cmbsi.bankofamerica.com Open in urlscan Pro
171.161.146.147 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cmbsi.bankofamerica.com/
Effective URL:
https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6...
Submission Tags: @phishunt_io
Submission: On March 21 via api (March 21st 2024, 6:53:13 pm UTC) from DE — Scanned from DE

Summary HTTP 13 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 171.161.146.147, located in United States and belongs to BANKAMERICA, US. The main domain is cmbsi.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on November 20th 2023. Valid for: a year.

This is the only time cmbsi.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 14	171.161.146.147 171.161.146.147	10794 (BANKAMERICA) (BANKAMERICA)
1 1	171.161.146.123 171.161.146.123	10794 (BANKAMERICA) (BANKAMERICA)
13	1

14 171.161.146.147 (United States) 1 redirects

ASN10794 (BANKAMERICA, US)

cmbsi.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 171.161.146.123 (United States) 1 redirects

ASN10794 (BANKAMERICA, US)
PTR: fedsso-pf-rtx-ext-vip.bankofamerica.com

fedsso.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	bankofamerica.com 2 redirects cmbsi.bankofamerica.com fedsso.bankofamerica.com — Cisco Umbrella Rank: 555731	219 KB
13	1

	Domain	Requested by
14	cmbsi.bankofamerica.com	1 redirects cmbsi.bankofamerica.com
1	fedsso.bankofamerica.com	1 redirects
13	2

This site contains links to these domains. Also see Links.

Domain
business.bofa.com
corp.bankofamerica.com

Subject Issuer	Validity	Valid
cmbsi-prod.bankofamerica.com Entrust Certification Authority - L1M	`2023-11-20` - `2024-11-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
Frame ID: EEDB87659B128B334C88EF8FC503F11B
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CMBS Imaging Login Page

Page URL History Show full URLs

https://cmbsi.bankofamerica.com/ HTTP 302
https://fedsso.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A2039CMBSIMG1&redirect_... HTTP 302
https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica... Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

215 kB
Transfer

204 kB
Size

7
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://business.bofa.com/content/dam/flagship/gbgmr/global-privacy-notices/BofA-Institutional-Digital-Privacy-Notice.pdf
Title: Privacy & Security

Search URL Search Domain Scan URL

URL: http://corp.bankofamerica.com/public/support/termsconditions.jsp
Title: Terms & Conditions

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cmbsi.bankofamerica.com/ HTTP 302
https://fedsso.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A2039CMBSIMG1&redirect_uri=https%3A%2F%2Fcmbsi.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiNUxwRlplZnR3ZkY1OVR0VWdlM0xRQUUtYS1JIiwic3VmZml4IjoiRm5kUkM1LjE3MTEzMDYzODUifQ..Frxv_9OENhYOTH4JseuHBg.VMcYbtHWaM-NrQUOLmq-16wde0yN2W1ACbej0y9BVozdPPW6GBPtBKcU74oTv4nj4O7nK8DxUiLgH5aCic-ya1xPjJIPSU_29VL6UioHbbQ.ztL-i919hAA-DtU0el28Ww&nonce=_h9_fY-hoJL-lVQOccUq-sFvLm-iK3B-UgNTXKSBbR4&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1 HTTP 302
https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request cmbsinternetlogin.jsp Show response
cmbsi.bankofamerica.com/cmbs/jsp/
Redirect Chain

https://cmbsi.bankofamerica.com/
https://fedsso.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A2039CMBSIMG1&redirect_uri=https%3A%2F%2Fcmbsi.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGc...
https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https...

11 KB
12 KB

437ms
437ms

Document
text/html

171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

6a887d282ca9b92dd93e8b4598f332dc988547061710422760d03e85f26d07e2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate pre-check=0, post-check=0
Connection: Keep-Alive
Content-Length: 10781
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Mar 2024 18:53:06 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=511
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN SAMEORIGIN
X-XSS-Protection: 1; mode=block

Redirect headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Length: 0
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type: text/html;charset=utf-8
Date: Thu, 21 Mar 2024 18:53:06 GMT
Expect-CT: max-age=3600, enforce
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=20000
Location: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Referrer-Policy: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK util.js Show response
cmbsi.bankofamerica.com/cmbs/javascript/ 8 KB
9 KB 158ms
158ms Script
text/javascript 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/javascript/util.js

Requested by

Host: cmbsi.bankofamerica.com
URL: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

6a48ef8d531f54c65ca7c9f2e5733d680c12601b47cba3b1e94ea60121281b93

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
Date: Thu, 21 Mar 2024 18:53:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-store, no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=510
Content-Length: 8521
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK windowNameSetter.js Show response
cmbsi.bankofamerica.com/cmbs/javascript/ 412 B
1 KB 156ms
155ms Script
text/javascript 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/javascript/windowNameSetter.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

eb5edc81e23fc551bfda6e42b2f436725ca4174053b4a39d07df34d135990a5c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
Date: Thu, 21 Mar 2024 18:53:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-store, no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=509
Content-Length: 412
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK mouseover.js Show response
cmbsi.bankofamerica.com/cmbs/javascript/ 671 B
1 KB 311ms
155ms Script
text/javascript 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/javascript/mouseover.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

9c7c19538777469bd84d8217a4ae78b947e8d2848810b99d1b9242d6d00ebab1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
Date: Thu, 21 Mar 2024 18:53:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-store, no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=508
Content-Length: 671
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK util.js Show response
cmbsi.bankofamerica.com/cmbs/javascript/ 8 KB
9 KB 156ms
156ms Script
text/javascript 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/javascript/util.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

6a48ef8d531f54c65ca7c9f2e5733d680c12601b47cba3b1e94ea60121281b93

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
Date: Thu, 21 Mar 2024 18:53:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-store, no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=507
Content-Length: 8521
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK login.js Show response
cmbsi.bankofamerica.com/cmbs/javascript/ 1 KB
2 KB 161ms
161ms Script
text/javascript 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/javascript/login.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

5814eeb1ff81c5362c513977789cca30ca4420aca98862a4d8a5903756250d2c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
Date: Thu, 21 Mar 2024 18:53:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-store, no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=506
Content-Length: 1531
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK openactionwindow.js Show response
cmbsi.bankofamerica.com/cmbs/javascript/ 2 KB
2 KB 160ms
160ms Script
text/javascript 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/javascript/openactionwindow.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

e2f19956069cfb7ebc48e771f254d980960891e91d8825346c9fd85e1d44e309

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
Date: Thu, 21 Mar 2024 18:53:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-store, no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=505
Content-Length: 1605
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK format.css
cmbsi.bankofamerica.com/cmbs/css/ 17 KB
17 KB 161ms
161ms Stylesheet
text/css 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/css/format.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

43baee53114920076867005acadbedb158d02ae039567f064570264852149657

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
Date: Thu, 21 Mar 2024 18:53:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=UTF-8
Cache-Control: no-store, no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=504
Content-Length: 16994
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ecf.css
cmbsi.bankofamerica.com/cmbs/css/ 5 KB
6 KB 476ms
475ms Stylesheet
text/css 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/css/ecf.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

6eec57b18ad73d9b01b2f6e128290a1b82baecda4f40f1e11afb5db000d6060a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date: Thu, 21 Mar 2024 18:53:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection: Upgrade, Keep-Alive
Content-Length: 4938
X-XSS-Protection: 1; mode=block
Pragma
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Upgrade: h2,h2c
Content-Type: text/css; charset=UTF-8
Cache-Control: no-store, no-cache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK header.jpg
cmbsi.bankofamerica.com/cmbs/images/ 149 KB
150 KB 318ms
157ms Image
image/jpeg 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cmbsi.bankofamerica.com/cmbs/images/header.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

eb1df8a43304803ea25e30a3711e83a0d9acbcc459d069760e28d3ebadd1179e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
Date: Thu, 21 Mar 2024 18:53:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: no-store, no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=503
Content-Length: 153045
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK SignIn.gif
cmbsi.bankofamerica.com/cmbs/images/ 247 B
1 KB 586ms
333ms Image
image/gif 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cmbsi.bankofamerica.com/cmbs/images/SignIn.gif

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

329bb71d2de99f4767330fa486aeb06ae07d2ab739c6725eafa4ed1db936a127

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date: Thu, 21 Mar 2024 18:53:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection: Upgrade, Keep-Alive
Content-Length: 247
X-XSS-Protection: 1; mode=block
Pragma
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Upgrade: h2,h2c
Content-Type: image/gif
Cache-Control: no-store, no-cache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK Clear.gif
cmbsi.bankofamerica.com/cmbs/images/ 234 B
1 KB 560ms
306ms Image
image/gif 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cmbsi.bankofamerica.com/cmbs/images/Clear.gif

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

a7820cdb2b0bc3def62e6020092bb5e5074037a0a67ca0134015fc3b53faafe6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date: Thu, 21 Mar 2024 18:53:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Connection: Upgrade, Keep-Alive
Content-Length: 234
X-XSS-Protection: 1; mode=block
Pragma
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Upgrade: h2,h2c
Content-Type: image/gif
Cache-Control: no-store, no-cache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=512
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK tokenEncoder.js Show response
cmbsi.bankofamerica.com/cmbs/javascript/ 1 KB
2 KB 176ms
176ms Script
text/javascript 171.161.146.147
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://cmbsi.bankofamerica.com/cmbs/javascript/tokenEncoder.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.146.147 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

ad443f72fc44d57623267bea446466f9fffd276c56b328797c255d7be17a3477

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cmbsi.bankofamerica.com/cmbs/jsp/cmbsinternetlogin.jsp?resumePath=https%3A%2F%2Ffedsso.bankofamerica.com%2Fas%2FNWKHlYd6pM%2Fresume%2Fas%2Fauthorization.ping&vnd_pi_requested_resource=https%3A%2F%2Fcmbsi.bankofamerica.com%2F&vnd_pi_application_name=A2039CMBSIMG1&client_id=A2039CMBSIMG1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
Date: Thu, 21 Mar 2024 18:53:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' *.bankofamerica.com; connect-src 'self' *.bankofamerica.com; frame-src 'self' *.bankofamerica.com
Last-Modified: Thu, 01 Feb 2024 04:20:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-store, no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=511
Content-Length: 1349
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cmbsi.bankofamerica.com/	1969-12-31 23:59:59	Name: nonce.FndRC5.1711306385 Value: a45c9d4e-8483-4425-9ce4-023cab8bcc73
cmbsi.bankofamerica.com/	1969-12-31 23:59:59	Name: TS010ef91c Value: 014074c5828e50d3eff8f27653057a2b4de6c52d4d95c15fbe3f92bded0981543216d366999dbb416f64194b6d404ad9d14148dbae
fedsso.bankofamerica.com/	1969-12-31 23:59:59	Name: PF Value: ZNyXMhLFBFFOyaG0htJqi4
fedsso.bankofamerica.com/	1969-12-31 23:59:59	Name: bac_persist Value: 1130638757.24515.0000
.bankofamerica.com/	1970-01-21 04:53:27	Name: _bofalid Value: dZ/mGV5wTNT8ANhdtdn4JHqynzCOjW7/RuGs4U8Lbus=
.fedsso.bankofamerica.com/	1969-12-31 23:59:59	Name: TS0193529a Value: 014074c58297d17c78a0f3b8d43d992cab3e6827a5cc4c1618b1767e46964790718e0fe207a0a56bfef80775f52a782c1efffdc9ab
cmbsi.bankofamerica.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: Fb9iXBoW_WXmw8WfE7xqvfGKpNZqjCDeoLKAZwxmrgCyCF3QekAP!-364986968

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' .bankofamerica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: 'unsafe-inline' .bankofamerica.com; connect-src 'self' .bankofamerica.com; frame-src 'self' .bankofamerica.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cmbsi.bankofamerica.com
fedsso.bankofamerica.com
171.161.146.123
171.161.146.147
329bb71d2de99f4767330fa486aeb06ae07d2ab739c6725eafa4ed1db936a127
43baee53114920076867005acadbedb158d02ae039567f064570264852149657
5814eeb1ff81c5362c513977789cca30ca4420aca98862a4d8a5903756250d2c
6a48ef8d531f54c65ca7c9f2e5733d680c12601b47cba3b1e94ea60121281b93
6a887d282ca9b92dd93e8b4598f332dc988547061710422760d03e85f26d07e2
6eec57b18ad73d9b01b2f6e128290a1b82baecda4f40f1e11afb5db000d6060a
9c7c19538777469bd84d8217a4ae78b947e8d2848810b99d1b9242d6d00ebab1
a7820cdb2b0bc3def62e6020092bb5e5074037a0a67ca0134015fc3b53faafe6
ad443f72fc44d57623267bea446466f9fffd276c56b328797c255d7be17a3477
e2f19956069cfb7ebc48e771f254d980960891e91d8825346c9fd85e1d44e309
eb1df8a43304803ea25e30a3711e83a0d9acbcc459d069760e28d3ebadd1179e
eb5edc81e23fc551bfda6e42b2f436725ca4174053b4a39d07df34d135990a5c

cmbsi.bankofamerica.com Open in urlscan Pro 171.161.146.147 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

1 IPs

1 Countries

215 kBTransfer

204 kBSize

7 Cookies

2 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

7 Cookies

Security Headers

Indicators

cmbsi.bankofamerica.com Open in urlscan Pro
171.161.146.147 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

215 kB
Transfer

204 kB
Size

7
Cookies

13 HTTP transactions
0 data transactions