mainaccount.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 170.61.53.24, located in United States and belongs to THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012, US. The main domain is mainaccount.com. The Cisco Umbrella rank of the primary domain is 269763.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on October 12th 2023. Valid for: a year.

This is the only time mainaccount.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
7	170.61.53.24 170.61.53.24		8012 (THE-BANK-...) (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012)
7	1

7 170.61.53.24 (United States)

ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012, US)

mainaccount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	mainaccount.com mainaccount.com — Cisco Umbrella Rank: 269763	31 KB
7	1

	Domain	Requested by
7	mainaccount.com	mainaccount.com
7	1

This site contains no links.

Subject Issuer	Validity	Valid
www.mainaccount.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-12` - `2024-11-11`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://mainaccount.com/
Frame ID: 4C9D76C733F9FE75B69A7B5D1880B035
Requests: 3 HTTP requests in this frame

Frame: https://mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fmainaccount.com%2F&framed=false&standardLogin=true
Frame ID: ACF8AD5C76C537306764811A3094B292
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

31 kB
Transfer

73 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
mainaccount.com/ 1 KB
2 KB 649ms
130ms Document
text/html 170.61.53.24
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

170.61.53.24 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012, US),

Reverse DNS

Software

/

Resource Hash

fc8ba58451487fd678372ae76163d62b799574ac23c365c5e8733c025f23d490

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .mainaccount.com .vidyard.com .morningstar.com .byallaccounts.net cdn.cookielaw.org .onetrust.com .gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net cdn.cookielaw.org .onetrust.com; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .mainaccount.com .vidyard.com .byallaccounts.net .googleapis.com; img-src 'self' data: .albridge.com .bnymellon.net .bnymellon.com .mainaccount.com .schwab.com .vidyard.com cdn.cookielaw.org .onetrust.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net .pershingx.com .powerbi.com *.woveplatform.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 644
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.mainaccount.com *.vidyard.com *.morningstar.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com *.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.mainaccount.com *.vidyard.com *.byallaccounts.net *.googleapis.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.bnymellon.com *.mainaccount.com *.schwab.com *.vidyard.com cdn.cookielaw.org *.onetrust.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net *.pershingx.com *.powerbi.com *.woveplatform.com;
Content-Type: text/html
Date: Sun, 07 Jul 2024 08:58:13 GMT
Keep-Alive: timeout=30, max=100
Last-Modified: Thu, 30 May 2024 04:24:52 GMT
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security: max-age=15768000;includeSubDomains
Vary: User-Agent,Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK frame.js Show response
mainaccount.com/ 109 B
2 KB 127ms
126ms Script
application/javascript 170.61.53.24
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://mainaccount.com/frame.js

Requested by

Host: mainaccount.com
URL: https://mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

170.61.53.24 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012, US),

Reverse DNS

Software

/

Resource Hash

edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .mainaccount.com .vidyard.com .morningstar.com .byallaccounts.net cdn.cookielaw.org .onetrust.com .gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net cdn.cookielaw.org .onetrust.com; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .mainaccount.com .vidyard.com .byallaccounts.net .googleapis.com; img-src 'self' data: .albridge.com .bnymellon.net .bnymellon.com .mainaccount.com .schwab.com .vidyard.com cdn.cookielaw.org .onetrust.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net .pershingx.com .powerbi.com *.woveplatform.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://mainaccount.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 08:58:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15768000;includeSubDomains
Last-Modified: Thu, 30 May 2024 04:24:52 GMT
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.mainaccount.com *.vidyard.com *.morningstar.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com *.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.mainaccount.com *.vidyard.com *.byallaccounts.net *.googleapis.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.bnymellon.com *.mainaccount.com *.schwab.com *.vidyard.com cdn.cookielaw.org *.onetrust.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net *.pershingx.com *.powerbi.com *.woveplatform.com;
Vary: User-Agent,Accept-Encoding
X-Frame-Options: SAMEORIGIN
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99
Content-Length: 102
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
200 LoginInitServ Show response
mainaccount.com/WebApp/stmt/ Frame ACF8 36 KB
12 KB 133ms
132ms Document
text/html 170.61.53.24
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fmainaccount.com%2F&framed=false&standardLogin=true

Requested by

Host: mainaccount.com
URL: https://mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

170.61.53.24 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012, US),

Reverse DNS

Software

/

Resource Hash

0cbfb0ec504a1dcf5aca4e7116834b3be35f2681b8a921ed40226525453f4085

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .mainaccount.com .vidyard.com .morningstar.com .byallaccounts.net cdn.cookielaw.org .onetrust.com .gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net cdn.cookielaw.org .onetrust.com; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .mainaccount.com .vidyard.com .byallaccounts.net .googleapis.com; img-src 'self' data: .albridge.com .bnymellon.net .bnymellon.com .mainaccount.com .schwab.com .vidyard.com cdn.cookielaw.org .onetrust.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net .pershingx.com .powerbi.com *.woveplatform.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://mainaccount.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

CONTENT: Tue, 7 mar 1972 12:00:00 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.mainaccount.com *.vidyard.com *.morningstar.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com *.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.mainaccount.com *.vidyard.com *.byallaccounts.net *.googleapis.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.bnymellon.com *.mainaccount.com *.schwab.com *.vidyard.com cdn.cookielaw.org *.onetrust.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net *.pershingx.com *.powerbi.com *.woveplatform.com;
Content-Type: text/html;charset=ISO-8859-1
Date: Sun, 07 Jul 2024 08:58:13 GMT
HTTP-EQUIV: expires
Keep-Alive: timeout=30, max=98
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security: max-age=15768000;includeSubDomains
Transfer-Encoding: chunked
Vary: User-Agent,Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK integrated.js Show response
mainaccount.com/ Frame ACF8 16 KB
5 KB 128ms
127ms Script
application/javascript 170.61.53.24
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://mainaccount.com/integrated.js?v=31.2.0.0

Requested by

Host: mainaccount.com
URL: https://mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fmainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

170.61.53.24 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012, US),

Reverse DNS

Software

/

Resource Hash

af46c843c40377ff88a5dc8be7d8d646382b5ba54dd9a65a817330e026acfe1b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .mainaccount.com .vidyard.com .morningstar.com .byallaccounts.net cdn.cookielaw.org .onetrust.com .gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net cdn.cookielaw.org .onetrust.com; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .mainaccount.com .vidyard.com .byallaccounts.net .googleapis.com; img-src 'self' data: .albridge.com .bnymellon.net .bnymellon.com .mainaccount.com .schwab.com .vidyard.com cdn.cookielaw.org .onetrust.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net .pershingx.com .powerbi.com *.woveplatform.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fmainaccount.com%2F&framed=false&standardLogin=true
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 08:58:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15768000;includeSubDomains
Last-Modified: Thu, 30 May 2024 04:24:52 GMT
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.mainaccount.com *.vidyard.com *.morningstar.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com *.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.mainaccount.com *.vidyard.com *.byallaccounts.net *.googleapis.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.bnymellon.com *.mainaccount.com *.schwab.com *.vidyard.com cdn.cookielaw.org *.onetrust.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net *.pershingx.com *.powerbi.com *.woveplatform.com;
Vary: User-Agent,Accept-Encoding
X-Frame-Options: SAMEORIGIN
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=97
Content-Length: 3445
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
200 commonhtml.js Show response
mainaccount.com/WebApp/stmt/util/ Frame ACF8 10 KB
5 KB 255ms
128ms Script
application/x-javascript 170.61.53.24
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://mainaccount.com/WebApp/stmt/util/commonhtml.js

Requested by

Host: mainaccount.com
URL: https://mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fmainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

170.61.53.24 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012, US),

Reverse DNS

Software

/

Resource Hash

cd3937451cf43fc93616281d2c25801fcddfbd3ade239fa9f02948683f5d20c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .mainaccount.com .vidyard.com .morningstar.com .byallaccounts.net cdn.cookielaw.org .onetrust.com .gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net cdn.cookielaw.org .onetrust.com; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .mainaccount.com .vidyard.com .byallaccounts.net .googleapis.com; img-src 'self' data: .albridge.com .bnymellon.net .bnymellon.com .mainaccount.com .schwab.com .vidyard.com cdn.cookielaw.org .onetrust.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net .pershingx.com .powerbi.com *.woveplatform.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fmainaccount.com%2F&framed=false&standardLogin=true
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 08:58:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15768000;includeSubDomains
Last-Modified: Thu, 30 May 2024 06:44:58 GMT
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.mainaccount.com *.vidyard.com *.morningstar.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com *.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.mainaccount.com *.vidyard.com *.byallaccounts.net *.googleapis.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.bnymellon.com *.mainaccount.com *.schwab.com *.vidyard.com cdn.cookielaw.org *.onetrust.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net *.pershingx.com *.powerbi.com *.woveplatform.com;
ETag: W/"9854-1717051498000-gzip"
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Content-Type: application/x-javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=96
Content-Length: 3174
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
200 json2.js Show response
mainaccount.com/WebApp/stmt/util/ Frame ACF8 11 KB
5 KB 499ms
250ms Script
application/x-javascript 170.61.53.24
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://mainaccount.com/WebApp/stmt/util/json2.js

Requested by

Host: mainaccount.com
URL: https://mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fmainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

170.61.53.24 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012, US),

Reverse DNS

Software

/

Resource Hash

9913149f5e101539a4426af6fbaf651228ec728e75c6398a6a40df1d84557070

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .mainaccount.com .vidyard.com .morningstar.com .byallaccounts.net cdn.cookielaw.org .onetrust.com .gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net cdn.cookielaw.org .onetrust.com; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .mainaccount.com .vidyard.com .byallaccounts.net .googleapis.com; img-src 'self' data: .albridge.com .bnymellon.net .bnymellon.com .mainaccount.com .schwab.com .vidyard.com cdn.cookielaw.org .onetrust.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net .pershingx.com .powerbi.com *.woveplatform.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fmainaccount.com%2F&framed=false&standardLogin=true
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 08:58:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15768000;includeSubDomains
Last-Modified: Thu, 30 May 2024 06:44:58 GMT
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.mainaccount.com *.vidyard.com *.morningstar.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com *.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.mainaccount.com *.vidyard.com *.byallaccounts.net *.googleapis.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.bnymellon.com *.mainaccount.com *.schwab.com *.vidyard.com cdn.cookielaw.org *.onetrust.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net *.pershingx.com *.powerbi.com *.woveplatform.com;
ETag: W/"10955-1717051498000-gzip"
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Content-Type: application/x-javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100
Content-Length: 3545
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found favicon.ico
mainaccount.com/ 209 B
394 B 130ms
130ms Other
text/html 170.61.53.24
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL: https://mainaccount.com/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 170.61.53.24 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-AS8012, US),
Reverse DNS
Software: /
Resource Hash: b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://mainaccount.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 08:58:14 GMT
Connection: Keep-Alive
Keep-Alive: timeout=30, max=99
Content-Length: 209
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
mainaccount.com/WebApp/stmt	1969-12-31 23:59:59	Name: AWRLEGACYSESSIONID Value: 6C8590F1E1798D074BBB96D5D277D1C7.awr_prod1_dac30193app204
mainaccount.com/WebApp/stmt	1969-12-31 23:59:59	Name: TS01bcfef8 Value: 01733f92ab7f890e6254b37fd4c8fc7fb1800ba0aa5a8ba5522b515ed1b31e6360ec743830efaedcda32e8468537f05e59e9effdda5ad9e7913da399341ad01be5d8c75709
mainaccount.com/	1969-12-31 23:59:59	Name: TS015678a2 Value: 01733f92ab8337c6197e184518cd8e11e41de4813c5a8ba5522b515ed1b31e6360ec743830111e01759c31e739124671da8fa14e62

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mainaccount.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .mainaccount.com .vidyard.com .morningstar.com .byallaccounts.net cdn.cookielaw.org .onetrust.com .gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net cdn.cookielaw.org .onetrust.com; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .mainaccount.com .vidyard.com .byallaccounts.net .googleapis.com; img-src 'self' data: .albridge.com .bnymellon.net .bnymellon.com .mainaccount.com .schwab.com .vidyard.com cdn.cookielaw.org .onetrust.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net .pershingx.com .powerbi.com *.woveplatform.com;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mainaccount.com
170.61.53.24
0cbfb0ec504a1dcf5aca4e7116834b3be35f2681b8a921ed40226525453f4085
9913149f5e101539a4426af6fbaf651228ec728e75c6398a6a40df1d84557070
af46c843c40377ff88a5dc8be7d8d646382b5ba54dd9a65a817330e026acfe1b
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
cd3937451cf43fc93616281d2c25801fcddfbd3ade239fa9f02948683f5d20c0
edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae
fc8ba58451487fd678372ae76163d62b799574ac23c365c5e8733c025f23d490

mainaccount.com Open in urlscan Pro 170.61.53.24 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

31 kBTransfer

73 kBSize

3 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

mainaccount.com Open in urlscan Pro
170.61.53.24 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

31 kB
Transfer

73 kB
Size

3
Cookies

7 HTTP transactions
0 data transactions