Submitted URL: https://mcoeorigin2.bankofamerica.com/
Effective URL: https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&...
Submission: On December 19 via automatic, source certstream-suspicious

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 171.159.227.7, located in United States and belongs to BANKAMERICA - Bank of America, National Association, US. The main domain is ssologon-prd.sm.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on November 7th 2019. Valid for: a year.
This is the only time ssologon-prd.sm.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 216.178.242.201 11303 (DATARETURN)
1 1 171.159.226.35 10794 (BANKAMERICA)
1 8 171.159.227.7 10794 (BANKAMERICA)
8 2
Domain Requested by
8 ssologon-prd.sm.bankofamerica.com 1 redirects mcoeorigin2.bankofamerica.com
ssologon-prd.sm.bankofamerica.com
1 fedsso.bankofamerica.com 1 redirects
1 mcoeorigin2.bankofamerica.com
8 3

This site contains links to these domains. Also see Links.

Domain
password.bankofamerica.com
pns.bankofamerica.com
Subject Issuer Validity Valid
mcoe.bankofamerica.com
Entrust Certification Authority - L1M
2019-01-30 -
2020-01-30
a year crt.sh
ssologon-prd-rva.bankofamerica.com
Entrust Certification Authority - L1M
2019-11-07 -
2020-11-07
a year crt.sh

This page contains 1 frames:

Primary Page: https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
Frame ID: 66DB768C992E8425A29BE32604124E8E
Requests: 8 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://mcoeorigin2.bankofamerica.com/ Page URL
  2. https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=McoeAuthor6Prod HTTP 302
    https://ssologon-prd.sm.bankofamerica.com/fed/ssologon.html?resumePath=%2Fidp%2FZ2wrL%2FresumeSAML20%2Fidp%2FstartSSO.... HTTP 302
    https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

2
IPs

1
Countries

73 kB
Transfer

70 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mcoeorigin2.bankofamerica.com/ Page URL
  2. https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=McoeAuthor6Prod HTTP 302
    https://ssologon-prd.sm.bankofamerica.com/fed/ssologon.html?resumePath=%2Fidp%2FZ2wrL%2FresumeSAML20%2Fidp%2FstartSSO.ping HTTP 302
    https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set /
mcoeorigin2.bankofamerica.com/
2 KB
2 KB
Document
General
Full URL
https://mcoeorigin2.bankofamerica.com/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
216.178.242.201 , United States, ASN11303 (DATARETURN - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Apache/2.4.39 (IUS) Communique/4.3.2 /
Resource Hash
5f719b3c4ebf3d2c815795a1d6f408e500295dae5bd0feab44ca8de1381f4332

Request headers

Host
mcoeorigin2.bankofamerica.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

Date
Thu, 19 Dec 2019 20:17:46 GMT
Server
Apache/2.4.39 (IUS) Communique/4.3.2
Cache-Control
private, max-age=0, no-cache, no-store
Content-Length
1799
Content-Type
text/html; charset=UTF-8
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Set-Cookie
NSC_43118_216.178.242.201_TTM443=ffffffff0990a10a45525d5f4f58455e445a4a423661;expires=Thu, 19-Dec-2019 20:19:46 GMT;path=/;secure;httponly
Primary Request sso_login.fcc
ssologon-prd.sm.bankofamerica.com/unauthorized/
Redirect Chain
  • https://fedsso.bankofamerica.com/idp/startSSO.ping?PartnerSpId=McoeAuthor6Prod
  • https://ssologon-prd.sm.bankofamerica.com/fed/ssologon.html?resumePath=%2Fidp%2FZ2wrL%2FresumeSAML20%2Fidp%2FstartSSO.ping
  • https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCG...
8 KB
9 KB
Document
General
Full URL
https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
Requested by
Host: mcoeorigin2.bankofamerica.com
URL: https://mcoeorigin2.bankofamerica.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.159.227.7 , United States, ASN10794 (BANKAMERICA - Bank of America, National Association, US),
Reverse DNS
Software
/
Resource Hash
c770ac2cc834498ffeca563563dab32c6a97d66f55ec33e30d2af832dcc9f39d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Host
ssologon-prd.sm.bankofamerica.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
same-site
Sec-Fetch-Mode
navigate
Referer
https://mcoeorigin2.bankofamerica.com/
Accept-Encoding
gzip, deflate, br
Cookie
bac_persist=2603136683.58430.0000; TS01157efa=0176872a98fcb43fa17bb2c2be72f9dc708310f12844bedee41eb5990577e863915e098fd9e80a851a33bdfe170c4601f3d569a2e5
Origin
https://mcoeorigin2.bankofamerica.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://mcoeorigin2.bankofamerica.com/

Response headers

Date
Thu, 19 Dec 2019 20:17:19 GMT
Cache-Control
no-store no-store, no-cache, must-revalidate, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Length
8510
Pragma
no-cache
X-FRAME-OPTIONS
SAMEORIGIN
Keep-Alive
timeout=5, max=511
Connection
Keep-Alive
Content-Type
text/html;charset=UTF-8

Redirect headers

Date
Thu, 19 Dec 2019 20:17:19 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
no-store
Location
https://ssologon-prd.sm.bankofamerica.com:443/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
Content-Length
623
Keep-Alive
timeout=5, max=512
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
Set-Cookie
bac_persist=2603136683.58430.0000; path=/ TS01157efa=0176872a98fcb43fa17bb2c2be72f9dc708310f12844bedee41eb5990577e863915e098fd9e80a851a33bdfe170c4601f3d569a2e5; Path=/
common.js
ssologon-prd.sm.bankofamerica.com/unauthorized/
319 B
741 B
Script
General
Full URL
https://ssologon-prd.sm.bankofamerica.com/unauthorized/common.js
Requested by
Host: ssologon-prd.sm.bankofamerica.com
URL: https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.159.227.7 , United States, ASN10794 (BANKAMERICA - Bank of America, National Association, US),
Reverse DNS
Software
/
Resource Hash
e3f882db2ef93035a6b9cb36615614f3ed0b261fd5a4c2b73949cb76156650c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Dec 2019 20:17:19 GMT
Last-Modified
Fri, 19 Apr 2019 18:32:08 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=510
Content-Length
319
security.js
ssologon-prd.sm.bankofamerica.com/unauthorized/
2 KB
2 KB
Script
General
Full URL
https://ssologon-prd.sm.bankofamerica.com/unauthorized/security.js
Requested by
Host: ssologon-prd.sm.bankofamerica.com
URL: https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.159.227.7 , United States, ASN10794 (BANKAMERICA - Bank of America, National Association, US),
Reverse DNS
Software
/
Resource Hash
56fd78e6e4f6ade1c29af2c13b1f6fc954d74a1f9b714bf75a377fb97dc0ddcc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Dec 2019 20:17:19 GMT
Last-Modified
Fri, 19 Apr 2019 18:32:08 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=509
Content-Length
2119
urlmunger.js
ssologon-prd.sm.bankofamerica.com/unauthorized/
2 KB
2 KB
Script
General
Full URL
https://ssologon-prd.sm.bankofamerica.com/unauthorized/urlmunger.js
Requested by
Host: ssologon-prd.sm.bankofamerica.com
URL: https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.159.227.7 , United States, ASN10794 (BANKAMERICA - Bank of America, National Association, US),
Reverse DNS
Software
/
Resource Hash
73d84e8c3faaeac55216473f074962d6d4527b51cdd2e3ec832d95c6b2ca3271
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Dec 2019 20:17:19 GMT
Last-Modified
Fri, 19 Apr 2019 18:32:08 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=508
Content-Length
1837
styles.css
ssologon-prd.sm.bankofamerica.com/unauthorized/
7 KB
7 KB
Stylesheet
General
Full URL
https://ssologon-prd.sm.bankofamerica.com/unauthorized/styles.css
Requested by
Host: ssologon-prd.sm.bankofamerica.com
URL: https://ssologon-prd.sm.bankofamerica.com/unauthorized/common.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.159.227.7 , United States, ASN10794 (BANKAMERICA - Bank of America, National Association, US),
Reverse DNS
Software
/
Resource Hash
c3b5b815c46a872a15e3a4ed97155ba31c9cbb967e1cfe7ee2c13b3dfb9f1728
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Dec 2019 20:17:19 GMT
Last-Modified
Fri, 19 Apr 2019 18:32:08 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/css
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=507
Content-Length
6839
ssoBackgroundTall.jpg
ssologon-prd.sm.bankofamerica.com/unauthorized/images/
44 KB
44 KB
Image
General
Full URL
https://ssologon-prd.sm.bankofamerica.com/unauthorized/images/ssoBackgroundTall.jpg
Requested by
Host: ssologon-prd.sm.bankofamerica.com
URL: https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.159.227.7 , United States, ASN10794 (BANKAMERICA - Bank of America, National Association, US),
Reverse DNS
Software
/
Resource Hash
efb581113a223be8e863e55bb71326d4a03f9127f0625afd1e36ece3a4bc38a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://ssologon-prd.sm.bankofamerica.com/unauthorized/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Dec 2019 20:17:19 GMT
Last-Modified
Fri, 19 Apr 2019 18:32:08 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
image/jpeg
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=506
Content-Length
44675
ssoTitleSSO.gif
ssologon-prd.sm.bankofamerica.com/unauthorized/images/
5 KB
6 KB
Image
General
Full URL
https://ssologon-prd.sm.bankofamerica.com/unauthorized/images/ssoTitleSSO.gif
Requested by
Host: ssologon-prd.sm.bankofamerica.com
URL: https://ssologon-prd.sm.bankofamerica.com/unauthorized/sso_login.fcc?TYPE=33554433&REALMOID=06-000cece4-668d-10a5-a7a1-c5baabc51086&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$kDrp6N0iE8S2fVFCGz6dIOYvylhMFqW%2fXkCTqtkamaLHivwXr0zE%2bAL9hLT6DKbY&TARGET=$SM$HTTPS%3a%2f%2fssologon-prd%2esm%2ebankofamerica%2ecom%2ffed%2fssologon%2ehtml%3fresumePath%3d$%2Fidp$%2FZ2wrL$%2FresumeSAML20$%2Fidp$%2FstartSSO%2eping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
171.159.227.7 , United States, ASN10794 (BANKAMERICA - Bank of America, National Association, US),
Reverse DNS
Software
/
Resource Hash
6165df0a84d64f75902c52e1f73da04208705f935f572a95dd818c83b7d46254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://ssologon-prd.sm.bankofamerica.com/unauthorized/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Dec 2019 20:17:19 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Fri, 19 Apr 2019 18:32:08 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Upgrade
h2,h2c
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
image/gif
Keep-Alive
timeout=5, max=512
Content-Length
5448

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| includeCSSfile function| checkBasicXssCharsName function| checkForXssCharsInURL function| isSiteminderCookieValid function| doTrim function| isNumber function| envSpecificICP function| returnEnvSpecificICP function| implSecurity function| doTest function| errorMessage function| errorMessageMobile function| ValidateForm function| showHints function| showIDHint function| showpasswordHint object| ismobile function| checkbrowsersource function| handleEnter object| theBody

2 Cookies

Domain/Path Name / Value
ssologon-prd.sm.bankofamerica.com/ Name: TS01157efa
Value: 0176872a98fcb43fa17bb2c2be72f9dc708310f12844bedee41eb5990577e863915e098fd9e80a851a33bdfe170c4601f3d569a2e5
ssologon-prd.sm.bankofamerica.com/ Name: bac_persist
Value: 2603136683.58430.0000