fedsso.bankofamerica.com
Open in
urlscan Pro
171.161.146.123
Public Scan
Effective URL: https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Submission: On December 14 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Entrust Certification Authority - L1M on June 8th 2021. Valid for: a year.
This is the only time fedsso.bankofamerica.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700::68... 2606:4700::6811:51f1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 13 | 171.161.146.123 171.161.146.123 | 10794 (BANKAMERICA) (BANKAMERICA) | |
11 | 1 |
ASN10794 (BANKAMERICA, US)
PTR: fedsso-pf-rtx-ext-vip.bankofamerica.com
fedsso.bankofamerica.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
bankofamerica.com
2 redirects
fedsso.bankofamerica.com |
673 KB |
1 |
invisionapp.com
1 redirects
bankofamerica.invisionapp.com |
1 KB |
11 | 2 |
Domain | Requested by | |
---|---|---|
13 | fedsso.bankofamerica.com |
2 redirects
fedsso.bankofamerica.com
|
1 | bankofamerica.invisionapp.com | 1 redirects |
11 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
pns.bankofamerica.com |
password.bankofamerica.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
fedsso.bankofamerica.com Entrust Certification Authority - L1M |
2021-06-08 - 2022-06-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping
Frame ID: 3C177D9CDED5696738BF9A17A76368EE
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Bank of America: Sign OnPage URL History Show full URLs
-
https://bankofamerica.invisionapp.com/
HTTP 302
https://fedsso.bankofamerica.com/idp/SSO.saml2?SAMLRequest=jVJdT8IwFP0rS9%2F36SbaMBKEGElQCEMffDFddyuNWzt7O9R%... HTTP 302
https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping Page URL
-
https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping
HTTP 302
https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Get Standard ID (opens in a new window)
Search URL Search Domain Scan URL
Title: Forgot Password?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bankofamerica.invisionapp.com/
HTTP 302
https://fedsso.bankofamerica.com/idp/SSO.saml2?SAMLRequest=jVJdT8IwFP0rS9%2F36SbaMBKEGElQCEMffDFddyuNWzt7O9R%2FbxliMEbiU5PTc%2B%2F5yB0ia%2BqWjju7USt47QCt997UCmn%2FkZPOKKoZSqSKNYDUclqMb%2Bc0CSLaGm011zXxZtOcPMU8ObvMxMAXcB77acmFz8pB5jMohai4uEizS%2BI9gEGpVU7cBjeI2MFMoWXKOihKYj9O%2FDhdRymNYpplj8RbfslcSVVJ9XzaU7knIb1Zr5f%2BclGsiTdGBGOd6EQr7BowBZit5HC%2FmudkY22LNAxLpl60cPuM5CyQait3NlnbBlw3IaIOmSuJeFNXkVTM9hkOwwIqxwh%2B7tjNyaoNi2IR7NpMyGi4e2kf2hz1fDoSO9gno3%2BZHYZHKnvJlt458my61LXkH961Ng2zf6vGQdwjsvJFT6Wdwha4FBIq12dd67eJAWYhJ9Z04IKFv2W%2BwePrGn0C&RelayState=%3FredirHash%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=hRR2YDmB%2BT5%2FLQXiglPKxXb6TbCWoFq2dNmtJIj6xezGYNQcpOiflre0M4wxHMQIE8G2VJDMShGj9TMkoF2Qxx2li6Y%2BYR70vCmArVq2O2TLbBjrzsU9i4zGxdde7e5E%2B%2Bc12dlLiyzrWNhKpa08sUZybi3%2FACALLhx3s%2BiNeY8%3D HTTP 302
https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping Page URL
-
https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping
HTTP 302
https://fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/SSO.ping Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bankofamerica.invisionapp.com/ HTTP 302
- https://fedsso.bankofamerica.com/idp/SSO.saml2?SAMLRequest=jVJdT8IwFP0rS9%2F36SbaMBKEGElQCEMffDFddyuNWzt7O9R%2FbxliMEbiU5PTc%2B%2F5yB0ia%2BqWjju7USt47QCt997UCmn%2FkZPOKKoZSqSKNYDUclqMb%2Bc0CSLaGm011zXxZtOcPMU8ObvMxMAXcB77acmFz8pB5jMohai4uEizS%2BI9gEGpVU7cBjeI2MFMoWXKOihKYj9O%2FDhdRymNYpplj8RbfslcSVVJ9XzaU7knIb1Zr5f%2BclGsiTdGBGOd6EQr7BowBZit5HC%2FmudkY22LNAxLpl60cPuM5CyQait3NlnbBlw3IaIOmSuJeFNXkVTM9hkOwwIqxwh%2B7tjNyaoNi2IR7NpMyGi4e2kf2hz1fDoSO9gno3%2BZHYZHKnvJlt458my61LXkH961Ng2zf6vGQdwjsvJFT6Wdwha4FBIq12dd67eJAWYhJ9Z04IKFv2W%2BwePrGn0C&RelayState=%3FredirHash%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=hRR2YDmB%2BT5%2FLQXiglPKxXb6TbCWoFq2dNmtJIj6xezGYNQcpOiflre0M4wxHMQIE8G2VJDMShGj9TMkoF2Qxx2li6Y%2BYR70vCmArVq2O2TLbBjrzsU9i4zGxdde7e5E%2B%2Bc12dlLiyzrWNhKpa08sUZybi3%2FACALLhx3s%2BiNeY8%3D HTTP 302
- https://fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/SSO.ping
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
SSO.ping
fedsso.bankofamerica.com/idp/hlTM8/resumeSAML20/idp/ Redirect Chain
|
316 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
SSO.ping
fedsso.bankofamerica.com/idp/wutv9_hlTM8/resumeSAML20/idp/ Redirect Chain
|
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.css
fedsso.bankofamerica.com/assets/sso/css/ |
336 KB 338 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-v2.css
fedsso.bankofamerica.com/assets/sso/css/ |
9 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
urlmunger.js
fedsso.bankofamerica.com/assets/sso/js/ |
2 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bofa-logo-new.svg
fedsso.bankofamerica.com/assets/sso/images/ |
7 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ |
87 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
popper.min.js
fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ |
18 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.bundle.min.js
fedsso.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/ |
82 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Connections.woff
fedsso.bankofamerica.com/assets/sso/fonts/connections/ |
41 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
brand-icons.ttf
fedsso.bankofamerica.com/assets/sso/fonts/connections/ |
58 KB 60 KB |
Font
application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| envSpecificICP function| returnEnvSpecificICP function| returnEnvPasswordURL function| returnEnvPasswordText function| returnICAEnvURL function| removeSpace function| $ function| jQuery object| Popper object| bootstrap7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.invisionapp.com/ | Name: DEVICE Value: desktop |
|
.invisionapp.com/ | Name: DEVICEEXPERIENCE Value: desktop |
|
.invisionapp.com/ | Name: XSRF-TOKEN Value: dwNVUc1SiJG56TkBXh30vXUbU6SgE_m0zAqQsDrC9f8 |
|
fedsso.bankofamerica.com/ | Name: bac_persist Value: 358952357.24515.0000 |
|
.bankofamerica.com/ | Name: _bofalid Value: J3AEby22PfftuN9QJ6G6dOX7ncnmHxQ8MnqxHJw8SpU= |
|
fedsso.bankofamerica.com/ | Name: PF Value: MpHniaohjFcupneGfZ2PNekL3hm4DRWkx4mEtDXL3yJP |
|
.fedsso.bankofamerica.com/ | Name: TS0196f782 Value: 014074c582f9d0969fb260abde5795f6e14bebef2058466ad1dda8e4e0b7b0f404190eec9d562efc59482618644118c9a10c86ff41eaeced750f96a92845067cac723498e94b55f634faecd34d9d40052dcd432ddf8c975e68066681a8042a814312ff6f16 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.sentieo.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.sentieo.com |
Strict-Transport-Security | max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bankofamerica.invisionapp.com
fedsso.bankofamerica.com
171.161.146.123
2606:4700::6811:51f1
493d04e44c370ecf8f591b6cab9a973f6d886c461fa2910f4682efd782d1cb6d
4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5
5b1aa720d0f27536e50848c653deb9d552302a72716f4e00affe02e48306dbd6
6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2
74ce0ce1f22045fad393ddcd9cc1ab806640261051be06ec094396a263737a09
88f0d1a9244a6c09b83c776235ef64e2b6cd54ff8614143a79cf1c3813d1d503
91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2
a9dd7bbfe22d33e4a3efa2564c3374512177cfcf4b7224e5061b9fa36d77c676
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
dd140cd58ef404f5000c4630a30b579380f93c24ecf592291ad9ecee0d392e49
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d