urlscan.io logo urlscan.io
SecurityTrails logo

oneview.v2020-sai.com Open in urlscan Pro
170.61.53.32  Public Scan

Go To Rescan Add Verdict Report
URL: https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
Submission: On January 05 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 170.61.53.32, located in United States and belongs to THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US. The main domain is oneview.v2020-sai.com.
TLS certificate: Issued by Trusted Secure Certificate Authority 5 on July 29th 2021. Valid for: a year.
This is the only time oneview.v2020-sai.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 170.61.53.32 8012 (THE-BANK-...)
10 1
Apex Domain
Subdomains		 Transfer
10 v2020-sai.com
oneview.v2020-sai.com
69 KB
10 1
Domain Requested by
10 oneview.v2020-sai.com oneview.v2020-sai.com
10 1

This site contains no links.

Subject Issuer Validity Valid
oneview.v2020-sai.com
Trusted Secure Certificate Authority 5		 2021-07-29 -
2022-08-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
Frame ID: 8F752A1CAF185B85BA334F2BEE53F0B1
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

VISION2020 OneView

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

69 kB
Transfer

244 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request NSRServ
oneview.v2020-sai.com/WebApp/stmt/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
f71348c14a27d463d457597f47ebc19a2ab2a88f3248e60a2bfc7f8301cba26a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Wed, 05 Jan 2022 17:12:27 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Encoding
gzip
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Strict-Transport-Security
max-age=15768000;includeSubDomains
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Keep-Alive
timeout=30, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html;charset=ISO-8859-1
custom2.css
oneview.v2020-sai.com/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oneview.v2020-sai.com/custom2.css?v=28.3.0.0
Requested by
Host: oneview.v2020-sai.com
URL: https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
4ef17189c2705199358656769e6aa1be58dedd7d79065e4418632f03008ae3cf
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 05 Jan 2022 17:12:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Vary
User-Agent,Accept-Encoding
Content-Length
468
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 27 Oct 2021 13:55:26 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
text/css
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=99
responsive.css
oneview.v2020-sai.com/ 		5 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oneview.v2020-sai.com/responsive.css?v=28.3.0.0
Requested by
Host: oneview.v2020-sai.com
URL: https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 05 Jan 2022 17:12:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Vary
User-Agent,Accept-Encoding
Content-Length
1271
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 27 Oct 2021 13:57:42 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
text/css
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=98
integrated.js
oneview.v2020-sai.com/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oneview.v2020-sai.com/integrated.js?v=28.3.0.0
Requested by
Host: oneview.v2020-sai.com
URL: https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
5e5e42f4c727c3d3a9205193f0ca80a07b54a9bc3f7fe3dcbcdf88e6c27d2c01
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 05 Jan 2022 17:12:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Vary
User-Agent,Accept-Encoding
Content-Length
3333
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 27 Oct 2021 13:57:42 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/javascript
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=100
splash.js
oneview.v2020-sai.com/WebApp/stmt/util/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oneview.v2020-sai.com/WebApp/stmt/util/splash.js
Requested by
Host: oneview.v2020-sai.com
URL: https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
65134048cfa0e1ba19112d997ff0c4d998769d1224eb7c27655765e104bf381d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 05 Jan 2022 17:12:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Length
3747
X-XSS-Protection
1; mode=block
Last-Modified
Sat, 18 Dec 2021 22:14:52 GMT
Server
Apache
ETag
W/"12773-1639865692000-gzip"
Vary
User-Agent,Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=100
bannerlogo_new.gif
oneview.v2020-sai.com/images/ 		4 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oneview.v2020-sai.com/images/bannerlogo_new.gif
Requested by
Host: oneview.v2020-sai.com
URL: https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
5b8b23275688dbe232ff42aad8b10941c4a31029576893cedd12ceb42b1a2e86
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 05 Jan 2022 17:12:28 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:55:28 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/gif
Keep-Alive
timeout=30, max=99
Content-Length
4502
X-XSS-Protection
1; mode=block
integrated.css
oneview.v2020-sai.com/ 		191 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oneview.v2020-sai.com/integrated.css
Requested by
Host: oneview.v2020-sai.com
URL: https://oneview.v2020-sai.com/custom2.css?v=28.3.0.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
7d9b0e5e5755f244f4cfc03689977dcdd03fe28fa3d6ad5730995e56a1caa081
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneview.v2020-sai.com/custom2.css?v=28.3.0.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 05 Jan 2022 17:12:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Vary
User-Agent,Accept-Encoding
Content-Length
38400
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 27 Oct 2021 13:57:42 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
text/css
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=100
StringUtil.js
oneview.v2020-sai.com/WebApp/stmt/util/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oneview.v2020-sai.com/WebApp/stmt/util/StringUtil.js
Requested by
Host: oneview.v2020-sai.com
URL: https://oneview.v2020-sai.com/WebApp/stmt/util/splash.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
a87cf88f37aa2551aad269ef2f4e787ee4b982662ad01161a40374043ec4d324
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 05 Jan 2022 17:12:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Length
1694
X-XSS-Protection
1; mode=block
Last-Modified
Sat, 18 Dec 2021 22:14:52 GMT
Server
Apache
ETag
W/"5031-1639865692000-gzip"
Vary
User-Agent,Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=99
commonhtml.js
oneview.v2020-sai.com/WebApp/stmt/util/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oneview.v2020-sai.com/WebApp/stmt/util/commonhtml.js
Requested by
Host: oneview.v2020-sai.com
URL: https://oneview.v2020-sai.com/WebApp/stmt/util/splash.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
5d720b310c49c9d2dfcfd6aa57a9f612a3b5c9ea6a1e165efc0af3b59f67b2fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneview.v2020-sai.com/WebApp/stmt/NSRServ?command=RSTPWD&siteId=7_oneview&userType=1&fiID=7Use
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 05 Jan 2022 17:12:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Length
2909
X-XSS-Protection
1; mode=block
Last-Modified
Sat, 18 Dec 2021 22:14:52 GMT
Server
Apache
ETag
W/"8036-1639865692000-gzip"
Vary
User-Agent,Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=98
background.png
oneview.v2020-sai.com/images/ 		972 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oneview.v2020-sai.com/images/background.png
Requested by
Host: oneview.v2020-sai.com
URL: https://oneview.v2020-sai.com/integrated.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.61.53.32 , United States, ASN8012 (THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-PERSHING, US),
Reverse DNS
Software
Apache /
Resource Hash
29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneview.v2020-sai.com/integrated.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 05 Jan 2022 17:12:28 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Oct 2021 13:57:42 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=30, max=99
Content-Length
972
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

157 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| showportfoliomenuVar boolean| isMouseDown function| touchStart_b function| touchEnd_b function| touchStart_n function| touchEnd_n function| addClass function| removeClass function| touchStart_q function| touchEnd_q function| touchStart_q1 function| touchEnd_q1 boolean| display number| escapeMe number| topprofilebox number| feedpopup number| portmenu number| howtomenu function| myonclickhandler undefined| globalsearch number| menutopstat number| menutopstat1 number| menutopstat2 number| menutopstat3 number| menutopstat4 number| menutopstat5 number| menutopstat6 number| menutopstat7 number| menutopstat8 number| menutopstat9 number| menutopstat10 number| menutopstat11 number| menutopstat15 number| menutopstat16 number| menurepstat number| clientMenuboxVar number| showportfoliomenu number| menutopstatQr function| showmenu function| showNotify function| showquesmenu function| showqrbox function| showexmenu function| showclientmenu function| getDocHeight function| callPopup function| closePopup number| loadSrc function| AdjustIframeHeightOnLoad function| AdjustIframeHeight function| ifrmResize function| touchStart_link function| touchEnd_link function| scrolllft function| scrollrgt function| scrollDivLeft function| focusBorder function| focusBorderOut string| enabledOverlay boolean| onClickOver function| showOverlay1 function| disableOverlay function| getElementById function| overlayHandler boolean| _debug boolean| _placeholderSupport function| loadPlaceholder function| PlaceholderFormSubmit function| HandlePlaceholderItemSubmit function| ReplaceWithText function| HandlePlaceholder function| Debug function| touchStart_invite function| touchEnd_invite number| varAddClient function| showAddClient function| showHowtoMenu number| defaultStep number| step function| loadScript string| nortonSecurityURL function| keyDown function| splash_type1 function| splash_type2 function| splash_type3 function| splash_type4 function| splash_type5 function| setParentTitle function| footer function| browser_reqirements function| whatsnewblurb function| tour function| gen_verisign function| www2_verisign function| www3_verisign function| www4_verisign function| api_verisign function| askar_verisign function| cai_verisign function| cir_verisign function| ing_verisign function| npa_verisign function| nridge_verisign function| oneview_geotrust function| wsfg_verisign function| wm_verisign function| lpl_verisign function| lfa_verisign function| valic_verisign function| citi_verisign function| Command function| pop function| popUpWindow function| popUp function| ValidateField function| CheckField function| setProtocol function| getText function| doLogin function| frontPageInit function| showHideProgressBar function| showProgressBar function| hideProgressBar function| getRadioValue function| forgotPassword function| make_bookmark function| do_bookmark function| getBodyHeight function| goHome string| nextElement boolean| isNetscape string| version number| len function| MM_findObj function| MM_setTextOfLayer function| MM_setTextOfTextfield function| whatsnew function| next function| ValidEmpty function| Confirmer function| isLetter function| isDigit function| isLetterOrDigit function| trimSpace function| ValidRegPassword function| makeArray function| getCorrectedYear function| y2k object| months object| date object| dateY2K function| doPost function| createInput function| popupLayer function| closePopupLayer function| closeAWRPopupLayer function| awrPopupLayer

1 Cookies

Domain/Path Name / Value
oneview.v2020-sai.com/WebApp/stmt Name: AWRLEGACYSESSIONID
Value: 451962EC9F053EC2D268388AB4193559.awr_aig_dac30193app201

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net; img-src 'self' data: *.albridge.com *.bnymellon.net *.mainaccount.com *.schwab.com *.vidyard.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block