online-uat1a.cashpro.bankofamerica.com Open in urlscan Pro
2.16.129.78 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cpo-admin-reporting-uat1.bankofamerica.com/
Effective URL:
https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2...
Submission Tags: falconsandbox
Submission: On May 28 via api (May 28th 2024, 8:50:45 pm UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2.16.129.78, located in and belongs to . The main domain is online-uat1a.cashpro.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on August 30th 2023. Valid for: a year.

This is the only time online-uat1a.cashpro.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.97.80.102 104.97.80.102	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	171.162.62.87 171.162.62.87	19886 (BOFABROKE...) (BOFABROKERDEALERSVCS)
1 1	2.19.184.203 2.19.184.203	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2.16.129.78 2.16.129.78	() ()
9	2

1 104.97.80.102 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-97-80-102.deploy.static.akamaitechnologies.com

cpo-admin-reporting-uat1.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 171.162.62.87 (United States) 1 redirects

ASN19886 (BOFABROKERDEALERSVCS, US)

fedsso-cashpro-pp.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.184.203 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-184-203.deploy.static.akamaitechnologies.com

online-uat1.cashpro.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.16.129.78 (None, )

ASN- ()

online-uat1a.cashpro.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	bankofamerica.com 2 redirects cpo-admin-reporting-uat1.bankofamerica.com fedsso-cashpro-pp.bankofamerica.com online-uat1.cashpro.bankofamerica.com online-uat1a.cashpro.bankofamerica.com	63 KB
9	1

	Domain	Requested by
8	online-uat1a.cashpro.bankofamerica.com	cpo-admin-reporting-uat1.bankofamerica.com online-uat1a.cashpro.bankofamerica.com
1	online-uat1.cashpro.bankofamerica.com	1 redirects
1	fedsso-cashpro-pp.bankofamerica.com	1 redirects
1	cpo-admin-reporting-uat1.bankofamerica.com
9	4

This site contains no links.

Subject Issuer	Validity	Valid
cpo-admin-reporting-uat1.bankofamerica.com Entrust Certification Authority - L1M	`2024-03-21` - `2025-04-21`	a year	crt.sh
online-uat1-s.cashpro.bankofamerica.com Entrust Certification Authority - L1M	`2023-08-30` - `2024-08-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline
Frame ID: 50B84E8BFAD2D06723F985CF4C9681D8
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome to CashPro

Page URL History Show full URLs

http://cpo-admin-reporting-uat1.bankofamerica.com/ HTTP 307
https://cpo-admin-reporting-uat1.bankofamerica.com/ Page URL
https://fedsso-cashpro-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A11697CashproOnline&red... HTTP 302
https://online-uat1.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com... HTTP 307
https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com... Page URL

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

4
Subdomains

2
IPs

2
Countries

59 kB
Transfer

691 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cpo-admin-reporting-uat1.bankofamerica.com/ HTTP 307
https://cpo-admin-reporting-uat1.bankofamerica.com/ Page URL
https://fedsso-cashpro-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A11697CashproOnline&redirect_uri=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiV2F6cUl3ZGdrM0dnc3RqTThiTjVRWFFlU0dRIiwic3VmZml4IjoiRVFTTzJWLjE3MTcxODg2NDAifQ..AYRBx72Muw6PktT4FbnE3w.3UP_3o_coifzjLc5dskMnVtPQdi8qWu93gLSSmPiip6B0uTBO7DHI3IwV_9LX7Zuki-g9JaLYzu_vtgtmJhfBR0d_62SqZk4FjgK5Khjo5qzLn97mpZr17iYISjI95ej.gCyq4PZJ54LXdCeTrph3nA&nonce=AIbJ3XMmScDGtnnKqs64-7ZhvsIhmGUebzxbutZUcoI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg HTTP 302
https://online-uat1.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline HTTP 307
https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://cpo-admin-reporting-uat1.bankofamerica.com/ HTTP 307
https://cpo-admin-reporting-uat1.bankofamerica.com/

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

401
Unauthorized

/
cpo-admin-reporting-uat1.bankofamerica.com/
Redirect Chain

http://cpo-admin-reporting-uat1.bankofamerica.com/
https://cpo-admin-reporting-uat1.bankofamerica.com/

2 KB
3 KB

910ms
170ms

Document
text/html

104.97.80.102
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cpo-admin-reporting-uat1.bankofamerica.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.97.80.102 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-97-80-102.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self'; script-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Connection: Keep-Alive
Date: Tue, 28 May 2024 20:50:40 GMT
Keep-Alive: timeout=5, max=512
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: DENY
cache-control: no-cache,no-store,max-age=0
content-length: 2165
content-security-policy: default-src 'self'; style-src 'self'; script-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none';
content-type: text/html; charset=UTF-8
expires: 0
pragma: no-cache
www-authenticate: Bearer realm="cpo-admin-reporting-uat1.bankofamerica.com:443/"

Redirect headers

Location: https://cpo-admin-reporting-uat1.bankofamerica.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1

200
OK

Primary Request / Show response
online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/
Redirect Chain

https://fedsso-cashpro-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A11697CashproOnline&redirect_uri=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2Fpa%2Foid...
https://online-uat1.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_reso...
https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_res...

24 KB
10 KB

1351ms
155ms

Document
text/html

2.16.129.78

General

Check archive.org

Show headers Download Go to

Full URL

https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline

Requested by

Host: cpo-admin-reporting-uat1.bankofamerica.com
URL: https://cpo-admin-reporting-uat1.bankofamerica.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.16.129.78 -, , ASN (),

Reverse DNS

Software

Resource Hash

f14dc9117aff0a9e3d87753488f1aa886e35ec9d3c70752dcdfc85b792e59f78

Security Headers

Name

Value

Content-Security-Policy

default-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bofa.my.onetrust.com/ https://api.ipify.org; style-src 'self' *.bankofamerica.com:* 'nonce-VZylnAj4WZwYpVK2AwPl'; img-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org data: ; script-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org https://api.ipify.org blob: 'nonce-VZylnAj4WZwYpVK2AwPl';

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cpo-admin-reporting-uat1.bankofamerica.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 28 May 2024 20:50:44 GMT
Keep-Alive: timeout=5, max=512
Origin-Agent-Cluster: ?0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload max-age=15552000; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding,Origin
Via: 1.1 ah-1075924-001.sdi.ssc3.ext3.bankofamerica3.com 1.1 ah-1072707-001.sdi.ssc3.ext3.bankofamerica3.com
content-security-policy: default-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bofa.my.onetrust.com/ https://api.ipify.org; style-src 'self' *.bankofamerica.com:* 'nonce-VZylnAj4WZwYpVK2AwPl'; img-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org data: ; script-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org https://api.ipify.org blob: 'nonce-VZylnAj4WZwYpVK2AwPl';
traceresponse: 00-f61e921084e58373c3b51268de35d1c5-a8496e7860429887-01
x-dt-tracestate: 6a516194-9b0df33f@dt

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Location: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline
Server: BigIP

GET
H/1.1 200
OK styles.aa836bd562a2932be338.css
online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/ 281 KB
42 KB 152ms
144ms Stylesheet
text/css 2.16.129.78

General

Check archive.org

Show headers Download Go to

Full URL

https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/styles.aa836bd562a2932be338.css

Requested by

Host: online-uat1a.cashpro.bankofamerica.com
URL: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.16.129.78 -, , ASN (),

Reverse DNS

Software

Resource Hash

571ffec4cffd61b5b19b844c486921ee894d59083830918b0a12d15bc7f5573f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 20:50:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Via: 1.1 ah-1072707-001.sdi.ssc3.ext3.bankofamerica3.com
Content-Encoding: gzip
traceresponse: 00-e80a656cba7cc5865687bdad73210df5-2a69f0a17d7d7315-01
Connection: Keep-Alive
Content-Length: 42192
Last-Modified: Wed, 22 May 2024 08:27:34 GMT
x-dt-tracestate: 6a516194-9b0df33f@dt
ETag: "46489-61906b4cb8980-gzip"
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/css
Origin-Agent-Cluster: ?0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512

GET
H/1.1 200
OK helper-min.js Show response
online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/cpoScripts/ 4 KB
2 KB 292ms
136ms Script
application/javascript 2.16.129.78

General

Check archive.org

Show headers Download Go to

Full URL

https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/cpoScripts/helper-min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.16.129.78 -, , ASN (),

Reverse DNS

Software

Resource Hash

3f6d51f8e3846a25d605d8c2cd1f79137481c4672fd3dfb7efc4dcc99c9ccc85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 20:50:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Via: 1.1 ah-1072707-001.sdi.ssc3.ext3.bankofamerica3.com
Last-Modified: Wed, 22 May 2024 08:27:34 GMT
Content-Encoding: gzip
ETag: "efd-61906b4cb8980-gzip"
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Origin-Agent-Cluster: ?0
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512
Content-Length: 1403

GET
H/1.1 200
OK runtime-es2015.2e0802f3341136cbde2d.js Show response
online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/ 1 KB
2 KB 342ms
152ms Script
application/javascript 2.16.129.78

General

Check archive.org

Show headers Download Go to

Full URL

https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/runtime-es2015.2e0802f3341136cbde2d.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.16.129.78 -, , ASN (),

Reverse DNS

Software

Resource Hash

543cb61bcc8ceb0f5661de06417097a4c28f93b23a6fa13a2dd3858f7133f5b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline
Origin: https://online-uat1a.cashpro.bankofamerica.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 20:50:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Via: 1.1 ah-1072707-001.sdi.ssc3.ext3.bankofamerica3.com
Content-Encoding: gzip
traceresponse: 00-8a84b07c1e6a3f5b8918fc7d69dcc79d-3496275d89a3b263-01
Connection: Keep-Alive
Content-Length: 740
Last-Modified: Wed, 22 May 2024 08:27:34 GMT
x-dt-tracestate: 6a516194-9b0df33f@dt
ETag: "5ea-61906b4cb8980-gzip"
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: https://online-uat1a.cashpro.bankofamerica.com
Origin-Agent-Cluster: ?0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512

GET
H/1.1 200
OK polyfills-es2015.732a26d1249404600258.js
online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/ 118 KB
0 384ms
195ms Script
application/javascript 2.16.129.78

General

Check archive.org

Show headers Download Go to

Full URL

https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.16.129.78 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline
Origin: https://online-uat1a.cashpro.bankofamerica.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 20:50:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Via: 1.1 ah-1072707-001.sdi.ssc3.ext3.bankofamerica3.com
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: Keep-Alive
Last-Modified: Wed, 22 May 2024 08:27:34 GMT
ETag: "34464-61906b4cb8980-gzip"
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: https://online-uat1a.cashpro.bankofamerica.com
Origin-Agent-Cluster: ?0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512

GET
H/1.1 200
OK scripts.7030cc9226c863cf3138.js
online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/ 44 KB
0 432ms
146ms Script
application/javascript 2.16.129.78

General

Check archive.org

Show headers Download Go to

Full URL

https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/scripts.7030cc9226c863cf3138.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.16.129.78 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 20:50:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Via: 1.1 ah-1072707-001.sdi.ssc3.ext3.bankofamerica3.com
Last-Modified: Wed, 22 May 2024 08:27:34 GMT
Content-Encoding: gzip
ETag: "1eb27-61906b4cb8980-gzip"
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Origin-Agent-Cluster: ?0
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=511
Content-Length: 43913

GET
H/1.1 200
OK vendor-es2015.f5c1944b9b40c2307eb3.js
online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/ 157 KB
0 376ms
184ms Script
application/javascript 2.16.129.78

General

Check archive.org

Show headers Download Go to

Full URL

https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/vendor-es2015.f5c1944b9b40c2307eb3.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.16.129.78 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline
Origin: https://online-uat1a.cashpro.bankofamerica.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 20:50:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Via: 1.1 ah-1072707-001.sdi.ssc3.ext3.bankofamerica3.com
Content-Encoding: gzip
traceresponse: 00-95b8250a93921c16e242fc7512384595-ff38b460639e34ac-01
Transfer-Encoding: chunked
Connection: Keep-Alive
Last-Modified: Wed, 22 May 2024 08:27:34 GMT
x-dt-tracestate: 6a516194-9b0df33f@dt
ETag: "130c2c-61906b4cb8980-gzip"
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: https://online-uat1a.cashpro.bankofamerica.com
Origin-Agent-Cluster: ?0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512

GET
H/1.1 200
OK main-es2015.416e5b0de037c5034388.js
online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/ 60 KB
0 409ms
202ms Script
application/javascript 2.16.129.78

General

Check archive.org

Show headers Download Go to

Full URL

https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/main-es2015.416e5b0de037c5034388.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2.16.129.78 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://online-uat1a.cashpro.bankofamerica.com/cpoauthweb/cpo/?resumePath=https%3A%2F%2Ffedsso-cashpro-pp.bankofamerica.com%2Fas%2FyLimVnT20s%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcpo-admin-reporting-uat1.bankofamerica.com%2F&vnd_pi_application_name=A70545CPOAdminRptg&client_id=A11697CashproOnline
Origin: https://online-uat1a.cashpro.bankofamerica.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 20:50:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Via: 1.1 ah-1072707-001.sdi.ssc3.ext3.bankofamerica3.com
Content-Encoding: gzip
traceresponse: 00-5db6634d26a0e939ad78ec1901775f24-29765662f578ee62-01
Transfer-Encoding: chunked
Connection: Keep-Alive
Last-Modified: Wed, 22 May 2024 08:27:34 GMT
x-dt-tracestate: 6a516194-9b0df33f@dt
ETag: "92952-61906b4cb8980-gzip"
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: https://online-uat1a.cashpro.bankofamerica.com
Origin-Agent-Cluster: ?0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cpo-admin-reporting-uat1.bankofamerica.com/	1969-12-31 23:59:59	Name: nonce.EQSO2V.1717188640 Value: 7969464f-0604-4fd9-919c-f7751bd6ebc5
cpo-admin-reporting-uat1.bankofamerica.com/	1969-12-31 23:59:59	Name: cpo-admin-reporting-uat1_bac_persist Value: 558010122.6695.0000
cpo-admin-reporting-uat1.bankofamerica.com/	1969-12-31 23:59:59	Name: TS01663254 Value: 01d005e4ad51a6476c364f0526f43bab2a8cf7c1a7e6c75d9305e1c63dcf1fb003239edb0cf5f36315f909b24e7b6f463a4b309940
.bankofamerica.com/	1969-12-31 23:59:59	Name: TS01e72230 Value: 01d005e4ad51a6476c364f0526f43bab2a8cf7c1a7e6c75d9305e1c63dcf1fb003239edb0cf5f36315f909b24e7b6f463a4b309940
fedsso-cashpro-pp.bankofamerica.com/	1969-12-31 23:59:59	Name: PF Value: pVrA8G3OrdSgZwHSga0GMp
.bankofamerica.com/	1970-01-21 06:31:29	Name: _bofalid Value: 9XVuI7WL7i6SOqRn1mimjFInV09jUaTXWNu2seY6/uk=
.fedsso-cashpro-pp.bankofamerica.com/	1969-12-31 23:59:59	Name: TS01775d00 Value: 01b643161a7f91806b9c12a628390bc38f0b90230db585cb10bd20c7851fc919f8e633936c52a12fbcd22a5b91a910e103e8c1071a

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cpo-admin-reporting-uat1.bankofamerica.com/ Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; style-src 'self'; script-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cpo-admin-reporting-uat1.bankofamerica.com
fedsso-cashpro-pp.bankofamerica.com
online-uat1.cashpro.bankofamerica.com
online-uat1a.cashpro.bankofamerica.com
104.97.80.102
171.162.62.87
2.16.129.78
2.19.184.203
3f6d51f8e3846a25d605d8c2cd1f79137481c4672fd3dfb7efc4dcc99c9ccc85
543cb61bcc8ceb0f5661de06417097a4c28f93b23a6fa13a2dd3858f7133f5b3
571ffec4cffd61b5b19b844c486921ee894d59083830918b0a12d15bc7f5573f
f14dc9117aff0a9e3d87753488f1aa886e35ec9d3c70752dcdfc85b792e59f78

online-uat1a.cashpro.bankofamerica.com Open in urlscan Pro 2.16.129.78 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

1 Domains

4 Subdomains

2 IPs

2 Countries

59 kBTransfer

691 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

7 Cookies

1 Console Messages

Security Headers

Indicators

online-uat1a.cashpro.bankofamerica.com Open in urlscan Pro
2.16.129.78 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

4
Subdomains

2
IPs

2
Countries

59 kB
Transfer

691 kB
Size

7
Cookies

9 HTTP transactions
0 data transactions