTgkrCDfPWJR8HCCmL07rP1dQSSyy7itxhTKu9_EtZtQrt.v-5nTrz6J4x0JXT0HSvRZQ&nonce=y42eExyk0AtVMmYVCONwdBD4wnDMPQMjdhb7NlKSYiE&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP HTTP 302
    https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Welcome
insight.bankofamerica.com/bofamlinsight/gateway/
Redirect Chain
  • http://insightapi.bankofamerica.com/
  • https://insightapi.bankofamerica.com/
  • https://fedsso.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71258INSIGHTMOBILEAPP&redirect_uri=https%3A%2F%2Finsightapi.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiO...
  • https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%...
27 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.161.146.128 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
1fef5af904255c21324dccf66ca48d5e34901cf2c1f3f12b6c76f7b992408a8c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.brightcove.net vjs.zencdn.net fonts.cdnfonts.com *.brightcove.net cdn.cookielaw.org; script-src 'self' *.bankofamerica.com 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.brightcove.net blob: cdn.pendo.io cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com; img-src cdn.pendo.io us1.data.pendo.io 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.brightcove.com *.brightcove.net *.boltdns.net *.akamaihd.net cdn.cookielaw.org; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.akamaihd.net *.boltdns.net *.bankofamerica.com *.baml.com us1.data.pendo.io *.brightcove.net *.brightcove.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-bofa.my.onetrust.com; frame-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.brightcove.net cdn.cookielaw.org; media-src 'self' *.brightcovecdn.com data: *.boltdns.net *.brightcove.com *.llnw.net *.ml.com *.bankofamerica.com blob: *.baml.com *.bofa.com *.llnwd.net *.akafms.net *.akamaihd.net *.brightcove.com;prefetch-src 'self' *.boltdns.net;font-src 'self' 'unsafe-inline' fonts.cdnfonts.com data: *.ml.com *.bankofamerica.com *.baml.com cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Upgrade, Keep-Alive
Content-Encoding
gzip
Content-Language
en-US
Content-Security-Policy
default-src 'self' *.bankofamerica.com; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.brightcove.net vjs.zencdn.net fonts.cdnfonts.com *.brightcove.net cdn.cookielaw.org; script-src 'self' *.bankofamerica.com 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.brightcove.net blob: cdn.pendo.io cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com; img-src cdn.pendo.io us1.data.pendo.io 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.brightcove.com *.brightcove.net *.boltdns.net *.akamaihd.net cdn.cookielaw.org; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.akamaihd.net *.boltdns.net *.bankofamerica.com *.baml.com us1.data.pendo.io *.brightcove.net *.brightcove.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-bofa.my.onetrust.com; frame-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.brightcove.net cdn.cookielaw.org; media-src 'self' *.brightcovecdn.com data: *.boltdns.net *.brightcove.com *.llnw.net *.ml.com *.bankofamerica.com blob: *.baml.com *.bofa.com *.llnwd.net *.akafms.net *.akamaihd.net *.brightcove.com;prefetch-src 'self' *.boltdns.net;font-src 'self' 'unsafe-inline' fonts.cdnfonts.com data: *.ml.com *.bankofamerica.com *.baml.com cdn.cookielaw.org
Content-Type
text/html;charset=UTF-8
Date
Sat, 01 Apr 2023 07:33:35 GMT
Expires
Sat, 1 Apr 2023 00:00:00 GMT
Keep-Alive
timeout=30, max=100
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=31536000
Transfer-Encoding
chunked
Upgrade
h2,h2c
Vary
Accept-Encoding
X-Frame-Options
DENY
X-ORACLE-DMS-ECID
ee37fce2-ba83-4a77-b806-15fa9af96c06-0000bb18
X-ORACLE-DMS-RID
0

Redirect headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type
text/html;charset=utf-8
Date
Sat, 01 Apr 2023 07:33:34 GMT
Expect-CT
max-age=3600, enforce
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=20000
Location
https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
otSDKStub.js
cdn.cookielaw.org/consent/19a02dbe-70a4-40ef-82a9-96c733166154-test/ 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/19a02dbe-70a4-40ef-82a9-96c733166154-test/otSDKStub.js
Requested by
Host: insight.bankofamerica.com
URL: https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:bb61 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
312f3eb8939b579f2728f4524725534e5473e9e24f3bb6ae817a8a8a70b9f9e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://insight.bankofamerica.com/
Origin
https://insight.bankofamerica.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 01 Apr 2023 07:33:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-md5
+/FAj+nTyCn9Eh9RFEscPQ==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
8591
x-ms-lease-status
unlocked
last-modified
Fri, 24 Mar 2023 13:38:26 GMT
server
cloudflare
etag
0x8DB2C6D0BC34D58
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
5ae1f0fc-c01e-0144-5c6c-6442df000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
cf-ray
7b0f25121ae8036a-MIA
pinEncryptionMin.js
insight.bankofamerica.com/insightapp/portal/js/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://insight.bankofamerica.com/insightapp/portal/js/pinEncryptionMin.js
Requested by
Host: insight.bankofamerica.com
URL: https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.161.146.128 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
45139141e4a7ab84a6b420a2c13fad4ddcf1049195f8d32726e7c2de1c466325
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Sat, 01 Apr 2023 07:33:35 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Last-Modified
Fri, 10 Mar 2023 04:54:11 GMT
ETag
"bdf9-5f6848d57a2c0-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=99
Content-Length
14556
InsightPortalWelcome.js
insight.bankofamerica.com/insightapp/portal/js/ 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://insight.bankofamerica.com/insightapp/portal/js/InsightPortalWelcome.js
Requested by
Host: insight.bankofamerica.com
URL: https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.161.146.128 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
08ba6d0cd3bdf7d0fdbc88ae5fb253855c40f9598629c113d79ec357d85fbefb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Sat, 01 Apr 2023 07:33:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Last-Modified
Fri, 10 Mar 2023 04:54:11 GMT
ETag
"655b-5f6848d57a2c0-gzip"
Vary
Accept-Encoding
Upgrade
h2,h2c
Content-Type
application/javascript
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=100
Content-Length
5631
InsightPortal.css
insight.bankofamerica.com/insightapp/portal/css/ 		54 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://insight.bankofamerica.com/insightapp/portal/css/InsightPortal.css
Requested by
Host: insight.bankofamerica.com
URL: https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.161.146.128 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
6df314bf5cecd433113a12fff8b0f05b6632ae22030bcfbf0fed662b3beff767
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Sat, 01 Apr 2023 07:33:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Last-Modified
Fri, 10 Mar 2023 04:54:11 GMT
ETag
"d826-5f6848d57a2c0-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=98
Content-Length
8427

Verdicts & Comments Add Verdict or Comment

208 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| bnClone function| bnIntValue function| bnByteValue function| bnShortValue function| bnpChunkSize function| bnSigNum function| bnpToRadix function| bnpFromRadix function| bnpFromNumber function| bnToByteArray function| bnEquals function| bnMin function| bnMax function| bnpBitwiseTo function| op_and function| bnAnd function| op_or function| bnOr function| op_xor function| bnXor function| op_andnot function| bnAndNot function| bnNot function| bnShiftLeft function| bnShiftRight function| lbit function| bnGetLowestSetBit function| cbit function| bnBitCount function| bnTestBit function| bnpChangeBit function| bnSetBit function| bnClearBit function| bnFlipBit function| bnpAddTo function| bnAdd function| bnSubtract function| bnMultiply function| bnDivide function| bnRemainder function| bnDivideAndRemainder function| bnpDMultiply function| bnpDAddOffset function| NullExp function| nNop function| nMulTo function| nSqrTo function| bnPow function| bnpMultiplyLowerTo function| bnpMultiplyUpperTo function| Barrett function| barrettConvert function| barrettRevert function| barrettReduce function| barrettSqrTo function| barrettMulTo function| bnModPow function| bnGCD function| bnpModInt function| bnModInverse function| bnIsProbablePrime function| bnpMillerRabin function| EncryptedMessage function| PINBlock function| aCopy function| fillByteArray function| IsLetterOrDigitOrSpecial function| IsLetterOrDigit function| PINMessage function| PINMessage2 function| addPinBlockToMessageArray function| addRandomStringToMessageArray function| OAEPEncodedMessage function| randomString function| parseBigInt function| aCopyStr function| xorByteArrays function| doOAEPEncoding function| I2OSP function| MGF function| ifValidHex function| validate_Mod_Exp function| clearData function| initialisePublicKeyData function| OBM_GetEncodingParameter function| OBM_GetEncryptedPassword function| OBM_EncryptPassword_Ex function| OBM_EncryptPassword function| OBM_EncryptChangePassword function| OBM_EncryptChangePassword_Ex function| toString function| s2hex number| SUPPORTED_ALGS number| missingBytes number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv object| lowprimes number| lplim number| ERR_NO_ERROR number| ERR_INVALID_PIN_LENGTH number| ERR_INVALID_PIN number| ERR_INVALID_PIN_BLOCK number| ERR_INVALID_RANDOM_NUMBER_LENGTH number| ERR_INVALID_RANDOM_NUMBER number| ERR_INVALID_HASH number| ERR_INVALID_OPERATION number| ERR_RSA_ENCRYPTION number| ERR_INVALID_PIN_MESSAGE_LENGTH number| ERR_INVALID_RSA_KEY_LENGTH number| ERR_INVALID_RSA_KEY number| MAX_PIN_STRING_SIZE number| MIN_PIN_STRING_SIZE number| PIN_BLOCK_FILL_CHARACTER number| FMT_2_CONTROL_BYTE number| FMT_12_CONTROL_BYTE number| ISO_FORMAT_2_TYPE number| ISO_FORMAT_12_TYPE number| MAX_NUMERIC_PIN_STRING_SIZE number| MAX_NUMERIC_PIN_BYTE_SIZE number| DECIMAL_RADIX number| NUM_OF_BYTES_IN_FMT2_PIN_BLOCK number| NUM_OF_BYTES_PER_CNTRL_AND_PIN_LENGTH number| NUM_OF_BYTES_PER_WORD number| RSA_MODULUS_SIZE_IN_BYTES number| SHA1_HASH_SIZE_IN_BYTES number| SHA2_256_HASH_SIZE_IN_BYTES number| SHA2_384_HASH_SIZE_IN_BYTES number| SHA2_512_HASH_SIZE_IN_BYTES number| OAEP_SHA1_OFFSET_IN_BYTES number| OAEP_SHA2_256_OFFSET_IN_BYTES number| OAEP_SHA2_384_OFFSET_IN_BYTES number| OAEP_SHA2_512_OFFSET_IN_BYTES number| MIN_PIN_MESSAGE_SIZE_IN_BYTES number| MAX_PIN_MESSAGE_SIZE_IN_BYTES number| ENCODED_MESSAGE_SIZE_IN_BYTES number| DATA_BLOCK_SIZE_IN_BYTES number| HASH_ALGO_SIZE_IN_BYTES number| ONE_PIN_BLOCK_IN_MESSAGE number| NUM_OF_NIBBLES_PER_BYTE number| MIN_PIN_BLOCK_SIZE number| MIN_RANDOM_NUMBER_STRING_LENGTH number| ENCODING_PARAMETER_SIZE_IN_BYTES string| C_String string| P_String undefined| MODULUS_STRING undefined| EXPONENT_STRING boolean| isPublicKeyDataValid string| encryptedMsg string| MOD string| EXP undefined| PinString number| PINLengthInBytes object| pinMessageArray number| pinMessageLength number| MAX_MESSAGE_SIZE_IN_BYTES string| encodedMsg string| P function| jsSHA

8 Cookies

Domain/Path Name / Value
insightapi.bankofamerica.com/ Name: nonce.xiCJ9k.1680593614
Value: baf155fd-ccb9-4a4e-991f-83c279bc9b77
insightapi.bankofamerica.com/ Name: TS01affadc
Value: 01894c4ccef7e79f432ecea996647edf7f6e2028184d67f7bc3e2436ea5ec5c6b9f58709321f8558c887a77f0442c77f8b01a8ff1a013986a1709bac782aba7c4635f6af6286b577d2372114118e27222ffb7deadcda60103b9c56e8e3e0cb78f350ced23d
fedsso.bankofamerica.com/ Name: PF
Value: hZfR7IBUiyilfswlfk02ST
fedsso.bankofamerica.com/ Name: bac_persist
Value: 358952357.24515.0000
.bankofamerica.com/ Name: _bofalid
Value: bSBLAFn5X8oPw48U20aJfNFL0sVJDk+0tFsE6iwoaOo=
.fedsso.bankofamerica.com/ Name: TS0193529a
Value: 01894c4cce262d62bd27880936d97ff67fbf9360ad62e729181b1479102a12fd135d0db8a2f10f24a450d2d351ed5bca8bb5d41fa0bb78f6119f707b46710b202130a2cc3ebd034b00a457a7836e5102265763ff7f3d519eacb463ed5a15990b581b44f707
insight.bankofamerica.com/ Name: JSESSIONID
Value: XlA7vGZs5_kOKsyRTedrdrmMI0ZdQwEHGxRMrCye9FVjdNNK2oV2!1025750325!-1154916717
insight.bankofamerica.com/ Name: TS01affadc
Value: 01894c4cce25b59e36b5cc65fe5aaf5626f58a9450bf31d8a946dc049d6b978fdee2791442638083c3b7e19d5c961bd3ed12916e9cb8aa147de6c0264772eefe50cc5ded3e

1 Console Messages

Source Level URL
Text
security error URL: https://insight.bankofamerica.com/bofamlinsight/gateway/Welcome?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FzRGgL%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Finsightapi.bankofamerica.com%2F&vnd_pi_application_name=A71258INSIGHTMOBILEAPP&client_id=A71258INSIGHTMOBILEAPP
Message:
Failed to find a valid digest in the 'integrity' attribute for resource 'https://cdn.cookielaw.org/consent/19a02dbe-70a4-40ef-82a9-96c733166154-test/otSDKStub.js' with computed SHA-384 integrity 'Pm7zkzl1ccyaaPNigM8OuqoiW4wgQzmDDOvUVEsF9klxpQLcDaF5ffF1oeoePXsC'. The resource has been blocked.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.bankofamerica.com; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.brightcove.net vjs.zencdn.net fonts.cdnfonts.com *.brightcove.net cdn.cookielaw.org; script-src 'self' *.bankofamerica.com 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.brightcove.net blob: cdn.pendo.io cdn.cookielaw.org privacyportal-bofa.my.onetrust.com geolocation.onetrust.com; img-src cdn.pendo.io us1.data.pendo.io 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.brightcove.com *.brightcove.net *.boltdns.net *.akamaihd.net cdn.cookielaw.org; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.akamaihd.net *.boltdns.net *.bankofamerica.com *.baml.com us1.data.pendo.io *.brightcove.net *.brightcove.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-bofa.my.onetrust.com; frame-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.brightcove.net cdn.cookielaw.org; media-src 'self' *.brightcovecdn.com data: *.boltdns.net *.brightcove.com *.llnw.net *.ml.com *.bankofamerica.com blob: *.baml.com *.bofa.com *.llnwd.net *.akafms.net *.akamaihd.net *.brightcove.com;prefetch-src 'self' *.boltdns.net;font-src 'self' 'unsafe-inline' fonts.cdnfonts.com data: *.ml.com *.bankofamerica.com *.baml.com cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000
X-Frame-Options DENY