urlscan.io logo urlscan.io
SecurityTrails logo

sso.aia.com.hk Open in urlscan Pro
34.160.218.26  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www3.aia-pt.com.hk/agency/broker_login.jsp
Effective URL: https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=t...
Submission: On February 27 via manual from CA — Scanned from PT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 28 HTTP transactions. The main IP is 34.160.218.26, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is sso.aia.com.hk.
TLS certificate: Issued by GTS CA 1D4 on January 22nd 2024. Valid for: 3 months.
This is the only time sso.aia.com.hk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 107.162.159.37 55002 (DEFENSE-NET)
18 34.160.218.26 396982 (GOOGLE-CL...)
5 169.150.247.37 60068 (CDN77 _)
1 23.36.162.222 20940 (AKAMAI-ASN1)
28 4
Apex Domain
Subdomains		 Transfer
19 aia.com.hk
sso.aia.com.hk
www.aia.com.hk — Cisco Umbrella Rank: 430200
2 MB
5 bunny.net
fonts.bunny.net — Cisco Umbrella Rank: 9815
54 KB
5 aia-pt.com.hk
www3.aia-pt.com.hk
128 KB
28 3
Domain Requested by
18 sso.aia.com.hk www3.aia-pt.com.hk
sso.aia.com.hk
5 fonts.bunny.net sso.aia.com.hk
fonts.bunny.net
client
5 www3.aia-pt.com.hk 1 redirects www3.aia-pt.com.hk
1 www.aia.com.hk
28 4

This site contains links to these domains. Also see Links.

Domain
www.aia.com.hk
Subject Issuer Validity Valid
www3.aia-pt.com.hk
DigiCert EV RSA CA G2		 2024-02-07 -
2025-02-22		 a year crt.sh
openam-aiahk-ae2.id.forgerock.io
GTS CA 1D4		 2024-01-22 -
2024-04-21		 3 months crt.sh
fonts.bunny.net
R3		 2024-02-25 -
2024-05-25		 3 months crt.sh
www.aia.com.hk
DigiCert TLS RSA SHA256 2020 CA1		 2023-05-20 -
2024-05-22		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=true&locale=en&goto=https%3A%2F%2Fsso.aia.com.hk%3A443%2Fam%2Foauth2%2Fauthorize%3Fclient_id%3Dpension-prod-client%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fssologin.jsp%26state%3D1%26scope%3Dopenid%2520ertype%2520pensionid%2520email%26code_challenge_method%3DS256%26code_challenge%3DnPAqiPIB9PBQoQxwcSF2lMfidFv1p3V2a9kXn-_3JLE
Frame ID: 99DFF03BF2A225DC9B2E9421E29AE5DE
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Pension-Login-Broker-Corner

Page URL History Show full URLs

  1. https://www3.aia-pt.com.hk/agency/broker_login.jsp HTTP 302
    https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp Page URL
  2. https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broke... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

28
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

2153 kB
Transfer

2283 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www3.aia-pt.com.hk/agency/broker_login.jsp HTTP 302
    https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp Page URL
  2. https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=true&locale=en&goto=https%3A%2F%2Fsso.aia.com.hk%3A443%2Fam%2Foauth2%2Fauthorize%3Fclient_id%3Dpension-prod-client%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fssologin.jsp%26state%3D1%26scope%3Dopenid%2520ertype%2520pensionid%2520email%26code_challenge_method%3DS256%26code_challenge%3DnPAqiPIB9PBQoQxwcSF2lMfidFv1p3V2a9kXn-_3JLE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www3.aia-pt.com.hk/agency/broker_login.jsp HTTP 302
  • https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
broker_login.jsp
www3.aia-pt.com.hk/broker_corner/
Redirect Chain
  • https://www3.aia-pt.com.hk/agency/broker_login.jsp
  • https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.159.37 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
113e3c08d218f20229f490bd0e2c6131a76bfaa41c3c9a479250e84137a9364d
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.aia.com.hk 'self'; script-src: aia.noq.com.hk 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN ALLOW-FROM https://*.aia.com.hk 'self'
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
pt-PT,pt;q=0.9

Response headers

Cache-Control
no-cache private no-store max-stale=0
Connection
Keep-Alive
Content-Language
en-US
Content-Security-Policy
frame-ancestors https://*.aia.com.hk 'self'; script-src: aia.noq.com.hk 'self'
Content-Type
text/html; charset=UTF-8
Date
Tue, 27 Feb 2024 15:48:19 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=10, max=99
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Server-Timing
dtSInfo;desc="0", dtRpid;desc="207528469"
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Via
1.1 lon1-bit3003
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN ALLOW-FROM https://*.aia.com.hk 'self'
X-OneAgent-JS-Injection
true
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
241
Content-Type
text/html; charset=iso-8859-1
Date
Tue, 27 Feb 2024 15:48:19 GMT
Keep-Alive
timeout=10, max=100
Location
https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-869911684"
Via
1.1 lon1-bit3003
ruxitagentjs_ICA2NVfqru_10277231024135831.js
www3.aia-pt.com.hk/broker_corner/ 		184 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.aia-pt.com.hk/broker_corner/ruxitagentjs_ICA2NVfqru_10277231024135831.js
Requested by
Host: www3.aia-pt.com.hk
URL: https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.159.37 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
f21f8ebf93d61139f22e23a8646537445c8fa1b7550c3b9221c110d75c636a45
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.aia.com.hk 'self'; script-src: aia.noq.com.hk 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN ALLOW-FROM https://*.aia.com.hk 'self'
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Tue, 27 Feb 2024 15:48:20 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Via
1.1 lon1-bit3003
Content-Security-Policy
frame-ancestors https://*.aia.com.hk 'self'; script-src: aia.noq.com.hk 'self'
Connection
Keep-Alive
Content-Length
73435
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 03 Mar 2010 07:01:40 GMT
X-Frame-Options
SAMEORIGIN ALLOW-FROM https://*.aia.com.hk 'self'
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, max-age=31536000, immutable
Keep-Alive
timeout=10, max=98
Expires
Wed, 26 Feb 2025 15:48:20 GMT
crypto-js.min.js
www3.aia-pt.com.hk/broker_corner/js/ 		47 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.aia-pt.com.hk/broker_corner/js/crypto-js.min.js
Requested by
Host: www3.aia-pt.com.hk
URL: https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.159.37 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.aia.com.hk 'self'; script-src: aia.noq.com.hk 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN ALLOW-FROM https://*.aia.com.hk 'self'
X-Xss-Protection 1; mode=block

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Tue, 27 Feb 2024 15:48:21 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors https://*.aia.com.hk 'self'; script-src: aia.noq.com.hk 'self'
Via
1.1 lon1-bit3003
X-OneAgent-JS-Injection
true
Server-Timing
dtSInfo;desc="0", dtRpid;desc="338782301"
Connection
Keep-Alive
Content-Length
47992
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 20 Nov 2023 19:26:30 GMT
X-Frame-Options
SAMEORIGIN ALLOW-FROM https://*.aia.com.hk 'self'
Content-Type
application/javascript
Content-Language
en-US
Keep-Alive
timeout=10, max=100
Primary Request /
sso.aia.com.hk/am/XUI/ 		920 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=true&locale=en&goto=https%3A%2F%2Fsso.aia.com.hk%3A443%2Fam%2Foauth2%2Fauthorize%3Fclient_id%3Dpension-prod-client%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fssologin.jsp%26state%3D1%26scope%3Dopenid%2520ertype%2520pensionid%2520email%26code_challenge_method%3DS256%26code_challenge%3DnPAqiPIB9PBQoQxwcSF2lMfidFv1p3V2a9kXn-_3JLE
Requested by
Host: www3.aia-pt.com.hk
URL: https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
6c54dd9f44e06051056af923420ee1286e052cd6d8c61ffacc231b7c008bcd1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff

Request headers

Referer
https://www3.aia-pt.com.hk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
pt-PT,pt;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache no-store
content-length
920
content-security-policy-report-only
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'
content-type
text/html
date
Tue, 27 Feb 2024 15:48:23 GMT
etag
"65ba5d55-398"
expires
Tue, 27 Feb 2024 15:48:22 GMT
last-modified
Wed, 31 Jan 2024 14:46:45 GMT
pragma
no-cache
referrer-policy
origin
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
x-content-type-options
nosniff
rb_3402369b-c9a0-44ad-805e-77f0237570fa
www3.aia-pt.com.hk/broker_corner/ 		117 B
933 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www3.aia-pt.com.hk/broker_corner/rb_3402369b-c9a0-44ad-805e-77f0237570fa?type=js3&sn=v_4_srv_1_sn_5B6B05BC0DEF963D4A21EED8E77D77EF_perc_100000_ol_0_mul_1_app-3Ae75c81deb6f283b2_1&svrid=1&flavor=post&vi=SQMCFHHCJUWEFRMRUVDKTUQAPPAQFFGH-0&modifiedSince=1704348143462&rf=https%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fbroker_login.jsp&bp=3&app=e75c81deb6f283b2&crc=1246152834&en=cel9isk0&end=1
Requested by
Host: www3.aia-pt.com.hk
URL: https://www3.aia-pt.com.hk/broker_corner/ruxitagentjs_ICA2NVfqru_10277231024135831.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.159.37 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.aia.com.hk 'self'; script-src: aia.noq.com.hk 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN ALLOW-FROM https://*.aia.com.hk 'self'
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 27 Feb 2024 15:48:22 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors https://*.aia.com.hk 'self'; script-src: aia.noq.com.hk 'self'
Via
1.1 lon1-bit3003
Referrer-Policy
strict-origin-when-cross-origin
X-Frame-Options
SAMEORIGIN ALLOW-FROM https://*.aia.com.hk 'self'
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www3.aia-pt.com.hk
Connection
Keep-Alive
Keep-Alive
timeout=10, max=99
Content-Length
117
X-XSS-Protection
1; mode=block
css2
fonts.bunny.net/ 		28 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=true&locale=en&goto=https%3A%2F%2Fsso.aia.com.hk%3A443%2Fam%2Foauth2%2Fauthorize%3Fclient_id%3Dpension-prod-client%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fssologin.jsp%26state%3D1%26scope%3Dopenid%2520ertype%2520pensionid%2520email%26code_challenge_method%3DS256%26code_challenge%3DnPAqiPIB9PBQoQxwcSF2lMfidFv1p3V2a9kXn-_3JLE
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-37.bunnyinfra.net
Software
BunnyCDN-DE1-1080 /
Resource Hash
a0a6caa6d86b74bea2683355c320d6ebe63b8fce73349a645d902d834a949293

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:23 GMT
content-encoding
br
cdn-edgestorageid
1081
cdn-cachedat
02/05/2024 15:40:57
cdn-pullzone
781720
last-modified
Mon, 05 Feb 2024 15:40:57 GMT
server
BunnyCDN-DE1-1080
cdn-proxyver
1.04
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
c99eb78019ba15c17e1f4f64042d08f2
cdn-requestcountrycode
PT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
chunk-vendors.65881dc1.js
sso.aia.com.hk/am/XUI/js/ 		899 KB
902 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/js/chunk-vendors.65881dc1.js
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=true&locale=en&goto=https%3A%2F%2Fsso.aia.com.hk%3A443%2Fam%2Foauth2%2Fauthorize%3Fclient_id%3Dpension-prod-client%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fssologin.jsp%26state%3D1%26scope%3Dopenid%2520ertype%2520pensionid%2520email%26code_challenge_method%3DS256%26code_challenge%3DnPAqiPIB9PBQoQxwcSF2lMfidFv1p3V2a9kXn-_3JLE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
eb1a38401ba709e8430f7972e995092cf4e4dbee499c625812020cc0461cb03e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 21 Feb 2024 13:13:48 GMT
etag
"65d5f70c-e0c46"
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
920646
app.4542392e.js
sso.aia.com.hk/am/XUI/js/ 		120 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/js/app.4542392e.js
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=true&locale=en&goto=https%3A%2F%2Fsso.aia.com.hk%3A443%2Fam%2Foauth2%2Fauthorize%3Fclient_id%3Dpension-prod-client%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fssologin.jsp%26state%3D1%26scope%3Dopenid%2520ertype%2520pensionid%2520email%26code_challenge_method%3DS256%26code_challenge%3DnPAqiPIB9PBQoQxwcSF2lMfidFv1p3V2a9kXn-_3JLE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
3a10453d5765f9771b32957f2a993c5572124d58ae5183ccf99759e9d4592660
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 21 Feb 2024 13:13:08 GMT
etag
"65d5f6e4-1e1e8"
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
123368
chunk-vendors.4d1e8851.css
sso.aia.com.hk/am/XUI/css/ 		87 KB
88 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/css/chunk-vendors.4d1e8851.css
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=true&locale=en&goto=https%3A%2F%2Fsso.aia.com.hk%3A443%2Fam%2Foauth2%2Fauthorize%3Fclient_id%3Dpension-prod-client%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fssologin.jsp%26state%3D1%26scope%3Dopenid%2520ertype%2520pensionid%2520email%26code_challenge_method%3DS256%26code_challenge%3DnPAqiPIB9PBQoQxwcSF2lMfidFv1p3V2a9kXn-_3JLE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
e5cae8677ebf52ae198c9af7b785e4e845f23f13dfbe2f065c3d6a224f8259ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 31 Jan 2024 14:46:45 GMT
etag
"65ba5d55-15d1d"
content-type
text/css
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89373
app.5927ea6e.css
sso.aia.com.hk/am/XUI/css/ 		195 KB
196 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/css/app.5927ea6e.css
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=true&locale=en&goto=https%3A%2F%2Fsso.aia.com.hk%3A443%2Fam%2Foauth2%2Fauthorize%3Fclient_id%3Dpension-prod-client%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fssologin.jsp%26state%3D1%26scope%3Dopenid%2520ertype%2520pensionid%2520email%26code_challenge_method%3DS256%26code_challenge%3DnPAqiPIB9PBQoQxwcSF2lMfidFv1p3V2a9kXn-_3JLE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
1013a2a1404bf5d3caf317d6cf7dbaacaaafbfd39e2eb8b1d37d33f0dcfd4b2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 31 Jan 2024 14:46:45 GMT
etag
"65ba5d55-30d49"
content-type
text/css
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
200009
uiconfig
sso.aia.com.hk/openidm/info/ 		864 B
888 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/openidm/info/uiconfig
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/chunk-vendors.65881dc1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
b8ccfcc09ea325e8b57b6887e61f8774069b84d23ad2699f2608291a9721c61e
Security Headers
Name Value
Content-Security-Policy default-src 'none';frame-ancestors 'none';sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://sso.aia.com.hk/
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:24 GMT
content-security-policy
default-src 'none';frame-ancestors 'none';sandbox
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
864
pragma
no-cache
cross-origin-opener-policy
same-origin
x-frame-options
DENY
content-api-version
protocol=2.1,resource=1.0
content-type
application/json;charset=utf-8
x-forgerock-transactionid
ce940ad7-9e48-42e8-9903-25df107e2506
cache-control
no-store
expires
0
en
sso.aia.com.hk/openidm/config/uilocale/ 		92 B
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/openidm/config/uilocale/en?_fields=login,shared
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/chunk-vendors.65881dc1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
027c9c6b879b7265c866c8d0801ff4d1ca96d87b370d204c873ca86a571b7ad0
Security Headers
Name Value
Content-Security-Policy default-src 'none';frame-ancestors 'none';sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://sso.aia.com.hk/
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Feb 2024 15:48:25 GMT
content-security-policy
default-src 'none';frame-ancestors 'none';sandbox
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
cross-origin-opener-policy
same-origin
x-frame-options
DENY
content-type
application/json;charset=utf-8
x-forgerock-transactionid
f905c129-c7d8-4ebd-bd92-7a9a290ec7fb
cache-control
no-store
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
92
expires
0
en
sso.aia.com.hk/openidm/config/uilocale/ 		92 B
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/openidm/config/uilocale/en?_fields=login,shared
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/chunk-vendors.65881dc1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
027c9c6b879b7265c866c8d0801ff4d1ca96d87b370d204c873ca86a571b7ad0
Security Headers
Name Value
Content-Security-Policy default-src 'none';frame-ancestors 'none';sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://sso.aia.com.hk/
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Feb 2024 15:48:25 GMT
content-security-policy
default-src 'none';frame-ancestors 'none';sandbox
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
cross-origin-opener-policy
same-origin
x-frame-options
DENY
content-type
application/json;charset=utf-8
x-forgerock-transactionid
a7f1feb6-7a61-45e3-9370-ab8fcdc7d941
cache-control
no-store
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
92
expires
0
486.04e7baed.js
sso.aia.com.hk/am/XUI/js/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/js/486.04e7baed.js
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/app.4542392e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
63d8cd7de0c8d656f5101552fa4bfa3b2356bed056a5c4a6b1e8888cb699ccef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 21 Feb 2024 13:13:47 GMT
etag
"65d5f70b-54ab"
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21675
647.9df74c06.css
sso.aia.com.hk/am/XUI/css/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/css/647.9df74c06.css
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/app.4542392e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
48dc5dbc6e9808f0b2a1a0434ae874f27e1a61373da0cbbf9388fa1c3049368b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 31 Jan 2024 14:46:45 GMT
etag
"65ba5d55-2dba"
content-type
text/css
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11706
647.d179dcaa.js
sso.aia.com.hk/am/XUI/js/ 		47 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/js/647.d179dcaa.js
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/app.4542392e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
cd0915b11660c229eeefd2daf326005b2f8a61fca30d49ce717983c893e406ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 21 Feb 2024 13:13:48 GMT
etag
"65d5f70c-ba1e"
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47646
open-sans-latin-400-normal.woff2
fonts.bunny.net/open-sans/files/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/open-sans/files/open-sans-latin-400-normal.woff2
Requested by
Host: fonts.bunny.net
URL: https://fonts.bunny.net/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-37.bunnyinfra.net
Software
BunnyCDN-DE1-1080 /
Resource Hash
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Request headers

Referer
https://fonts.bunny.net/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap
Origin
https://sso.aia.com.hk
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:25 GMT
cdn-edgestorageid
1081
cdn-storageserver
DE-662
cdn-cachedat
10/31/2023 18:07:09
cdn-pullzone
781720
content-length
16740
last-modified
Thu, 06 Jul 2023 07:56:39 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
660
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
"64a673b7-4164"
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
59f3e806b26fadb9669a12c6e283960b
accept-ranges
bytes
cdn-requestcountrycode
PT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
*
sso.aia.com.hk/am/json/realms/root/realms/alpha/serverinfo/ 		528 B
554 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/json/realms/root/realms/alpha/serverinfo/*
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/chunk-vendors.65881dc1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
db7a3d03bcfb3592196f3d108117245dc3766016f953205eef69ffd1816b9b46
Security Headers
Name Value
Content-Security-Policy default-src 'none';frame-ancestors 'none';sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-api-version
protocol=1.0,resource=1.1
Accept
application/json, text/plain, */*
Referer
https://sso.aia.com.hk/
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

content-security-policy
default-src 'none';frame-ancestors 'none';sandbox
date
Tue, 27 Feb 2024 15:48:25 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
content-security-policy-report-only
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
528
pragma
no-cache
cross-origin-opener-policy
same-origin
etag
"-1054853623"
x-frame-options
SAMEORIGIN
content-api-version
resource=1.1
content-type
application/json;charset=UTF-8
x-forgerock-transactionid
76ef81db-7e12-4031-98da-7e938c658bdc
cache-control
no-store
expires
0
authenticate
sso.aia.com.hk/am/json/realms/root/realms/alpha/ 		4 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/json/realms/root/realms/alpha/authenticate?authIndexType=service&authIndexValue=Pension-Login-Broker-Corner&ForceAuth=true&goto=https%3A%2F%2Fsso.aia.com.hk%3A443%2Fam%2Foauth2%2Fauthorize%3Fclient_id%3Dpension-prod-client%26response_type%3Dcode%26redirect_uri%3Dhttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_corner%2Fssologin.jsp%26state%3D1%26scope%3Dopenid%2520ertype%2520pensionid%2520email%26code_challenge_method%3DS256%26code_challenge%3DnPAqiPIB9PBQoQxwcSF2lMfidFv1p3V2a9kXn-_3JLE
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/chunk-vendors.65881dc1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
c2aa2f33b9306ac1126e6fba41141cb4a395ebfeb3fb96eeeeefb16d8a13c661
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-api-version
protocol=1.0,resource=2.1
accept
application/json
Referer
https://sso.aia.com.hk/
x-requested-with
forgerock-sdk
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
content-type
application/json

Response headers

date
Tue, 27 Feb 2024 15:48:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
x-content-type-options
nosniff
via
1.1 google
content-security-policy-report-only
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3609
pragma
no-cache
x-frame-options
SAMEORIGIN
content-api-version
resource=2.1
content-type
application/json
access-control-allow-origin
https://sso.aia.com.hk
access-control-expose-headers
content-api-version
cache-control
private
access-control-allow-credentials
true
x-forgerock-transactionid
5155ce18-afad-41ee-be94-ee368bb7de86
vary
Origin
expires
0
themerealm
sso.aia.com.hk/openidm/config/ui/ 		82 KB
82 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/openidm/config/ui/themerealm
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/chunk-vendors.65881dc1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
201577a1a9ac535585198c774178563059f640bc27e3638817efd3d135e6e925
Security Headers
Name Value
Content-Security-Policy default-src 'none';frame-ancestors 'none';sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://sso.aia.com.hk/
x-requested-with
XMLHttpRequest
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Feb 2024 15:48:26 GMT
content-security-policy
default-src 'none';frame-ancestors 'none';sandbox
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
cross-origin-opener-policy
same-origin
x-frame-options
DENY
content-api-version
protocol=2.1,resource=1.0
content-type
application/json;charset=utf-8
x-forgerock-transactionid
986b7932-0a12-4c8e-9c54-899f0ab2d43e
cache-control
no-store
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
css2
fonts.bunny.net/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/css2?family=Open+Sans&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-37.bunnyinfra.net
Software
BunnyCDN-DE1-1080 /
Resource Hash
1cc31859d7b894586a9708f3c1f2c5fdeb40425066a821b56d2bb492db9c8e21

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:27 GMT
content-encoding
br
cdn-edgestorageid
1081
cdn-cachedat
02/05/2024 15:40:55
cdn-pullzone
781720
last-modified
Mon, 05 Feb 2024 15:40:54 GMT
server
BunnyCDN-DE1-1080
cdn-proxyver
1.04
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
1964092fb39015ae20455c06391e7256
cdn-requestcountrycode
PT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
777.22d7aa54.js
sso.aia.com.hk/am/XUI/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/js/777.22d7aa54.js
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/app.4542392e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
d794d40817646dccb1ad812d6b6b4e0f7a5eecb160309ead5ddaace87cca1631
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 21 Feb 2024 13:13:07 GMT
etag
"65d5f6e3-21a8"
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8616
56.01ddcde4.js
sso.aia.com.hk/am/XUI/js/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/js/56.01ddcde4.js
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/app.4542392e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
5739e75a2bcc529c77c4487e6c94000661e253a058d78943cc3909eb987c8e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 21 Feb 2024 13:13:47 GMT
etag
"65d5f70b-2693"
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9875
351.8e94bfb3.css
sso.aia.com.hk/am/XUI/css/ 		92 KB
92 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/css/351.8e94bfb3.css
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/app.4542392e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
c41793e0311e09faeb4ee90e11be4af87e7ee990abdad12aee10c0a379cb45cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 31 Jan 2024 14:46:45 GMT
etag
"65ba5d55-16fbb"
content-type
text/css
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94139
351.36b1b5f4.js
sso.aia.com.hk/am/XUI/js/ 		384 KB
384 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.aia.com.hk/am/XUI/js/351.36b1b5f4.js
Requested by
Host: sso.aia.com.hk
URL: https://sso.aia.com.hk/am/XUI/js/app.4542392e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.218.26 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
26.218.160.34.bc.googleusercontent.com
Software
/
Resource Hash
3d08a92f3c4afe296424ccdace3a1ef11a1e5955c0ce7c20555a9c2522bc0376
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload;
via
1.1 google
last-modified
Wed, 21 Feb 2024 13:13:47 GMT
etag
"65d5f70b-60004"
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
393220
aia-logo-red.svg
www.aia.com.hk/content/dam/group-wise/images/system/icons/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aia.com.hk/content/dam/group-wise/images/system/icons/aia-logo-red.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.162.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-36-162-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ca428097c5855f85bcdb95765ea58e8f1e6e5927f00ebb1983055e895a1eb9c1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
pt-PT,pt;q=0.9
Referer
https://sso.aia.com.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-dispatcher
dispatcher1eastasia
strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 27 Feb 2024 15:48:27 GMT
x-vhost
publish
content-disposition
inline
content-length
2292
last-modified
Thu, 21 Apr 2022 14:32:01 GMT
server
Apache
etag
"1268-5dd2af917ba40-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-max-age
86400
access-control-allow-methods
GET,POST
cache-control
public, max-age=243415
access-control-allow-credentials
false
access-control-allow-origin
https://www6.aia.com.hk
accept-ranges
bytes
access-control-allow-headers
*
expires
Fri, 01 Mar 2024 11:25:22 GMT
open-sans-latin-300-normal.woff2
fonts.bunny.net/open-sans/files/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/open-sans/files/open-sans-latin-300-normal.woff2
Requested by
Host: fonts.bunny.net
URL: https://fonts.bunny.net/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-37.bunnyinfra.net
Software
BunnyCDN-DE1-1080 /
Resource Hash
1b2f88142c19df560f487368810bba2d41c5d6948df584abaa2e0091c0b2245b

Request headers

Referer
https://fonts.bunny.net/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap
Origin
https://sso.aia.com.hk
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:27 GMT
cdn-edgestorageid
1080
cdn-storageserver
DE-663
cdn-cachedat
10/31/2023 19:02:48
cdn-pullzone
781720
content-length
16748
last-modified
Thu, 06 Jul 2023 09:30:55 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
659
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
"64a689cf-416c"
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
01643f328355900a50a5c14edf477eaf
accept-ranges
bytes
cdn-requestcountrycode
PT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
open-sans-latin-400-normal.woff2
fonts.bunny.net/open-sans/files/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.bunny.net/open-sans/files/open-sans-latin-400-normal.woff2
Requested by
Host: fonts.bunny.net
URL: https://fonts.bunny.net/css2?family=Open+Sans&display=swap
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-37.bunnyinfra.net
Software
BunnyCDN-DE1-1080 /
Resource Hash
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Request headers

Referer
https://fonts.bunny.net/css2?family=Open+Sans&display=swap
Origin
https://sso.aia.com.hk
accept-language
pt-PT,pt;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 15:48:27 GMT
cdn-edgestorageid
1081
cdn-storageserver
DE-662
cdn-cachedat
10/31/2023 18:07:09
cdn-pullzone
781720
content-length
16740
last-modified
Thu, 06 Jul 2023 07:56:39 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
660
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
"64a673b7-4164"
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
49d12c71b31d4039a1a71cfbecc33017
accept-ranges
bytes
cdn-requestcountrycode
PT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunk_forgerock_platform_login function| clearImmediate function| setImmediate object| regeneratorRuntime function| _ function| Velocity object| Prism object| core

10 Cookies

Domain/Path Name / Value
.aia-pt.com.hk/ Name: dtCookie
Value: v_4_srv_1_sn_5B6B05BC0DEF963D4A21EED8E77D77EF_perc_100000_ol_0_mul_1_app-3Ae75c81deb6f283b2_1
.aia-pt.com.hk/ Name: TS01d53d7b
Value: 01afa55bedb1277e7b82b0396326b6644aa433db022f5081d4d3898b7a386690e6d1ec323dafbf3323dd3b15bd86633ddd9904dbb8f7c9e6b50dd324e839ac0021815d6c7d
www3.aia-pt.com.hk/ Name: PENSIONSESSIONID
Value: 0000OTOSsELfrqScim2Z76o3Knl:APP010-AIAPT
www3.aia-pt.com.hk/ Name: TS0177d58c
Value: 01afa55bed0b585f0732a374b5b036518beccca5142f5081d4d3898b7a386690e6d1ec323d691c9d0f6690e0542c79a167373846d77e6bbf53e1f113acc7e922c68719ed51
.aia-pt.com.hk/ Name: rxVisitor
Value: 1709048901790RB2NG1GF6TCC9HSOCM0N2QKVMF3IOND6
.aia-pt.com.hk/ Name: rxvt
Value: 1709050701795|1709048901791
.aia-pt.com.hk/ Name: dtSa
Value: false%7C_load_%7C1%7C_load_%7C-%7C1709048898694%7C248901789_164%7Chttps%3A%2F%2Fwww3.aia-pt.com.hk%2Fbroker_5Fcorner%2Fbroker_5Flogin.jsp%7C%7C%7C%7C
www3.aia-pt.com.hk/ Name: TS4517fb20027
Value: 0829f07417ab2000d53ab6610ae101889debcb65bc6293addc60f30bcd518104ee8c2f02e53fc33f08c926337011300070c653501154ba61f84c25814ab08719edffa766024a26e18bfb81f77052903aac54a4331a600361ed9b5ef8369f22f6
.aia-pt.com.hk/ Name: dtPC
Value: 1$248901789_164h-vSQMCFHHCJUWEFRMRUVDKTUQAPPAQFFGH-0e0
.sso.aia.com.hk/ Name: amlbcookie
Value: 01

1 Console Messages

Source Level URL
Text
security error URL: https://www3.aia-pt.com.hk/broker_corner/broker_login.jsp
Message:
The Content-Security-Policy directive name 'script-src:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors https://*.aia.com.hk 'self'; script-src: aia.noq.com.hk 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN ALLOW-FROM https://*.aia.com.hk 'self'
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.bunny.net
sso.aia.com.hk
www.aia.com.hk
www3.aia-pt.com.hk
107.162.159.37
169.150.247.37
23.36.162.222
34.160.218.26
027c9c6b879b7265c866c8d0801ff4d1ca96d87b370d204c873ca86a571b7ad0
1013a2a1404bf5d3caf317d6cf7dbaacaaafbfd39e2eb8b1d37d33f0dcfd4b2f
113e3c08d218f20229f490bd0e2c6131a76bfaa41c3c9a479250e84137a9364d
1b2f88142c19df560f487368810bba2d41c5d6948df584abaa2e0091c0b2245b
1cc31859d7b894586a9708f3c1f2c5fdeb40425066a821b56d2bb492db9c8e21
201577a1a9ac535585198c774178563059f640bc27e3638817efd3d135e6e925
3a10453d5765f9771b32957f2a993c5572124d58ae5183ccf99759e9d4592660
3d08a92f3c4afe296424ccdace3a1ef11a1e5955c0ce7c20555a9c2522bc0376
48dc5dbc6e9808f0b2a1a0434ae874f27e1a61373da0cbbf9388fa1c3049368b
5739e75a2bcc529c77c4487e6c94000661e253a058d78943cc3909eb987c8e27
63d8cd7de0c8d656f5101552fa4bfa3b2356bed056a5c4a6b1e8888cb699ccef
6c54dd9f44e06051056af923420ee1286e052cd6d8c61ffacc231b7c008bcd1f
a0a6caa6d86b74bea2683355c320d6ebe63b8fce73349a645d902d834a949293
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
b8ccfcc09ea325e8b57b6887e61f8774069b84d23ad2699f2608291a9721c61e
c2aa2f33b9306ac1126e6fba41141cb4a395ebfeb3fb96eeeeefb16d8a13c661
c41793e0311e09faeb4ee90e11be4af87e7ee990abdad12aee10c0a379cb45cb
ca428097c5855f85bcdb95765ea58e8f1e6e5927f00ebb1983055e895a1eb9c1
cd0915b11660c229eeefd2daf326005b2f8a61fca30d49ce717983c893e406ec
d794d40817646dccb1ad812d6b6b4e0f7a5eecb160309ead5ddaace87cca1631
db7a3d03bcfb3592196f3d108117245dc3766016f953205eef69ffd1816b9b46
e5cae8677ebf52ae198c9af7b785e4e845f23f13dfbe2f065c3d6a224f8259ed
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc
eb1a38401ba709e8430f7972e995092cf4e4dbee499c625812020cc0461cb03e
f21f8ebf93d61139f22e23a8646537445c8fa1b7550c3b9221c110d75c636a45