lpl.mainaccount.com Open in urlscan Pro
170.61.53.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lpl.mainaccount.com/
Submission: On April 30 via automatic, source certstream-suspicious (April 30th 2021, 3:11:15 pm UTC)

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 20 HTTP transactions. The main IP is 170.61.53.36, located in United States and belongs to THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US. The main domain is lpl.mainaccount.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on April 30th 2019. Valid for: 2 years.

This is the only time lpl.mainaccount.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
20	170.61.53.36 170.61.53.36		11911 (THE-BANK-...) (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS)
20	1

20 170.61.53.36 (United States)

ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US)

lpl.mainaccount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	mainaccount.com lpl.mainaccount.com	207 KB
20	1

	Domain	Requested by
20	lpl.mainaccount.com	lpl.mainaccount.com
20	1

This site contains no links.

Subject Issuer	Validity	Valid
lpl.mainaccount.com DigiCert SHA2 Secure Server CA	`2019-04-30` - `2021-06-27`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://lpl.mainaccount.com/
Frame ID: 6ACD3222B237D925694007709840EC4E
Requests: 2 HTTP requests in this frame

Frame: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Frame ID: 06CB0EBC473006A2CB4F9727CBF1A382
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

207 kB
Transfer

534 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
lpl.mainaccount.com/ 921 B
2 KB 782ms
164ms Document
text/html 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

0b6f9166d1b9000f39397a2316bb13b27778d0d2fec41b55250e942827d6430d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: lpl.mainaccount.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:10:58 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Last-Modified: Tue, 09 Mar 2021 13:52:47 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security: max-age=15768000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Content-Length: 593
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK frame.js Show response
lpl.mainaccount.com/ 109 B
1 KB 175ms
173ms Script
application/javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/frame.js

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/
Connection: keep-alive
Referer: https://lpl.mainaccount.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:10:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:52:47 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=30, max=99
Content-Length: 102
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cookie set LoginInitServ Show response
lpl.mainaccount.com/WebApp/stmt/ Frame 06CB 137 KB
34 KB 170ms
169ms Document
text/html 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

4e61e844812e501c34f387e6c499652745378759de98a490615e376a9fd832b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: lpl.mainaccount.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: frame
Referer: https://lpl.mainaccount.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://lpl.mainaccount.com/

Response headers

Date: Fri, 30 Apr 2021 15:10:59 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Pragma: public
Cache-Control: no-store,no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security: max-age=15768000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Set-Cookie: AWRLEGACYSESSIONID=220BDAB497C5E7B346460967F7CB00F3.awr_lpl_dac30193app204; Path=/WebApp/stmt; Secure; HttpOnly;Secure;SameSite=None UserSession=-1; path=/; secure; httpOnly;Secure;SameSite=None AWRLEGACYSESSIONID=220BDAB497C5E7B346460967F7CB00F3.awr_lpl_dac30193app204; Path=/WebApp/stmt; Secure; HttpOnly;Secure;SameSite=None UserSession=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None StandardLogin=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None UserLevel=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None siteId=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None
Keep-Alive: timeout=30, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1

GET
H/1.1 200
OK custom2.css
lpl.mainaccount.com/ Frame 06CB 1 KB
2 KB 163ms
151ms Stylesheet
text/css 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/custom2.css?v=28.1.0.0

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

13060fdc8ee55bc873fbd5341c5fa363cb56f007cadeb504c781a0e19bc1c134

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:52:47 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: text/css
Keep-Alive: timeout=30, max=97
Content-Length: 473
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK responsive.css
lpl.mainaccount.com/ Frame 06CB 5 KB
2 KB 354ms
190ms Stylesheet
text/css 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/responsive.css?v=28.1.0.0

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: text/css
Keep-Alive: timeout=30, max=96
Content-Length: 1271
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK integrated.js Show response
lpl.mainaccount.com/ Frame 06CB 15 KB
4 KB 522ms
163ms Script
application/javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/integrated.js?v=28.1.0.0

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

f453068230ff8cef0803281ea3693fd9d5cab8971b1bf3af4d0ec4991aa0a770

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=30, max=100
Content-Length: 3254
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bannerlogo_new.gif
lpl.mainaccount.com/images/ Frame 06CB 4 KB
5 KB 523ms
164ms Image
image/gif 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lpl.mainaccount.com/images/bannerlogo_new.gif

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

e4994dc082e06ad4aead0cc648ba7abf3cee487dd568a7d3b88bb6febe6202d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:52:49 GMT
Server: Apache
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/gif
Keep-Alive: timeout=30, max=95
Content-Length: 3646
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK splash.js Show response
lpl.mainaccount.com/WebApp/stmt/util/ Frame 06CB 9 KB
4 KB 525ms
166ms Script
application/x-javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/WebApp/stmt/util/splash.js

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

5584071bc732293a0a2aa57bb9b019804c08830814e53e4fae588c4b1d8cffab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=220BDAB497C5E7B346460967F7CB00F3.awr_lpl_dac30193app204
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 2671
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"9457-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK pm_fp.js Show response
lpl.mainaccount.com/WebApp/stmt/login/ Frame 06CB 10 KB
5 KB 525ms
167ms Script
application/x-javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/WebApp/stmt/login/pm_fp.js

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

63e75473cd5b1245222132c96ec55b0b01f9b2543e32060ae5e1805bce0c6a2c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=220BDAB497C5E7B346460967F7CB00F3.awr_lpl_dac30193app204
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 3476
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"10578-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK jquery.min.js Show response
lpl.mainaccount.com/WebApp/stmt/util/ Frame 06CB 87 KB
31 KB 368ms
173ms Script
application/x-javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/WebApp/stmt/util/jquery.min.js

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

62bb02fa91c1537efbce823d5d1981982d3925bcdaac667dc6ca64f8469e2284

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 30851
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"89390-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK Nsr.js Show response
lpl.mainaccount.com/WebApp/stmt/util/ Frame 06CB 648 B
2 KB 172ms
164ms Script
application/x-javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/WebApp/stmt/util/Nsr.js

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

915c2f50e0c0c6f025d22f31d187fa7ed37b31db546af1653aff49f013369ef6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 266
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"648-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=94

GET
H/1.1 200
OK pixel_black.gif
lpl.mainaccount.com/images/ Frame 06CB 49 B
1 KB 164ms
161ms Image
image/gif 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lpl.mainaccount.com/images/pixel_black.gif

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/gif
Keep-Alive: timeout=30, max=99
Content-Length: 49
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK verizon.png
lpl.mainaccount.com/images/ Frame 06CB 6 KB
7 KB 171ms
165ms Image
image/png 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lpl.mainaccount.com/images/verizon.png

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=30, max=99
Content-Length: 5872
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ChallengeQuestions.js Show response
lpl.mainaccount.com/WebApp/stmt/util/ Frame 06CB 8 KB
3 KB 173ms
169ms Script
application/x-javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/WebApp/stmt/util/ChallengeQuestions.js

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

6a2dabcc6d1397e19e319571481ff762b2a30eff157c617ee5912136341c9019

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 1281
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"8280-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99

GET
H/1.1 200
OK integrated.css
lpl.mainaccount.com/ Frame 06CB 181 KB
37 KB 361ms
169ms Stylesheet
text/css 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/integrated.css

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/custom2.css?v=28.1.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

d219b13dc9037ee7dbc66c068aab9ec4eb2909d9ecc90576a42679d0b67b7ec5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://lpl.mainaccount.com/custom2.css?v=28.1.0.0
Connection: keep-alive
Referer: https://lpl.mainaccount.com/custom2.css?v=28.1.0.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: text/css
Keep-Alive: timeout=30, max=100
Content-Length: 36217
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK StringUtil.js Show response
lpl.mainaccount.com/WebApp/stmt/util/ Frame 06CB 3 KB
2 KB 165ms
163ms Script
application/x-javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/WebApp/stmt/util/StringUtil.js

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/util/splash.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

776ba7a64878fce52c111ed3acca48edcfb5d99e535fb8406d4fb4355f4a83c2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 931
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"2705-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99

GET
H/1.1 200
OK commonhtml.js Show response
lpl.mainaccount.com/WebApp/stmt/util/ Frame 06CB 7 KB
4 KB 166ms
164ms Script
application/x-javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/WebApp/stmt/util/commonhtml.js

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/util/splash.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

428cbaf77c0d114a1754334fc7ada9f0874cf926b93cafd914629e495303f31b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 2542
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"6891-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99

GET
H/1.1 200
OK json2.js Show response
lpl.mainaccount.com/WebApp/stmt/util/ Frame 06CB 3 KB
3 KB 163ms
162ms Script
application/x-javascript 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/WebApp/stmt/util/json2.js

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

91babaf319b751f7d2a6815e660a444f4b4319ea23f133d012e8ed0f5ad3a89d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://lpl.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Flpl.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 1362
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Apr 2021 18:58:18 GMT
Server: Apache
ETag: W/"3437-1617908298000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=98

GET
H/1.1 200
OK background.png
lpl.mainaccount.com/images/ Frame 06CB 972 B
2 KB 166ms
162ms Image
image/png 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lpl.mainaccount.com/images/background.png

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/integrated.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://lpl.mainaccount.com/integrated.css
Connection: keep-alive
Referer: https://lpl.mainaccount.com/integrated.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=30, max=98
Content-Length: 972
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fontawesome-webfont.woff2
lpl.mainaccount.com/font-awesome/fonts/ Frame 06CB 55 KB
57 KB 301ms
300ms Font
text/plain 170.61.53.36
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://lpl.mainaccount.com/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0

Requested by

Host: lpl.mainaccount.com
URL: https://lpl.mainaccount.com/integrated.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.36 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://lpl.mainaccount.com
Accept-Encoding: gzip, deflate, br
Host: lpl.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://lpl.mainaccount.com/integrated.css
Connection: keep-alive
Origin: https://lpl.mainaccount.com
Referer: https://lpl.mainaccount.com/integrated.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 30 Apr 2021 15:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 09 Mar 2021 13:53:24 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=97
Content-Length: 56777
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lpl.mainaccount.com
170.61.53.36
0b6f9166d1b9000f39397a2316bb13b27778d0d2fec41b55250e942827d6430d
13060fdc8ee55bc873fbd5341c5fa363cb56f007cadeb504c781a0e19bc1c134
25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6
29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0
36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1
41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a
428cbaf77c0d114a1754334fc7ada9f0874cf926b93cafd914629e495303f31b
45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e
4e61e844812e501c34f387e6c499652745378759de98a490615e376a9fd832b4
5584071bc732293a0a2aa57bb9b019804c08830814e53e4fae588c4b1d8cffab
62bb02fa91c1537efbce823d5d1981982d3925bcdaac667dc6ca64f8469e2284
63e75473cd5b1245222132c96ec55b0b01f9b2543e32060ae5e1805bce0c6a2c
6a2dabcc6d1397e19e319571481ff762b2a30eff157c617ee5912136341c9019
776ba7a64878fce52c111ed3acca48edcfb5d99e535fb8406d4fb4355f4a83c2
915c2f50e0c0c6f025d22f31d187fa7ed37b31db546af1653aff49f013369ef6
91babaf319b751f7d2a6815e660a444f4b4319ea23f133d012e8ed0f5ad3a89d
d219b13dc9037ee7dbc66c068aab9ec4eb2909d9ecc90576a42679d0b67b7ec5
e4994dc082e06ad4aead0cc648ba7abf3cee487dd568a7d3b88bb6febe6202d1
edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae
f453068230ff8cef0803281ea3693fd9d5cab8971b1bf3af4d0ec4991aa0a770

lpl.mainaccount.com Open in urlscan Pro 170.61.53.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

207 kBTransfer

534 kBSize

0 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

lpl.mainaccount.com Open in urlscan Pro
170.61.53.36 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

207 kB
Transfer

534 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions