fedsso.bankofamerica.com Open in urlscan Pro
171.159.216.65 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=CSOD&TARGET=https%3A%2F%2Fbankofamerica.csod.com%252fDeepLink%252f...
Effective URL:
https://fedsso.bankofamerica.com/bofa-customform-ui/login
Submission Tags: falconsandbox
Submission: On April 11 via api (April 11th 2024, 5:21:34 pm UTC) from US — Scanned from DE

Summary HTTP 17 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 171.159.216.65, located in New York, United States and belongs to BANKAMERICA, US. The main domain is fedsso.bankofamerica.com. The Cisco Umbrella rank of the primary domain is 267012.
TLS certificate: Issued by Entrust Certification Authority - L1M on November 14th 2023. Valid for: a year.

This is the only time fedsso.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	171.159.216.65 171.159.216.65	10794 (BANKAMERICA) (BANKAMERICA)
1	171.161.102.200 171.161.102.200	10794 (BANKAMERICA) (BANKAMERICA)
17	2

17 171.159.216.65 (New York, United States) 1 redirects

ASN10794 (BANKAMERICA, US)
PTR: fedsso-pf-rva-ext-vip.bankofamerica.com

fedsso.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 171.161.102.200 (United States)

ASN10794 (BANKAMERICA, US)

secure.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	bankofamerica.com 1 redirects fedsso.bankofamerica.com — Cisco Umbrella Rank: 267012 secure.bankofamerica.com — Cisco Umbrella Rank: 11822	689 KB
17	1

	Domain	Requested by
17	fedsso.bankofamerica.com	1 redirects fedsso.bankofamerica.com
1	secure.bankofamerica.com	fedsso.bankofamerica.com
17	2

This site contains links to these domains. Also see Links.

Domain
passwordreset.bankofamerica.com

Subject Issuer	Validity	Valid
fedsso-rva-ext.bankofamerica.com Entrust Certification Authority - L1M	`2023-11-14` - `2024-12-14`	a year	crt.sh
secure.bankofamerica.com Entrust Certification Authority - L1M	`2024-03-28` - `2025-04-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Frame ID: 7D8B100AC3C54324CBDBC2BB85312AA2
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank of America: Sign On

Page URL History Show full URLs

https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=CSOD&TARGET=https%3A%2F%2Fbankofamerica.csod.c... HTTP 302
https://fedsso.bankofamerica.com/bofa-customform-ui/login Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

fingerprint(\d)?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

687 kB
Transfer

671 kB
Size

11
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://passwordreset.bankofamerica.com/portal/
Title: Reset Password

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=CSOD&TARGET=https%3A%2F%2Fbankofamerica.csod.com%252fDeepLink%252fProcessRedirect.aspx%253fmodule%253dlaunchtraining%2526lo%253d4df8ae5a-7837-4597-84a5-7907f5eb435c HTTP 302
https://fedsso.bankofamerica.com/bofa-customform-ui/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login Show response
fedsso.bankofamerica.com/bofa-customform-ui/
Redirect Chain

https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=CSOD&TARGET=https%3A%2F%2Fbankofamerica.csod.com%252fDeepLink%252fProcessRedirect.aspx%253fmodule%253dlaunchtraining%2526lo%253d4df8ae...
https://fedsso.bankofamerica.com/bofa-customform-ui/login

15 KB
18 KB

142ms
142ms

Document
text/html

171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

b78fb3457d8298d288cbc2de21c4679fd3df05735da2278f80dfbc2f1cd6e8a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Language: de-DE
Content-Length: 15451
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type: text/html;charset=iso-8859-1
Date: Thu, 11 Apr 2024 17:21:28 GMT
Expect-CT: max-age=3600, enforce
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=19999
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Redirect headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Length: 0
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type: text/html;charset=utf-8
Date: Thu, 11 Apr 2024 17:21:28 GMT
Expect-CT: max-age=3600, enforce
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=20000
Location: https://fedsso.bankofamerica.com/bofa-customform-ui/login
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Referrer-Policy: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK custom.css
fedsso.bankofamerica.com/assets/sso/css/ 337 KB
339 KB 220ms
132ms Stylesheet
text/css 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/css/custom.css

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

9d18d2e5bb3b3040fccd223e48163da5b4132f91b23275c4cf20ef95b1add1cd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: text/css
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19998
Content-Length: 345258
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main-v2.css
fedsso.bankofamerica.com/assets/sso/css/ 9 KB
11 KB 537ms
298ms Stylesheet
text/css 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/css/main-v2.css

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: text/css
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 9194
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK urlmunger.js Show response
fedsso.bankofamerica.com/assets/sso/js/ 5 KB
8 KB 495ms
254ms Script
application/javascript 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/js/urlmunger.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

74106ab5953cf4ccd89ed8984d7927f3b017db005432c08ca9a81f8f7c6edc9f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 5599
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK override.css
fedsso.bankofamerica.com/assets/css/ 991 B
3 KB 375ms
135ms Stylesheet
text/css 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/css/override.css

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

ea70ea5e863a0170c1f25c54cf2f460329d58b8c1ba07ffcbd7bc45f9cb2eb82

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: text/css
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 991
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK branding.css
fedsso.bankofamerica.com/assets/css/ 6 KB
8 KB 490ms
250ms Stylesheet
text/css 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/css/branding.css

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

96e3a4c65f45f4d38eb4fabb0d771ea59bbed2add345ab02c83dbe51b961c970

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: text/css
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 6429
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bofa-logo-new.svg
fedsso.bankofamerica.com/assets/sso/images/ 7 KB
10 KB 493ms
252ms Image
image/svg+xml 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fedsso.bankofamerica.com/assets/sso/images/bofa-logo-new.svg

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: image/svg+xml
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 7544
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery-3.5.1.min.js Show response
fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 89 KB
92 KB 244ms
244ms Script
application/javascript 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/jquery-3.5.1.min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

1e7b570b7ace598047c64b3a502a8b0bbb258bda0d1b7b791efe6cab4fd70663

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19999
Content-Length: 91596
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK popper.min.js Show response
fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 20 KB
22 KB 126ms
126ms Script
application/javascript 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/popper.min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

150c27a74fa12485127a0a2c6e25ed3838168dd0ade21202d6672270aac48a17

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19999
Content-Length: 20629
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.bundle.min.js Show response
fedsso.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/ 84 KB
87 KB 126ms
125ms Script
application/javascript 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/bootstrap.bundle.min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

ccc6c342feba584f715657b3df1224bbf6df8ba3911a7a9981a50d5a6b5ff6ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19998
Content-Length: 86499
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK browser-fingerprint.js Show response
fedsso.bankofamerica.com/assets/sso/js/ 5 KB
7 KB 126ms
126ms Script
application/javascript 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/js/browser-fingerprint.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

c0ec17e69ab560391e2ae87e4c98929aad4573cdee9d9920f7ffb7a990b45e5c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19998
Content-Length: 5265
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK vaultdetect-min.js Show response
fedsso.bankofamerica.com/assets/sso/js/ 8 KB
10 KB 129ms
129ms Script
application/javascript 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/js/vaultdetect-min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

81f1b807d2009cbc77567249564d46e51151066666395a5c460c6efeaf46c52b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19997
Content-Length: 8367
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK helper-min.js Show response
fedsso.bankofamerica.com/assets/sso/js/ 4 KB
6 KB 123ms
123ms Script
application/javascript 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/js/helper-min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

8b9ff68441127edc43492df73941633ebc62059c1ea72029deb48a388faf477b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19997
Content-Length: 3771
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK iac Show response
secure.bankofamerica.com/login/rest/sas/sparta/ 37 KB
17 KB 1533ms
360ms Script
text/plain 171.161.102.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/login/rest/sas/sparta/iac

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/jquery-3.5.1.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.102.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Oops /

Resource Hash

36f353f05a5f7d9da52d4273b3b0aeade986a99a79e3c9f24de2ae901c83892b

Security Headers

Name

Value

Content-Security-Policy

default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:31 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
X-BOA-RequestID: ZhgcGxRYqgxYvpI0YiMGcAAAALc
X-Serviced-By: MCZKHc5ndf/YHB0pfbdZRA==--PxG6UQGokj586Na51M60ow==
Transfer-Encoding: chunked
Connection: Keep-Alive
Pragma: no-cache
Server: Oops
Vary: Accept-Encoding
Content-Type: text/plain;charset=utf-8
Content-Language: en-US
Cache-Control: no-cache
Keep-Alive: timeout=40, max=415
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK bg.png
fedsso.bankofamerica.com/ 928 B
3 KB 144ms
135ms Image
image/png 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fedsso.bankofamerica.com/bg.png

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/css/branding.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

2a0748836fe72af93f362aeed6efe34f9e1f7eec05f2439d899aadb1b440de52

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
ETag: W/"gYF5iur9vVMgYF4BJ9zZPM"
Expect-CT: max-age=3600, enforce
Content-Type: image/png
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=19997
Content-Length: 928
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Connections.woff
fedsso.bankofamerica.com/assets/sso/fonts/connections/ 41 KB
43 KB 125ms
125ms Font
application/font-woff 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/fonts/connections/Connections.woff

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/sso/css/main-v2.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/
Origin: https://fedsso.bankofamerica.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/font-woff
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19996
Content-Length: 41744
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found favicon.ico
fedsso.bankofamerica.com/ 637 B
3 KB 124ms
123ms Other
text/html 171.159.216.65
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.216.65 New York, United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rva-ext-vip.bankofamerica.com

Software

Resource Hash

097f3b0330b5872c0a044e2832b6d5a5f9ccb5d5315a3f3295be4f3fdbcc76de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 11 Apr 2024 17:21:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Tue, 22 Apr 2014 13:08:10 GMT
ETag: "27d-4f7a14ec26280"
Expect-CT: max-age=3600, enforce
Vary: Referer
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=19996
Content-Length: 637
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
fedsso.bankofamerica.com/bofa-customform-ui	1969-12-31 23:59:59	Name: JSESSIONID Value: node0jrkvkxawv3831ftx70wvm72m5334709.node0
fedsso.bankofamerica.com/bofa-customform-ui	1969-12-31 23:59:59	Name: TS01d71ecc Value: 0176872a98ffc60b65b20a3701a427b3e95cf9fe350b03ebe53fbeea4f2938a62a1e036a821e6e8a5691a6955d4a120668b38aab96
fedsso.bankofamerica.com/	1969-12-31 23:59:59	Name: PF Value: IB2HB7avAfw6qo9ByQKka4GOdBqs3yduRtFvgprWswlj
fedsso.bankofamerica.com/	1969-12-31 23:59:59	Name: bac_persist Value: 2288004517.24515.0000
.bankofamerica.com/	1970-01-21 05:23:36	Name: _bofalid Value: Abd/M3aai9P+4xT9oP0H9lESpiioe7G00lAQdsozaXc=
.fedsso.bankofamerica.com/	1969-12-31 23:59:59	Name: TS0193529a Value: 0176872a98ffc60b65b20a3701a427b3e95cf9fe350b03ebe53fbeea4f2938a62a1e036a821e6e8a5691a6955d4a120668b38aab96
secure.bankofamerica.com/	1969-12-31 23:59:59	Name: JS_VIPAA Value: 0000YHkDcC6wZKjR6ShFKlPSknN:1e7bi2ra3
.bankofamerica.com/	1969-12-31 23:59:59	Name: SPID Value: F2S1
.bankofamerica.com/	1969-12-31 23:59:59	Name: SID Value: 002E813F2A0066181C1B
.secure.bankofamerica.com/	1969-12-31 23:59:59	Name: TS017f5af8 Value: 01147007f7fee48f035e8575616e691a857006cdc32bd06098d1357fff1206786540c247a4706324da837e0fafa5c73331443908ac
fedsso.bankofamerica.com/	1970-01-21 04:33:19	Name: _cc Value: ZGFhZjNlMGEtOGNkMS00NTU4

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://fedsso.bankofamerica.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fedsso.bankofamerica.com
secure.bankofamerica.com
171.159.216.65
171.161.102.200
097f3b0330b5872c0a044e2832b6d5a5f9ccb5d5315a3f3295be4f3fdbcc76de
150c27a74fa12485127a0a2c6e25ed3838168dd0ade21202d6672270aac48a17
1e7b570b7ace598047c64b3a502a8b0bbb258bda0d1b7b791efe6cab4fd70663
2a0748836fe72af93f362aeed6efe34f9e1f7eec05f2439d899aadb1b440de52
36f353f05a5f7d9da52d4273b3b0aeade986a99a79e3c9f24de2ae901c83892b
4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5
6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2
74106ab5953cf4ccd89ed8984d7927f3b017db005432c08ca9a81f8f7c6edc9f
81f1b807d2009cbc77567249564d46e51151066666395a5c460c6efeaf46c52b
8b9ff68441127edc43492df73941633ebc62059c1ea72029deb48a388faf477b
91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2
96e3a4c65f45f4d38eb4fabb0d771ea59bbed2add345ab02c83dbe51b961c970
9d18d2e5bb3b3040fccd223e48163da5b4132f91b23275c4cf20ef95b1add1cd
b78fb3457d8298d288cbc2de21c4679fd3df05735da2278f80dfbc2f1cd6e8a2
c0ec17e69ab560391e2ae87e4c98929aad4573cdee9d9920f7ffb7a990b45e5c
ccc6c342feba584f715657b3df1224bbf6df8ba3911a7a9981a50d5a6b5ff6ab
ea70ea5e863a0170c1f25c54cf2f460329d58b8c1ba07ffcbd7bc45f9cb2eb82

fedsso.bankofamerica.com Open in urlscan Pro 171.159.216.65 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

687 kBTransfer

671 kBSize

11 Cookies

1 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

11 Cookies

2 Console Messages

Security Headers

Indicators

fedsso.bankofamerica.com Open in urlscan Pro
171.159.216.65 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

687 kB
Transfer

671 kB
Size

11
Cookies

17 HTTP transactions
0 data transactions