URL: https://ap.mainaccount.com/
Submission: On February 17 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 170.61.53.23, located in United States and belongs to THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US. The main domain is ap.mainaccount.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on April 8th 2021. Valid for: a year.
This is the only time ap.mainaccount.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
21 170.61.53.23 11911 (THE-BANK-...)
21 1
Apex Domain
Subdomains
Transfer
21 mainaccount.com
ap.mainaccount.com
223 KB
21 1
Domain Requested by
21 ap.mainaccount.com ap.mainaccount.com
21 1

This site contains no links.

Subject Issuer Validity Valid
ap.mainaccount.com
DigiCert TLS RSA SHA256 2020 CA1
2021-04-08 -
2022-04-13
a year crt.sh

This page contains 3 frames:

Primary Page: https://ap.mainaccount.com/
Frame ID: 430D6A6D56F777A7D02008B007601A27
Requests: 2 HTTP requests in this frame

Frame: https://ap.mainaccount.com/UntitledFrame-6
Frame ID: EFEC6F880F0E6101AB7FDF87568325BF
Requests: 1 HTTP requests in this frame

Frame: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Frame ID: A39A7CF9368BE0EDB0BB97A65104DFBB
Requests: 18 HTTP requests in this frame

Screenshot

Page Title

American Portfolios

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

223 kB
Transfer

595 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
ap.mainaccount.com/
950 B
2 KB
Document
General
Full URL
https://ap.mainaccount.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
99f87d478492a82471e91cbb3ed939a4ae71de165352cd8efd25ab9228878830
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Thu, 17 Feb 2022 14:04:09 GMT
Vary
User-Agent,Accept-Encoding
Last-Modified
Wed, 27 Oct 2021 13:55:24 GMT
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security
max-age=15768000;includeSubDomains
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
X-Frame-Options
SAMEORIGIN
Content-Length
608
Keep-Alive
timeout=30, max=100
Connection
Keep-Alive
Content-Type
text/html
frame.js
ap.mainaccount.com/
109 B
1 KB
Script
General
Full URL
https://ap.mainaccount.com/frame.js
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:55:24 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=30, max=99
Content-Length
102
X-XSS-Protection
1; mode=block
UntitledFrame-6
ap.mainaccount.com/ Frame EFEC
213 B
398 B
Document
General
Full URL
https://ap.mainaccount.com/UntitledFrame-6
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
c11d7ad2fc88cccde65f5f20efa0984716cd48d8802f03e4ecb4d23d55dd89aa

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Content-Length
213
Keep-Alive
timeout=30, max=98
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
LoginInitServ
ap.mainaccount.com/WebApp/stmt/ Frame A39A
168 KB
41 KB
Document
General
Full URL
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
b4a2ebeb41f69e8e8754b946415cbb20ed21729a6243a48e376646a62b407827
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Vary
User-Agent,Accept-Encoding
Pragma
public
Cache-Control
no-store,no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options
SAMEORIGIN
Content-Encoding
gzip
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security
max-age=15768000;includeSubDomains
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Keep-Alive
timeout=30, max=97
Connection
Keep-Alive
Content-Type
text/html;charset=ISO-8859-1
Transfer-Encoding
chunked
custom2.css
ap.mainaccount.com/ Frame A39A
1 KB
2 KB
Stylesheet
General
Full URL
https://ap.mainaccount.com/custom2.css?v=28.3.0.0
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
9143e22bed29817f9f2a38b20f9ab785d0f87555598e5a948f78f4d66d7441cd
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:55:24 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=30, max=96
Content-Length
472
X-XSS-Protection
1; mode=block
responsive.css
ap.mainaccount.com/ Frame A39A
5 KB
2 KB
Stylesheet
General
Full URL
https://ap.mainaccount.com/responsive.css?v=28.3.0.0
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:57:38 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=30, max=100
Content-Length
1271
X-XSS-Protection
1; mode=block
integrated.js
ap.mainaccount.com/ Frame A39A
15 KB
5 KB
Script
General
Full URL
https://ap.mainaccount.com/integrated.js?v=28.3.0.0
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
5e5e42f4c727c3d3a9205193f0ca80a07b54a9bc3f7fe3dcbcdf88e6c27d2c01
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:57:38 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=30, max=100
Content-Length
3333
X-XSS-Protection
1; mode=block
bannerlogo_new.gif
ap.mainaccount.com/images/ Frame A39A
4 KB
6 KB
Image
General
Full URL
https://ap.mainaccount.com/images/bannerlogo_new.gif
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
257bfc1b651b10937d565743369e261a463e6b948af14e90b0e9601ec686386d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:55:26 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/gif
Keep-Alive
timeout=30, max=99
Content-Length
4469
X-XSS-Protection
1; mode=block
splash.js
ap.mainaccount.com/WebApp/stmt/util/ Frame A39A
12 KB
5 KB
Script
General
Full URL
https://ap.mainaccount.com/WebApp/stmt/util/splash.js
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
65134048cfa0e1ba19112d997ff0c4d998769d1224eb7c27655765e104bf381d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Jan 2022 15:15:22 GMT
ETag
W/"12773-1642086922000-gzip"
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/x-javascript
Keep-Alive
timeout=30, max=100
Content-Length
3747
X-XSS-Protection
1; mode=block
pm_fp.js
ap.mainaccount.com/WebApp/stmt/login/ Frame A39A
13 KB
5 KB
Script
General
Full URL
https://ap.mainaccount.com/WebApp/stmt/login/pm_fp.js
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
8b85ae0e2166e05daa03c1e35313b0b35d41b5f93dfcf1bd25986cd3d0f7f87f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Jan 2022 15:15:22 GMT
ETag
W/"12901-1642086922000-gzip"
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/x-javascript
Keep-Alive
timeout=30, max=95
Content-Length
3730
X-XSS-Protection
1; mode=block
jquery.min.js
ap.mainaccount.com/WebApp/stmt/util/ Frame A39A
87 KB
31 KB
Script
General
Full URL
https://ap.mainaccount.com/WebApp/stmt/util/jquery.min.js
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Jan 2022 15:15:22 GMT
ETag
W/"89476-1642086922000-gzip"
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/x-javascript
Keep-Alive
timeout=30, max=100
Content-Length
30910
X-XSS-Protection
1; mode=block
Nsr.js
ap.mainaccount.com/WebApp/stmt/util/ Frame A39A
1 KB
2 KB
Script
General
Full URL
https://ap.mainaccount.com/WebApp/stmt/util/Nsr.js
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
6cf97f3380c649a90e71cba3471b209118d0dcaad01722cbc088aff70eddcb28
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Jan 2022 15:15:22 GMT
ETag
W/"1046-1642086922000-gzip"
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/x-javascript
Keep-Alive
timeout=30, max=94
Content-Length
376
X-XSS-Protection
1; mode=block
pixel_black.gif
ap.mainaccount.com/images/ Frame A39A
49 B
1 KB
Image
General
Full URL
https://ap.mainaccount.com/images/pixel_black.gif
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:57:38 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/gif
Keep-Alive
timeout=30, max=99
Content-Length
49
X-XSS-Protection
1; mode=block
verizon.png
ap.mainaccount.com/images/ Frame A39A
6 KB
7 KB
Image
General
Full URL
https://ap.mainaccount.com/images/verizon.png
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:57:38 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=30, max=98
Content-Length
5872
X-XSS-Protection
1; mode=block
ChallengeQuestions.js
ap.mainaccount.com/WebApp/stmt/util/ Frame A39A
10 KB
3 KB
Script
General
Full URL
https://ap.mainaccount.com/WebApp/stmt/util/ChallengeQuestions.js
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
533d1c5ab64b4b5b7db1398c12160d893bc2829378d3d62c1d36be114dd7384b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Jan 2022 15:15:22 GMT
ETag
W/"10339-1642086922000-gzip"
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/x-javascript
Keep-Alive
timeout=30, max=99
Content-Length
1708
X-XSS-Protection
1; mode=block
integrated.css
ap.mainaccount.com/ Frame A39A
191 KB
39 KB
Stylesheet
General
Full URL
https://ap.mainaccount.com/integrated.css
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/custom2.css?v=28.3.0.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
7d9b0e5e5755f244f4cfc03689977dcdd03fe28fa3d6ad5730995e56a1caa081
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/custom2.css?v=28.3.0.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:57:38 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=30, max=100
Content-Length
38400
X-XSS-Protection
1; mode=block
StringUtil.js
ap.mainaccount.com/WebApp/stmt/util/ Frame A39A
5 KB
3 KB
Script
General
Full URL
https://ap.mainaccount.com/WebApp/stmt/util/StringUtil.js
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/util/splash.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
a87cf88f37aa2551aad269ef2f4e787ee4b982662ad01161a40374043ec4d324
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Jan 2022 15:15:22 GMT
ETag
W/"5031-1642086922000-gzip"
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/x-javascript
Keep-Alive
timeout=30, max=99
Content-Length
1694
X-XSS-Protection
1; mode=block
commonhtml.js
ap.mainaccount.com/WebApp/stmt/util/ Frame A39A
8 KB
4 KB
Script
General
Full URL
https://ap.mainaccount.com/WebApp/stmt/util/commonhtml.js
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/util/splash.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
5d720b310c49c9d2dfcfd6aa57a9f612a3b5c9ea6a1e165efc0af3b59f67b2fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Jan 2022 15:15:22 GMT
ETag
W/"8036-1642086922000-gzip"
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/x-javascript
Keep-Alive
timeout=30, max=97
Content-Length
2909
X-XSS-Protection
1; mode=block
json2.js
ap.mainaccount.com/WebApp/stmt/util/ Frame A39A
11 KB
5 KB
Script
General
Full URL
https://ap.mainaccount.com/WebApp/stmt/util/json2.js
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
9913149f5e101539a4426af6fbaf651228ec728e75c6398a6a40df1d84557070
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fap.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Jan 2022 15:15:22 GMT
ETag
W/"10955-1642086922000-gzip"
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/x-javascript
Keep-Alive
timeout=30, max=98
Content-Length
3545
X-XSS-Protection
1; mode=block
background.png
ap.mainaccount.com/images/ Frame A39A
972 B
2 KB
Image
General
Full URL
https://ap.mainaccount.com/images/background.png
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/integrated.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ap.mainaccount.com/integrated.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:57:38 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=30, max=98
Content-Length
972
X-XSS-Protection
1; mode=block
fontawesome-webfont.woff2
ap.mainaccount.com/font-awesome/fonts/ Frame A39A
55 KB
57 KB
Font
General
Full URL
https://ap.mainaccount.com/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0
Requested by
Host: ap.mainaccount.com
URL: https://ap.mainaccount.com/integrated.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.23 , United States, ASN11911 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-AS, US),
Reverse DNS
Software
/
Resource Hash
41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ap.mainaccount.com/integrated.css
Origin
https://ap.mainaccount.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 17 Feb 2022 14:04:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:57:38 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=97
Content-Length
56777
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone function| isFramed function| showLogin

6 Cookies

Domain/Path Name / Value
ap.mainaccount.com/WebApp/stmt Name: AWRLEGACYSESSIONID
Value: E02EAE32BECB2F27ADFF2E7FD1276EC9.awr_prod1_dac30193app201
ap.mainaccount.com/WebApp/stmt Name: TS0176fc8a
Value: 01733f92ab05cb36f848c496193fa8e7a4437f6b3f9c9993ff55ddb49cd77bc79ed9a11ec0e9f2660e2fa1bf34e8df994cda81f32d1c594378c54fadf75cf6a5c9b8a3816e7e4404b66be29ce0953e46a9105f810f
ap.mainaccount.com/ Name: ADRUM_BTa
Value: "R:27|g:b7f89a0c-5bc8-415e-8b71-2fc145505856|n:customer1_67745478-3bd4-4291-b220-6059e49d3126"
ap.mainaccount.com/ Name: SameSite
Value: None
ap.mainaccount.com/ Name: ADRUM_BT1
Value: "R:27|i:70738|e:1"
ap.mainaccount.com/ Name: TS019c7ad0
Value: 01733f92ab12416bc5e99e9923f17ab69d1b8a7c759c9993ff55ddb49cd77bc79ed9a11ec0104a2cba8680a7f261c1c16e8739241d6e09fa6295b5cc6ebb2020968f9121c89b477b2779a75d7a19858e5ba83aca9ffcb9ed583987c896b40e338d7aa5244086a8c3fea278f26211aa11ff89ef979d7c03408b5b267caa95862efb9bed4daa9dc64b42b6b208f97d4bb3726d313f98737a17164e996461fbae930bbe2727080ce40fea56dddf08e52228a61976f101d9d2e29ed02b87b9d066d355187999222447b1603343d9f35e247b30ddadc847

2 Console Messages

Source Level URL
Text
network error URL: https://ap.mainaccount.com/UntitledFrame-6
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
rendering info URL: https://ap.mainaccount.com/
Message:
Autofocus processing was blocked because a document already has a focused element.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ap.mainaccount.com
170.61.53.23
257bfc1b651b10937d565743369e261a463e6b948af14e90b0e9601ec686386d
25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6
29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0
36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1
41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a
45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e
533d1c5ab64b4b5b7db1398c12160d893bc2829378d3d62c1d36be114dd7384b
5d720b310c49c9d2dfcfd6aa57a9f612a3b5c9ea6a1e165efc0af3b59f67b2fd
5e5e42f4c727c3d3a9205193f0ca80a07b54a9bc3f7fe3dcbcdf88e6c27d2c01
65134048cfa0e1ba19112d997ff0c4d998769d1224eb7c27655765e104bf381d
6cf97f3380c649a90e71cba3471b209118d0dcaad01722cbc088aff70eddcb28
7d9b0e5e5755f244f4cfc03689977dcdd03fe28fa3d6ad5730995e56a1caa081
8b85ae0e2166e05daa03c1e35313b0b35d41b5f93dfcf1bd25986cd3d0f7f87f
9143e22bed29817f9f2a38b20f9ab785d0f87555598e5a948f78f4d66d7441cd
9913149f5e101539a4426af6fbaf651228ec728e75c6398a6a40df1d84557070
99f87d478492a82471e91cbb3ed939a4ae71de165352cd8efd25ab9228878830
a87cf88f37aa2551aad269ef2f4e787ee4b982662ad01161a40374043ec4d324
b4a2ebeb41f69e8e8754b946415cbb20ed21729a6243a48e376646a62b407827
c11d7ad2fc88cccde65f5f20efa0984716cd48d8802f03e4ecb4d23d55dd89aa
edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d