urlscan.io logo urlscan.io
SecurityTrails logo

schwabstgadvisor.mainaccount.com Open in urlscan Pro
208.39.75.169  Public Scan

Go To Rescan Add Verdict Report
URL: https://schwabstgadvisor.mainaccount.com/
Submission: On June 19 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 20 HTTP transactions. The main IP is 208.39.75.169, located in United States and belongs to DATARETURN, US. The main domain is schwabstgadvisor.mainaccount.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 14th 2018. Valid for: 2 years.
This is the only time schwabstgadvisor.mainaccount.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
20 208.39.75.169 11303 (DATARETURN)
20 1
Apex Domain
Subdomains		 Transfer
20 mainaccount.com
schwabstgadvisor.mainaccount.com
240 KB
20 1
Domain Requested by
20 schwabstgadvisor.mainaccount.com schwabstgadvisor.mainaccount.com
20 1

This site contains no links.

Subject Issuer Validity Valid
schwabstgadvisor.mainaccount.com
DigiCert SHA2 Secure Server CA		 2018-08-14 -
2020-08-14		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://schwabstgadvisor.mainaccount.com/
Frame ID: 04012FB88EF0620C908BFF43EEEB87D9
Requests: 2 HTTP requests in this frame

Frame: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Frame ID: F66F13484C2855E87BDAEAEFCB54DCEB
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

240 kB
Transfer

537 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
schwabstgadvisor.mainaccount.com/ 		921 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
0b6f9166d1b9000f39397a2316bb13b27778d0d2fec41b55250e942827d6430d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Host
schwabstgadvisor.mainaccount.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
Last-Modified
Mon, 23 Dec 2019 09:34:47 GMT
Accept-Ranges
bytes
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000;includeSubDomains
X-XSS-Protection
1
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Content-Length
593
Keep-Alive
timeout=30, max=100
Connection
Keep-Alive
Content-Type
text/html
frame.js
schwabstgadvisor.mainaccount.com/ 		109 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/frame.js
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:34:47 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=30, max=99
Content-Length
102
X-XSS-Protection
1
Cookie set LoginInitServ
schwabstgadvisor.mainaccount.com/WebApp/stmt/ Frame F66F 		124 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
2b5e936fa3690d71f905221312604233eed14a761ca57983f9184771f830a50b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Host
schwabstgadvisor.mainaccount.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
frame
Referer
https://schwabstgadvisor.mainaccount.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://schwabstgadvisor.mainaccount.com/

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
X-dynaTrace
PT=135310;PA=1219505996;SP=Albridge;PS=1574217866
dynaTrace
PT=135310;PA=1219505996;SP=Albridge;PS=1574217866
Pragma
public
Cache-Control
no-store,no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000;includeSubDomains
X-XSS-Protection
1
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Set-Cookie
UserSession=-1; path=/; secure;Secure;SameSite=None AWRLEGACYSESSIONID=E3FD05AFD30441D04F622A9DC30AB283.mobile-awr_stgschwab-node3; Path=/WebApp/stmt; Secure; HttpOnly;Secure;SameSite=None UserSession=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure;Secure;SameSite=None StandardLogin=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None UserLevel=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None siteId=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; secure; httpOnly;Secure;SameSite=None
Keep-Alive
timeout=30, max=98
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html;charset=ISO-8859-1
custom2.css
schwabstgadvisor.mainaccount.com/ Frame F66F 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/custom2.css?v=27.1.0.0
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
9314a6702a9c2731777113f71eccff631696ea29267d70a10dd682cf17f05cdd
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:34:47 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=30, max=97
Content-Length
713
X-XSS-Protection
1
responsive.css
schwabstgadvisor.mainaccount.com/ Frame F66F 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/responsive.css?v=27.1.0.0
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:45:00 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=30, max=96
Content-Length
1271
X-XSS-Protection
1
integrated.js
schwabstgadvisor.mainaccount.com/ Frame F66F 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/integrated.js?v=27.1.0.0
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
eb317bf815f0cd84f9f3235f93e7fd66ef9500dc256cfbc253db5e4ec59a5c5f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:45:00 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=30, max=100
Content-Length
3093
X-XSS-Protection
1
bannerlogo_new.gif
schwabstgadvisor.mainaccount.com/images/ Frame F66F 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://schwabstgadvisor.mainaccount.com/images/bannerlogo_new.gif
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
d3d01b46108b416710d22e7f3a7042bde90691045045154d246158c873a732cc
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:35:09 GMT
Server
Apache
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/gif
Keep-Alive
timeout=30, max=95
Content-Length
3849
X-XSS-Protection
1
splash.js
schwabstgadvisor.mainaccount.com/WebApp/stmt/util/ Frame F66F 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/util/splash.js
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
5584071bc732293a0a2aa57bb9b019804c08830814e53e4fae588c4b1d8cffab
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
dynaTrace
PT=135311;PA=1219505996;SP=Albridge;PS=1574217866
Vary
User-Agent,Accept-Encoding
Content-Length
2671
X-XSS-Protection
1
Last-Modified
Wed, 10 Jun 2020 18:41:24 GMT
Server
Apache
ETag
W/"9457-1591814484000-gzip"
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=100
X-dynaTrace
PT=135311;PA=1219505996;SP=Albridge;PS=1574217866
pm_fp.js
schwabstgadvisor.mainaccount.com/WebApp/stmt/login/ Frame F66F 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/login/pm_fp.js
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
63e75473cd5b1245222132c96ec55b0b01f9b2543e32060ae5e1805bce0c6a2c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
dynaTrace
PT=135312;PA=1219505996;SP=Albridge;PS=1574217866
Vary
User-Agent,Accept-Encoding
Content-Length
3476
X-XSS-Protection
1
Last-Modified
Wed, 10 Jun 2020 18:41:18 GMT
Server
Apache
ETag
W/"10578-1591814478000-gzip"
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=100
X-dynaTrace
PT=135312;PA=1219505996;SP=Albridge;PS=1574217866
jquery.min.js
schwabstgadvisor.mainaccount.com/WebApp/stmt/util/ Frame F66F 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/util/jquery.min.js
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
fc5c616a9d60709e2bafefdd3254db028b8a2fa9f952c5cebe00784bdf427b0a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
dynaTrace
PT=135313;PA=1219505996;SP=Albridge;PS=1574217866
Vary
User-Agent,Accept-Encoding
Content-Length
30034
X-XSS-Protection
1
Last-Modified
Wed, 10 Jun 2020 18:41:24 GMT
Server
Apache
ETag
W/"86639-1591814484000-gzip"
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=100
X-dynaTrace
PT=135313;PA=1219505996;SP=Albridge;PS=1574217866
Nsr.js
schwabstgadvisor.mainaccount.com/WebApp/stmt/util/ Frame F66F 		360 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/util/Nsr.js
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
400b0c18bc9606f8b67673e01560fb8cb0633ddb527b99d5736c53e58c5029d7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
dynaTrace
PT=135315;PA=1219505996;SP=Albridge;PS=1574217866
Vary
User-Agent,Accept-Encoding
Content-Length
187
X-XSS-Protection
1
Last-Modified
Wed, 10 Jun 2020 18:41:22 GMT
Server
Apache
ETag
W/"360-1591814482000-gzip"
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=99
X-dynaTrace
PT=135315;PA=1219505996;SP=Albridge;PS=1574217866
pixel_black.gif
schwabstgadvisor.mainaccount.com/images/ Frame F66F 		49 B
937 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://schwabstgadvisor.mainaccount.com/images/pixel_black.gif
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:44:59 GMT
Server
Apache
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/gif
Keep-Alive
timeout=30, max=99
Content-Length
49
X-XSS-Protection
1
verizon.png
schwabstgadvisor.mainaccount.com/images/ Frame F66F 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://schwabstgadvisor.mainaccount.com/images/verizon.png
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:45:00 GMT
Server
Apache
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=30, max=99
Content-Length
5872
X-XSS-Protection
1
integrated.css
schwabstgadvisor.mainaccount.com/ Frame F66F 		162 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/integrated.css
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
68f4c6a41277f7dce0147ed58554aa37f75068b3a1ed1e2bfcc8a4d2d2bb6326
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:45:00 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=30, max=100
Content-Length
32405
X-XSS-Protection
1
StringUtil.js
schwabstgadvisor.mainaccount.com/WebApp/stmt/util/ Frame F66F 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/util/StringUtil.js
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/util/splash.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
776ba7a64878fce52c111ed3acca48edcfb5d99e535fb8406d4fb4355f4a83c2
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
dynaTrace
PT=135318;PA=1219505996;SP=Albridge;PS=1574217866
Vary
User-Agent,Accept-Encoding
Content-Length
931
X-XSS-Protection
1
Last-Modified
Wed, 10 Jun 2020 18:41:24 GMT
Server
Apache
ETag
W/"2705-1591814484000-gzip"
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=99
X-dynaTrace
PT=135318;PA=1219505996;SP=Albridge;PS=1574217866
commonhtml.js
schwabstgadvisor.mainaccount.com/WebApp/stmt/util/ Frame F66F 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/util/commonhtml.js
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/util/splash.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
428cbaf77c0d114a1754334fc7ada9f0874cf926b93cafd914629e495303f31b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
dynaTrace
PT=135319;PA=1219505996;SP=Albridge;PS=1574217866
Vary
User-Agent,Accept-Encoding
Content-Length
2542
X-XSS-Protection
1
Last-Modified
Wed, 10 Jun 2020 18:41:24 GMT
Server
Apache
ETag
W/"6891-1591814484000-gzip"
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=99
X-dynaTrace
PT=135319;PA=1219505996;SP=Albridge;PS=1574217866
json2.js
schwabstgadvisor.mainaccount.com/WebApp/stmt/util/ Frame F66F 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/util/json2.js
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
91babaf319b751f7d2a6815e660a444f4b4319ea23f133d012e8ed0f5ad3a89d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
dynaTrace
PT=135320;PA=1219505996;SP=Albridge;PS=1574217866
Vary
User-Agent,Accept-Encoding
Content-Length
1362
X-XSS-Protection
1
Last-Modified
Wed, 10 Jun 2020 18:41:24 GMT
Server
Apache
ETag
W/"3437-1591814484000-gzip"
Strict-Transport-Security
max-age=15768000;includeSubDomains
Content-Type
application/x-javascript
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=98
X-dynaTrace
PT=135320;PA=1219505996;SP=Albridge;PS=1574217866
background.png
schwabstgadvisor.mainaccount.com/images/ Frame F66F 		972 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://schwabstgadvisor.mainaccount.com/images/background.png
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/integrated.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:44:59 GMT
Server
Apache
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=30, max=98
Content-Length
972
X-XSS-Protection
1
site_overlay_bg.png
schwabstgadvisor.mainaccount.com/images/ Frame F66F 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://schwabstgadvisor.mainaccount.com/images/site_overlay_bg.png
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
ea35bbeb489d23ebbcb9caffc8ff400a47b8b856083a694f8c5363042bee9b94
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://schwabstgadvisor.mainaccount.com/integrated.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:45:00 GMT
Server
Apache
Vary
User-Agent
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=30, max=98
Content-Length
47400
X-XSS-Protection
1
fontawesome-webfont.woff2
schwabstgadvisor.mainaccount.com/font-awesome/fonts/ Frame F66F 		55 KB
56 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://schwabstgadvisor.mainaccount.com/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0
Requested by
Host: schwabstgadvisor.mainaccount.com
URL: https://schwabstgadvisor.mainaccount.com/WebApp/stmt/LoginInitServ?command=init&url=https%3A%2F%2Fschwabstgadvisor.mainaccount.com%2F&framed=false&standardLogin=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.39.75.169 , United States, ASN11303 (DATARETURN, US),
Reverse DNS
Software
Apache /
Resource Hash
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://schwabstgadvisor.mainaccount.com/integrated.css
Origin
https://schwabstgadvisor.mainaccount.com

Response headers

Date
Fri, 19 Jun 2020 17:21:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Dec 2019 09:44:58 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
P3P
CP="NOI DSP COR NID ADM TAI OUR NOR NAV"
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security
max-age=15768000;includeSubDomains
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=97
Content-Length
56777
X-XSS-Protection
1

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| isFramed function| showLogin

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com;
Strict-Transport-Security max-age=15768000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

schwabstgadvisor.mainaccount.com
208.39.75.169
0b6f9166d1b9000f39397a2316bb13b27778d0d2fec41b55250e942827d6430d
25a4e59d10a844e9c5c07602a9b259bd82f1bbef10882548b926441f1468f8c6
29e38ecb81258138dccb1b4ebe3961c4b2628b843bfb58c832768f57c51de6d0
2b5e936fa3690d71f905221312604233eed14a761ca57983f9184771f830a50b
36067326891c0041d67a19f314bc435ac1a922d8606a84f19ca405f35da107a1
400b0c18bc9606f8b67673e01560fb8cb0633ddb527b99d5736c53e58c5029d7
428cbaf77c0d114a1754334fc7ada9f0874cf926b93cafd914629e495303f31b
45455ee55e5a6e8c5a9fa03bd98e870725a870cfecb93091e0d8d7833724787e
5584071bc732293a0a2aa57bb9b019804c08830814e53e4fae588c4b1d8cffab
63e75473cd5b1245222132c96ec55b0b01f9b2543e32060ae5e1805bce0c6a2c
68f4c6a41277f7dce0147ed58554aa37f75068b3a1ed1e2bfcc8a4d2d2bb6326
776ba7a64878fce52c111ed3acca48edcfb5d99e535fb8406d4fb4355f4a83c2
91babaf319b751f7d2a6815e660a444f4b4319ea23f133d012e8ed0f5ad3a89d
9314a6702a9c2731777113f71eccff631696ea29267d70a10dd682cf17f05cdd
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
d3d01b46108b416710d22e7f3a7042bde90691045045154d246158c873a732cc
ea35bbeb489d23ebbcb9caffc8ff400a47b8b856083a694f8c5363042bee9b94
eb317bf815f0cd84f9f3235f93e7fd66ef9500dc256cfbc253db5e4ec59a5c5f
edfa0cbc36a718de4f884c3cc076fe24156b1ee07d25096f54e0551ad802f0ae
fc5c616a9d60709e2bafefdd3254db028b8a2fa9f952c5cebe00784bdf427b0a