jpmcxat.mainaccount.com Open in urlscan Pro
204.51.92.32 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://jpmcxat.mainaccount.com/
Submission: On October 01 via automatic, source certstream-suspicious (October 1st 2021, 3:19:47 am UTC) — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 20 HTTP transactions. The main IP is 204.51.92.32, located in United States and belongs to UUNET, US. The main domain is jpmcxat.mainaccount.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 3rd 2021. Valid for: a year.

This is the only time jpmcxat.mainaccount.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
20	204.51.92.32 204.51.92.32		701 (UUNET) (UUNET)
20	1

20 204.51.92.32 (United States)

ASN701 (UUNET, US)

jpmcxat.mainaccount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	mainaccount.com jpmcxat.mainaccount.com	208 KB
20	1

	Domain	Requested by
20	jpmcxat.mainaccount.com	jpmcxat.mainaccount.com
20	1

This site contains no links.

Subject Issuer	Validity	Valid
jpmcxat.mainaccount.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-03` - `2022-06-08`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://jpmcxat.mainaccount.com/
Frame ID: CDFBCDE600492F36491CB7A867107243
Requests: 2 HTTP requests in this frame

Frame: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Frame ID: FD6F86F0A69AADD2FB4AE54C87615FB3
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wealth Reporting

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

208 kB
Transfer

535 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
jpmcxat.mainaccount.com/ 921 B
2 KB 328ms
107ms Document
text/html 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

0b6f9166d1b9000f39397a2316bb13b27778d0d2fec41b55250e942827d6430d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: jpmcxat.mainaccount.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Fri, 01 Oct 2021 03:19:42 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Last-Modified: Tue, 09 Mar 2021 13:52:47 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security: max-age=15768000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
X-Frame-Options: SAMEORIGIN
Content-Length: 593
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK frame.js Show response
jpmcxat.mainaccount.com/ 109 B
1 KB 111ms
110ms Script
application/javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/frame.js

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 102
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 09 Mar 2021 13:52:47 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99

GET
H/1.1 200
OK Cookie set LoginInitServ Show response
jpmcxat.mainaccount.com/WebApp/stmt/ Frame FD6F 136 KB
34 KB 146ms
146ms Document
text/html 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

1e8954762b0ba9722c18f4d263c6a58f3df2e2b9b5353bfd50521d3a4d46596a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: jpmcxat.mainaccount.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: frame
Referer: https://jpmcxat.mainaccount.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/

Response headers

Date: Fri, 01 Oct 2021 03:19:42 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Pragma: public
Cache-Control: no-store,no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security: max-age=15768000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Set-Cookie: AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; Path=/WebApp/stmt; Secure; HttpOnly;Secure;SameSite=None UserSession=-1; path=/; secure; httpOnly;Secure;SameSite=None ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; Version=1; Max-Age=30; Expires=Fri, 01-Oct-2021 03:20:12 GMT; Path=/;Secure;SameSite=None SameSite=None; Expires=Fri, 01-Oct-2021 03:20:12 GMT; Path=/; Secure;Secure;SameSite=None ADRUM_BT1="R:32|i:566412"; Version=1; Max-Age=30; Expires=Fri, 01-Oct-2021 03:20:12 GMT; Path=/;Secure;SameSite=None ADRUM_BTs="R:32|s:f"; Version=1; Max-Age=30; Expires=Fri, 01-Oct-2021 03:20:12 GMT; Path=/;Secure;SameSite=None AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; Path=/WebApp/stmt; Secure; HttpOnly;Secure;SameSite=None UserSession=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None StandardLogin=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None UserLevel=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None siteId=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None
Keep-Alive: timeout=30, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1

GET
H/1.1 200
OK custom2.css
jpmcxat.mainaccount.com/ Frame FD6F 3 KB
2 KB 186ms
106ms Stylesheet
text/css 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/custom2.css?v=28.1.0.0

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

311ea518627ec6b633cd390cb0f06f93778300f4ff16d21cc642538e583e15c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 754
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 09 Mar 2021 13:52:47 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: text/css
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=97

GET
H/1.1 200
OK responsive.css
jpmcxat.mainaccount.com/ Frame FD6F 5 KB
3 KB 307ms
121ms Stylesheet
text/css 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/responsive.css?v=28.1.0.0

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 1271
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: text/css
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=96

GET
H/1.1 200
OK integrated.js Show response
jpmcxat.mainaccount.com/ Frame FD6F 15 KB
4 KB 317ms
120ms Script
application/javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/integrated.js?v=28.1.0.0

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

f453068230ff8cef0803281ea3693fd9d5cab8971b1bf3af4d0ec4991aa0a770

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 3254
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK bannerlogo_new.gif
jpmcxat.mainaccount.com/images/ Frame FD6F 4 KB
5 KB 421ms
114ms Image
image/gif 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://jpmcxat.mainaccount.com/images/bannerlogo_new.gif

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

8fe4f87965d83d0f515f44ddd61c8f341da9349c70a4c77e2055e29798e06ca0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:52:49 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/gif
Keep-Alive: timeout=30, max=99
Content-Length: 3689
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK splash.js Show response
jpmcxat.mainaccount.com/WebApp/stmt/util/ Frame FD6F 9 KB
4 KB 305ms
104ms Script
application/x-javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/WebApp/stmt/util/splash.js

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

5584071bc732293a0a2aa57bb9b019804c08830814e53e4fae588c4b1d8cffab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 2671
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"9457-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK pm_fp.js Show response
jpmcxat.mainaccount.com/WebApp/stmt/login/ Frame FD6F 10 KB
5 KB 313ms
107ms Script
application/x-javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/WebApp/stmt/login/pm_fp.js

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

63e75473cd5b1245222132c96ec55b0b01f9b2543e32060ae5e1805bce0c6a2c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 3476
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"10578-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK jquery.min.js Show response
jpmcxat.mainaccount.com/WebApp/stmt/util/ Frame FD6F 87 KB
31 KB 292ms
253ms Script
application/x-javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/WebApp/stmt/util/jquery.min.js

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

62bb02fa91c1537efbce823d5d1981982d3925bcdaac667dc6ca64f8469e2284

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 30851
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"89390-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK Nsr.js Show response
jpmcxat.mainaccount.com/WebApp/stmt/util/ Frame FD6F 648 B
2 KB 106ms
106ms Script
application/x-javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/WebApp/stmt/util/Nsr.js

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

915c2f50e0c0c6f025d22f31d187fa7ed37b31db546af1653aff49f013369ef6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 266
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"648-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=95

GET
H/1.1 200
OK pixel_black.gif
jpmcxat.mainaccount.com/images/ Frame FD6F 49 B
1 KB 122ms
122ms Image
image/gif 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://jpmcxat.mainaccount.com/images/pixel_black.gif

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/gif
Keep-Alive: timeout=30, max=99
Content-Length: 49
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK verizon.png
jpmcxat.mainaccount.com/images/ Frame FD6F 6 KB
7 KB 125ms
125ms Image
image/png 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://jpmcxat.mainaccount.com/images/verizon.png

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=30, max=94
Content-Length: 5872
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ChallengeQuestions.js Show response
jpmcxat.mainaccount.com/WebApp/stmt/util/ Frame FD6F 8 KB
3 KB 105ms
105ms Script
application/x-javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/WebApp/stmt/util/ChallengeQuestions.js

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

6a2dabcc6d1397e19e319571481ff762b2a30eff157c617ee5912136341c9019

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 1281
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"8280-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99

GET
H/1.1 200
OK integrated.css
jpmcxat.mainaccount.com/ Frame FD6F 181 KB
37 KB 223ms
217ms Stylesheet
text/css 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/integrated.css

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/custom2.css?v=28.1.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

d219b13dc9037ee7dbc66c068aab9ec4eb2909d9ecc90576a42679d0b67b7ec5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://jpmcxat.mainaccount.com/custom2.css?v=28.1.0.0
Cookie: ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/custom2.css?v=28.1.0.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 36217
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: text/css
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK StringUtil.js Show response
jpmcxat.mainaccount.com/WebApp/stmt/util/ Frame FD6F 3 KB
2 KB 100ms
100ms Script
application/x-javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/WebApp/stmt/util/StringUtil.js

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/util/splash.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

776ba7a64878fce52c111ed3acca48edcfb5d99e535fb8406d4fb4355f4a83c2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 931
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"2705-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99

GET
H/1.1 200
OK commonhtml.js Show response
jpmcxat.mainaccount.com/WebApp/stmt/util/ Frame FD6F 7 KB
4 KB 115ms
115ms Script
application/x-javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/WebApp/stmt/util/commonhtml.js

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/util/splash.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

428cbaf77c0d114a1754334fc7ada9f0874cf926b93cafd914629e495303f31b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 2542
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"6891-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99

GET
H/1.1 200
OK json2.js Show response
jpmcxat.mainaccount.com/WebApp/stmt/util/ Frame FD6F 3 KB
3 KB 106ms
106ms Script
application/x-javascript 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/WebApp/stmt/util/json2.js

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

91babaf319b751f7d2a6815e660a444f4b4319ea23f133d012e8ed0f5ad3a89d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007; ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fjpmcxat.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 1362
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"3437-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=93

GET
H/1.1 200
OK background.png
jpmcxat.mainaccount.com/images/ Frame FD6F 972 B
2 KB 120ms
120ms Image
image/png 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://jpmcxat.mainaccount.com/images/background.png

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/integrated.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://jpmcxat.mainaccount.com/integrated.css
Cookie: ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://jpmcxat.mainaccount.com/integrated.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=30, max=98
Content-Length: 972
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fontawesome-webfont.woff2
jpmcxat.mainaccount.com/font-awesome/fonts/ Frame FD6F 55 KB
57 KB 149ms
149ms Font
text/plain 204.51.92.32
UUNET

General

Check archive.org

Show headers Download Go to

Full URL

https://jpmcxat.mainaccount.com/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0

Requested by

Host: jpmcxat.mainaccount.com
URL: https://jpmcxat.mainaccount.com/integrated.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.51.92.32 , United States, ASN701 (UUNET, US),

Reverse DNS

Software

Apache /

Resource Hash

41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://jpmcxat.mainaccount.com
Accept-Encoding: gzip, deflate, br
Host: jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://jpmcxat.mainaccount.com/integrated.css
Cookie: ADRUM_BTa="R:32|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"; SameSite=None; ADRUM_BT1="R:32|i:566412"; ADRUM_BTs="R:32|s:f"
Connection: keep-alive
Referer: https://jpmcxat.mainaccount.com/integrated.css
Origin: https://jpmcxat.mainaccount.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Fri, 01 Oct 2021 03:19:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.newrelic.com *.gstaticecom *.bnymellon.net *.highcharts.com *.morningstar.com *.byallaccounts.net *.polyfill.io *.jsdelivr.net *.vidyard.com; style-src 'self' 'unsafe-inline' *.bnymellon.net *.morningstar.com *.byallaccounts.net *.vidyard.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.byallaccounts.net *.schwab.com *.vidyard.com blob:; frame-src 'self' *.mainaccount.com *.google.com *.byallaccounts.net *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=97
Content-Length: 56777
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
jpmcxat.mainaccount.com/WebApp/stmt	1969-12-31 23:59:59	Name: AWRLEGACYSESSIONID Value: 50BD2089FC8676C1F5B357E75E4F1CFD.awr_xatjpmc_cuauatawrapp007
jpmcxat.mainaccount.com/	1970-01-19 21:37:38	Name: ADRUM_BTa Value: "R:32\|g:0b5369ca-6333-492e-bc9c-a1fbb2882eec"
jpmcxat.mainaccount.com/	1970-01-19 21:37:38	Name: SameSite Value: None
jpmcxat.mainaccount.com/	1970-01-19 21:37:38	Name: ADRUM_BT1 Value: "R:32\|i:566412"
jpmcxat.mainaccount.com/	1970-01-19 21:37:38	Name: ADRUM_BTs Value: "R:32\|s:f"

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	info	URL: https://jpmcxat.mainaccount.com/ Message: Autofocus processing was blocked because a document already has a focused element.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .newrelic.com .gstaticecom .bnymellon.net .highcharts.com .morningstar.com .byallaccounts.net .polyfill.io .jsdelivr.net .vidyard.com; style-src 'self' 'unsafe-inline' .bnymellon.net .morningstar.com .byallaccounts.net .vidyard.com; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .byallaccounts.net .schwab.com .vidyard.com blob:; frame-src 'self' .mainaccount.com .google.com .byallaccounts.net .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jpmcxat.mainaccount.com
204.51.92.32
0b6f9166d1b9000f39397a2316bb13b27778d0d2fec41b55250e942827d6430d
1e8954762b0ba9722c18f4d263c6a58f3df2e2b9b5353bfd50521d3a4d46596a
25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6
29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0
311ea518627ec6b633cd390cb0f06f93778300f4ff16d21cc642538e583e15c6
36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1
41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a
428cbaf77c0d114a1754334fc7ada9f0874cf926b93cafd914629e495303f31b
45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e
5584071bc732293a0a2aa57bb9b019804c08830814e53e4fae588c4b1d8cffab
62bb02fa91c1537efbce823d5d1981982d3925bcdaac667dc6ca64f8469e2284
63e75473cd5b1245222132c96ec55b0b01f9b2543e32060ae5e1805bce0c6a2c
6a2dabcc6d1397e19e319571481ff762b2a30eff157c617ee5912136341c9019
776ba7a64878fce52c111ed3acca48edcfb5d99e535fb8406d4fb4355f4a83c2
8fe4f87965d83d0f515f44ddd61c8f341da9349c70a4c77e2055e29798e06ca0
915c2f50e0c0c6f025d22f31d187fa7ed37b31db546af1653aff49f013369ef6
91babaf319b751f7d2a6815e660a444f4b4319ea23f133d012e8ed0f5ad3a89d
d219b13dc9037ee7dbc66c068aab9ec4eb2909d9ecc90576a42679d0b67b7ec5
edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae
f453068230ff8cef0803281ea3693fd9d5cab8971b1bf3af4d0ec4991aa0a770

jpmcxat.mainaccount.com Open in urlscan Pro 204.51.92.32 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

208 kBTransfer

535 kBSize

5 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

5 Cookies

1 Console Messages

Security Headers

Indicators

jpmcxat.mainaccount.com Open in urlscan Pro
204.51.92.32 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

208 kB
Transfer

535 kB
Size

5
Cookies

20 HTTP transactions
0 data transactions