fedsso-pp.bankofamerica.com Open in urlscan Pro
171.162.61.83 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://legalkm-uat-ahs.bankofamerica.com/
Effective URL:
https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A63785LegalKMExt&redirect_uri=https%3A%2F%2...
Submission: On September 28 via automatic, source certstream-suspicious (September 28th 2021, 4:09:50 am UTC) — Scanned from DE

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 171.162.61.83, located in United States and belongs to BOFABROKERDEALERSVCS, US. The main domain is fedsso-pp.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on May 28th 2021. Valid for: a year.

This is the only time fedsso-pp.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	171.162.60.193 171.162.60.193	19886 (BOFABROKE...) (BOFABROKERDEALERSVCS)
10	171.162.61.83 171.162.61.83	19886 (BOFABROKE...) (BOFABROKERDEALERSVCS)
10	1

1 171.162.60.193 (United States) 1 redirects

ASN19886 (BOFABROKERDEALERSVCS, US)

legalkm-uat-ahs.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 171.162.61.83 (United States)

ASN19886 (BOFABROKERDEALERSVCS, US)
PTR: fedsso-pp-sve1-ext-vip.bankofamerica.com

fedsso-pp.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	bankofamerica.com 1 redirects legalkm-uat-ahs.bankofamerica.com fedsso-pp.bankofamerica.com	667 KB
10	1

	Domain	Requested by
10	fedsso-pp.bankofamerica.com	fedsso-pp.bankofamerica.com
1	legalkm-uat-ahs.bankofamerica.com	1 redirects
10	2

This site contains links to these domains. Also see Links.

Domain
pns.bankofamerica.com
sso.bankofamerica.com

Subject Issuer	Validity	Valid
fedsso-pp.bankofamerica.com Entrust Certification Authority - L1M	`2021-05-28` - `2022-05-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A63785LegalKMExt&redirect_uri=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoibWciLCJzdWZmaXgiOiJ5d3I0YzQuMTYzMzA2MTM4MyJ9..wzDD5GCPMmOO1GBSdd6yRw.yjbkapF9pi3KrfZYfpsQdn3OZNFLwc_SF4f0h7XmFA5Bql9oB3Dyvcg7UdqLiWokrSd9Y9P6aoBDEAdIn5p36xT8OnrAJaHxKIGIQFiMUD8.SA-7cuOObl7G18lIVTBTMw&nonce=-Uoj6u9GK1srVEoZNYbnrggsr8q6eTvzkxjgz3eoqmY&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2F&vnd_pi_application_name=A63785LegalKMExt
Frame ID: A11ED9D0D21D7BCDE3A4AC543D4ADED0
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank of America: Sign On

Page URL History Show full URLs

https://legalkm-uat-ahs.bankofamerica.com/ HTTP 302
https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A63785LegalKMExt&redire... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

666 kB
Transfer

650 kB
Size

9
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://pns.bankofamerica.com/pnservices/getid.jsp
Title: Get Standard ID (opens in a new window)

Search URL Search Domain Scan URL

URL: http://sso.bankofamerica.com/usermanager
Title: Forgot DEV/QA Password?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://legalkm-uat-ahs.bankofamerica.com/ HTTP 302
https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A63785LegalKMExt&redirect_uri=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoibWciLCJzdWZmaXgiOiJ5d3I0YzQuMTYzMzA2MTM4MyJ9..wzDD5GCPMmOO1GBSdd6yRw.yjbkapF9pi3KrfZYfpsQdn3OZNFLwc_SF4f0h7XmFA5Bql9oB3Dyvcg7UdqLiWokrSd9Y9P6aoBDEAdIn5p36xT8OnrAJaHxKIGIQFiMUD8.SA-7cuOObl7G18lIVTBTMw&nonce=-Uoj6u9GK1srVEoZNYbnrggsr8q6eTvzkxjgz3eoqmY&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2F&vnd_pi_application_name=A63785LegalKMExt Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set authorization.oauth2 Show response
fedsso-pp.bankofamerica.com/as/
Redirect Chain

https://legalkm-uat-ahs.bankofamerica.com/
https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A63785LegalKMExt&redirect_uri=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXA...

8 KB
10 KB

1553ms
176ms

Document
text/html

171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A63785LegalKMExt&redirect_uri=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoibWciLCJzdWZmaXgiOiJ5d3I0YzQuMTYzMzA2MTM4MyJ9..wzDD5GCPMmOO1GBSdd6yRw.yjbkapF9pi3KrfZYfpsQdn3OZNFLwc_SF4f0h7XmFA5Bql9oB3Dyvcg7UdqLiWokrSd9Y9P6aoBDEAdIn5p36xT8OnrAJaHxKIGIQFiMUD8.SA-7cuOObl7G18lIVTBTMw&nonce=-Uoj6u9GK1srVEoZNYbnrggsr8q6eTvzkxjgz3eoqmY&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2F&vnd_pi_application_name=A63785LegalKMExt

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

b76bb5621a2c2018083457e9aa454ef0cca2ead48598458f20671a7ceba1ca93

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: fedsso-pp.bankofamerica.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Tue, 28 Sep 2021 04:09:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Referrer-Policy: origin
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html;charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Length: 7809
Set-Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de;Path=/;Expires=Tue, 28-Sep-2021 04:10:14 GMT;Max-Age=30;Secure;SameSite=None ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c;Path=/;Expires=Tue, 28-Sep-2021 04:10:14 GMT;Max-Age=30;Secure;SameSite=None SameSite=None;Path=/;Expires=Tue, 28-Sep-2021 04:10:14 GMT;Max-Age=30;Secure;SameSite=None ADRUM_BT1=R:0|i:246417;Path=/;Expires=Tue, 28-Sep-2021 04:10:14 GMT;Max-Age=30;Secure;SameSite=None ADRUM_BT1=R:0|i:246417|e:1;Path=/;Expires=Tue, 28-Sep-2021 04:10:14 GMT;Max-Age=30;Secure;SameSite=None PF=CoZvWQTwlHKBUlpeCfJNCU;Path=/;Secure;HttpOnly;SameSite=None bac_persist=822095269.20380.0000; path=/; Httponly; Secure _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=;Path=/;Domain=.bankofamerica.com;Expires=Sun, 22-Sep-2041 22:36:25 GMT;Secure TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Keep-Alive: timeout=5, max=20000
Connection: Keep-Alive

Redirect headers

Date: Tue, 28 Sep 2021 04:09:43 GMT
content-length: 0
Location: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A63785LegalKMExt&redirect_uri=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoibWciLCJzdWZmaXgiOiJ5d3I0YzQuMTYzMzA2MTM4MyJ9..wzDD5GCPMmOO1GBSdd6yRw.yjbkapF9pi3KrfZYfpsQdn3OZNFLwc_SF4f0h7XmFA5Bql9oB3Dyvcg7UdqLiWokrSd9Y9P6aoBDEAdIn5p36xT8OnrAJaHxKIGIQFiMUD8.SA-7cuOObl7G18lIVTBTMw&nonce=-Uoj6u9GK1srVEoZNYbnrggsr8q6eTvzkxjgz3eoqmY&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2F&vnd_pi_application_name=A63785LegalKMExt
set-cookie: nonce.ywr4c4.1633061383=7f7fd44d-b606-427f-b4b6-14762b738c30; Path=/; Secure; HttpOnly; SameSite=None
cache-control: no-cache,no-store,max-age=0
pragma: no-cache
expires: 0
X-Frame-Options: DENY
Set-Cookie: PA.A63785LegalKMExt=; Path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Secure; HttpOnly; SameSite=None PA_STATE.A63785LegalKMExt=; Path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Secure; HttpOnly; SameSite=None TS01b929cc=01b643161a7b630e305a2f91a3dad8c07f470b71248d32e584131914b575a317168a6014c2fcc6aa3017f93b859f33d036ee5a67ba; Path=/; Secure; HTTPOnly
Keep-Alive: timeout=5, max=512
Connection: Keep-Alive

GET
H/1.1 200
OK Cookie set custom.css
fedsso-pp.bankofamerica.com/assets/sso/css/ 336 KB
338 KB 123ms
122ms Stylesheet
text/css 171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso-pp.bankofamerica.com/assets/sso/css/custom.css

Requested by

Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A63785LegalKMExt&redirect_uri=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoibWciLCJzdWZmaXgiOiJ5d3I0YzQuMTYzMzA2MTM4MyJ9..wzDD5GCPMmOO1GBSdd6yRw.yjbkapF9pi3KrfZYfpsQdn3OZNFLwc_SF4f0h7XmFA5Bql9oB3Dyvcg7UdqLiWokrSd9Y9P6aoBDEAdIn5p36xT8OnrAJaHxKIGIQFiMUD8.SA-7cuOObl7G18lIVTBTMw&nonce=-Uoj6u9GK1srVEoZNYbnrggsr8q6eTvzkxjgz3eoqmY&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2F&vnd_pi_application_name=A63785LegalKMExt

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

5b1aa720d0f27536e50848c653deb9d552302a72716f4e00affe02e48306dbd6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://fedsso-pp.bankofamerica.com/
Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c; SameSite=None; ADRUM_BT1=R:0|i:246417|e:1; PF=CoZvWQTwlHKBUlpeCfJNCU; bac_persist=822095269.20380.0000; _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=; TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://fedsso-pp.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 28 Sep 2021 04:09:45 GMT
Referrer-Policy: origin
Last-Modified: Thu, 23 Sep 2021 13:42:02 GMT
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
Set-Cookie: TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Type: text/css
Keep-Alive: timeout=5, max=19999
Content-Length: 344266
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cookie set main-v2.css
fedsso-pp.bankofamerica.com/assets/sso/css/ 9 KB
10 KB 130ms
130ms Stylesheet
text/css 171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso-pp.bankofamerica.com/assets/sso/css/main-v2.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://fedsso-pp.bankofamerica.com/
Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c; SameSite=None; ADRUM_BT1=R:0|i:246417|e:1; PF=CoZvWQTwlHKBUlpeCfJNCU; bac_persist=822095269.20380.0000; _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=; TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://fedsso-pp.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 28 Sep 2021 04:09:45 GMT
Referrer-Policy: origin
Last-Modified: Thu, 23 Sep 2021 13:42:02 GMT
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
Set-Cookie: TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Type: text/css
Keep-Alive: timeout=5, max=20000
Content-Length: 9194
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cookie set urlmunger.js Show response
fedsso-pp.bankofamerica.com/assets/sso/js/ 2 KB
4 KB 349ms
125ms Script
application/javascript 171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso-pp.bankofamerica.com/assets/sso/js/urlmunger.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

dd140cd58ef404f5000c4630a30b579380f93c24ecf592291ad9ecee0d392e49

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://fedsso-pp.bankofamerica.com/
Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c; SameSite=None; ADRUM_BT1=R:0|i:246417|e:1; PF=CoZvWQTwlHKBUlpeCfJNCU; bac_persist=822095269.20380.0000; _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=; TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://fedsso-pp.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 28 Sep 2021 04:09:45 GMT
Referrer-Policy: origin
Last-Modified: Thu, 23 Sep 2021 13:42:02 GMT
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
Set-Cookie: TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Type: application/javascript
Keep-Alive: timeout=5, max=20000
Content-Length: 2534
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cookie set bofa-logo-new.svg
fedsso-pp.bankofamerica.com/assets/sso/images/ 7 KB
9 KB 344ms
118ms Image
image/svg+xml 171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fedsso-pp.bankofamerica.com/assets/sso/images/bofa-logo-new.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://fedsso-pp.bankofamerica.com/
Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c; SameSite=None; ADRUM_BT1=R:0|i:246417|e:1; PF=CoZvWQTwlHKBUlpeCfJNCU; bac_persist=822095269.20380.0000; _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=; TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://fedsso-pp.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 28 Sep 2021 04:09:46 GMT
Referrer-Policy: origin
Last-Modified: Thu, 23 Sep 2021 13:42:02 GMT
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
Set-Cookie: TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Type: image/svg+xml
Keep-Alive: timeout=5, max=20000
Content-Length: 7544
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cookie set jquery-3.5.1.min.js Show response
fedsso-pp.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 87 KB
89 KB 115ms
115ms Script
application/javascript 171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso-pp.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/jquery-3.5.1.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://fedsso-pp.bankofamerica.com/
Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c; SameSite=None; ADRUM_BT1=R:0|i:246417|e:1; PF=CoZvWQTwlHKBUlpeCfJNCU; bac_persist=822095269.20380.0000; _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=; TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://fedsso-pp.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 28 Sep 2021 04:09:45 GMT
Referrer-Policy: origin
Last-Modified: Thu, 23 Sep 2021 13:42:02 GMT
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
Set-Cookie: TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Type: application/javascript
Keep-Alive: timeout=5, max=19999
Content-Length: 89476
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cookie set popper.min.js Show response
fedsso-pp.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 18 KB
20 KB 118ms
117ms Script
application/javascript 171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso-pp.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/popper.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

a9dd7bbfe22d33e4a3efa2564c3374512177cfcf4b7224e5061b9fa36d77c676

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://fedsso-pp.bankofamerica.com/
Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c; SameSite=None; ADRUM_BT1=R:0|i:246417|e:1; PF=CoZvWQTwlHKBUlpeCfJNCU; bac_persist=822095269.20380.0000; _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=; TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://fedsso-pp.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 28 Sep 2021 04:09:46 GMT
Referrer-Policy: origin
Last-Modified: Thu, 23 Sep 2021 13:42:02 GMT
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
Set-Cookie: TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Type: application/javascript
Keep-Alive: timeout=5, max=19998
Content-Length: 18508
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cookie set bootstrap.bundle.min.js Show response
fedsso-pp.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/ 82 KB
84 KB 118ms
117ms Script
application/javascript 171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso-pp.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/bootstrap.bundle.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://fedsso-pp.bankofamerica.com/
Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c; SameSite=None; ADRUM_BT1=R:0|i:246417|e:1; PF=CoZvWQTwlHKBUlpeCfJNCU; bac_persist=822095269.20380.0000; _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=; TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://fedsso-pp.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 28 Sep 2021 04:09:46 GMT
Referrer-Policy: origin
Last-Modified: Thu, 23 Sep 2021 13:42:02 GMT
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
Set-Cookie: TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Type: application/javascript
Keep-Alive: timeout=5, max=19999
Content-Length: 84378
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cookie set Connections.woff
fedsso-pp.bankofamerica.com/assets/sso/fonts/connections/ 41 KB
42 KB 218ms
115ms Font
application/font-woff 171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso-pp.bankofamerica.com/assets/sso/fonts/connections/Connections.woff

Requested by

Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/assets/sso/css/main-v2.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://fedsso-pp.bankofamerica.com
Accept-Encoding: gzip, deflate, br
Host: fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://fedsso-pp.bankofamerica.com/
Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c; SameSite=None; ADRUM_BT1=R:0|i:246417|e:1; PF=CoZvWQTwlHKBUlpeCfJNCU; bac_persist=822095269.20380.0000; _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=; TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72
Connection: keep-alive
Referer: https://fedsso-pp.bankofamerica.com/
Origin: https://fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 28 Sep 2021 04:09:46 GMT
Referrer-Policy: origin
Last-Modified: Thu, 23 Sep 2021 13:42:02 GMT
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
Set-Cookie: TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Type: application/font-woff
Keep-Alive: timeout=5, max=19998
Content-Length: 41744
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cookie set brand-icons.ttf
fedsso-pp.bankofamerica.com/assets/sso/fonts/connections/ 58 KB
60 KB 223ms
116ms Font
application/x-font-ttf 171.162.61.83
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso-pp.bankofamerica.com/assets/sso/fonts/connections/brand-icons.ttf?a4g4ix

Requested by

Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/assets/sso/css/custom.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

fedsso-pp-sve1-ext-vip.bankofamerica.com

Software

Resource Hash

88f0d1a9244a6c09b83c776235ef64e2b6cd54ff8614143a79cf1c3813d1d503

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://fedsso-pp.bankofamerica.com
Accept-Encoding: gzip, deflate, br
Host: fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://fedsso-pp.bankofamerica.com/
Cookie: ADRUM_BTa=R:0|g:5d743cab-0ccd-4c89-a6cd-129092ae81de|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c; SameSite=None; ADRUM_BT1=R:0|i:246417|e:1; PF=CoZvWQTwlHKBUlpeCfJNCU; bac_persist=822095269.20380.0000; _bofalid=YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=; TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72
Connection: keep-alive
Referer: https://fedsso-pp.bankofamerica.com/
Origin: https://fedsso-pp.bankofamerica.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 28 Sep 2021 04:09:46 GMT
Referrer-Policy: origin
Last-Modified: Thu, 23 Sep 2021 13:42:02 GMT
Expect-CT: max-age=3600, enforce max-age=3600, enforce
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com
Set-Cookie: TS01e4cf75=01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72; Path=/; Domain=.fedsso-pp.bankofamerica.com; Secure; HTTPOnly
Content-Type: application/x-font-ttf
Keep-Alive: timeout=5, max=19997
Content-Length: 59728
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
legalkm-uat-ahs.bankofamerica.com/	1969-12-31 23:59:59	Name: nonce.ywr4c4.1633061383 Value: 7f7fd44d-b606-427f-b4b6-14762b738c30
legalkm-uat-ahs.bankofamerica.com/	1969-12-31 23:59:59	Name: TS01b929cc Value: 01b643161a7b630e305a2f91a3dad8c07f470b71248d32e584131914b575a317168a6014c2fcc6aa3017f93b859f33d036ee5a67ba
fedsso-pp.bankofamerica.com/	1970-01-19 21:33:22	Name: ADRUM_BTa Value: R:0\|g:5d743cab-0ccd-4c89-a6cd-129092ae81de\|n:customer1_a0a49a00-11ae-4d9f-a635-f0b059b56f9c
fedsso-pp.bankofamerica.com/	1970-01-19 21:33:22	Name: SameSite Value: None
fedsso-pp.bankofamerica.com/	1970-01-19 21:33:22	Name: ADRUM_BT1 Value: R:0\|i:246417\|e:1
fedsso-pp.bankofamerica.com/	1969-12-31 23:59:59	Name: PF Value: CoZvWQTwlHKBUlpeCfJNCU
fedsso-pp.bankofamerica.com/	1969-12-31 23:59:59	Name: bac_persist Value: 822095269.20380.0000
.bankofamerica.com/	1970-01-27 04:45:02	Name: _bofalid Value: YM0okZ7n5NXPpqqAc3cjwHm4j9wz1/ei/bK3i7KMka0=
.fedsso-pp.bankofamerica.com/	1969-12-31 23:59:59	Name: TS01e4cf75 Value: 01b643161a2114a557c15a15173a0d83ec9e06ca3ab1faf08c645416b7399df90b4e8e27f6550f1b88aac1a7bc1f015004a8e26a1569eb621f364f8263b3eb982fac96f93bda979f21788f1a1312ac288cefc25b384f78e46450790de5251500441fa1d3822fcd83109a749fad58dddc167a60d5f0608cad6e21289855b20fef52b082967a02fb361ca1ce159bc300024a2fa641502f5db5595dcc5d9cbe1c3913908bcc5fa6100d7f389e3c923868060e3fa24f72

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A63785LegalKMExt&redirect_uri=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoibWciLCJzdWZmaXgiOiJ5d3I0YzQuMTYzMzA2MTM4MyJ9..wzDD5GCPMmOO1GBSdd6yRw.yjbkapF9pi3KrfZYfpsQdn3OZNFLwc_SF4f0h7XmFA5Bql9oB3Dyvcg7UdqLiWokrSd9Y9P6aoBDEAdIn5p36xT8OnrAJaHxKIGIQFiMUD8.SA-7cuOObl7G18lIVTBTMw&nonce=-Uoj6u9GK1srVEoZNYbnrggsr8q6eTvzkxjgz3eoqmY&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Flegalkm-uat-ahs.bankofamerica.com%2F&vnd_pi_application_name=A63785LegalKMExt(Line 17) Message: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fedsso-pp.bankofamerica.com
legalkm-uat-ahs.bankofamerica.com
171.162.60.193
171.162.61.83
4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5
5b1aa720d0f27536e50848c653deb9d552302a72716f4e00affe02e48306dbd6
6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2
88f0d1a9244a6c09b83c776235ef64e2b6cd54ff8614143a79cf1c3813d1d503
91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2
a9dd7bbfe22d33e4a3efa2564c3374512177cfcf4b7224e5061b9fa36d77c676
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
b76bb5621a2c2018083457e9aa454ef0cca2ead48598458f20671a7ceba1ca93
dd140cd58ef404f5000c4630a30b579380f93c24ecf592291ad9ecee0d392e49
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

fedsso-pp.bankofamerica.com Open in urlscan Pro 171.162.61.83 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

1 IPs

1 Countries

666 kBTransfer

650 kBSize

9 Cookies

2 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

9 Cookies

1 Console Messages

Security Headers

Indicators

fedsso-pp.bankofamerica.com Open in urlscan Pro
171.162.61.83 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

666 kB
Transfer

650 kB
Size

9
Cookies

10 HTTP transactions
0 data transactions