fedsso.bankofamerica.com Open in urlscan Pro
171.161.146.123 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=CSOD&TARGET=https%3A%2F%2Fbankofamerica.csod.com%252fDeepLink%252f...
Effective URL:
https://fedsso.bankofamerica.com/bofa-customform-ui/login
Submission Tags: falconsandbox
Submission: On April 26 via api (April 26th 2024, 10:42:13 pm UTC) from US — Scanned from DE

Summary HTTP 17 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 171.161.146.123, located in United States and belongs to BANKAMERICA, US. The main domain is fedsso.bankofamerica.com. The Cisco Umbrella rank of the primary domain is 231664.
TLS certificate: Issued by Entrust Certification Authority - L1M on November 14th 2023. Valid for: a year.

This is the only time fedsso.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	171.161.146.123 171.161.146.123	10794 (BANKAMERICA) (BANKAMERICA)
1	171.159.118.200 171.159.118.200	10794 (BANKAMERICA) (BANKAMERICA)
17	2

17 171.161.146.123 (United States) 1 redirects

ASN10794 (BANKAMERICA, US)
PTR: fedsso-pf-rtx-ext-vip.bankofamerica.com

fedsso.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 171.159.118.200 (United States)

ASN10794 (BANKAMERICA, US)

secure.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	bankofamerica.com 1 redirects fedsso.bankofamerica.com — Cisco Umbrella Rank: 231664 secure.bankofamerica.com — Cisco Umbrella Rank: 10899	689 KB
17	1

	Domain	Requested by
17	fedsso.bankofamerica.com	1 redirects fedsso.bankofamerica.com
1	secure.bankofamerica.com	fedsso.bankofamerica.com
17	2

This site contains links to these domains. Also see Links.

Domain
passwordreset.bankofamerica.com

Subject Issuer	Validity	Valid
fedsso-rtx-ext.bankofamerica.com Entrust Certification Authority - L1M	`2023-11-14` - `2024-12-14`	a year	crt.sh
secure.bankofamerica.com Entrust Certification Authority - L1M	`2024-03-28` - `2025-04-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Frame ID: 1A6B42707FFEE9B935978A259488A5CD
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank of America: Sign On

Page URL History Show full URLs

https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=CSOD&TARGET=https%3A%2F%2Fbankofamerica.csod.c... HTTP 302
https://fedsso.bankofamerica.com/bofa-customform-ui/login Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

fingerprint(\d)?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

687 kB
Transfer

671 kB
Size

11
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://passwordreset.bankofamerica.com/portal/
Title: Reset Password

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=CSOD&TARGET=https%3A%2F%2Fbankofamerica.csod.com%252fDeepLink%252fProcessRedirect.aspx%253fmodule%253dlaunchtraining%2526lo%253d13eaeea4-6e65-44be-a81f-2d61590fa608 HTTP 302
https://fedsso.bankofamerica.com/bofa-customform-ui/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login Show response
fedsso.bankofamerica.com/bofa-customform-ui/
Redirect Chain

https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=CSOD&TARGET=https%3A%2F%2Fbankofamerica.csod.com%252fDeepLink%252fProcessRedirect.aspx%253fmodule%253dlaunchtraining%2526lo%253d13eaee...
https://fedsso.bankofamerica.com/bofa-customform-ui/login

15 KB
18 KB

344ms
344ms

Document
text/html

171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

4b072e47c7b20551282e8baf1b8ee2adb9a377925c3de28dc6e0de9a1fad9e7b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Language: de-DE
Content-Length: 15391
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type: text/html;charset=iso-8859-1
Date: Fri, 26 Apr 2024 22:42:00 GMT
Expect-CT: max-age=3600, enforce
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=19999
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Redirect headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Length: 0
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type: text/html;charset=utf-8
Date: Fri, 26 Apr 2024 22:42:00 GMT
Expect-CT: max-age=3600, enforce
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=20000
Location: https://fedsso.bankofamerica.com/bofa-customform-ui/login
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Referrer-Policy: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK custom.css
fedsso.bankofamerica.com/assets/sso/css/ 337 KB
339 KB 158ms
157ms Stylesheet
text/css 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/css/custom.css

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

9d18d2e5bb3b3040fccd223e48163da5b4132f91b23275c4cf20ef95b1add1cd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: text/css
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19998
Content-Length: 345258
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main-v2.css
fedsso.bankofamerica.com/assets/sso/css/ 9 KB
11 KB 772ms
469ms Stylesheet
text/css 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/css/main-v2.css

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: text/css
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 9194
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK urlmunger.js Show response
fedsso.bankofamerica.com/assets/sso/js/ 5 KB
8 KB 625ms
319ms Script
application/javascript 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/js/urlmunger.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

74106ab5953cf4ccd89ed8984d7927f3b017db005432c08ca9a81f8f7c6edc9f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 5599
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK override.css
fedsso.bankofamerica.com/assets/css/ 991 B
3 KB 469ms
165ms Stylesheet
text/css 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/css/override.css

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

ea70ea5e863a0170c1f25c54cf2f460329d58b8c1ba07ffcbd7bc45f9cb2eb82

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: text/css
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 991
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK branding.css
fedsso.bankofamerica.com/assets/css/ 6 KB
8 KB 626ms
320ms Stylesheet
text/css 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/css/branding.css

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

96e3a4c65f45f4d38eb4fabb0d771ea59bbed2add345ab02c83dbe51b961c970

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: text/css
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 6429
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bofa-logo-new.svg
fedsso.bankofamerica.com/assets/sso/images/ 7 KB
10 KB 637ms
324ms Image
image/svg+xml 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fedsso.bankofamerica.com/assets/sso/images/bofa-logo-new.svg

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: image/svg+xml
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=20000
Content-Length: 7544
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery-3.5.1.min.js Show response
fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 89 KB
92 KB 307ms
306ms Script
application/javascript 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/jquery-3.5.1.min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

1e7b570b7ace598047c64b3a502a8b0bbb258bda0d1b7b791efe6cab4fd70663

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19999
Content-Length: 91596
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK popper.min.js Show response
fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/ 20 KB
22 KB 161ms
161ms Script
application/javascript 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/popper.min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

150c27a74fa12485127a0a2c6e25ed3838168dd0ade21202d6672270aac48a17

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19999
Content-Length: 20629
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.bundle.min.js Show response
fedsso.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/ 84 KB
87 KB 160ms
160ms Script
application/javascript 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/jslib/bootstrap/4.6/bootstrap.bundle.min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

ccc6c342feba584f715657b3df1224bbf6df8ba3911a7a9981a50d5a6b5ff6ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19998
Content-Length: 86499
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK browser-fingerprint.js Show response
fedsso.bankofamerica.com/assets/sso/js/ 5 KB
7 KB 160ms
159ms Script
application/javascript 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/js/browser-fingerprint.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

c0ec17e69ab560391e2ae87e4c98929aad4573cdee9d9920f7ffb7a990b45e5c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19997
Content-Length: 5265
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK vaultdetect-min.js Show response
fedsso.bankofamerica.com/assets/sso/js/ 8 KB
10 KB 161ms
160ms Script
application/javascript 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/js/vaultdetect-min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

81f1b807d2009cbc77567249564d46e51151066666395a5c460c6efeaf46c52b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19999
Content-Length: 8367
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK helper-min.js Show response
fedsso.bankofamerica.com/assets/sso/js/ 4 KB
6 KB 158ms
158ms Script
application/javascript 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/js/helper-min.js

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

8b9ff68441127edc43492df73941633ebc62059c1ea72029deb48a388faf477b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/javascript
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19999
Content-Length: 3771
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK iac Show response
secure.bankofamerica.com/login/rest/sas/sparta/ 37 KB
17 KB 1056ms
268ms Script
text/plain 171.159.118.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/login/rest/sas/sparta/iac

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/sso/jslib/jQuery/3.5.1/jquery-3.5.1.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.159.118.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Oops /

Resource Hash

a2f443c969064d1302b3a6b17f2d536dcb0109b9c727cf222e3fc0e5262d45e3

Security Headers

Name

Value

Content-Security-Policy

default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:03 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com www.glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com www.glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com;
X-BOA-RequestID: Ziwtu3gclmTWP8RBqmvfBwAAAgM
X-Serviced-By: 7Lcf/JURwOij9FX5x0gpRg==--pfa4fpk6/qvZ7rlPD7DyXw==
Transfer-Encoding: chunked
Connection: Keep-Alive
Pragma: no-cache
Server: Oops
Vary: Accept-Encoding
Content-Type: text/plain;charset=utf-8
Content-Language: en-US
Cache-Control: no-cache
Keep-Alive: timeout=40, max=493
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK bg.png
fedsso.bankofamerica.com/ 928 B
3 KB 166ms
166ms Image
image/png 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fedsso.bankofamerica.com/bg.png

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/css/branding.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

2a0748836fe72af93f362aeed6efe34f9e1f7eec05f2439d899aadb1b440de52

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
ETag: W/"gYF5iur9vVMgYF4BJ9zZPM"
Expect-CT: max-age=3600, enforce
Content-Type: image/png
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=19997
Content-Length: 928
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Connections.woff
fedsso.bankofamerica.com/assets/sso/fonts/connections/ 41 KB
43 KB 156ms
155ms Font
application/font-woff 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/assets/sso/fonts/connections/Connections.woff

Requested by

Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/sso/css/main-v2.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/
Origin: https://fedsso.bankofamerica.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy: origin
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options: nosniff
Expect-CT: max-age=3600, enforce
Content-Type: application/font-woff
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=0, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=19998
Content-Length: 41744
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found favicon.ico
fedsso.bankofamerica.com/ 637 B
3 KB 155ms
155ms Other
text/html 171.161.146.123
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://fedsso.bankofamerica.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

fedsso-pf-rtx-ext-vip.bankofamerica.com

Software

Resource Hash

097f3b0330b5872c0a044e2832b6d5a5f9ccb5d5315a3f3295be4f3fdbcc76de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fedsso.bankofamerica.com/bofa-customform-ui/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 26 Apr 2024 22:42:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified: Tue, 22 Apr 2014 13:08:10 GMT
ETag: "27d-4f7a14ec26280"
Expect-CT: max-age=3600, enforce
Vary: Referer
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=19996
Content-Length: 637
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
fedsso.bankofamerica.com/bofa-customform-ui	1969-12-31 23:59:59	Name: JSESSIONID Value: node014btt078w5x7t1a2ung9lvd734813510.node0
fedsso.bankofamerica.com/bofa-customform-ui	1969-12-31 23:59:59	Name: TS01d71ecc Value: 014074c5826708ed884e4e36fae592f2bff75264c50159857e98979162f42d80b18ec719c94095bf2d69ff0baec15ee502a5516b3d
fedsso.bankofamerica.com/	1969-12-31 23:59:59	Name: PF Value: anyAhhXGj6cEAR9KoeX6hSpEvfa2ji0g7qDS56mHaWDm
fedsso.bankofamerica.com/	1969-12-31 23:59:59	Name: bac_persist Value: 576990629.24515.0000
.bankofamerica.com/	1970-01-21 05:45:31	Name: _bofalid Value: S9Q6NIb51YP0Dmj2kSvHUvNEFTAEbu3MpIN8ry0xjow=
.fedsso.bankofamerica.com/	1969-12-31 23:59:59	Name: TS0193529a Value: 014074c5826708ed884e4e36fae592f2bff75264c50159857e98979162f42d80b18ec719c94095bf2d69ff0baec15ee502a5516b3d
secure.bankofamerica.com/	1969-12-31 23:59:59	Name: JS_VIPAA Value: 0000SrZlThGTcw-0Ru_X-qAOsew:1e7bn5geu
.bankofamerica.com/	1969-12-31 23:59:59	Name: SPID Value: Q2S1
.bankofamerica.com/	1969-12-31 23:59:59	Name: SID Value: 000AF9C96500662C2DBB
.secure.bankofamerica.com/	1969-12-31 23:59:59	Name: TS017f5af8 Value: 01a4133d1484a62fba97337cd1a3c53b247f3e691771c221e3e54ef58057ac83352e0682cfc87f983dffd62d24a49c1a4e08c8e74c
fedsso.bankofamerica.com/	1970-01-21 04:55:14	Name: _cc Value: ZjM4NGU0NWUtNzM0OC00ZWVl

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://fedsso.bankofamerica.com/bofa-customform-ui/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://fedsso.bankofamerica.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; img-src 'self' data: 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; connect-src 'self' 'unsafe-inline' wss: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; frame-src 'self' 'unsafe-inline' .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com; font-src 'self' 'unsafe-inline' data: .ml.com .bankofamerica.com .baml.com .bluematrix.com .thomsonreuters.com .thomsonreuters.biz .thomsonreuters.net .sentieo.com .refinitiv.com .refinitiv.biz .refinitiv.net .fmrco.com
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fedsso.bankofamerica.com
secure.bankofamerica.com
171.159.118.200
171.161.146.123
097f3b0330b5872c0a044e2832b6d5a5f9ccb5d5315a3f3295be4f3fdbcc76de
150c27a74fa12485127a0a2c6e25ed3838168dd0ade21202d6672270aac48a17
1e7b570b7ace598047c64b3a502a8b0bbb258bda0d1b7b791efe6cab4fd70663
2a0748836fe72af93f362aeed6efe34f9e1f7eec05f2439d899aadb1b440de52
4b072e47c7b20551282e8baf1b8ee2adb9a377925c3de28dc6e0de9a1fad9e7b
4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5
6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2
74106ab5953cf4ccd89ed8984d7927f3b017db005432c08ca9a81f8f7c6edc9f
81f1b807d2009cbc77567249564d46e51151066666395a5c460c6efeaf46c52b
8b9ff68441127edc43492df73941633ebc62059c1ea72029deb48a388faf477b
91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2
96e3a4c65f45f4d38eb4fabb0d771ea59bbed2add345ab02c83dbe51b961c970
9d18d2e5bb3b3040fccd223e48163da5b4132f91b23275c4cf20ef95b1add1cd
a2f443c969064d1302b3a6b17f2d536dcb0109b9c727cf222e3fc0e5262d45e3
c0ec17e69ab560391e2ae87e4c98929aad4573cdee9d9920f7ffb7a990b45e5c
ccc6c342feba584f715657b3df1224bbf6df8ba3911a7a9981a50d5a6b5ff6ab
ea70ea5e863a0170c1f25c54cf2f460329d58b8c1ba07ffcbd7bc45f9cb2eb82

fedsso.bankofamerica.com Open in urlscan Pro 171.161.146.123 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

687 kBTransfer

671 kBSize

11 Cookies

1 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

11 Cookies

2 Console Messages

Security Headers

Indicators

fedsso.bankofamerica.com Open in urlscan Pro
171.161.146.123 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

687 kB
Transfer

671 kB
Size

11
Cookies

17 HTTP transactions
0 data transactions