ca-plans.astfinancial.com Open in urlscan Pro
74.121.165.38 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ca-plans.astfinancial.com/total-wealth/
Effective URL:
https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
Submission: On May 12 via manual (May 12th 2022, 6:56:03 pm UTC) from CA — Scanned from CA

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 19 HTTP transactions. The main IP is 74.121.165.38, located in Montreal, Canada and belongs to BACOM2-AS, US. The main domain is ca-plans.astfinancial.com.
TLS certificate: Issued by GeoTrust RSA CA 2018 on September 16th 2021. Valid for: a year.

This is the only time ca-plans.astfinancial.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	74.121.165.38 74.121.165.38	603 (BACOM2-AS) (BACOM2-AS)
1	2607:f8b0:400... 2607:f8b0:4006:822::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
19	5

15 74.121.165.38 (Montreal, Canada) 1 redirects

ASN603 (BACOM2-AS, US)

ca-plans.astfinancial.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:822::200a (Staten Island, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::200e (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:824::2003 (Staten Island, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	astfinancial.com 1 redirects ca-plans.astfinancial.com	1 MB
1	gstatic.com fonts.gstatic.com	17 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	1 KB
0	ubembed.com Failed 7867ffbbe876435a846fe0266e167d23.js.ubembed.com Failed 7867ffbbe876435a846fe0266e167d23.js.assets.ubembed.com Failed
19	5

	Domain	Requested by
15	ca-plans.astfinancial.com	1 redirects ca-plans.astfinancial.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.google-analytics.com	ca-plans.astfinancial.com
1	fonts.googleapis.com	ca-plans.astfinancial.com
0	7867ffbbe876435a846fe0266e167d23.js.assets.ubembed.com Failed	ca-plans.astfinancial.com
0	7867ffbbe876435a846fe0266e167d23.js.ubembed.com Failed	ca-plans.astfinancial.com
19	6

This site contains no links.

Subject Issuer	Validity	Valid
*.astfinancial.com GeoTrust RSA CA 2018	`2021-09-16` - `2022-10-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
Frame ID: F8490FB92D54B793A6EF85C3675EA3AA
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Employee Central

Page URL History Show full URLs

https://ca-plans.astfinancial.com/total-wealth/ HTTP 302
https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

89 %
HTTPS

75 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

1382 kB
Transfer

1398 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ca-plans.astfinancial.com/total-wealth/ HTTP 302
https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login_home.do Show response
ca-plans.astfinancial.com/total-wealth/psapi/
Redirect Chain

https://ca-plans.astfinancial.com/total-wealth/
https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

9 KB
10 KB

490ms
490ms

Document
text/html

74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

b1a656ea41146f3e626f8b5ea545e20854e0e1616bddd95c58d16373eecd31fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-store, no-cache
Connection: keep-alive
Content-Language: en-CA
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Content-Type: text/html;charset=UTF-8
Date: Thu, 12 May 2022 18:55:58 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Redirect headers

Cache-Control: no-store, no-cache
Connection: keep-alive
Content-Language: en-CA
Content-Length: 0
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Content-Type: text/html
Date: Thu, 12 May 2022 18:55:57 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
Pragma: no-cache
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.css
ca-plans.astfinancial.com/total-wealth/bootstrap/css/ 149 KB
150 KB 70ms
70ms Stylesheet
text/css 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/bootstrap/css/bootstrap.css?v=tmx.0.0.0

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

e0270566c1434dc18bd92aa768159d577b9399da179d86962efc787090aa1293

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Fri, 03 Sep 2021 18:01:30 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 152733
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK popper.js Show response
ca-plans.astfinancial.com/total-wealth/bootstrap/js/ 89 KB
90 KB 145ms
107ms Script
application/javascript 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/bootstrap/js/popper.js

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

bc1c7daa97c54f59bc9455fc683276ebadcf5119014892055a5fd6fb9bfac113

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Fri, 03 Sep 2021 18:01:30 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 91390
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK jquery-3.6.0.min.js Show response
ca-plans.astfinancial.com/total-wealth/js/jquery/ 87 KB
88 KB 122ms
84ms Script
application/javascript 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/js/jquery/jquery-3.6.0.min.js

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Fri, 03 Sep 2021 18:01:30 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 89501
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK jquery-scripts.min.js Show response
ca-plans.astfinancial.com/total-wealth/js/jquery/ 536 KB
537 KB 143ms
105ms Script
application/javascript 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/js/jquery/jquery-scripts.min.js

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

d6f82ed3295f96bb1e705c94aa7012f4038cebc4eb60577d96b6dc51f26b5d2d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Wed, 05 Jan 2022 19:04:02 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 549167
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 81ms
35ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

127971f0d7e0ac5bc266c81c7a858e1ecf84e318238f2d36d2aec12dc6b6d211

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 12 May 2022 17:41:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 12 May 2022 18:55:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 12 May 2022 18:55:58 GMT

GET
H/1.1 200
OK icomoon.css
ca-plans.astfinancial.com/total-wealth/css/fonts/icomoon/ 21 KB
22 KB 120ms
84ms Stylesheet
text/css 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/css/fonts/icomoon/icomoon.css?v=tmx.0.0.0

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

5de3467f50c1414f76743adf3d9fa93e383b63f074c40bb5665bbc8b0ea30e3c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Fri, 20 Aug 2021 18:13:06 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 21875
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK app-scripts.min.js Show response
ca-plans.astfinancial.com/total-wealth/scripts/ 20 KB
21 KB 251ms
112ms Script
application/javascript 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/scripts/app-scripts.min.js

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

e44329a03d1ae19d2bd7d061deef30dba52fa0dee31b92557f076d21f9d1aa2c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Wed, 05 Jan 2022 19:03:58 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 20913
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK app-styles.min.css
ca-plans.astfinancial.com/total-wealth/css/ 126 KB
127 KB 157ms
121ms Stylesheet
text/css 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/css/app-styles.min.css?v=tmx.0.0.0

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

2dcb553ac3108df4e413573002ea530d58dd4597527a395040ed96c07462181b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Wed, 05 Jan 2022 19:03:58 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 129341
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK psalogin.js Show response
ca-plans.astfinancial.com/total-wealth/js/psapi/ 5 KB
6 KB 182ms
22ms Script
application/javascript 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/js/psapi/psalogin.js

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

25716e8b0d9bc929d2c41b3b04be7dbc997d07c7e8025e3bd273cb2f234fe651

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Fri, 20 Aug 2021 18:13:08 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 5329
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK TMX-NEG_250x83.png
ca-plans.astfinancial.com/total-wealth/images/ 2 KB
3 KB 22ms
22ms Image
image/png 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ca-plans.astfinancial.com/total-wealth/images/TMX-NEG_250x83.png

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

bee305091e2f532e1acdb7e1e191a83f2ad043e606e0bd5ee5b411765fec9e15

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Fri, 20 Aug 2021 18:13:08 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 1658
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 68ms
20ms Script
text/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/scripts/app-scripts.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 724
date: Thu, 12 May 2022 18:43:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 12 May 2022 20:43:54 GMT

GET /
7867ffbbe876435a846fe0266e167d23.js.ubembed.com/ 0
0

GET /
7867ffbbe876435a846fe0266e167d23.js.assets.ubembed.com/ 0
0

GET
H/1.1 200
OK Login_Banner.jpg
ca-plans.astfinancial.com/total-wealth/images/ 233 KB
234 KB 31ms
31ms Image
image/jpeg 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ca-plans.astfinancial.com/total-wealth/images/Login_Banner.jpg

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/css/app-styles.min.css?v=tmx.0.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

5d507d87110c961e12822b2951137ada2c2ae21b505d6ceee3e950c006be56e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca-plans.astfinancial.com/total-wealth/css/app-styles.min.css?v=tmx.0.0.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Fri, 20 Aug 2021 18:13:08 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-store, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 238266
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v29/ 16 KB
17 KB 68ms
22ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9434dddcdf38e072b039bb92f9e90639ec0e0563e8ff51604a60d91830c29289

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ca-plans.astfinancial.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 19:33:20 GMT
x-content-type-options: nosniff
age: 84158
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16720
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 May 2023 19:33:20 GMT

GET
H/1.1 200
OK icomoon.ttf
ca-plans.astfinancial.com/total-wealth/css/fonts/ 33 KB
34 KB 23ms
23ms Font
application/x-font-ttf 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/css/fonts/icomoon.ttf?twf48c

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/css/app-styles.min.css?v=tmx.0.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

0ab560e4dd206677a1753ffdba49ab2451e5f10b7f8a616b57cd2c5128c51dba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ca-plans.astfinancial.com/total-wealth/css/app-styles.min.css?v=tmx.0.0.0
Origin: https://ca-plans.astfinancial.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Fri, 20 Aug 2021 18:13:06 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-font-ttf
Content-Length: 33636
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK glyphicons-halflings-regular.woff2
ca-plans.astfinancial.com/total-wealth/bootstrap/fonts/ 18 KB
19 KB 114ms
114ms Font
application/font-woff2 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/bootstrap/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/bootstrap/css/bootstrap.css?v=tmx.0.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ca-plans.astfinancial.com/total-wealth/bootstrap/css/bootstrap.css?v=tmx.0.0.0
Origin: https://ca-plans.astfinancial.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
Last-Modified: Fri, 20 Aug 2021 18:13:06 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/font-woff2
Content-Length: 18028
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK login_getLanguageList.do Show response
ca-plans.astfinancial.com/total-wealth/psapi/ 510 B
1 KB 54ms
53ms XHR
text/text 74.121.165.38
BACOM2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ca-plans.astfinancial.com/total-wealth/psapi/login_getLanguageList.do

Requested by

Host: ca-plans.astfinancial.com
URL: https://ca-plans.astfinancial.com/total-wealth/js/jquery/jquery-3.6.0.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.165.38 Montreal, Canada, ASN603 (BACOM2-AS, US),

Reverse DNS

Software

Resource Hash

77da47be27625b609a731798fbeaa19c6fed33130de141e2498b7d6c0c3861e8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100
X-Requested-With: XMLHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Date: Thu, 12 May 2022 18:55:58 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains; preload
Content-Language: en-CA
Cache-Control: no-cache
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/text;charset=utf-8
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 7867ffbbe876435a846fe0266e167d23.js.ubembed.com
URL: https://7867ffbbe876435a846fe0266e167d23.js.ubembed.com/

Domain: 7867ffbbe876435a846fe0266e167d23.js.assets.ubembed.com
URL: https://7867ffbbe876435a846fe0266e167d23.js.assets.ubembed.com/

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ca-plans.astfinancial.com/total-wealth	1969-12-31 23:59:59	Name: JSESSIONID Value: Xeb624UhT9cnT9ArAmr6e3rNySh-aTbXA3axyFv3.TWPRODCANode3
ca-plans.astfinancial.com/total-wealth	1969-12-31 23:59:59	Name: TS01b4a6f7 Value: 01a2c32caf05b9115bf0523ad04ced8938465a913a30f827ba9580a3dc093807860e1a41b34679e72e5ac6f5ec1170b909f50d44af31cc5c584bb1522d83ebcdb4cfc0c7e4
ca-plans.astfinancial.com/	1969-12-31 23:59:59	Name: BIGipServertw_pool Value: !4MtDQvS43SG9Jd8jTMBmm2RQGYdHZUoZ2fqBmhtFQtPogRPOE1GksrvWGWIcXglmon150dxAA5pBfA==
.ca-plans.astfinancial.com/	1969-12-31 23:59:59	Name: TS01976851 Value: 01a2c32caf2464f510a2411e8f1e4cdb7afb1fc87f30f827ba9580a3dc093807860e1a41b326cc491c3edc9ff5d6443d0c8df25d17ce5f4e75dbe2e958565a9bd1a9c8307c

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100 Message: Refused to load the script 'https://7867ffbbe876435a846fe0266e167d23.js.ubembed.com/' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://ca-plans.astfinancial.com/total-wealth/psapi/login_home.do?selectedLang=100 Message: Refused to load the script 'https://7867ffbbe876435a846fe0266e167d23.js.assets.ubembed.com/' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' *.astfinancial.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.googleapis.com fonts.gstatic.com astfinancial.com;img-src 'self' data: https:;object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com astfinancial.com;frame-ancestors 'none';
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7867ffbbe876435a846fe0266e167d23.js.assets.ubembed.com
7867ffbbe876435a846fe0266e167d23.js.ubembed.com
ca-plans.astfinancial.com
fonts.googleapis.com
fonts.gstatic.com
www.google-analytics.com
7867ffbbe876435a846fe0266e167d23.js.assets.ubembed.com
7867ffbbe876435a846fe0266e167d23.js.ubembed.com
2607:f8b0:4006:817::200e
2607:f8b0:4006:822::200a
2607:f8b0:4006:824::2003
74.121.165.38
0ab560e4dd206677a1753ffdba49ab2451e5f10b7f8a616b57cd2c5128c51dba
127971f0d7e0ac5bc266c81c7a858e1ecf84e318238f2d36d2aec12dc6b6d211
25716e8b0d9bc929d2c41b3b04be7dbc997d07c7e8025e3bd273cb2f234fe651
2dcb553ac3108df4e413573002ea530d58dd4597527a395040ed96c07462181b
5d507d87110c961e12822b2951137ada2c2ae21b505d6ceee3e950c006be56e9
5de3467f50c1414f76743adf3d9fa93e383b63f074c40bb5665bbc8b0ea30e3c
77da47be27625b609a731798fbeaa19c6fed33130de141e2498b7d6c0c3861e8
9434dddcdf38e072b039bb92f9e90639ec0e0563e8ff51604a60d91830c29289
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b1a656ea41146f3e626f8b5ea545e20854e0e1616bddd95c58d16373eecd31fb
bc1c7daa97c54f59bc9455fc683276ebadcf5119014892055a5fd6fb9bfac113
bee305091e2f532e1acdb7e1e191a83f2ad043e606e0bd5ee5b411765fec9e15
d6f82ed3295f96bb1e705c94aa7012f4038cebc4eb60577d96b6dc51f26b5d2d
e0270566c1434dc18bd92aa768159d577b9399da179d86962efc787090aa1293
e44329a03d1ae19d2bd7d061deef30dba52fa0dee31b92557f076d21f9d1aa2c
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

ca-plans.astfinancial.com Open in urlscan Pro 74.121.165.38 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

89 %HTTPS

75 %IPv6

5 Domains

6 Subdomains

5 IPs

2 Countries

1382 kBTransfer

1398 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

4 Cookies

2 Console Messages

Security Headers

Indicators

ca-plans.astfinancial.com Open in urlscan Pro
74.121.165.38 Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

89 %
HTTPS

75 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

1382 kB
Transfer

1398 kB
Size

4
Cookies

19 HTTP transactions
0 data transactions