urlscan.io logo urlscan.io
SecurityTrails logo

staging-service.aon.nl Open in urlscan Pro
157.84.40.80  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://staging-service.aon.nl/
Effective URL: https://staging-service.aon.nl/authenticator/index.html
Submission: On August 10 via automatic, source certstream-suspicious — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 157.84.40.80, located in United Kingdom and belongs to AMAZON-02, US. The main domain is staging-service.aon.nl.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on August 8th 2024. Valid for: a year.
This is the only time staging-service.aon.nl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 6 157.84.40.80 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
7 4
Apex Domain
Subdomains		 Transfer
6 aon.nl
staging-service.aon.nl
5 KB
1 gstatic.com
fonts.gstatic.com
19 KB
1 aon.com
www.aon.com — Cisco Umbrella Rank: 982234
946 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
1002 B
7 4
Domain Requested by
6 staging-service.aon.nl 2 redirects staging-service.aon.nl
1 fonts.gstatic.com fonts.googleapis.com
1 www.aon.com staging-service.aon.nl
1 fonts.googleapis.com staging-service.aon.nl
7 4

This site contains no links.

Subject Issuer Validity Valid
staging-service.aon.nl
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-08 -
2025-08-28		 a year crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.aon.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-04-04 -
2025-04-03		 a year crt.sh
*.gstatic.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://staging-service.aon.nl/authenticator/index.html
Frame ID: FF77D003534C607911B7E97C259FE6CA
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Authenticator

Page URL History Show full URLs

  1. https://staging-service.aon.nl/ HTTP 302
    https://staging-service.aon.nl/authenticator/index.html Page URL

Page Statistics

7
Requests

86 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

25 kB
Transfer

25 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://staging-service.aon.nl/ HTTP 302
    https://staging-service.aon.nl/authenticator/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://staging-service.aon.nl/favicon.ico HTTP 302
  • https://staging-service.aon.nl/authenticator/index.html

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
staging-service.aon.nl/authenticator/
Redirect Chain
  • https://staging-service.aon.nl/
  • https://staging-service.aon.nl/authenticator/index.html
741 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://staging-service.aon.nl/authenticator/index.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.84.40.80 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7fc5ab32bc3cd1360dc48c0419b12f440735489d643ab3f984f87d9e5904e078
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
741
Content-Type
text/html
Date
Sat, 10 Aug 2024 19:58:23 GMT
ETag
"2e5-5eb77aebfe340"
Last-Modified
Thu, 20 Oct 2022 13:55:49 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
239
Content-Type
text/html; charset=iso-8859-1
Date
Sat, 10 Aug 2024 19:58:23 GMT
Location
https://staging-service.aon.nl/authenticator/index.html
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
custom.css
staging-service.aon.nl/authenticator/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://staging-service.aon.nl/authenticator/custom.css
Requested by
Host: staging-service.aon.nl
URL: https://staging-service.aon.nl/authenticator/index.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.84.40.80 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
78aa1f5aa2d05ae38980a72d1c83762da5df1155bfa1224f9a612c7271fe5876
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging-service.aon.nl/authenticator/index.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 10 Aug 2024 19:58:23 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 20 Oct 2022 12:20:50 GMT
Server
Apache
ETag
"95d-5eb765b100c80"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2397
X-XSS-Protection
1; mode=block
custom.js
staging-service.aon.nl/authenticator/ 		421 B
801 B 		Script
General
Check archive.org
Download Go to
Full URL
https://staging-service.aon.nl/authenticator/custom.js
Requested by
Host: staging-service.aon.nl
URL: https://staging-service.aon.nl/authenticator/index.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
157.84.40.80 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
575371229393624c8d5a54e832d63696b925194382c10c4050d2adead6504950
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging-service.aon.nl/authenticator/index.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 10 Aug 2024 19:58:23 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 20 Oct 2022 11:24:32 GMT
Server
Apache
ETag
"1a5-5eb7591b7dc00"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
421
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ 		2 KB
1002 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300
Requested by
Host: staging-service.aon.nl
URL: https://staging-service.aon.nl/authenticator/custom.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
23b341b022f970e5f4bfdece15bab446449b19eefc39efb55a24bc3a9daa6c44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://staging-service.aon.nl/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 19:58:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 10 Aug 2024 19:04:00 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 10 Aug 2024 19:58:23 GMT
new-aon-logo.svg
www.aon.com/getmedia/b92e8b10-9efa-4a2e-a807-ac160deefdeb/ 		615 B
946 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aon.com/getmedia/b92e8b10-9efa-4a2e-a807-ac160deefdeb/new-aon-logo.svg
Requested by
Host: staging-service.aon.nl
URL: https://staging-service.aon.nl/authenticator/custom.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:4400::ac40:95e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65f3429e77489962ee72bd6d65eb31089edaa8a3f213de3cc78826b15048543f
Security Headers
Name Value
Content-Security-Policy img-src *
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging-service.aon.nl/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 19:58:24 GMT
strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
content-security-policy
img-src *
cf-cache-status
DYNAMIC
content-encoding
gzip
content-disposition
attachment; filename="new-aon-logo.svg"
x-xss-protection
1; mode=block
request-context
appId=cid-v1:b446f72d-8f9e-4735-939e-7557cbf7c08b
last-modified
Thu, 09 Dec 2021 05:40:54 GMT
server
cloudflare
etag
W/"12/9/2021 5:40:54 AM"
content-type
image/svg+xml
cache-control
public, must-revalidate
cf-ray
8b128f7749e0b908-AMS
expires
Sun, 11 Aug 2024 07:58:24 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://staging-service.aon.nl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 06 Aug 2024 21:06:59 GMT
x-content-type-options
nosniff
age
341484
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18492
x-xss-protection
0
last-modified
Thu, 01 Aug 2024 20:41:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Aug 2025 21:06:59 GMT
index.html
staging-service.aon.nl/authenticator/
Redirect Chain
  • https://staging-service.aon.nl/favicon.ico
  • https://staging-service.aon.nl/authenticator/index.html
741 B
0 		Other
General
Check archive.org
Download Go to
Full URL
https://staging-service.aon.nl/authenticator/index.html
Protocol
HTTP/1.1
Server
157.84.40.80 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7fc5ab32bc3cd1360dc48c0419b12f440735489d643ab3f984f87d9e5904e078
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://staging-service.aon.nl/authenticator/index.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 10 Aug 2024 19:58:23 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 20 Oct 2022 13:55:49 GMT
Server
Apache
ETag
"2e5-5eb77aebfe340"
Content-Type
text/html
Accept-Ranges
bytes
Content-Length
741
X-XSS-Protection
1; mode=block

Redirect headers

Location
https://staging-service.aon.nl/authenticator/index.html
Date
Sat, 10 Aug 2024 19:58:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Server
Apache
Connection
keep-alive
Content-Length
239
Content-Type
text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateAndReturn function| setFocus

2 Cookies

Domain/Path Name / Value
staging-service.aon.nl/ Name: AVI_COOKIE
Value: 0228d20c38-0b90-4aQcJo3-hm0HYnz6r4jm--YFFOmu4bGenBEtnZG9SySzQEWR2TbGObt4BjLuNXiwTMjlY
.www.aon.com/ Name: __cf_bm
Value: eX6uRL3Iq3ccCiJFIiSUO3WW5FnVmX7vF4hnsW3OWB0-1723319904-1.0.1.1-RVpex5eY8UCrtXhIeK5c_S6WtqGIxk3nY5nzc_RNNGOhF3T0FgswI7UcaVqA3vhPh3xEBa_4M1J0noiK15a8RQ

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block