bd55.mainaccount.com Open in urlscan Pro
170.61.53.35 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bd55.mainaccount.com/
Submission: On September 02 via automatic, source certstream-suspicious (September 2nd 2021, 6:30:49 pm UTC)

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 20 HTTP transactions. The main IP is 170.61.53.35, located in United States and belongs to THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US. The main domain is bd55.mainaccount.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on September 6th 2019. Valid for: 2 years.

This is the only time bd55.mainaccount.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
20	170.61.53.35 170.61.53.35		8012 (THE-BANK-...) (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING)
20	1

20 170.61.53.35 (United States)

ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US)

bd55.mainaccount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	mainaccount.com bd55.mainaccount.com	208 KB
20	1

	Domain	Requested by
20	bd55.mainaccount.com	bd55.mainaccount.com
20	1

This site contains no links.

Subject Issuer	Validity	Valid
bd55.mainaccount.com DigiCert SHA2 Secure Server CA	`2019-09-06` - `2021-11-01`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://bd55.mainaccount.com/
Frame ID: 8FA9EE06A56E59B80958DF2EDEAC4F6D
Requests: 2 HTTP requests in this frame

Frame: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Frame ID: 3D508B9729355BDA1B4BAE5E686C012C
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Northwestern Mutual Investment Services

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

208 kB
Transfer

551 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
bd55.mainaccount.com/ 921 B
2 KB 2169ms
129ms Document
text/html 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

0b6f9166d1b9000f39397a2316bb13b27778d0d2fec41b55250e942827d6430d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: bd55.mainaccount.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:32 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Last-Modified: Fri, 16 Jul 2021 10:53:01 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security: max-age=15768000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
X-Frame-Options: SAMEORIGIN
Content-Length: 593
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK frame.js Show response
bd55.mainaccount.com/ 109 B
1 KB 484ms
483ms Script
application/javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/frame.js

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/
Connection: keep-alive
Referer: https://bd55.mainaccount.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 102
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 16 Jul 2021 10:53:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99

GET
H/1.1 200
OK Cookie set LoginInitServ Show response
bd55.mainaccount.com/WebApp/stmt/ Frame 3D50 146 KB
35 KB 142ms
141ms Document
text/html 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

9855228850e046c1c41533aef5536201fa514a926dab47d13cd8c04e9145317f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: bd55.mainaccount.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: frame
Referer: https://bd55.mainaccount.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://bd55.mainaccount.com/

Response headers

Date: Thu, 02 Sep 2021 18:30:33 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Pragma: public
Cache-Control: no-store,no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security: max-age=15768000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Set-Cookie: AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203; Path=/WebApp/stmt; Secure; HttpOnly;Secure;SameSite=None UserSession=-1; path=/; secure; httpOnly;Secure;SameSite=None AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203; Path=/WebApp/stmt; Secure; HttpOnly;Secure;SameSite=None UserSession=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None StandardLogin=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None UserLevel=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None siteId=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None
Keep-Alive: timeout=30, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1

GET
H/1.1 200
OK custom2.css
bd55.mainaccount.com/ Frame 3D50 1 KB
2 KB 251ms
134ms Stylesheet
text/css 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/custom2.css?v=28.2.0.0

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

efac322b2846c5b1626b77b052d9516206bac9a1944b2265d1d3df1acc011f7f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 473
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 16 Jul 2021 10:53:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: text/css
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=97

GET
H/1.1 200
OK responsive.css
bd55.mainaccount.com/ Frame 3D50 5 KB
3 KB 386ms
134ms Stylesheet
text/css 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/responsive.css?v=28.2.0.0

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 1271
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 16 Jul 2021 10:53:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: text/css
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=96

GET
H/1.1 200
OK integrated.js Show response
bd55.mainaccount.com/ Frame 3D50 15 KB
5 KB 405ms
137ms Script
application/javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/integrated.js?v=28.2.0.0

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

5e5e42f4c727c3d3a9205193f0ca80a07b54a9bc3f7fe3dcbcdf88e6c27d2c01

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 3333
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 16 Jul 2021 10:53:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK bannerlogo_new.gif
bd55.mainaccount.com/images/ Frame 3D50 2 KB
3 KB 1374ms
134ms Image
image/gif 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bd55.mainaccount.com/images/bannerlogo_new.gif

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

5ae7a588548fe2456548057c9716bf491548d8ce8ecf5b3a2172c8062a1f6e94

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:35 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Jul 2021 10:53:03 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/gif
Keep-Alive: timeout=30, max=99
Content-Length: 1818
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK splash.js Show response
bd55.mainaccount.com/WebApp/stmt/util/ Frame 3D50 9 KB
4 KB 519ms
132ms Script
application/x-javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/WebApp/stmt/util/splash.js

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

5584071bc732293a0a2aa57bb9b019804c08830814e53e4fae588c4b1d8cffab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 2671
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 20 Aug 2021 06:43:48 GMT
Server: Apache
ETag: W/"9457-1629441828000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=95

GET
H/1.1 200
OK pm_fp.js Show response
bd55.mainaccount.com/WebApp/stmt/login/ Frame 3D50 10 KB
5 KB 1011ms
491ms Script
application/x-javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/WebApp/stmt/login/pm_fp.js

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

63e75473cd5b1245222132c96ec55b0b01f9b2543e32060ae5e1805bce0c6a2c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 3476
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 20 Aug 2021 06:43:48 GMT
Server: Apache
ETag: W/"10578-1629441828000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=94

GET
H/1.1 200
OK jquery.min.js Show response
bd55.mainaccount.com/WebApp/stmt/util/ Frame 3D50 87 KB
31 KB 788ms
519ms Script
application/x-javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/WebApp/stmt/util/jquery.min.js

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

62bb02fa91c1537efbce823d5d1981982d3925bcdaac667dc6ca64f8469e2284

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 30851
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 20 Aug 2021 06:43:48 GMT
Server: Apache
ETag: W/"89390-1629441828000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=99

GET
H/1.1 200
OK Nsr.js Show response
bd55.mainaccount.com/WebApp/stmt/util/ Frame 3D50 737 B
2 KB 628ms
136ms Script
application/x-javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/WebApp/stmt/util/Nsr.js

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

3a1ed471e6ad91835814d7e9cc2e3863897cc3460649811c966955a3af6f1c99

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 282
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 20 Aug 2021 06:43:48 GMT
Server: Apache
ETag: W/"737-1629441828000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=93

GET
H/1.1 200
OK pixel_black.gif
bd55.mainaccount.com/images/ Frame 3D50 49 B
1 KB 890ms
617ms Image
image/gif 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bd55.mainaccount.com/images/pixel_black.gif

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:35 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Jul 2021 10:53:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/gif
Keep-Alive: timeout=30, max=100
Content-Length: 49
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK verizon.png
bd55.mainaccount.com/images/ Frame 3D50 6 KB
7 KB 355ms
129ms Image
image/png 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bd55.mainaccount.com/images/verizon.png

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:35 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Jul 2021 10:53:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=30, max=98
Content-Length: 5872
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ChallengeQuestions.js Show response
bd55.mainaccount.com/WebApp/stmt/util/ Frame 3D50 8 KB
3 KB 762ms
135ms Script
application/x-javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/WebApp/stmt/util/ChallengeQuestions.js

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

59720b4fcb7aaae6cc0ed706316452366a3ce3e66fa8037c9feecc80056d2b7a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 1315
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 20 Aug 2021 06:43:48 GMT
Server: Apache
ETag: W/"8424-1629441828000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=92

GET
H/1.1 200
OK integrated.css
bd55.mainaccount.com/ Frame 3D50 191 KB
39 KB 628ms
615ms Stylesheet
text/css 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/integrated.css

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/custom2.css?v=28.2.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

7bcda6e99f117b45f05563f2e5f62f03b0a6aff02ba4194dee03f986e93c4330

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://bd55.mainaccount.com/custom2.css?v=28.2.0.0
Connection: keep-alive
Referer: https://bd55.mainaccount.com/custom2.css?v=28.2.0.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Vary: User-Agent,Accept-Encoding
Content-Length: 38260
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 16 Jul 2021 10:53:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: text/css
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=100

GET
H/1.1 200
OK StringUtil.js Show response
bd55.mainaccount.com/WebApp/stmt/util/ Frame 3D50 3 KB
2 KB 302ms
131ms Script
application/x-javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/WebApp/stmt/util/StringUtil.js

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/util/splash.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

776ba7a64878fce52c111ed3acca48edcfb5d99e535fb8406d4fb4355f4a83c2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 931
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 20 Aug 2021 06:43:48 GMT
Server: Apache
ETag: W/"2705-1629441828000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=97

GET
H/1.1 200
OK commonhtml.js Show response
bd55.mainaccount.com/WebApp/stmt/util/ Frame 3D50 7 KB
4 KB 169ms
135ms Script
application/x-javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/WebApp/stmt/util/commonhtml.js

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/util/splash.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

428cbaf77c0d114a1754334fc7ada9f0874cf926b93cafd914629e495303f31b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 2542
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 20 Aug 2021 06:43:48 GMT
Server: Apache
ETag: W/"6891-1629441828000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=98

GET
H/1.1 200
OK json2.js Show response
bd55.mainaccount.com/WebApp/stmt/util/ Frame 3D50 3 KB
3 KB 170ms
136ms Script
application/x-javascript 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/WebApp/stmt/util/json2.js

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

91babaf319b751f7d2a6815e660a444f4b4319ea23f133d012e8ed0f5ad3a89d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
Cookie: AWRLEGACYSESSIONID=27235E69B7AB04C7AC69E3E933394272.awr_nwm_dac30193app203
Connection: keep-alive
Referer: https://bd55.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fbd55.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Length: 1362
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 20 Aug 2021 06:43:48 GMT
Server: Apache
ETag: W/"3437-1629441828000-gzip"
Vary: User-Agent,Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubDomains
Content-Type: application/x-javascript
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=91

GET
H/1.1 200
OK background.png
bd55.mainaccount.com/images/ Frame 3D50 972 B
2 KB 648ms
617ms Image
image/png 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bd55.mainaccount.com/images/background.png

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/integrated.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://bd55.mainaccount.com/integrated.css
Connection: keep-alive
Referer: https://bd55.mainaccount.com/integrated.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:35 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Jul 2021 10:53:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=30, max=100
Content-Length: 972
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fontawesome-webfont.woff2
bd55.mainaccount.com/font-awesome/fonts/ Frame 3D50 55 KB
57 KB 133ms
133ms Font
text/plain 170.61.53.35
THE-BANK-OF-NEW-Y...

General

Check archive.org

Show headers Download Go to

Full URL

https://bd55.mainaccount.com/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0

Requested by

Host: bd55.mainaccount.com
URL: https://bd55.mainaccount.com/integrated.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

170.61.53.35 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),

Reverse DNS

Software

Apache /

Resource Hash

41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://bd55.mainaccount.com
Accept-Encoding: gzip, deflate, br
Host: bd55.mainaccount.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://bd55.mainaccount.com/integrated.css
Connection: keep-alive
Origin: https://bd55.mainaccount.com
Referer: https://bd55.mainaccount.com/integrated.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 02 Sep 2021 18:30:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Jul 2021 10:53:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: User-Agent,Accept-Encoding
P3P: CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection: Keep-Alive
Content-Security-Policy: default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security: max-age=15768000;includeSubDomains
Accept-Ranges: bytes
Keep-Alive: timeout=30, max=90
Content-Length: 56777
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .albridge.com: .bnymellon.net .vidyard.com .morningstar.com .byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' .morningstar.com .polyfill.io .jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com .mainaccount.com .google.com .gstatic.com .bnymellon.net .highcharts.com .vidyard.com .newrelic.com .byallaccounts.net; style-src 'self' 'unsafe-inline' .morningstar.com .bnymellon.net .vidyard.com .byallaccounts.net; img-src 'self' data: .albridge.com .bnymellon.net .mainaccount.com .schwab.com .vidyard.com .byallaccounts.net blob:; frame-src 'self' .mainaccount.com .google.com .albridge.com .bnymellon.net .cashedge.com .schwab.com .idmanagedsolutions.com .vidyard.com .byallaccounts.net;
Strict-Transport-Security	max-age=15768000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bd55.mainaccount.com
170.61.53.35
0b6f9166d1b9000f39397a2316bb13b27778d0d2fec41b55250e942827d6430d
25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6
29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0
36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1
3a1ed471e6ad91835814d7e9cc2e3863897cc3460649811c966955a3af6f1c99
41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a
428cbaf77c0d114a1754334fc7ada9f0874cf926b93cafd914629e495303f31b
45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e
5584071bc732293a0a2aa57bb9b019804c08830814e53e4fae588c4b1d8cffab
59720b4fcb7aaae6cc0ed706316452366a3ce3e66fa8037c9feecc80056d2b7a
5ae7a588548fe2456548057c9716bf491548d8ce8ecf5b3a2172c8062a1f6e94
5e5e42f4c727c3d3a9205193f0ca80a07b54a9bc3f7fe3dcbcdf88e6c27d2c01
62bb02fa91c1537efbce823d5d1981982d3925bcdaac667dc6ca64f8469e2284
63e75473cd5b1245222132c96ec55b0b01f9b2543e32060ae5e1805bce0c6a2c
776ba7a64878fce52c111ed3acca48edcfb5d99e535fb8406d4fb4355f4a83c2
7bcda6e99f117b45f05563f2e5f62f03b0a6aff02ba4194dee03f986e93c4330
91babaf319b751f7d2a6815e660a444f4b4319ea23f133d012e8ed0f5ad3a89d
9855228850e046c1c41533aef5536201fa514a926dab47d13cd8c04e9145317f
edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae
efac322b2846c5b1626b77b052d9516206bac9a1944b2265d1d3df1acc011f7f

bd55.mainaccount.com Open in urlscan Pro 170.61.53.35 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

208 kBTransfer

551 kBSize

0 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

bd55.mainaccount.com Open in urlscan Pro
170.61.53.35 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

208 kB
Transfer

551 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions