urlscan.io logo urlscan.io
SecurityTrails logo

fedsso-pp.bankofamerica.com Open in urlscan Pro
171.162.61.83  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://beaconbankingcrm2-pp.bankofamerica.com/
Effective URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2...
Submission: On June 15 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 171.162.61.83, located in United States and belongs to BOFABROKERDEALERSVCS, US. The main domain is fedsso-pp.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on May 23rd 2022. Valid for: a year.
This is the only time fedsso-pp.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 171.161.40.130 10794 (BANKAMERICA)
10 171.162.61.83 19886 (BOFABROKE...)
10 1
Apex Domain
Subdomains		 Transfer
11 bankofamerica.com
beaconbankingcrm2-pp.bankofamerica.com
fedsso-pp.bankofamerica.com
675 KB
10 1
Domain Requested by
10 fedsso-pp.bankofamerica.com fedsso-pp.bankofamerica.com
1 beaconbankingcrm2-pp.bankofamerica.com 1 redirects
10 2

This site contains links to these domains. Also see Links.

Domain
pns.bankofamerica.com
cdsnfeed.bankofamerica.com
Subject Issuer Validity Valid
fedsso-pp.bankofamerica.com
Entrust Certification Authority - L1M		 2022-05-23 -
2023-05-23		 a year crt.sh

This page contains 1 frames:

Primary Page: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Frame ID: A92C73FA110A9B654444630195E3972E
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bank of America: Sign On

Page URL History Show full URLs

  1. https://beaconbankingcrm2-pp.bankofamerica.com/ HTTP 302
    https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redire... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

673 kB
Transfer

651 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://beaconbankingcrm2-pp.bankofamerica.com/ HTTP 302
    https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authorization.oauth2
fedsso-pp.bankofamerica.com/as/
Redirect Chain
  • https://beaconbankingcrm2-pp.bankofamerica.com/
  • https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=ey...
8 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
609cf804e9c522acc94bca8801ca0582c10127a6bef991b0dfe4205147b3f846
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
8095
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Content-Type
text/html;charset=utf-8
Date
Wed, 15 Jun 2022 19:19:02 GMT
Expect-CT
max-age=3600, enforce max-age=3600, enforce
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=20000
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Date
Wed, 15 Jun 2022 19:18:56 GMT
Keep-Alive
timeout=5, max=512
Location
https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Frame-Options
DENY
cache-control
no-cache,no-store,max-age=0
content-length
0
expires
0
pragma
no-cache
custom.css
fedsso-pp.bankofamerica.com/assets/sso/css/ 		336 KB
338 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/sso/css/custom.css
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
5b1aa720d0f27536e50848c653deb9d552302a72716f4e00affe02e48306dbd6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-pp.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Wed, 15 Jun 2022 19:19:02 GMT
Referrer-Policy
origin
Last-Modified
Mon, 02 May 2022 14:57:00 GMT
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Connection
Keep-Alive
Content-Type
text/css
Keep-Alive
timeout=5, max=19999
Content-Length
344266
X-XSS-Protection
1; mode=block
main-v2.css
fedsso-pp.bankofamerica.com/assets/sso/css/ 		9 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/sso/css/main-v2.css
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-pp.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Wed, 15 Jun 2022 19:19:02 GMT
Referrer-Policy
origin
Last-Modified
Mon, 02 May 2022 14:57:00 GMT
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Connection
Keep-Alive
Content-Type
text/css
Keep-Alive
timeout=5, max=20000
Content-Length
9194
X-XSS-Protection
1; mode=block
urlmunger.js
fedsso-pp.bankofamerica.com/assets/sso/js/ 		3 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/sso/js/urlmunger.js
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
9e946520650585de4e6a4215d60df23ac01cb2a96f9bd71c2e1fd37632442633
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-pp.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Wed, 15 Jun 2022 19:19:02 GMT
Referrer-Policy
origin
Last-Modified
Mon, 02 May 2022 14:57:00 GMT
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=5, max=20000
Content-Length
3388
X-XSS-Protection
1; mode=block
bofa-logo-new.svg
fedsso-pp.bankofamerica.com/assets/sso/images/ 		7 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fedsso-pp.bankofamerica.com/assets/sso/images/bofa-logo-new.svg
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-pp.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Wed, 15 Jun 2022 19:19:03 GMT
Referrer-Policy
origin
Last-Modified
Mon, 02 May 2022 14:57:00 GMT
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Connection
Keep-Alive
Content-Type
image/svg+xml
Keep-Alive
timeout=5, max=20000
Content-Length
7544
X-XSS-Protection
1; mode=block
jquery-3.5.1.min.js
fedsso-pp.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 		87 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/jquery-3.5.1.min.js
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-pp.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Wed, 15 Jun 2022 19:19:02 GMT
Referrer-Policy
origin
Last-Modified
Mon, 02 May 2022 14:57:00 GMT
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=5, max=19999
Content-Length
89476
X-XSS-Protection
1; mode=block
popper.min.js
fedsso-pp.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 		18 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/popper.min.js
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
a9dd7bbfe22d33e4a3efa2564c3374512177cfcf4b7224e5061b9fa36d77c676
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-pp.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Wed, 15 Jun 2022 19:19:03 GMT
Referrer-Policy
origin
Last-Modified
Mon, 02 May 2022 14:57:00 GMT
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=5, max=19998
Content-Length
18508
X-XSS-Protection
1; mode=block
bootstrap.bundle.min.js
fedsso-pp.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/ 		82 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/bootstrap.bundle.min.js
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-pp.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Wed, 15 Jun 2022 19:19:03 GMT
Referrer-Policy
origin
Last-Modified
Mon, 02 May 2022 14:57:00 GMT
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=5, max=19999
Content-Length
84378
X-XSS-Protection
1; mode=block
Connections.woff
fedsso-pp.bankofamerica.com/assets/sso/fonts/connections/ 		41 KB
43 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/sso/fonts/connections/Connections.woff
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/assets/sso/css/main-v2.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://fedsso-pp.bankofamerica.com/
Origin
https://fedsso-pp.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Wed, 15 Jun 2022 19:19:03 GMT
Referrer-Policy
origin
Last-Modified
Mon, 02 May 2022 14:57:00 GMT
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Connection
Keep-Alive
Content-Type
application/font-woff
Keep-Alive
timeout=5, max=19997
Content-Length
41744
X-XSS-Protection
1; mode=block
brand-icons.ttf
fedsso-pp.bankofamerica.com/assets/sso/fonts/connections/ 		58 KB
61 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/sso/fonts/connections/brand-icons.ttf?a4g4ix
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/assets/sso/css/custom.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
88f0d1a9244a6c09b83c776235ef64e2b6cd54ff8614143a79cf1c3813d1d503
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://fedsso-pp.bankofamerica.com/
Origin
https://fedsso-pp.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Wed, 15 Jun 2022 19:19:03 GMT
Referrer-Policy
origin
Last-Modified
Mon, 02 May 2022 14:57:00 GMT
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Connection
Keep-Alive
Content-Type
application/x-font-ttf
Keep-Alive
timeout=5, max=19998
Content-Length
59728
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| envSpecificICP function| returnEnvSpecificICP function| returnEnvPasswordURL function| returnEnvPasswordText function| returnICAEnvURL function| removeSpace function| $ function| jQuery object| Popper object| bootstrap

6 Cookies

Domain/Path Name / Value
beaconbankingcrm2-pp.bankofamerica.com/ Name: nonce.hpgLKd.1655579936
Value: 65b60d32-5066-45f0-a09b-a9d78fad95bc
beaconbankingcrm2-pp.bankofamerica.com/ Name: TS01a90bda
Value: 011e45b90946862de4e75ab3c59bea62c88dfac8fbb277b866aa8cf115eaeb4cc04d4a1441148563c3ff509400142e0febf4cef63507b0981a2d105ac223eeaee9f4233dc8566dfa96b0abb5aa2d0edf1180d6151b62dee02fca2749d80364f572a8c60e15
fedsso-pp.bankofamerica.com/ Name: PF
Value: BsG0QS7mV6jNooUkL0BOmP
fedsso-pp.bankofamerica.com/ Name: bac_persist
Value: 822095269.20380.0000
.bankofamerica.com/ Name: _bofalid
Value: ppl1zj2wPv6KG/rQkbLJCOKLMRXuri1z9Y6/d8HmMms=
.fedsso-pp.bankofamerica.com/ Name: TS01e4cf75
Value: 01b643161a43501fe8f01286f7b2b9983f261f087ab3527252795c38a2fc4d3eab095d0bf202678375c2e2c054d4a76810140e202b955178a14ca48f2464b0d6512e612e288245adb42355f9ca68751cd103aa6fa836a68a6ce741e343ae3a001b95be00a8

2 Console Messages

Source Level URL
Text
security error URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM
Message:
The source list for the Content Security Policy directive 'connect-src' contains an invalid source: '*.baml.com*.bluematrix.com'. It will be ignored.
security error URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A71121InsightCRM&redirect_uri=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWEiLCJzdWZmaXgiOiJocGdMS2QuMTY1NTU3OTkzNiJ9..5SZ4lygWsTgU8_y9ZFq8VA.fpU85XXw8783E2EpzxV20_a1RyAxwSRMBJ41bOVmAK2Y5h8Tbay5Y6Bmm38mFPir-oyzrjz76Qh-ehQF1BTq56735zXzXyMMRYo9dvIj9LBK-XvkA2uDLlwS_z1LOTEF.TVV3mRSD6_MkPFYBD1wikQ&nonce=Pw7nKkhcw9vWGb6RozHj6hlgQ2m7s_8Yuzlqin5PAeI&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fbeaconbankingcrm2-pp.bankofamerica.com%2F&vnd_pi_application_name=A71121InsightCRM(Line 17)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com*.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block