urlscan.io logo urlscan.io
SecurityTrails logo

fedsso.bankofamerica.com Open in urlscan Pro
171.161.146.123  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bankofamerica.invisionapp.com/
Effective URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Submission: On December 14 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 171.161.146.123, located in United States and belongs to BANKAMERICA, US. The main domain is fedsso.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on June 8th 2021. Valid for: a year.
This is the only time fedsso.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
2 13 171.161.146.123 10794 (BANKAMERICA)
11 1
Apex Domain
Subdomains		 Transfer
13 bankofamerica.com
fedsso.bankofamerica.com
673 KB
1 invisionapp.com
bankofamerica.invisionapp.com
1 KB
11 2
Domain Requested by
13 fedsso.bankofamerica.com 2 redirects fedsso.bankofamerica.com
1 bankofamerica.invisionapp.com 1 redirects
11 2

This site contains links to these domains. Also see Links.

Domain
pns.bankofamerica.com
password.bankofamerica.com
Subject Issuer Validity Valid
fedsso.bankofamerica.com
Entrust Certification Authority - L1M		 2021-06-08 -
2022-06-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Frame ID: 3C177D9CDED5696738BF9A17A76368EE
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bank of America: Sign On

Page URL History Show full URLs

  1. https://bankofamerica.invisionapp.com/ HTTP 302
    https://fedsso.bankofamerica.com/idp/SSO.saml2?SAMLRequest=jVJdT8IwFP0rS9%2F36SbaMBKEGElQCEMffDFddyuNWzt7O9R%... HTTP 302
    https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping Page URL
  2. https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping HTTP 302
    https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping Page URL

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

669 kB
Transfer

650 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bankofamerica.invisionapp.com/ HTTP 302
    https://fedsso.bankofamerica.com/idp/SSO.saml2?SAMLRequest=jVJdT8IwFP0rS9%2F36SbaMBKEGElQCEMffDFddyuNWzt7O9R%2FbxliMEbiU5PTc%2B%2F5yB0ia%2BqWjju7USt47QCt997UCmn%2FkZPOKKoZSqSKNYDUclqMb%2Bc0CSLaGm011zXxZtOcPMU8ObvMxMAXcB77acmFz8pB5jMohai4uEizS%2BI9gEGpVU7cBjeI2MFMoWXKOihKYj9O%2FDhdRymNYpplj8RbfslcSVVJ9XzaU7knIb1Zr5f%2BclGsiTdGBGOd6EQr7BowBZit5HC%2FmudkY22LNAxLpl60cPuM5CyQait3NlnbBlw3IaIOmSuJeFNXkVTM9hkOwwIqxwh%2B7tjNyaoNi2IR7NpMyGi4e2kf2hz1fDoSO9gno3%2BZHYZHKnvJlt458my61LXkH961Ng2zf6vGQdwjsvJFT6Wdwha4FBIq12dd67eJAWYhJ9Z04IKFv2W%2BwePrGn0C&RelayState=%3FredirHash%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=hRR2YDmB%2BT5%2FLQXiglPKxXb6TbCWoFq2dNmtJIj6xezGYNQcpOiflre0M4wxHMQIE8G2VJDMShGj9TMkoF2Qxx2li6Y%2BYR70vCmArVq2O2TLbBjrzsU9i4zGxdde7e5E%2B%2Bc12dlLiyzrWNhKpa08sUZybi3%2FACALLhx3s%2BiNeY8%3D HTTP 302
    https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping Page URL
  2. https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping HTTP 302
    https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bankofamerica.invisionapp.com/ HTTP 302
  • https://fedsso.bankofamerica.com/idp/SSO.saml2?SAMLRequest=jVJdT8IwFP0rS9%2F36SbaMBKEGElQCEMffDFddyuNWzt7O9R%2FbxliMEbiU5PTc%2B%2F5yB0ia%2BqWjju7USt47QCt997UCmn%2FkZPOKKoZSqSKNYDUclqMb%2Bc0CSLaGm011zXxZtOcPMU8ObvMxMAXcB77acmFz8pB5jMohai4uEizS%2BI9gEGpVU7cBjeI2MFMoWXKOihKYj9O%2FDhdRymNYpplj8RbfslcSVVJ9XzaU7knIb1Zr5f%2BclGsiTdGBGOd6EQr7BowBZit5HC%2FmudkY22LNAxLpl60cPuM5CyQait3NlnbBlw3IaIOmSuJeFNXkVTM9hkOwwIqxwh%2B7tjNyaoNi2IR7NpMyGi4e2kf2hz1fDoSO9gno3%2BZHYZHKnvJlt458my61LXkH961Ng2zf6vGQdwjsvJFT6Wdwha4FBIq12dd67eJAWYhJ9Z04IKFv2W%2BwePrGn0C&RelayState=%3FredirHash%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=hRR2YDmB%2BT5%2FLQXiglPKxXb6TbCWoFq2dNmtJIj6xezGYNQcpOiflre0M4wxHMQIE8G2VJDMShGj9TMkoF2Qxx2li6Y%2BYR70vCmArVq2O2TLbBjrzsU9i4zGxdde7e5E%2B%2Bc12dlLiyzrWNhKpa08sUZybi3%2FACALLhx3s%2BiNeY8%3D HTTP 302
  • https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
SSO.ping
fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/
Redirect Chain
  • https://bankofamerica.invisionapp.com/
  • https://fedsso.bankofamerica.com/idp/SSO.saml2?SAMLRequest=jVJdT8IwFP0rS9%2F36SbaMBKEGElQCEMffDFddyuNWzt7O9R%2FbxliMEbiU5PTc%2B%2F5yB0ia%2BqWjju7USt47QCt997UCmn%2FkZPOKKoZSqSKNYDUclqMb%2Bc0CSLaGm01...
  • https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping
316 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
493d04e44c370ecf8f591b6cab9a973f6d886c461fa2910f4682efd782d1cb6d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Tue, 14 Dec 2021 04:01:56 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
no-cache, no-store
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Type
text/html;charset=utf-8
WWW-Authenticate
Negotiate
Content-Length
316
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Expect-CT
max-age=3600, enforce
X-Frame-Options
SAMEORIGIN
Keep-Alive
timeout=5, max=19999
Connection
Keep-Alive

Redirect headers

Date
Tue, 14 Dec 2021 04:01:56 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
no-cache, no-store
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Type
text/html;charset=utf-8
Location
https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping
Content-Length
0
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Expect-CT
max-age=3600, enforce
X-Frame-Options
SAMEORIGIN
Keep-Alive
timeout=5, max=20000
Connection
Keep-Alive
Primary Request SSO.ping
fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/
Redirect Chain
  • https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping
  • https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
8 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
74ce0ce1f22045fad393ddcd9cc1ab806640261051be06ec094396a263737a09
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping

Response headers

Date
Tue, 14 Dec 2021 04:01:56 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
no-cache, no-store
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Type
text/html;charset=utf-8
X-Frame-Options
DENY
Content-Length
7810
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Expect-CT
max-age=3600, enforce
Keep-Alive
timeout=5, max=19997
Connection
Keep-Alive

Redirect headers

Date
Tue, 14 Dec 2021 04:01:56 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
no-cache, no-store
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Type
text/html;charset=utf-8
WWW-Authenticate
Negotiate
Location
https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Content-Length
0
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Expect-CT
max-age=3600, enforce
Keep-Alive
timeout=5, max=19998
Connection
Keep-Alive
custom.css
fedsso.bankofamerica.com/assets/sso/css/ 		336 KB
338 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/css/custom.css
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
5b1aa720d0f27536e50848c653deb9d552302a72716f4e00affe02e48306dbd6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fedsso.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 14 Dec 2021 04:01:56 GMT
Referrer-Policy
origin
Last-Modified
Mon, 15 Nov 2021 17:22:32 GMT
Expect-CT
max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Connection
Keep-Alive
Content-Type
text/css
Keep-Alive
timeout=5, max=19996
Content-Length
344266
X-XSS-Protection
1; mode=block
main-v2.css
fedsso.bankofamerica.com/assets/sso/css/ 		9 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/css/main-v2.css
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fedsso.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 14 Dec 2021 04:01:56 GMT
Referrer-Policy
origin
Last-Modified
Mon, 15 Nov 2021 17:22:32 GMT
Expect-CT
max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Connection
Keep-Alive
Content-Type
text/css
Keep-Alive
timeout=5, max=20000
Content-Length
9194
X-XSS-Protection
1; mode=block
urlmunger.js
fedsso.bankofamerica.com/assets/sso/js/ 		2 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/js/urlmunger.js
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
dd140cd58ef404f5000c4630a30b579380f93c24ecf592291ad9ecee0d392e49
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fedsso.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 14 Dec 2021 04:01:56 GMT
Referrer-Policy
origin
Last-Modified
Mon, 15 Nov 2021 17:22:32 GMT
Expect-CT
max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=5, max=20000
Content-Length
2534
X-XSS-Protection
1; mode=block
bofa-logo-new.svg
fedsso.bankofamerica.com/assets/sso/images/ 		7 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fedsso.bankofamerica.com/assets/sso/images/bofa-logo-new.svg
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fedsso.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 14 Dec 2021 04:01:57 GMT
Referrer-Policy
origin
Last-Modified
Mon, 15 Nov 2021 17:22:32 GMT
Expect-CT
max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Connection
Keep-Alive
Content-Type
image/svg+xml
Keep-Alive
timeout=5, max=19998
Content-Length
7544
X-XSS-Protection
1; mode=block
jquery-3.5.1.min.js
fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 		87 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/jquery-3.5.1.min.js
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fedsso.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 14 Dec 2021 04:01:57 GMT
Referrer-Policy
origin
Last-Modified
Mon, 15 Nov 2021 17:22:32 GMT
Expect-CT
max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=5, max=19999
Content-Length
89476
X-XSS-Protection
1; mode=block
popper.min.js
fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 		18 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/popper.min.js
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
a9dd7bbfe22d33e4a3efa2564c3374512177cfcf4b7224e5061b9fa36d77c676
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fedsso.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 14 Dec 2021 04:01:57 GMT
Referrer-Policy
origin
Last-Modified
Mon, 15 Nov 2021 17:22:32 GMT
Expect-CT
max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=5, max=19995
Content-Length
18508
X-XSS-Protection
1; mode=block
bootstrap.bundle.min.js
fedsso.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/ 		82 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/bootstrap.bundle.min.js
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fedsso.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 14 Dec 2021 04:01:57 GMT
Referrer-Policy
origin
Last-Modified
Mon, 15 Nov 2021 17:22:32 GMT
Expect-CT
max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=5, max=19999
Content-Length
84378
X-XSS-Protection
1; mode=block
Connections.woff
fedsso.bankofamerica.com/assets/sso/fonts/connections/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/fonts/connections/Connections.woff
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/sso/css/main-v2.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://fedsso.bankofamerica.com/
Origin
https://fedsso.bankofamerica.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 14 Dec 2021 04:01:57 GMT
Referrer-Policy
origin
Last-Modified
Mon, 15 Nov 2021 17:22:32 GMT
Expect-CT
max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Connection
Keep-Alive
Content-Type
application/font-woff
Keep-Alive
timeout=5, max=19994
Content-Length
41744
X-XSS-Protection
1; mode=block
brand-icons.ttf
fedsso.bankofamerica.com/assets/sso/fonts/connections/ 		58 KB
60 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/fonts/connections/brand-icons.ttf?a4g4ix
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/sso/css/custom.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
88f0d1a9244a6c09b83c776235ef64e2b6cd54ff8614143a79cf1c3813d1d503
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://fedsso.bankofamerica.com/
Origin
https://fedsso.bankofamerica.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 14 Dec 2021 04:01:57 GMT
Referrer-Policy
origin
Last-Modified
Mon, 15 Nov 2021 17:22:32 GMT
Expect-CT
max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Connection
Keep-Alive
Content-Type
application/x-font-ttf
Keep-Alive
timeout=5, max=19993
Content-Length
59728
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| envSpecificICP function| returnEnvSpecificICP function| returnEnvPasswordURL function| returnEnvPasswordText function| returnICAEnvURL function| removeSpace function| $ function| jQuery object| Popper object| bootstrap

7 Cookies

Domain/Path Name / Value
.invisionapp.com/ Name: DEVICE
Value: desktop
.invisionapp.com/ Name: DEVICEEXPERIENCE
Value: desktop
.invisionapp.com/ Name: XSRF-TOKEN
Value: dwNVUc1SiJG56TkBXh30vXUbU6SgE_m0zAqQsDrC9f8
fedsso.bankofamerica.com/ Name: bac_persist
Value: 358952357.24515.0000
.bankofamerica.com/ Name: _bofalid
Value: J3AEby22PfftuN9QJ6G6dOX7ncnmHxQ8MnqxHJw8SpU=
fedsso.bankofamerica.com/ Name: PF
Value: MpHniaohjFcupneGfZ2PNekL3hm4DRWkx4mEtDXL3yJP
.fedsso.bankofamerica.com/ Name: TS0196f782
Value: 014074c582f9d0969fb260abde5795f6e14bebef2058466ad1dda8e4e0b7b0f404190eec9d562efc59482618644118c9a10c86ff41eaeced750f96a92845067cac723498e94b55f634faecd34d9d40052dcd432ddf8c975e68066681a8042a814312ff6f16

4 Console Messages

Source Level URL
Text
network error URL: https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
security error URL: https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping
Message:
The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '*.baml.com*.bluematrix.com'. It will be ignored.
security error URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Message:
The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '*.baml.com*.bluematrix.com'. It will be ignored.
security error URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping(Line 17)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block