urlscan.io logo urlscan.io
SecurityTrails logo

uat.staging-investment-proposal.standardlife.ie Open in urlscan Pro
108.138.36.108  Public Scan

Go To Rescan Add Verdict Report
URL: https://uat.staging-investment-proposal.standardlife.ie/
Submission: On June 19 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 108.138.36.108, located in United States and belongs to AMAZON-02, US. The main domain is uat.staging-investment-proposal.standardlife.ie.
TLS certificate: Issued by Amazon RSA 2048 M01 on June 19th 2023. Valid for: a year.
This is the only time uat.staging-investment-proposal.standardlife.ie was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 108.138.36.108 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a05:d018:94a... 16509 (AMAZON-02)
2 13.32.99.37 16509 (AMAZON-02)
11 6
3    108.138.36.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-108.muc50.r.cloudfront.net
uat.staging-investment-proposal.standardlife.ie
1    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
4    2a05:d018:94a:8a00:5102:11f7:ed40:ee32 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
cognito-identity.eu-west-1.amazonaws.com
2    13.32.99.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-37.fra60.r.cloudfront.net
bmpyi3kvvnb5rebfq2jiwoh7pe.appsync-api.eu-west-1.amazonaws.com
Domain Requested by
4 cognito-identity.eu-west-1.amazonaws.com uat.staging-investment-proposal.standardlife.ie
3 uat.staging-investment-proposal.standardlife.ie uat.staging-investment-proposal.standardlife.ie
2 bmpyi3kvvnb5rebfq2jiwoh7pe.appsync-api.eu-west-1.amazonaws.com uat.staging-investment-proposal.standardlife.ie
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com uat.staging-investment-proposal.standardlife.ie
11 5

This site contains no links.

Subject Issuer Validity Valid
uat.staging-investment-proposal.standardlife.ie
Amazon RSA 2048 M01		 2023-06-19 -
2024-07-17		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
cognito-identity.eu-west-1.amazonaws.com
Amazon RSA 2048 M02		 2023-05-08 -
2024-06-05		 a year crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon RSA 2048 M02		 2023-02-24 -
2024-01-05		 10 months crt.sh

This page contains 1 frames:

Primary Page: https://uat.staging-investment-proposal.standardlife.ie/
Frame ID: F6B3D39D8E86CB13C6A30DADD1A1EEA8
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

React App

Page Statistics

11
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

6
IPs

3
Countries

575 kB
Transfer

2031 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
uat.staging-investment-proposal.standardlife.ie/ 		644 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat.staging-investment-proposal.standardlife.ie/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-108.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b0beb69ab3555bf18e5f074d4fa6e7eae6828180f8d119594e270c49dbc2eb36
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self';connect-src 'self' *.appsync-api.eu-west-1.amazonaws.com cognito-idp.eu-west-1.amazonaws.com *.auth.eu-west-1.amazoncognito.com cognito-identity.eu-west-1.amazonaws.com *.google-analytics.com:443 https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' *.standardlife.ie https://www.google-analytics.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src fonts.gstatic.com;img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.googletagmanager.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
644
content-security-policy
upgrade-insecure-requests;default-src 'self';connect-src 'self' *.appsync-api.eu-west-1.amazonaws.com cognito-idp.eu-west-1.amazonaws.com *.auth.eu-west-1.amazoncognito.com cognito-identity.eu-west-1.amazonaws.com *.google-analytics.com:443 https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' *.standardlife.ie https://www.google-analytics.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src fonts.gstatic.com;img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.googletagmanager.com
content-type
text/html
date
Mon, 19 Jun 2023 13:40:05 GMT
etag
"a8685fb1fd088d29c0ad66ab8748a506"
last-modified
Mon, 19 Jun 2023 12:48:56 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubDomains; preload
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-cf-id
UqixfkrsYiZTpf2XuXpB-hO4xE0e3ENj4Gf2GXvowSzLVdFDLtJ2uA==
x-amz-cf-pop
MUC50-P2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-robots-tag
none
x-xss-protection
1; mode=block
main.ad9bfd4e.js
uat.staging-investment-proposal.standardlife.ie/static/js/ 		2 MB
507 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat.staging-investment-proposal.standardlife.ie/static/js/main.ad9bfd4e.js
Requested by
Host: uat.staging-investment-proposal.standardlife.ie
URL: https://uat.staging-investment-proposal.standardlife.ie/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-108.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
46e178733859cd57f21e584ecf7f8f6c7e6275867b207e197194e2da7f44cede
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self';connect-src 'self' *.appsync-api.eu-west-1.amazonaws.com cognito-idp.eu-west-1.amazonaws.com *.auth.eu-west-1.amazoncognito.com cognito-identity.eu-west-1.amazonaws.com *.google-analytics.com:443 https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' *.standardlife.ie https://www.google-analytics.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src fonts.gstatic.com;img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.googletagmanager.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uat.staging-investment-proposal.standardlife.ie/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 19 Jun 2023 13:40:06 GMT
content-encoding
gzip
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
content-security-policy
upgrade-insecure-requests;default-src 'self';connect-src 'self' *.appsync-api.eu-west-1.amazonaws.com cognito-idp.eu-west-1.amazonaws.com *.auth.eu-west-1.amazoncognito.com cognito-identity.eu-west-1.amazonaws.com *.google-analytics.com:443 https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' *.standardlife.ie https://www.google-analytics.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src fonts.gstatic.com;img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.googletagmanager.com
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Jun 2023 12:49:06 GMT
server
AmazonS3
etag
W/"7d8d2d3bbdc09a268c06e7ad2aadfda1"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-robots-tag
none
x-amz-cf-id
izmwLFDNzuClSakz6fxXrFODoFflNbqYJkiPlUpJbP15fzmf8YbTdg==
main.83cf11b6.css
uat.staging-investment-proposal.standardlife.ie/static/css/ 		217 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat.staging-investment-proposal.standardlife.ie/static/css/main.83cf11b6.css
Requested by
Host: uat.staging-investment-proposal.standardlife.ie
URL: https://uat.staging-investment-proposal.standardlife.ie/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-108.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
70df13367321755770469ca68fed74e196182216da4553a12638048919864986
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self';connect-src 'self' *.appsync-api.eu-west-1.amazonaws.com cognito-idp.eu-west-1.amazonaws.com *.auth.eu-west-1.amazoncognito.com cognito-identity.eu-west-1.amazonaws.com *.google-analytics.com:443 https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' *.standardlife.ie https://www.google-analytics.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src fonts.gstatic.com;img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.googletagmanager.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uat.staging-investment-proposal.standardlife.ie/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 19 Jun 2023 13:40:06 GMT
content-encoding
gzip
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
content-security-policy
upgrade-insecure-requests;default-src 'self';connect-src 'self' *.appsync-api.eu-west-1.amazonaws.com cognito-idp.eu-west-1.amazonaws.com *.auth.eu-west-1.amazoncognito.com cognito-identity.eu-west-1.amazonaws.com *.google-analytics.com:443 https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' *.standardlife.ie https://www.google-analytics.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src fonts.gstatic.com;img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.googletagmanager.com
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Jun 2023 12:48:57 GMT
server
AmazonS3
etag
W/"2ce9f41713c6b4f22c914272e5566265"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-robots-tag
none
x-amz-cf-id
uVKA32XINfhyNlfstzUC1uNbL4p6vvvgjRcFzn-eu2L-FWtvmScWiQ==
css2
fonts.googleapis.com/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Ubuntu:wght@300;400;500;700&display=swap
Requested by
Host: uat.staging-investment-proposal.standardlife.ie
URL: https://uat.staging-investment-proposal.standardlife.ie/static/css/main.83cf11b6.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
91732a4b52ebd678ca3dd8bfa651d992cb8a6de206518376f68642ef91c5b7dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uat.staging-investment-proposal.standardlife.ie/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 19 Jun 2023 13:40:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 19 Jun 2023 12:25:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 19 Jun 2023 13:40:05 GMT
truncated
/ 		511 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a1945534745523c6189cf675ccbf7bb3870a159ecba76eff3f81b9e7a7a207d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
4iCv6KVjbNBYlgoCxCvjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v20/ 		29 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Ubuntu:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://uat.staging-investment-proposal.standardlife.ie
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 17 Jun 2023 23:00:13 GMT
x-content-type-options
nosniff
age
139192
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29752
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:05:11 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 16 Jun 2024 23:00:13 GMT
/
cognito-identity.eu-west-1.amazonaws.com/ 		63 B
317 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cognito-identity.eu-west-1.amazonaws.com/
Requested by
Host: uat.staging-investment-proposal.standardlife.ie
URL: https://uat.staging-investment-proposal.standardlife.ie/static/js/main.ad9bfd4e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:94a:8a00:5102:11f7:ed40:ee32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
36d1e364968d2f3254ee8ee5f1fde03bbe9bd221c3b8e0e3dfea7d8ab8178157
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

cache-control
no-store
Referer
https://uat.staging-investment-proposal.standardlife.ie/
x-amz-target
AWSCognitoIdentityService.GetId
accept-language
de-DE,de;q=0.9
x-amz-user-agent
aws-amplify/5.2.5 js
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
content-type
application/x-amz-json-1.1

Response headers

access-control-allow-origin
*
date
Mon, 19 Jun 2023 13:40:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-requestid
5a4d5065-f73c-4345-bbfb-7dc42cde1663
content-length
63
content-type
application/x-amz-json-1.1
/
cognito-identity.eu-west-1.amazonaws.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cognito-identity.eu-west-1.amazonaws.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:94a:8a00:5102:11f7:ed40:ee32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
cache-control,content-type,x-amz-target,x-amz-user-agent
Access-Control-Request-Method
POST
Origin
https://uat.staging-investment-proposal.standardlife.ie
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-headers
cache-control,content-type,x-amz-target,x-amz-user-agent
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age
172800
content-length
0
date
Mon, 19 Jun 2023 13:40:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-amzn-requestid
17208af9-b904-4c18-ae1a-954a76303977
/
cognito-identity.eu-west-1.amazonaws.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cognito-identity.eu-west-1.amazonaws.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:94a:8a00:5102:11f7:ed40:ee32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
cache-control,content-type,x-amz-target,x-amz-user-agent
Access-Control-Request-Method
POST
Origin
https://uat.staging-investment-proposal.standardlife.ie
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-headers
cache-control,content-type,x-amz-target,x-amz-user-agent
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age
172800
content-length
0
date
Mon, 19 Jun 2023 13:40:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-amzn-requestid
a966c503-8bf6-440c-a8af-ed6bc970520a
/
cognito-identity.eu-west-1.amazonaws.com/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cognito-identity.eu-west-1.amazonaws.com/
Requested by
Host: uat.staging-investment-proposal.standardlife.ie
URL: https://uat.staging-investment-proposal.standardlife.ie/static/js/main.ad9bfd4e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:94a:8a00:5102:11f7:ed40:ee32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a5ea31b8eb91c5c8636671b4c82ab08ea507fb092c40ab250248a01f93b7404b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

cache-control
no-store
Referer
https://uat.staging-investment-proposal.standardlife.ie/
x-amz-target
AWSCognitoIdentityService.GetCredentialsForIdentity
accept-language
de-DE,de;q=0.9
x-amz-user-agent
aws-amplify/5.2.5 js
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
content-type
application/x-amz-json-1.1

Response headers

access-control-allow-origin
*
date
Mon, 19 Jun 2023 13:40:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-requestid
582e4f54-e4a2-49ce-bf00-725879305820
content-length
1760
content-type
application/x-amz-json-1.1
graphql
bmpyi3kvvnb5rebfq2jiwoh7pe.appsync-api.eu-west-1.amazonaws.com/ 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bmpyi3kvvnb5rebfq2jiwoh7pe.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: uat.staging-investment-proposal.standardlife.ie
URL: https://uat.staging-investment-proposal.standardlife.ie/static/js/main.ad9bfd4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-37.fra60.r.cloudfront.net
Software
/
Resource Hash
806543ae1331502bb58dfc2e9228218bd3af4a0c8f91a351fe244d8c30e5e207

Request headers

accept-language
de-DE,de;q=0.9
Authorization
AWS4-HMAC-SHA256 Credential=ASIA2FCUXYH4KAEADLOI/20230619/eu-west-1/appsync/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token;x-amz-user-agent, Signature=dd87c2f057e042cbecd491a174258740dc1ecd9d1426f0f51396ff584356144a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json, text/plain, */*
X-Amz-Security-Token
IQoJb3JpZ2luX2VjEDYaCWV1LXdlc3QtMSJHMEUCIQD0/ObWwyKlwvddXR5RO19pG6a9QHu7nudaQHp6iWml1gIgAoFpUEMePrPzWZr1DLoV/6+Hwua1WmrUPXCfnO7bMYUqkAYIj///////////ARAAGgw2OTgxMDk5MDMzNTIiDIYUxbRUgrXAa5c3xCrkBRPr/DsTh7BdxxX0Zf1IWGslwxm0SEvOiYxtttABq9paveQRi8tjDiQ+hnMSFySXP048bFdeAMYbw5zqU+ycgd1nINKPWLwKLj59S4oBIFpcd04TQsXvoNhGOIIRnObOMaiCAelFS4MHmeB9mgmfxQ1YJabKlLOjMmuN2jrqGfpZWpIsCnGwFnYoKWb/eEhQsucH1k8ZVwm+mcueuMcFNF+nyIujekmCjpvpsT0/L+OJq+Zm5MHHZBmhROfNZvmwoMq/XMv/hk8a/DLNVsWTLa//MaurWf2B3ziEtvmUbJIpv9UVQYpkArKgAVCFA12TaLhvUeFb+SXH9d2+ZpD7kGe0OEn91CU2Uc1iY7XZSwRBc93uCVU4KM7+HtpV/qnY9aJA+fYcOejtWBCoOlRYuJOH9C5KuoLWZ7XzdQe2MtBNJA84IFnHvPondriBk9Nr05WH5/xv7DvqLzh0W695o7mv1SzmBHUCxElJwvqLpe2Ypmq2nLCwXu7ep6GLP3lsITCIyXw2wgu1b7Y02jL0n6y0Kz1JZXMM4y84jGi53/L1GwCEjHqUYUogzQ4CHI+hhw5M4k10fzWC332NHI1Ecgr8Yle0PeHvdjCy1wl3hP9suQ7VuncOAQzM4Jgm9lfDjh6jRzdMy5rNpdzf1GQbynLCvzJTIRMI5qeqP0nehFxkHNv9Hj5OvgdvNDRjccbOx4Xu0hxA17bte0Tvi8Tl6rJED4Pr2B3H9a6iuSZyk17xT3qs9IbniGKce1VY1E72q1trgkyPlk1iYyl/4xJ7ZoFiO1dnNqZOIgI/+s8QKU86KolKgcBUhq0Sn23XAJby2+RL4xMxUNQ+qrdZdUWSQlIO7Uq/YDikm4/HZw+N3HT5e6+9GzRNJ821g9BlaqvUapQFfQFBjxPMfW+U//MuZxThdN/tvO/T15L7KvN3j83FvY9uddECA38FUK4oczEjDZM4OrIovwMF+3Rv7ED0UMEQJbCPMLW1waQGOocCRJ5vcS88LOjp4pddbd3KlX6CRv3Te34vvGyvky3mKmDBoujbLQJj+m16taCnKCFevJJ9MOP21lFvOcUnTdZ40y7VwlFoVkK2Vo5xup5e0h5BzROn8zJhV2z1Yqi5Bns4HAms9K9evjQLeDQWfgCuvTJD9qBwBB/oDswp6XEexV41N35fiAB7GWYxCVAfVGeJx2v9ooK4tChFHih9ql3wFquZ8CRIkmEHyqkyX84irdmVvWuTKEMzfjeLTdkHooCws2fS2gvfO0kX5QFnOyX8VSCgTwRk6LFoxfSBLkAwfSMPlsilxBwjPOEWS8Jt9iEGwxgRpKVTlVtvNiPhtdUuXBTR6kFgsIE=
Referer
https://uat.staging-investment-proposal.standardlife.ie/
x-amz-user-agent
aws-amplify/5.2.5 js
x-amz-date
20230619T134005Z

Response headers

x-amzn-appsync-tokensconsumed
6
date
Mon, 19 Jun 2023 13:40:10 GMT
content-encoding
gzip
via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-amzn-requestid
f6174ee5-1d1f-4dd1-bf2a-2d5fb5936439
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id
bZaX_0Y9-_YbdGprrMwhwAjpAm81euEZXcf3Farq9GplxmDYm9j2Cw==
graphql
bmpyi3kvvnb5rebfq2jiwoh7pe.appsync-api.eu-west-1.amazonaws.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://bmpyi3kvvnb5rebfq2jiwoh7pe.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-37.fra60.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,x-amz-date,x-amz-security-token,x-amz-user-agent
Access-Control-Request-Method
POST
Origin
https://uat.staging-investment-proposal.standardlife.ie
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-headers
authorization,content-type,x-amz-date,x-amz-security-token,x-amz-user-agent
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Mon, 19 Jun 2023 13:40:06 GMT
via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
x-amz-cf-id
ApkYzbs7dTJ-Sct5A4Hzqyz6yf2rFZvi3a82L9-42aKkltx1m8MkYw==
x-amz-cf-pop
FRA60-P3
x-amzn-requestid
ebb74aa0-fb42-44b9-b124-a30419e64c33
x-cache
Miss from cloudfront

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| webpackChunkslal_client_reporting function| Buffer object| Ionic

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self';connect-src 'self' *.appsync-api.eu-west-1.amazonaws.com cognito-idp.eu-west-1.amazonaws.com *.auth.eu-west-1.amazoncognito.com cognito-identity.eu-west-1.amazonaws.com *.google-analytics.com:443 https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' *.standardlife.ie https://www.google-analytics.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src fonts.gstatic.com;img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.googletagmanager.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block