urlscan.io logo urlscan.io
SecurityTrails logo

www3.aia.com.hk Open in urlscan Pro
107.162.156.194  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://app.comm.aia.com.hk/e/er?s=1009181838&lid=11634&elqTrackId=5fb5b63c7AB12ABCDEFGHIJKLMNOPQ3b&elq=5f7d0d02b6094cf1b373...
Effective URL: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Submission: On June 14 via api from CH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 107.162.156.194, located in United States and belongs to DEFENSE-NET, US. The main domain is www3.aia.com.hk.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 28th 2022. Valid for: a year.
This is the only time www3.aia.com.hk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 142.0.173.37 7160 (NETDYNAMICS)
12 107.162.156.194 55002 (DEFENSE-NET)
12 2
Apex Domain
Subdomains		 Transfer
13 aia.com.hk
app.comm.aia.com.hk
www3.aia.com.hk
161 KB
12 1
Domain Requested by
12 www3.aia.com.hk www3.aia.com.hk
1 app.comm.aia.com.hk 1 redirects
12 2

This site contains no links.

Subject Issuer Validity Valid
www3.aia.com.hk
DigiCert SHA2 Extended Validation Server CA		 2022-01-28 -
2023-02-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Frame ID: F590AE5348F82BA74A4D00C474EE542E
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

AIA VITALITY MEMBERSHIP ACTIVATION

Page URL History Show full URLs

  1. https://app.comm.aia.com.hk/e/er?s=1009181838&lid=11634&elqTrackId=5fb5b63c7AB12ABCDEFGHIJKLMNOPQ3b&elq=... HTTP 302
    https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq Page URL

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

161 kB
Transfer

300 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://app.comm.aia.com.hk/e/er?s=1009181838&lid=11634&elqTrackId=5fb5b63c7AB12ABCDEFGHIJKLMNOPQ3b&elq=5f7d0d02b6094cf1b37337d57d7f86d4&elqaid=8114&elqat=1 HTTP 302
    https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request MembershipActivation
www3.aia.com.hk/Vitality/
Redirect Chain
  • https://app.comm.aia.com.hk/e/er?s=1009181838&lid=11634&elqTrackId=5fb5b63c7AB12ABCDEFGHIJKLMNOPQ3b&elq=5f7d0d02b6094cf1b37337d57d7f86d4&elqaid=8114&elqat=1
  • https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
7260bdafc9522f29b5fb0ff6556cc3cd2c625deb3af4afa58030e3ea74466f54
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Access-Control-Allow-Methods
GET, POST, OPTIONS POST, GET, OPTIONS
Allow
POST, GET, OPTIONS,HEAD
Cache-Control
no-cache="set-cookie, set-cookie2"
Connection
Keep-Alive
Content-Language
en-US
Content-Length
6761
Content-Security-Policy
frame-ancestors 'self'
Content-Type
text/html;charset=UTF-8
Date
Tue, 14 Jun 2022 15:57:08 GMT
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive
timeout=10, max=100
Referrer-Policy
strict-origin-when-cross-origin
Server-Timing
dtSInfo;desc="0", dtRpid;desc="345928881"
Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-OneAgent-JS-Injection
true
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store
Content-Length
180
Content-Type
text/html; charset=utf-8
Date
Tue, 14 Jun 2022 15:57:06 GMT
Expires
-1
Location
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Pragma
no-cache
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-Xss-Protection
1; mode=block
ruxitagentjs_ICA27Vfgjqrux_10239220408103229.js
www3.aia.com.hk/Vitality/ 		238 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.aia.com.hk/Vitality/ruxitagentjs_ICA27Vfgjqrux_10239220408103229.js
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
caffee273e872769434abb91219e61cd5834d4a0c1326b98aff23cafe811e29b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
90296
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 03 Mar 2010 07:01:40 GMT
X-Frame-Options
SAMEORIGIN
Date
Tue, 14 Jun 2022 15:57:08 GMT
Allow
POST, GET, OPTIONS,HEAD
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Type
text/javascript; charset=utf-8
Via
1.1 fra1-bit6002
Cache-Control
public, max-age=31536000, immutable
Content-Security-Policy
frame-ancestors 'self'
Keep-Alive
timeout=10, max=99
Expires
Wed, 14 Jun 2023 15:57:08 GMT
common.css
www3.aia.com.hk/Vitality/pages/files/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www3.aia.com.hk/Vitality/pages/files/common.css?1652151394000
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
58085bae7a3975d13434ee8f8a1cddc283f595c1acc6efe0beb505208d855872
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="440690533"
Content-Length
6112
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 May 2022 02:56:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Tue, 14 Jun 2022 15:57:09 GMT
Allow
POST, GET, OPTIONS,HEAD
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Language
en-US
Connection
Keep-Alive
Content-Security-Policy
frame-ancestors 'self'
Content-Type
text/css
Keep-Alive
timeout=10, max=100
activation.js
www3.aia.com.hk/Vitality/pages/files/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.aia.com.hk/Vitality/pages/files/activation.js?1652151394000
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
ddde006cfafe2cbfcb396751c5e1efcffe81411bb76c7d8a0d12df0bb68bf85b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="1151182999"
Content-Length
4921
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 May 2022 02:56:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Tue, 14 Jun 2022 15:57:09 GMT
Allow
POST, GET, OPTIONS,HEAD
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Language
en-US
Connection
Keep-Alive
Content-Security-Policy
frame-ancestors 'self'
Content-Type
application/javascript
Keep-Alive
timeout=10, max=100
VitalityLogo.png
www3.aia.com.hk/Vitality/pages/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.aia.com.hk/Vitality/pages/images/VitalityLogo.png
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
ff557e8e945b19ca59c7e83ba22053628362e2c912094f9de255b5d83e866660
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="2075945817"
Content-Length
1516
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 May 2022 02:56:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Tue, 14 Jun 2022 15:57:09 GMT
Allow
POST, GET, OPTIONS,HEAD
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Language
en-US
Connection
Keep-Alive
Content-Security-Policy
frame-ancestors 'self'
Content-Type
image/png
Keep-Alive
timeout=10, max=99
AIALogo.png
www3.aia.com.hk/Vitality/pages/images/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.aia.com.hk/Vitality/pages/images/AIALogo.png
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
081af5be5c52049a3011aecfd75a4f87d82c6b3ed0bcf1d8b4fb4641a715936c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="693642556"
Content-Length
10160
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 May 2022 02:56:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Tue, 14 Jun 2022 15:57:09 GMT
Allow
POST, GET, OPTIONS,HEAD
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Language
en-US
Connection
Keep-Alive
Content-Security-Policy
frame-ancestors 'self'
Content-Type
image/png
Keep-Alive
timeout=10, max=99
jcaptcha
www3.aia.com.hk/Vitality/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.aia.com.hk/Vitality/jcaptcha?1
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
73c012b586ac1041224ea82bca198bfbf25f26d55d54df4fba82ffe13cb27799
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-2009764898"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=10, max=98
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
X-Frame-Options
SAMEORIGIN
Date
Tue, 14 Jun 2022 15:57:09 GMT
Allow
POST, GET, OPTIONS,HEAD
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Language
en-US
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Security-Policy
frame-ancestors 'self'
Content-Type
image/jpeg
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Refresh.png
www3.aia.com.hk/Vitality/pages/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.aia.com.hk/Vitality/pages/images/Refresh.png
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
0fa599a333f4b0c79a991cfe7d7b1b2759a61623b7abb63c6e814ea677eb1941
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-1092607586"
Content-Length
1613
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 May 2022 02:56:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Tue, 14 Jun 2022 15:57:10 GMT
Allow
POST, GET, OPTIONS,HEAD
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Language
en-US
Connection
Keep-Alive
Content-Security-Policy
frame-ancestors 'self'
Content-Type
image/png
Keep-Alive
timeout=10, max=100
Loading.gif
www3.aia.com.hk/Vitality/pages/images/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.aia.com.hk/Vitality/pages/images/Loading.gif
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
ec80bea1355db7f5c5bf4f88741f7afe90a744f652f9358ba761da2783495ba2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="611269059"
Content-Length
7364
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 May 2022 02:56:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Tue, 14 Jun 2022 15:57:10 GMT
Allow
POST, GET, OPTIONS,HEAD
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Language
en-US
Connection
Keep-Alive
Content-Security-Policy
frame-ancestors 'self'
Content-Type
image/gif
Keep-Alive
timeout=10, max=100
truncated
/ 		82 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e97fd55df20e751d3f7a5986f80b277e341190084f99cf0e9f38df5b2eb26d67

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/png
AIASans-Condensed-500.woff
www3.aia.com.hk/Vitality/pages/files/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www3.aia.com.hk/Vitality/pages/files/AIASans-Condensed-500.woff
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/pages/files/common.css?1652151394000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
5d60bdbc2043a3386b3af7ec138db305abdd98fcd0669c910771e2dd44185ee1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www3.aia.com.hk/Vitality/pages/files/common.css?1652151394000
Origin
https://www3.aia.com.hk
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 14 Jun 2022 15:57:10 GMT
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
Timing-Allow-Origin
*
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="1154409360", dtTao;desc="1"
Content-Length
22436
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Allow
POST, GET, OPTIONS,HEAD
Last-Modified
Tue, 10 May 2022 02:56:32 GMT
X-Frame-Options
SAMEORIGIN
ETag
"1652151394:dtagent10239220408103229spIQ:dtagent10239220408103229spIQ"
Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Language
en-US
Access-Control-Allow-Origin
https://www3.aia.com.hk
Connection
Keep-Alive
Content-Security-Policy
frame-ancestors 'self'
Content-Type
text/plain
Keep-Alive
timeout=10, max=100
rb_3402369b-c9a0-44ad-805e-77f0237570fa
www3.aia.com.hk/Vitality/ 		120 B
828 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www3.aia.com.hk/Vitality/rb_3402369b-c9a0-44ad-805e-77f0237570fa?type=js3&sn=v_4_srv_4_sn_52D5955090C42FF17314C2CE2A58B03F_perc_100000_ol_0_mul_1_app-3A53cbe07666e1277b_1&svrid=4&flavor=post&vi=IFDRCHOTWMHMJRFCHCUNAWHQUWIEKCUQ-0&modifiedSince=1654868262131&rf=https%3A%2F%2Fwww3.aia.com.hk%2FVitality%2FMembershipActivation%3Fk%3Dystoelq&bp=3&app=53cbe07666e1277b&crc=4031239890&en=cel9isk0&end=1
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/ruxitagentjs_ICA27Vfgjqrux_10239220408103229.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
047c2817190c66c39cfc093300d7179212f5552702f5fcf7c331478d8d566319
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 14 Jun 2022 15:57:12 GMT
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
120
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Allow
POST, GET, OPTIONS,HEAD
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www3.aia.com.hk
Content-Security-Policy
frame-ancestors 'self'
Keep-Alive
timeout=10, max=99
rb_3402369b-c9a0-44ad-805e-77f0237570fa
www3.aia.com.hk/Vitality/ 		120 B
828 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www3.aia.com.hk/Vitality/rb_3402369b-c9a0-44ad-805e-77f0237570fa?type=js3&sn=v_4_srv_4_sn_52D5955090C42FF17314C2CE2A58B03F_perc_100000_ol_0_mul_1_app-3A53cbe07666e1277b_1&svrid=4&flavor=post&vi=IFDRCHOTWMHMJRFCHCUNAWHQUWIEKCUQ-0&modifiedSince=1654868262131&rf=https%3A%2F%2Fwww3.aia.com.hk%2FVitality%2FMembershipActivation%3Fk%3Dystoelq&bp=3&app=53cbe07666e1277b&crc=1071014098&en=cel9isk0&end=1
Requested by
Host: www3.aia.com.hk
URL: https://www3.aia.com.hk/Vitality/ruxitagentjs_ICA27Vfgjqrux_10239220408103229.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.156.194 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
047c2817190c66c39cfc093300d7179212f5552702f5fcf7c331478d8d566319
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www3.aia.com.hk/Vitality/MembershipActivation?k=ystoelq
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 14 Jun 2022 15:57:14 GMT
Via
1.1 fra1-bit6002
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
120
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Access-Control-Allow-Headers
Content-Type,AIC_SID,COOKIE
Allow
POST, GET, OPTIONS,HEAD
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains; preload
Access-Control-Allow-Methods
GET, POST, OPTIONS, POST, GET, OPTIONS
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www3.aia.com.hk
Content-Security-Policy
frame-ancestors 'self'
Keep-Alive
timeout=10, max=98

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| dT_ object| dtrum function| setInputTextField function| setInputCheckbox function| setInputRadioBox function| setInputListBox function| setErrorMessage function| OnFormSubmitEvent function| upperText undefined| popupMessage function| OnBodyLoadEvent function| FormSubmit function| exit function| popPDF function| popURL string| vitalityWebHost function| popupVitality function| loginAIAVitality function| openInNewTab function| emailUs function| changeLanguage function| addLangageField function| responseDesign string| vitalityLoginHost string| vitalityOldHost

12 Cookies

Domain/Path Name / Value
www3.aia.com.hk/Vitality Name: JSESSIONID
Value: 0000TxoYuZQlvVmQiEPDwKdlAjl:Gu7LHt82
www3.aia.com.hk/Vitality Name: TS01d4dbcb
Value: 0122965fcf3f164055820fdbc0d3f920f4045b9036ccdc00b3a5c87abd8d10f7345877d3d7666709ac63ed06c0b312ee0920f4ce76233b84192017447fc1438d8a02ae4574
.app.comm.aia.com.hk/ Name: ELOQUA
Value: GUID=B24F3780964B4FABA79544B7F0086043
.app.comm.aia.com.hk/ Name: ELQSTATUS
Value: OK
.aia.com.hk/ Name: dtCookie
Value: v_4_srv_4_sn_52D5955090C42FF17314C2CE2A58B03F_perc_100000_ol_0_mul_1_app-3A53cbe07666e1277b_1
www3.aia.com.hk/ Name: TS01412532
Value: 0122965fcfe63496e9cda465f236a9124a1c7fa9c4ccdc00b3a5c87abd8d10f7345877d3d7beced943b5a394de015850173a633f2b
.aia.com.hk/ Name: TS011e0e96
Value: 0122965fcf002205c434ad014c5ded65228b2cd983ccdc00b3a5c87abd8d10f7345877d3d7e828c7f3ae4a3a16d3a9eaaa666241d014213f9ce04e46968f78be5ed70a250f
.aia.com.hk/ Name: rxVisitor
Value: 16552222287325M7IV6HMFHS9CUPOBEF325K2LA0HS67J
.aia.com.hk/ Name: dtLatC
Value: 774
.aia.com.hk/ Name: dtSa
Value: -
.aia.com.hk/ Name: rxvt
Value: 1655224030996|1655222228734
.aia.com.hk/ Name: dtPC
Value: 4$422228730_329h-vIFDRCHOTWMHMJRFCHCUNAWHQUWIEKCUQ-0e0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block