expressview-uat.bankofamerica.com Open in urlscan Pro
171.162.60.101 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://expressview-uat.bankofamerica.com/
Effective URL:
https://expressview-uat.bankofamerica.com/expressview/login.html
Submission Tags: @phishunt_io
Submission: On November 09 via api (November 9th 2022, 11:20:28 pm UTC) from DE — Scanned from DE

Summary HTTP 14 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 14 HTTP transactions. The main IP is 171.162.60.101, located in United States and belongs to BOFABROKERDEALERSVCS, US. The main domain is expressview-uat.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on December 6th 2021. Valid for: a year.

This is the only time expressview-uat.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 9	171.162.60.101 171.162.60.101	19886 (BOFABROKE...) (BOFABROKERDEALERSVCS)
6	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:929e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	4

9 171.162.60.101 (United States) 2 redirects

ASN19886 (BOFABROKERDEALERSVCS, US)

expressview-uat.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:929e (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	bankofamerica.com 2 redirects expressview-uat.bankofamerica.com	21 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 410	115 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 690	237 B
14	3

	Domain	Requested by
9	expressview-uat.bankofamerica.com	2 redirects expressview-uat.bankofamerica.com
6	cdn.cookielaw.org	expressview-uat.bankofamerica.com cdn.cookielaw.org
1	geolocation.onetrust.com	cdn.cookielaw.org
14	3

This site contains links to these domains. Also see Links.

Domain
www.bofaml.com
www.onetrust.com

Subject Issuer	Validity	Valid
expressview-uat-ar.bankofamerica.com Entrust Certification Authority - L1M	`2021-12-06` - `2022-12-06`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://expressview-uat.bankofamerica.com/expressview/login.html
Frame ID: BCEB60E7FFB624FE1503EAEBE0F2384C
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ExpressView LoginBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://expressview-uat.bankofamerica.com/ Page URL
https://expressview-uat.bankofamerica.com/expressview HTTP 302
https://expressview-uat.bankofamerica.com/expressview/ HTTP 302
https://expressview-uat.bankofamerica.com/expressview/login.html Page URL

Detected technologies

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

14
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

134 kB
Transfer

495 kB
Size

5
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bofaml.com/content/dam/boamlimages/documents/articles/ID19_0760/Cookie_Policy.pdf
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://expressview-uat.bankofamerica.com/ Page URL
https://expressview-uat.bankofamerica.com/expressview HTTP 302
https://expressview-uat.bankofamerica.com/expressview/ HTTP 302
https://expressview-uat.bankofamerica.com/expressview/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
expressview-uat.bankofamerica.com/ 58 B
1 KB 647ms
131ms Document
text/html 171.162.60.101
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://expressview-uat.bankofamerica.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.162.60.101 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

Software

Resource Hash

6ba3076c84a11855403b4772af2fff83bcd33a610319da22c6fb93464dd9d366

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Connection: Upgrade, Keep-Alive
Content-Length: 58
Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Content-Type: text/html
Date: Wed, 09 Nov 2022 23:20:24 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Keep-Alive: timeout=5, max=512
Last-Modified: Thu, 09 May 2019 13:50:18 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Upgrade: h2,h2c
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1

200

Primary Request login.html Show response
expressview-uat.bankofamerica.com/expressview/
Redirect Chain

https://expressview-uat.bankofamerica.com/expressview
https://expressview-uat.bankofamerica.com/expressview/
https://expressview-uat.bankofamerica.com/expressview/login.html

4 KB
5 KB

174ms
173ms

Document
text/html

171.162.60.101
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://expressview-uat.bankofamerica.com/expressview/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.162.60.101 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

Software

Resource Hash

e3f3c482cd45d0905e0338d32d3694b2bcbbfb5ce39295759fcbbd7a43d66e51

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://expressview-uat.bankofamerica.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Language: de-DE
Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 09 Nov 2022 23:20:24 GMT
Expires: Mon, 23 Aug 1982 12:00:00 GMT
Keep-Alive: timeout=5, max=509
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
Via: 1.1 ah-1030434-001.sdi.ssc3.ext3.bankofamerica3.com:34292
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Length: 0
Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Content-Type: text/html;charset=UTF-8
Date: Wed, 09 Nov 2022 23:20:24 GMT
Expires: Mon, 23 Aug 1982 12:00:00 GMT
Keep-Alive: timeout=5, max=510
Location: login.html
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Via: 1.1 ah-1030434-001.sdi.ssc3.ext3.bankofamerica3.com:34292
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 login.css
expressview-uat.bankofamerica.com/expressview/static/expressview/css/ 2 KB
3 KB 157ms
156ms Stylesheet
text/css 171.162.60.101
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://expressview-uat.bankofamerica.com/expressview/static/expressview/css/login.css

Requested by

Host: expressview-uat.bankofamerica.com
URL: https://expressview-uat.bankofamerica.com/expressview/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.162.60.101 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

Software

Resource Hash

fdfddf0350f2a7271dd5d58b892b90f3035bc39ba6917fdb32ebd6ea7b915bd2

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/expressview/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 23:20:24 GMT
Via: 1.1 ah-1030434-001.sdi.ssc3.ext3.bankofamerica3.com:34292
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Connection: Keep-Alive
Content-Length: 1801
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 24 Oct 2022 18:29:20 GMT
ETag: W/"1801-1666636160000"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-store, no-cache, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=508
Expires: Mon, 23 Aug 1982 12:00:00 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/consent/35c7989f-5558-4b47-8a69-c813f421532d-test/ 17 KB
6 KB 121ms
67ms Script
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/35c7989f-5558-4b47-8a69-c813f421532d-test/otSDKStub.js

Requested by

Host: expressview-uat.bankofamerica.com
URL: https://expressview-uat.bankofamerica.com/expressview/login.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2644089b943508719c3186cb84c122435c6cd94c0d076998a68a64cee57e0229

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://expressview-uat.bankofamerica.com/
Origin: https://expressview-uat.bankofamerica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Nov 2022 23:20:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-md5: hQHLOKwwbZEMxao4/1YKSg==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 5817
x-ms-lease-status: unlocked
last-modified: Fri, 18 Jun 2021 16:52:22 GMT
server: cloudflare
etag: 0x8D932797148E82E
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d3028ecf-401e-0133-2191-f4c79e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: no-cache
x-ms-version: 2009-09-19
cf-ray: 767a47664bf0bb71-FRA

GET
H/1.1 200 boa.js Show response
expressview-uat.bankofamerica.com/expressview/static/expressview/js/home/ 599 B
1 KB 312ms
156ms Script
application/javascript 171.162.60.101
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to

Full URL

https://expressview-uat.bankofamerica.com/expressview/static/expressview/js/home/boa.js

Requested by

Host: expressview-uat.bankofamerica.com
URL: https://expressview-uat.bankofamerica.com/expressview/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.162.60.101 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

Software

Resource Hash

026c612c959ec69da87141309faee557af2d3446c5f248098fcbdea10d367c16

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/expressview/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 23:20:24 GMT
Via: 1.1 ah-1030434-001.sdi.ssc3.ext3.bankofamerica3.com:34292
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Connection: Keep-Alive
Content-Length: 599
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 24 Oct 2022 18:29:20 GMT
ETag: W/"599-1666636160000"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: no-store, no-cache, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=507
Expires: Mon, 23 Aug 1982 12:00:00 GMT

GET
H/1.1 200 bofa_logo.gif
expressview-uat.bankofamerica.com/expressview/static/expressview/images/ 5 KB
5 KB 413ms
315ms Image
image/gif 171.162.60.101
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://expressview-uat.bankofamerica.com/expressview/static/expressview/images/bofa_logo.gif

Requested by

Host: expressview-uat.bankofamerica.com
URL: https://expressview-uat.bankofamerica.com/expressview/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.162.60.101 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

Software

Resource Hash

02e89c684a3d473af37a1881c5d163c0bc6374ee093de7c1b4db78adeedea8ec

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/expressview/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 23:20:24 GMT
Via: 1.1 ah-1030434-001.sdi.ssc3.ext3.bankofamerica3.com:34292
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Connection: Keep-Alive
Content-Length: 4659
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 24 Oct 2022 18:29:20 GMT
ETag: W/"4659-1666636160000"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512
Expires: Mon, 23 Aug 1982 12:00:00 GMT

GET
H/1.1 200 express_view.gif
expressview-uat.bankofamerica.com/expressview/static/expressview/images/ 2 KB
3 KB 161ms
161ms Image
image/gif 171.162.60.101
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://expressview-uat.bankofamerica.com/expressview/static/expressview/images/express_view.gif

Requested by

Host: expressview-uat.bankofamerica.com
URL: https://expressview-uat.bankofamerica.com/expressview/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.162.60.101 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

Software

Resource Hash

f2eca3dee323d05bfae77b7d84e03cfbb49a09bc5b8071938dbb2215fb85eda4

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/expressview/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 23:20:24 GMT
Via: 1.1 ah-1030434-001.sdi.ssc3.ext3.bankofamerica3.com:34292
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Connection: Keep-Alive
Content-Length: 1952
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 24 Oct 2022 18:29:20 GMT
ETag: W/"1952-1666636160000"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=506
Expires: Mon, 23 Aug 1982 12:00:00 GMT

GET
H/1.1 200 login_bar.gif
expressview-uat.bankofamerica.com/expressview/static/expressview/images/ 516 B
1 KB 273ms
191ms Image
image/gif 171.162.60.101
BOFABROKERDEALERSVCS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://expressview-uat.bankofamerica.com/expressview/static/expressview/images/login_bar.gif

Requested by

Host: expressview-uat.bankofamerica.com
URL: https://expressview-uat.bankofamerica.com/expressview/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.162.60.101 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),

Reverse DNS

Software

Resource Hash

22d222088167f8a6ca5ed9103d5e4046e972b487b7680c04b971ba83157c7d13

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/expressview/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Wed, 09 Nov 2022 23:20:24 GMT
Via: 1.1 ah-1030434-001.sdi.ssc3.ext3.bankofamerica3.com:34292
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Connection: Keep-Alive
Content-Length: 516
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 24 Oct 2022 18:29:20 GMT
ETag: W/"516-1666636160000"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512
Expires: Mon, 23 Aug 1982 12:00:00 GMT

GET
H2 200 35c7989f-5558-4b47-8a69-c813f421532d-test.json Show response
cdn.cookielaw.org/consent/35c7989f-5558-4b47-8a69-c813f421532d-test/ 4 KB
2 KB 55ms
55ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/35c7989f-5558-4b47-8a69-c813f421532d-test/35c7989f-5558-4b47-8a69-c813f421532d-test.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/35c7989f-5558-4b47-8a69-c813f421532d-test/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0de7544e8646da110606255c707618928ba74686a2db05802439fd2ad0c0d00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Nov 2022 23:20:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-md5: G3bHWy9UeOy7yQxzSg1+Dg==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1518
x-ms-lease-status: unlocked
last-modified: Fri, 18 Jun 2021 16:52:20 GMT
server: cloudflare
etag: 0x8D932796FF01BFC
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 68401852-401e-0111-4e91-f4a9a8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: no-cache
x-ms-version: 2009-09-19
cf-ray: 767a4766fcc0bb71-FRA

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 70 B
237 B 116ms
50ms Script
text/javascript 2606:4700:4400::ac40:929e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/35c7989f-5558-4b47-8a69-c813f421532d-test/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:929e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cea2053be8e509589fe917b989317c05a16799e2d89ed1ea89b21870e3153631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Wed, 09 Nov 2022 23:20:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
cf-ray: 767a47686c609b9a-FRA
vary: Accept-Encoding
content-type: text/javascript

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.18.0/ 377 KB
84 KB 142ms
141ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/35c7989f-5558-4b47-8a69-c813f421532d-test/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf8fce049c8e10f0a036f50f5eb7c8dde06dc5bee833635f9db82de6f51f2418

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://expressview-uat.bankofamerica.com/
Origin: https://expressview-uat.bankofamerica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Nov 2022 23:20:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
content-md5: cIchS4lr7UaDx9LQCq2apA==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 85787
x-ms-lease-status: unlocked
last-modified: Mon, 24 May 2021 01:24:55 GMT
server: cloudflare
etag: 0x8D91E52BCFB1A90
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b611f152-501e-0045-3491-f40577000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 767a4768bf8cbb71-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/35c7989f-5558-4b47-8a69-c813f421532d-test/ba3f940e-03b2-45a5-a1a8-87aac991842e/ 24 KB
8 KB 73ms
72ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/35c7989f-5558-4b47-8a69-c813f421532d-test/ba3f940e-03b2-45a5-a1a8-87aac991842e/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ededcb9eca7c93a6a381538ccee47c75c99f9998a505d4b46e8413db330e6c2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Nov 2022 23:20:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-md5: 8nWYE2ebfyV+1pzt0j+ysg==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8339
x-ms-lease-status: unlocked
last-modified: Fri, 18 Jun 2021 16:52:27 GMT
server: cloudflare
etag: 0x8D93279749C3686
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d3028f50-401e-0133-1591-f4c79e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: no-cache
x-ms-version: 2009-09-19
cf-ray: 767a4769e973bb71-FRA

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.18.0/assets/ 12 KB
3 KB 63ms
63ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.18.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb1fa7363d6e4772f7c49d67f031d68f209e66de6c3c05aade6fdc57a02505c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Nov 2022 23:20:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: MrQfM8mTXwqoZ1+V6sXNuw==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2938
x-ms-lease-status: unlocked
last-modified: Mon, 24 May 2021 01:24:48 GMT
server: cloudflare
etag: 0x8D91E52B88C8775
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9237363f-e01e-005c-068b-f4291f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 767a476aaa5fbb71-FRA

GET
H2 200 otPcPanel.json Show response
cdn.cookielaw.org/scripttemplates/6.18.0/assets/v2/ 47 KB
11 KB 47ms
47ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.18.0/assets/v2/otPcPanel.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbd89775249b84792efdf669aeb157ad3e8d8e8e7f5d4d5b4a2c74e199bddc39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://expressview-uat.bankofamerica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Nov 2022 23:20:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 2g8ZYN+WBSlZ/5k1miqWvg==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11471
x-ms-lease-status: unlocked
last-modified: Mon, 24 May 2021 01:24:49 GMT
server: cloudflare
etag: 0x8D91E52B990E2B7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: a5800c13-c01e-00c3-658b-f451a5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 767a476aaa61bb71-FRA

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
expressview-uat.bankofamerica.com/expressview	1969-12-31 23:59:59	Name: JSESSIONID Value: 36A313DA86A46C0B2A4068A0B2B8533B
expressview-uat.bankofamerica.com/expressview	1969-12-31 23:59:59	Name: TS01aa1f60 Value: 0108a18b2989ede41685fb8c492d106027d658b357fb1a1a20f56fdd2e54ae7d6c80603e47ccc6cd469dc06761b393896d9ad3ef03983912bd9c41a173e6e4729a062793a77480039418f7918a4460fb90c657bfde
expressview-uat.bankofamerica.com/	1969-12-31 23:59:59	Name: bac_persist Value: 369110437.62597.0000
expressview-uat.bankofamerica.com/	1969-12-31 23:59:59	Name: TS01a44945 Value: 0108a18b2933dd5184681eb5541385a065521c901ffb1a1a20f56fdd2e54ae7d6c80603e47ccc6cd469dc06761b393896d9ad3ef0382c684991a997cfed91ff18d81186334
expressview-uat.bankofamerica.com/	1970-01-20 11:39:48	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Nov+09+2022+23%3A20%3A26+GMT%2B0000+(GMT)&version=6.18.0&isIABGlobal=false&hosts=&consentId=bb04e2bc-509d-4349-a8df-a89c58623f27&interactionCount=0&landingPath=https%3A%2F%2Fexpressview-uat.bankofamerica.com%2Fexpressview%2Flogin.html&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src ; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.cookielaw.org
expressview-uat.bankofamerica.com
geolocation.onetrust.com
171.162.60.101
2606:4700:4400::ac40:929e
2606:4700::6810:9440
026c612c959ec69da87141309faee557af2d3446c5f248098fcbdea10d367c16
02e89c684a3d473af37a1881c5d163c0bc6374ee093de7c1b4db78adeedea8ec
22d222088167f8a6ca5ed9103d5e4046e972b487b7680c04b971ba83157c7d13
2644089b943508719c3186cb84c122435c6cd94c0d076998a68a64cee57e0229
6ba3076c84a11855403b4772af2fff83bcd33a610319da22c6fb93464dd9d366
b0de7544e8646da110606255c707618928ba74686a2db05802439fd2ad0c0d00
bf8fce049c8e10f0a036f50f5eb7c8dde06dc5bee833635f9db82de6f51f2418
cea2053be8e509589fe917b989317c05a16799e2d89ed1ea89b21870e3153631
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
e3f3c482cd45d0905e0338d32d3694b2bcbbfb5ce39295759fcbbd7a43d66e51
eb1fa7363d6e4772f7c49d67f031d68f209e66de6c3c05aade6fdc57a02505c1
ededcb9eca7c93a6a381538ccee47c75c99f9998a505d4b46e8413db330e6c2f
f2eca3dee323d05bfae77b7d84e03cfbb49a09bc5b8071938dbb2215fb85eda4
fbd89775249b84792efdf669aeb157ad3e8d8e8e7f5d4d5b4a2c74e199bddc39
fdfddf0350f2a7271dd5d58b892b90f3035bc39ba6917fdb32ebd6ea7b915bd2

expressview-uat.bankofamerica.com Open in urlscan Pro 171.162.60.101 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

134 kBTransfer

495 kBSize

5 Cookies

2 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

5 Cookies

Security Headers

Indicators

expressview-uat.bankofamerica.com Open in urlscan Pro
171.162.60.101 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

134 kB
Transfer

495 kB
Size

5
Cookies

14 HTTP transactions
1 data transactions