myhealth.bankofamerica.com

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 45.223.165.93, located in United States and belongs to INCAPSULA, US. The main domain is myhealth.bankofamerica.com. The Cisco Umbrella rank of the primary domain is 170027.
TLS certificate: Issued by Entrust Certification Authority - L1M on September 27th 2023. Valid for: a year.

This is the only time myhealth.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
2	45.223.165.93 45.223.165.93		19551 (INCAPSULA) (INCAPSULA)
2	1

2 45.223.165.93 (United States)

ASN19551 (INCAPSULA, US)

myhealth.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	bankofamerica.com myhealth.bankofamerica.com — Cisco Umbrella Rank: 170027	37 KB
2	1

	Domain	Requested by
2	myhealth.bankofamerica.com
2	1

This site contains no links.

Subject Issuer	Validity	Valid
myhealth.bankofamerica.com Entrust Certification Authority - L1M	`2023-09-27` - `2024-10-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA
Frame ID: C7D77636DAD3A5437457F3A216027500
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PortalSkinHandler.ashx (500×127)

Page URL History Show full URLs

http://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA HTTP 307
https://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA Page URL

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

37 kB
Transfer

36 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA HTTP 307
https://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request PortalSkinHandler.ashx Show response
myhealth.bankofamerica.com/
Redirect Chain

http://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA
https://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA

34 KB
36 KB

679ms
480ms

Document
image/jpeg

45.223.165.93
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

45.223.165.93 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

08e9b8eeb177bee2493731399e3ff57572b4c57f30410f152841abd0f49358a1

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.evgnet.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net; connect-src 'self' dpm.demdex.net https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;;

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, must-revalidate, max-age=0
content-length: 35273
content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.evgnet.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net; connect-src 'self' dpm.demdex.net https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;;
content-type: image/jpeg
date: Wed, 03 Apr 2024 03:06:36 GMT
etag: 331068BB5BFB7425D39D95AF45B9C98E
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cdn: Imperva
x-iinfo: 12-2269599-2269620 NNNN CT(86 175 0) RT(1712113595403 163) q(0 0 3 1) r(4 5) U2
x-ua-compatible: IE=edge

Redirect headers

Location: https://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 404 favicon.ico
myhealth.bankofamerica.com/ 1 KB
866 B 111ms
111ms Other
text/html 45.223.165.93
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://myhealth.bankofamerica.com/favicon.ico

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

45.223.165.93 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

609a165a6743258008d83482e2d6c2086a50e00a0bd9c96199d1abce5b1f6026

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myhealth.bankofamerica.com/PortalSkinHandler.ashx?file=1&type=400&emp=OCHSNE&adm=BOA
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 03:06:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: Microsoft-IIS/10.0
x-cdn: Imperva
content-type: text/html
x-iinfo: 12-2269599-2269620 PNYN RT(1712113595403 666) q(0 0 0 -1) r(1 1) U11
x-ua-compatible: IE=edge

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
myhealth.bankofamerica.com/	1969-12-31 23:59:59	Name: cdh-cookieCORS Value: fad0808ebe1a7b6e42ec9d7c8ec3866f
myhealth.bankofamerica.com/	1969-12-31 23:59:59	Name: cdh-cookie Value: fad0808ebe1a7b6e42ec9d7c8ec3866f
myhealth.bankofamerica.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: ekuq1pcq4yky133u4htpd3p3
.bankofamerica.com/	1970-01-21 04:20:35	Name: visid_incap_2873468 Value: i+BUZuCCTauDdzl+xfqb3bvHDGYAAAAAQUIPAAAAAABdiyNeiDAnqc7snJ/PiAmZ
.bankofamerica.com/	1969-12-31 23:59:59	Name: nlbi_2873468 Value: EH2mFRDEWVJa/5SX+4OrhwAAAACw4BiXrYpiewTW5RB9LOHM
.bankofamerica.com/	1969-12-31 23:59:59	Name: incap_ses_9197_2873468 Value: VfBWACmddB91L0EzQVCif7zHDGYAAAAAuzdATuBxTFmDNnH1NE2q3w==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://myhealth.bankofamerica.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.evgnet.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src ; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net; connect-src 'self' dpm.demdex.net https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' data:;;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Header

Value

Content-Security-Policy

upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.evgnet.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net; connect-src 'self' dpm.demdex.net https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;;

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

myhealth.bankofamerica.com
45.223.165.93
08e9b8eeb177bee2493731399e3ff57572b4c57f30410f152841abd0f49358a1
609a165a6743258008d83482e2d6c2086a50e00a0bd9c96199d1abce5b1f6026

myhealth.bankofamerica.com Open in urlscan Pro 45.223.165.93 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

37 kBTransfer

36 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

6 Cookies

1 Console Messages

Security Headers

Indicators

myhealth.bankofamerica.com Open in urlscan Pro
45.223.165.93 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

37 kB
Transfer

36 kB
Size

6
Cookies

2 HTTP transactions
0 data transactions