urlscan.io logo urlscan.io
SecurityTrails logo

login.bdreporting.com Open in urlscan Pro
199.36.128.199  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bd3.bdreporting.com/Auth/ExternalLink/Avalon/481?linkUrl=%2Fix
Effective URL: https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBla...
Submission: On December 06 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 199.36.128.199, located in United States and belongs to SSNC-AS - SS&C Technologies, Inc., US. The main domain is login.bdreporting.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on July 23rd 2019. Valid for: 2 years.
This is the only time login.bdreporting.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 199.36.128.204 13938 (SSNC-AS)
1 6 199.36.128.199 13938 (SSNC-AS)
1 104.111.229.247 16625 (AKAMAI-AS)
6 3
Apex Domain
Subdomains		 Transfer
8 bdreporting.com
bd3.bdreporting.com
login.bdreporting.com
251 KB
1 typography.com
cloud.typography.com
119 KB
6 2
Domain Requested by
6 login.bdreporting.com 1 redirects login.bdreporting.com
2 bd3.bdreporting.com 2 redirects
1 cloud.typography.com login.bdreporting.com
6 3

This site contains no links.

Subject Issuer Validity Valid
login.bdreporting.com
DigiCert SHA2 Extended Validation Server CA		 2019-07-23 -
2021-07-27		 2 years crt.sh
*.typography.com
DigiCert SHA2 Secure Server CA		 2019-03-23 -
2020-06-21		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
Frame ID: 8617FE2CE0AC2A5ECB85F54FCE8095F4
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://bd3.bdreporting.com/Auth/ExternalLink/Avalon/481?linkUrl=%2Fix HTTP 302
    https://bd3.bdreporting.com/Auth/SignIn?firmAcronym=Avalon&teamID=481&Url=%2Fix HTTP 302
    https://login.bdreporting.com/connect/authorize?response_type=code&client_id=BlackDiamond_Web&redirect_uri... HTTP 302
    https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dco... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

397 kB
Transfer

920 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bd3.bdreporting.com/Auth/ExternalLink/Avalon/481?linkUrl=%2Fix HTTP 302
    https://bd3.bdreporting.com/Auth/SignIn?firmAcronym=Avalon&teamID=481&Url=%2Fix HTTP 302
    https://login.bdreporting.com/connect/authorize?response_type=code&client_id=BlackDiamond_Web&redirect_uri=https%3a%2f%2fbd3.bdreporting.com%2fauth%2fcode%3fUrl%3d%2fix&scope=openid+profile+api+ix+offline_access&nonce=4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%3d HTTP 302
    https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set SignIn
login.bdreporting.com/Auth/
Redirect Chain
  • https://bd3.bdreporting.com/Auth/ExternalLink/Avalon/481?linkUrl=%2Fix
  • https://bd3.bdreporting.com/Auth/SignIn?firmAcronym=Avalon&teamID=481&Url=%2Fix
  • https://login.bdreporting.com/connect/authorize?response_type=code&client_id=BlackDiamond_Web&redirect_uri=https%3a%2f%2fbd3.bdreporting.com%2fauth%2fcode%3fUrl%3d%2fix&scope=openid+profile+api+ix+...
  • https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%...
1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.36.128.199 , United States, ASN13938 (SSNC-AS - SS&C Technologies, Inc., US),
Reverse DNS
Software
/
Resource Hash
48c73bdf76ab7891e723604d13d60e9b402c33fc908f1beb3a59d6b1bda9f29b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1;mode=block

Request headers

Host
login.bdreporting.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

Cache-Control
no-cache,no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Set-Cookie
.AspNetCore.Antiforgery.kZusIHPjkI8=CfDJ8EW7rlKK5yZFuNG-7pgohDV3cSF0DjOscpOMpoi8m3pz-rQQrigjgMksVzm4or8JGPJ5iO4McttnNvqATumPpCR7KVB0ScEj4ZNEoC-hQ4oibZwX4eQ8XFt_yYh9oaZ-WZWW0n39q3HvCbsi8MTE4R0; path=/; secure; httponly
X-Robots-Tag
noindex, nofollow, noarchive
X-Content-Type-Options
nosniff
X-XSS-Protection
1;mode=block
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date
Fri, 06 Dec 2019 23:56:40 GMT
Content-Security-Policy
default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Referrer-Policy
no-referrer-when-downgrade
Strict-Transport-Security
max-age=16070400; includeSubDomains
Vary
Accept-Encoding
Content-Encoding
gzip
Transfer-Encoding
chunked

Redirect headers

Cache-Control
no-cache,no-store
Location
https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
X-Robots-Tag
noindex, nofollow, noarchive
X-Content-Type-Options
nosniff
X-XSS-Protection
1;mode=block
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date
Fri, 06 Dec 2019 23:56:40 GMT
Content-Security-Policy
default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Referrer-Policy
no-referrer-when-downgrade
Strict-Transport-Security
max-age=16070400; includeSubDomains
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
20
Connection
Keep-Alive
fonts.css
cloud.typography.com/7395932/769486/css/ 		158 KB
119 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cloud.typography.com/7395932/769486/css/fonts.css
Requested by
Host: login.bdreporting.com
URL: https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.229.247 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-229-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a246b4b72b9b7f3df61c09c40196300f234652f6540817f627d4a69ed63dcdad

Request headers

Referer
https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 23:56:42 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Apr 2019 16:38:50 GMT
X-HCo-pid
14
ETag
"fb580020b0ba0fe90ef6442033310ac8:1554914312"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
must-revalidate, private
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Server
Apache
Expires
Fri, 06 December 2019 23:56:42 GMT
font-awesome.css
login.bdreporting.com/lib/font-awesome/css/ 		25 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.bdreporting.com/lib/font-awesome/css/font-awesome.css
Requested by
Host: login.bdreporting.com
URL: https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.36.128.199 , United States, ASN13938 (SSNC-AS - SS&C Technologies, Inc., US),
Reverse DNS
Software
/
Resource Hash
305fdd8ab222d1123866f401b7e8786d674f72ec8d40197069369683b6019655
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1;mode=block

Request headers

Referer
https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 23:56:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary
Accept-Encoding
X-XSS-Protection
1;mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 29 Oct 2019 22:21:16 GMT
ETag
"1d58ea72e04746d"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/css
Cache-Control
private,max-age=3600
Content-Security-Policy
default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow, noarchive
vendor.module.js
login.bdreporting.com/vendor/ 		577 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.bdreporting.com/vendor/vendor.module.js?v=8JIUcHlDEce5xtVwnuHPDdeVs5yc9xucvgLEbAmGPhE
Requested by
Host: login.bdreporting.com
URL: https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.36.128.199 , United States, ASN13938 (SSNC-AS - SS&C Technologies, Inc., US),
Reverse DNS
Software
/
Resource Hash
f0921470794311c7b9c6d5709ee1cf0dd795b39c9cf71b9cbe02c46c09863e11
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1;mode=block

Request headers

Referer
https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 23:56:41 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary
Accept-Encoding
X-XSS-Protection
1;mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 30 Oct 2019 18:19:26 GMT
ETag
"1d58f4e8fc28fd6"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript
Cache-Control
private,max-age=3600
Content-Security-Policy
default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow, noarchive
sign-in.module.js
login.bdreporting.com/dist/ 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.bdreporting.com/dist/sign-in.module.js?v=3ZB4FSlbfKJM7h_TOHd1cgm8Ebtn4Q_z9DSyDz32nRg
Requested by
Host: login.bdreporting.com
URL: https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.36.128.199 , United States, ASN13938 (SSNC-AS - SS&C Technologies, Inc., US),
Reverse DNS
Software
/
Resource Hash
dd907815295b7ca24cee1fd33877757209bc11bb67e10ff3f434b20f3df69d18
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1;mode=block

Request headers

Referer
https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 23:56:41 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary
Accept-Encoding
X-XSS-Protection
1;mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 30 Oct 2019 18:19:34 GMT
ETag
"1d58f4e9491e6ca"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript
Cache-Control
private,max-age=3600
Content-Security-Policy
default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow, noarchive
truncated
/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4103c88c679d71e7a02161abc18d0d1b90cce31740996f723fbdbf3e6b8e0cf

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://login.bdreporting.com

Response headers

Content-Type
application/x-font-woff2
truncated
/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aeb0cfef3c940dd6fe1f307b1185c5ded2a9c1a313bb33d5b1bf50f64ff854b2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://login.bdreporting.com

Response headers

Content-Type
application/x-font-woff2
advent.png
login.bdreporting.com/content/images/logos/ 		7 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.bdreporting.com/content/images/logos/advent.png
Requested by
Host: login.bdreporting.com
URL: https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.36.128.199 , United States, ASN13938 (SSNC-AS - SS&C Technologies, Inc., US),
Reverse DNS
Software
/
Resource Hash
9d81ab5dd561e70ad3a2e3ca4c0ea81aec536bf0ece664e7d3168b6ea077f938
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1;mode=block

Request headers

Referer
https://login.bdreporting.com/Auth/SignIn?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DBlackDiamond_Web%26redirect_uri%3Dhttps%253A%252F%252Fbd3.bdreporting.com%252Fauth%252Fcode%253FUrl%253D%252Fix%26scope%3Dopenid%2520profile%2520api%2520ix%2520offline_access%26nonce%3D4aiXGi0mbk1BXtykmLTfJh6haWqVCooZKumpUdaaNL4%253D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Dec 2019 23:56:42 GMT
Referrer-Policy
no-referrer-when-downgrade
Content-Type
image/png
Last-Modified
Tue, 29 Oct 2019 22:21:16 GMT
ETag
"1d58ea72e040de1"
Strict-Transport-Security
max-age=16070400; includeSubDomains
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private,max-age=3600
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow, noarchive
Vary
Accept-Encoding
Content-Length
7137
X-XSS-Protection
1;mode=block
truncated
/ 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
96858e1f24e7da112afdfe131d0464c31c17e4d23fb5e34abb7c7f17430bb19c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://login.bdreporting.com

Response headers

Content-Type
application/x-font-woff2

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| bd3 function| vendor_lib object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| debug

1 Cookies

Domain/Path Name / Value
login.bdreporting.com/ Name: .AspNetCore.Antiforgery.kZusIHPjkI8
Value: CfDJ8EW7rlKK5yZFuNG-7pgohDV3cSF0DjOscpOMpoi8m3pz-rQQrigjgMksVzm4or8JGPJ5iO4McttnNvqATumPpCR7KVB0ScEj4ZNEoC-hQ4oibZwX4eQ8XFt_yYh9oaZ-WZWW0n39q3HvCbsi8MTE4R0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.bdreporting.com api.mixpanel.com mixpanel.com cdn.mxpnl.com maxcdn.bootstrapcdn.com data: blob:;object-src 'self' *.bdreporting.com blob:;style-src 'self' https://cloud.typography.com https://preview.bdreporting.com https://bd3.bdreporting.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com https://mixpanel.com;frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com *.bdreporting.com https://www.gstatic.com *.schwabinstitutional.com;img-src 'self' data: blob: https://www.google.com cdn.mxpnl.com *.rackcdn.com;frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://*.emoneyadvisor.com https://*.emaplan.com https://*.inautix.com https://*.netx360demo.com https://*.netx360.com https://*.netxprodemo.com https://*.netxpro.com https://*.force.com https://*.financialharvest.com https://*.crm.dynamics.com https://*.crm3.dynamics.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1;mode=block