hsbc.investflow.io Open in urlscan Pro
2606:4700:20::681a:548 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hsbc.investflow.io/
Submission: On July 07 via automatic, source certstream-suspicious (July 7th 2024, 10:09:59 am UTC) — Scanned from DE

Summary HTTP 37 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 37 HTTP transactions. The main IP is 2606:4700:20::681a:548, located in United States and belongs to CLOUDFLARENET, US. The main domain is hsbc.investflow.io.
TLS certificate: Issued by WE1 on July 6th 2024. Valid for: 3 months.

This is the only time hsbc.investflow.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
25	2606:4700:20:... 2606:4700:20::681a:548	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:20:... 2606:4700:20::681a:448	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.218.116.136 52.218.116.136	() ()
37	4

25 2606:4700:20::681a:548 (United States)

ASN13335 (CLOUDFLARENET, US)

hsbc.investflow.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:20::681a:448 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hsbc.investflow.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.218.116.136 (None, )

ASN- ()

s3-eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	investflow.io hsbc.investflow.io api.hsbc.investflow.io	3 MB
1	amazonaws.com s3-eu-west-1.amazonaws.com	28 KB
37	2

	Domain	Requested by
25	hsbc.investflow.io	hsbc.investflow.io
5	api.hsbc.investflow.io	hsbc.investflow.io
1	s3-eu-west-1.amazonaws.com
37	3

This site contains no links.

Subject Issuer	Validity	Valid
hsbc.investflow.io WE1	`2024-07-06` - `2024-10-04`	3 months	crt.sh
api.hsbc.investflow.io WE1	`2024-07-06` - `2024-10-04`	3 months	crt.sh
*.s3-eu-west-1.amazonaws.com Amazon RSA 2048 M01	`2024-06-22` - `2025-05-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hsbc.investflow.io/
Frame ID: DE69E1081E78F1C7BA8B80620267ABB9
Requests: 34 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HSBC Invest Flow

Page Statistics

37
Requests

84 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

3453 kB
Transfer

12692 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
hsbc.investflow.io/ 925 B
1 KB 240ms
140ms Document
text/html 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ee4edf43aa3153b5e926cdfdb6ebdedbe4afa2adc9c2978e76872e526c6a0c6

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: max-age=0 no-cache
cf-cache-status: DYNAMIC
cf-ray: 89f70aad0b2665d4-FRA
content-encoding: br
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
content-type: text/html
date: Sun, 07 Jul 2024 10:09:54 GMT
expires: Sun, 07 Jul 2024 10:09:54 GMT
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
permissions-policy: fullscreen=*
referrer-policy: strict-origin-when-cross-origin
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-robots-tag: noindex
x-xss-protection: 1; mode=block

GET
H2 200 styles.e1e47352d973612e.css
hsbc.investflow.io/ 221 KB
28 KB 243ms
242ms Stylesheet
text/css 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/styles.e1e47352d973612e.css

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5131c29386419d95ef57756f89937391ddbe874ef04161ae7d8dc817333b1b

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-375fa"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70aadec3165d4-FRA

GET
H2 200 rocket-loader.min.js Show response
hsbc.investflow.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 44ms
44ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jul 2024 09:57:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66867220-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jPjSbcasr0zD%2BGyK2tX%2BOwbiiB%2Fl2w5AYeetLyNC3WScMtubLRuqP0qW4SoL7agceNw2RPGXqo1NlVAfyji2BniP1PDSqkZR4hV0H5wZ9v%2F7iiU9bBm95R%2FCddueNqvdhABXrZu32PZLxZwWwpJBaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 89f70aadec3465d4-FRA
expires: Tue, 09 Jul 2024 10:09:54 GMT

GET main.8a786f4987494cea.js
hsbc.investflow.io/ 0
0

GET scripts.27993c951a884187.js
hsbc.investflow.io/ 0
0

GET polyfills.25bddeda51e0d133.js
hsbc.investflow.io/ 0
0

GET runtime.f781aeda24660eb2.js
hsbc.investflow.io/ 0
0

GET
H2 200 runtime.f781aeda24660eb2.js Show response
hsbc.investflow.io/ 6 KB
3 KB 169ms
168ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e8228dad4df4dae3ab57977342b72e67d9fd742c56af37738a9aea66375d0b6

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-17ee"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70aaf8e5b65d4-FRA

GET
H2 200 favicon-bloomflow.png
hsbc.investflow.io/assets/ 1 KB
1 KB 141ms
141ms Other
image/png 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/assets/favicon-bloomflow.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb732facc10dcfc69f8dbb8a8be7d396ded9f97f2061d1b64fd0ca0682e00957

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-length: 1264
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
server: cloudflare
etag: "66842ffc-4f0"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 89f70aaf8e5c65d4-FRA

GET
H2 200 polyfills.25bddeda51e0d133.js Show response
hsbc.investflow.io/ 206 KB
74 KB 272ms
272ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/polyfills.25bddeda51e0d133.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02ebb2b0221e298dcee32460fb05f60b634763f2647e1ab85137eea0dc79548e

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-337e9"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ab09f6965d4-FRA

GET
H2 200 scripts.27993c951a884187.js Show response
hsbc.investflow.io/ 72 KB
27 KB 203ms
201ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/scripts.27993c951a884187.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

847f7c5de42220bbcf3d187536a3a15a2f96738dfe7302474f9718a0405ec8d3

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-11f46"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ab31a8965d4-FRA

GET
H2 200 main.8a786f4987494cea.js Show response
hsbc.investflow.io/ 9 MB
1 MB 470ms
470ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/main.8a786f4987494cea.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc6e187fdd1cee208693533058a4c65978fd0735328e6c1e9719706b41a7a7d7

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:58:03 GMT
server: cloudflare
etag: W/"6684319b-925af9"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ab46c2b65d4-FRA

GET
H2 200 config Show response
api.hsbc.investflow.io/api/ 10 KB
4 KB 294ms
192ms XHR
application/json 2606:4700:20::681a:448
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hsbc.investflow.io/api/config

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/polyfills.25bddeda51e0d133.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:448 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb91512f65a6e36bf2901ae2d7640b615c4fe56fcd0d19c3bf781a078a831e42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/json, text/plain, */*
Referer: https://hsbc.investflow.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"2665-cpJSoPh2kDT9f+7+FpsNc7+RYYs"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://hsbc.investflow.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3O1hKYQaEWURAH9VdTkJ0XPh2fpthJxM6vljtvpBPBknXdtPqAPQ8aRMFWvY3q5XFrtgOCOsj3jdtpNxWoGrekA891OBSbCMBh0oVM63GKScEenM6jVjw5E5dobBXW5UgS7BKzbqk5Nnwnr7qr2zmcO0JR4%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Content-Disposition
access-control-allow-credentials: true
cf-ray: 89f70abb2c9a9295-FRA

OPTIONS
H2 204 maintenance-status
api.hsbc.investflow.io/api/config/ 0
0 85ms
85ms Preflight 2606:4700:20::681a:448
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hsbc.investflow.io/api/config/maintenance-status

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:448 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,startupflow-client,startupflow-client-version
Access-Control-Request-Method: GET
Origin: https://hsbc.investflow.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,startupflow-client,startupflow-client-version
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://hsbc.investflow.io
access-control-expose-headers: Content-Disposition
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 89f70abc6ddb9295-FRA
date: Sun, 07 Jul 2024 10:09:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6CjAUMZrIh6vE7NY%2BpxDjy7Mj6y%2FzBNUFFz8x2m%2FujB1%2Fx2CQaFKjC2mW4tG0w1rfLiXdJ9hU2c7tiPEQTx3XmSB5ueq1U8odLTV8dsq72%2FCa7lAMDw15IbohUqNkRs%2Bkm%2BOzz0LXtqQNKg7bQ%2BtZsLQZ1s%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Access-Control-Request-Headers
x-powered-by: Express

GET
H2 200 maintenance-status Show response
api.hsbc.investflow.io/api/config/ 63 B
390 B 98ms
98ms XHR
application/json 2606:4700:20::681a:448
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hsbc.investflow.io/api/config/maintenance-status

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/polyfills.25bddeda51e0d133.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:448 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fbd9d0c89f856369b656e40c7ae162f2c25d6802d16daaca6595b0ac0574a1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Startupflow-Client: webapp
Startupflow-Client-Version: 4.40.3
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://hsbc.investflow.io/
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"3f-VVCtXctfch4Ny0Yj5iCSEWSR8bI"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://hsbc.investflow.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jAhb7qWSSVk6FjRfaxBiMiE9SeiWUYKW8fSfJMw9dJSdLKaFranYj%2FUFrM9%2Fhz7%2FJNtr1ZikTyvmFHiMNV%2BbGs6IXMVLsomtnWifA07xG13FlUP90bPMcLLIqrd6O4NUZnDCFIPglemqHZlB4ufWhFNRCK0%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Content-Disposition
access-control-allow-credentials: true
cf-ray: 89f70abcee5a9295-FRA

GET
H2 200 i18n1.89f6498b12bec628.js Show response
hsbc.investflow.io/ 338 KB
72 KB 242ms
241ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/i18n1.89f6498b12bec628.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20dbc3294283f9928a3ddd04857ac6bcfd0031463de65fa572fa32898895af59

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-549d9"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70abd8e8465d4-FRA

GET
H2 200 favicon-flamingo.ico
hsbc.investflow.io/assets/ 279 KB
7 KB 236ms
236ms Other
image/x-icon 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/assets/favicon-flamingo.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7eba4ee23c81e6395bf44265331f3ce3dff16e05713d33e7ed16c1c28ed6b9b

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
server: cloudflare
etag: W/"66842ffc-45b26"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: image/x-icon
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70abd8e8765d4-FRA

GET
H2 200 common.b29d0edea5a68908.js Show response
hsbc.investflow.io/ 54 KB
13 KB 188ms
188ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/common.b29d0edea5a68908.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1717370300e394fab370439035b774768eccc36af453da8e9b980834a8499d40

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-d75c"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70abf38b265d4-FRA

GET
H2 200 2764.be52cd5fd95e2d73.js Show response
hsbc.investflow.io/ 55 KB
15 KB 201ms
200ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/2764.be52cd5fd95e2d73.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94dc7c2d5004b5087e929677e9b5cbf763df235fb63a76efc677cabeadbff6cd

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-db4c"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70abf38b765d4-FRA

GET
H2 200 1312.b29f5b04d13c46c4.js Show response
hsbc.investflow.io/ 69 KB
16 KB 204ms
203ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/1312.b29f5b04d13c46c4.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

446d8b5e41f5fc6ea9c93fee9b031e8d4cfbb6e1bc6be56871c240a7c849d222

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-1125f"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ac08a7665d4-FRA

GET
H2 200 6094.b13a31d07cac3192.js Show response
hsbc.investflow.io/ 19 KB
5 KB 193ms
193ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/6094.b13a31d07cac3192.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15db5100fb6e7b5a9c64db0f4ec0530a53d571f5114d4bc9a248b0889cf4e6c2

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-4a2f"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ac1ec1e65d4-FRA

GET
H2 200 7480.a7db453c3f0a1bcf.js Show response
hsbc.investflow.io/ 9 KB
3 KB 174ms
173ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/7480.a7db453c3f0a1bcf.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c54db8aa9597445abf9e069b6407a780bed00143e70f8409465e174ab8fe1ec

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-241d"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ac1ec1f65d4-FRA

GET
H2 200 2578.d04ff9ecc8bb63cd.js Show response
hsbc.investflow.io/ 27 KB
7 KB 204ms
204ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/2578.d04ff9ecc8bb63cd.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fec509d8f74bf82f4a6bbae59c4249f68634291f60256e37f2085d33716c462f

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-6b4f"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ac1ec2065d4-FRA

GET
H2 200 6517.f99d6cc7354d49e9.js Show response
hsbc.investflow.io/ 8 KB
3 KB 158ms
158ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/6517.f99d6cc7354d49e9.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3281f788983c754d23778f55f0527a353fc7ff283cc3e4c6ff95981f0f882aed

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-20fe"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ac33da365d4-FRA

GET
H2 200 433.aa17ec3f61303d49.js Show response
hsbc.investflow.io/ 11 KB
3 KB 181ms
180ms Script
application/javascript 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/433.aa17ec3f61303d49.js

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acc00bc00b06448b59a4a5a856889d50c1c03846599fba96e530b95f007c13cc

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/login
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:50:47 GMT
server: cloudflare
etag: W/"66842fe7-2c19"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ac44ecd65d4-FRA

GET
H2 200 favicon-flamingo.ico
hsbc.investflow.io/assets/ 279 KB
0 0ms
0ms Other
image/x-icon 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/assets/favicon-flamingo.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7eba4ee23c81e6395bf44265331f3ce3dff16e05713d33e7ed16c1c28ed6b9b

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:57 GMT
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
server: cloudflare
etag: W/"66842ffc-45b26"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: image/x-icon
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70abd8e8765d4-FRA

OPTIONS
H2 204 login-url
api.hsbc.investflow.io/api/auth/adfs/ 0
0 82ms
82ms Preflight 2606:4700:20::681a:448
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hsbc.investflow.io/api/auth/adfs/login-url

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:448 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,startupflow-client,startupflow-client-version
Access-Control-Request-Method: GET
Origin: https://hsbc.investflow.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,startupflow-client,startupflow-client-version
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://hsbc.investflow.io
access-control-expose-headers: Content-Disposition
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 89f70ac58eeb9295-FRA
date: Sun, 07 Jul 2024 10:09:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bfK63DgXQcauiG5ynkQ%2BlUmitcpwZrDT4pnZmPwkGCMplCrYkjZIAl8NNYX0UanSqxIezrMHXkofHDtge%2BQ3ku307umf7gidYrsCuzCmEj9NZMSDoh0kJ3SJpnlLclWc8W9x9mRwqi3S51Cf2lTEWbtTpZQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Access-Control-Request-Headers
x-powered-by: Express

GET
H2 200 login-url Show response
api.hsbc.investflow.io/api/auth/adfs/ 1 KB
1 KB 100ms
100ms XHR
application/json 2606:4700:20::681a:448
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hsbc.investflow.io/api/auth/adfs/login-url

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/polyfills.25bddeda51e0d133.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:448 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d517f1a6e79bb433fe100ccd46ecd02b671a2a5d012977fbefd8c48384cd818

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Startupflow-Client: webapp
Startupflow-Client-Version: 4.40.3
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://hsbc.investflow.io/
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"40b-Fr+5ftBWSQnb1YqMvFE6xKE2IrQ"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://hsbc.investflow.io
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8fxUN2eGlD4ZmbAlLQqsb4ZLyGQOpeixnaQD7DOfq%2FKn7mXntwG5txFVcUw2h8ilyZxpBo91GVnpxf8YPP61FSppwyyk2C2XzB4cmSeNOxJdGh0IW04f4o38Rbt%2B%2BmIG0q7ac1189a8XpYxXH5rzhnJvLdA%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Content-Disposition
access-control-allow-credentials: true
cf-ray: 89f70ac60f7a9295-FRA

GET
H/1.1 200
OK logo-hsbc-black.png
s3-eu-west-1.amazonaws.com/assets.startupflow/logos/ 28 KB
28 KB 209ms
75ms Image
image/png 52.218.116.136

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-eu-west-1.amazonaws.com/assets.startupflow/logos/logo-hsbc-black.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.218.116.136 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f9fbba50d2fdc022ec2f72ac2c68e5e46547d4aff2a24bef458bacd2d5450310

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 10:09:59 GMT
x-amz-version-id: null
Last-Modified: Wed, 15 Jul 2020 09:47:10 GMT
Server: AmazonS3
x-amz-request-id: 803VMRVPHRKDMZMJ
ETag: "9ce3923752d299fb1eeab10204b8d90a"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 28574
x-amz-id-2: RyuR+b+okGFxKjvbHbHMAK4Qe3MjrMe/6kmJZ1S7QzpovWX343FA8iJ2CjfZObrjr1tMZkkGklc=

GET
H2 200 startupflow_logo.svg
hsbc.investflow.io/assets/illustrations/ 9 KB
4 KB 179ms
178ms Image
image/svg+xml 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hsbc.investflow.io/assets/illustrations/startupflow_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

730b326958be2e5be03226dd891a883a3b10f06553c58c51c966304fc65f6c0b

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
server: cloudflare
etag: W/"66842ffc-24be"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
x-robots-tag: noindex
cf-ray: 89f70ac5985b65d4-FRA

GET
H2 200 product_pilar_1.png
hsbc.investflow.io/assets/illustrations/login/ 481 KB
481 KB 183ms
182ms Image
image/png 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hsbc.investflow.io/assets/illustrations/login/product_pilar_1.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22679f658d289f574cf183a0946c8ffee4346fd5e312e1897cfa3d842e578b60

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-length: 492249
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
server: cloudflare
etag: "66842ffc-782d9"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 89f70ac5985e65d4-FRA

GET
H2 200 product_pilar_2.png
hsbc.investflow.io/assets/illustrations/login/ 430 KB
430 KB 156ms
155ms Image
image/png 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hsbc.investflow.io/assets/illustrations/login/product_pilar_2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21d9c7cabc16c1c0078f2269df5872823097acd6149a0cb81be0fd3a35936b28

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-length: 439854
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
server: cloudflare
etag: "66842ffc-6b62e"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 89f70ac5986065d4-FRA

GET
H2 200 product_pilar_3.png
hsbc.investflow.io/assets/illustrations/login/ 350 KB
350 KB 217ms
216ms Image
image/png 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hsbc.investflow.io/assets/illustrations/login/product_pilar_3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

320ca373b7f848cc08179f8435cc3040ee8f1d8ba9749e865d0024a044f970c2

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-length: 358311
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
server: cloudflare
etag: "66842ffc-577a7"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 89f70ac5986165d4-FRA

GET
H2 200 product_pilar_4.png
hsbc.investflow.io/assets/illustrations/login/ 294 KB
295 KB 207ms
206ms Image
image/png 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hsbc.investflow.io/assets/illustrations/login/product_pilar_4.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97a863e663d8b7b4a570b1d57b5fcb2f71c6e9b4d3daa7f8e6f424c6b631589e

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/login
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-length: 301443
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
server: cloudflare
etag: "66842ffc-49983"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 89f70ac5986365d4-FRA

GET
H2 200 hinted-WorkSans-Medium.woff2
hsbc.investflow.io/assets/fonts/ 56 KB
57 KB 187ms
187ms Font
font/woff2 2606:4700:20::681a:548
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbc.investflow.io/assets/fonts/hinted-WorkSans-Medium.woff2

Requested by

Host: hsbc.investflow.io
URL: https://hsbc.investflow.io/styles.e1e47352d973612e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:548 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21564db91c7d847f2daf4595f7bf22a12dbc853f28dee5269e1a7c5ca4045d64

Security Headers

Name	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hsbc.investflow.io/styles.e1e47352d973612e.css
Origin: https://hsbc.investflow.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 10:09:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://*.crisp.chat; style-src 'unsafe-inline' 'self' https://*.crisp.chat; script-src 'self' https://*.crisp.chat https://*.infra.bloomflow.com/* https://*.sentry.io/* https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
cf-cache-status: MISS
content-length: 57780
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 16:51:08 GMT
server: cloudflare
etag: "66842ffc-e1b4"
x-frame-options: DENY
report-to: {'group':'csp-endpoint','max_age': 10886400,'endpoints':[{'url':'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'}],'include_subdomains':true}
content-type: font/woff2
vary: Accept-Encoding
cache-control: max-age=14400
permissions-policy: fullscreen=*
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 89f70ac5a87565d4-FRA

OPTIONS actions
api.hsbc.investflow.io/api/ 0
0

POST actions
api.hsbc.investflow.io/api/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hsbc.investflow.io
URL: https://hsbc.investflow.io/main.8a786f4987494cea.js

Domain: hsbc.investflow.io
URL: https://hsbc.investflow.io/scripts.27993c951a884187.js

Domain: hsbc.investflow.io
URL: https://hsbc.investflow.io/polyfills.25bddeda51e0d133.js

Domain: hsbc.investflow.io
URL: https://hsbc.investflow.io/runtime.f781aeda24660eb2.js

Domain: api.hsbc.investflow.io
URL: https://api.hsbc.investflow.io/api/actions

Domain: api.hsbc.investflow.io
URL: https://api.hsbc.investflow.io/api/actions

Verdicts & Comments Add Verdict or Comment

173 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://hsbc.investflow.io/ Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738'. It will be ignored.
other	warning	URL: https://hsbc.investflow.io/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A preload for 'https://hsbc.investflow.io/runtime.f781aeda24660eb2.js' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-src https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://.crisp.chat; style-src 'unsafe-inline' 'self' https://.crisp.chat; script-src 'self' https://.crisp.chat https://.infra.bloomflow.com/* https://.sentry.io/ https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; object-src 'none'; base-uri 'self'; report-uri https://140d3d3cafab463d99310a8f85f236f9@sentry-relay.infra.bloomflow.com/5375738; report-to csp-endpoint;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hsbc.investflow.io
hsbc.investflow.io
s3-eu-west-1.amazonaws.com
api.hsbc.investflow.io
hsbc.investflow.io
2606:4700:20::681a:448
2606:4700:20::681a:548
52.218.116.136
02ebb2b0221e298dcee32460fb05f60b634763f2647e1ab85137eea0dc79548e
15db5100fb6e7b5a9c64db0f4ec0530a53d571f5114d4bc9a248b0889cf4e6c2
1717370300e394fab370439035b774768eccc36af453da8e9b980834a8499d40
20dbc3294283f9928a3ddd04857ac6bcfd0031463de65fa572fa32898895af59
21564db91c7d847f2daf4595f7bf22a12dbc853f28dee5269e1a7c5ca4045d64
21d9c7cabc16c1c0078f2269df5872823097acd6149a0cb81be0fd3a35936b28
22679f658d289f574cf183a0946c8ffee4346fd5e312e1897cfa3d842e578b60
2c54db8aa9597445abf9e069b6407a780bed00143e70f8409465e174ab8fe1ec
2d517f1a6e79bb433fe100ccd46ecd02b671a2a5d012977fbefd8c48384cd818
320ca373b7f848cc08179f8435cc3040ee8f1d8ba9749e865d0024a044f970c2
3281f788983c754d23778f55f0527a353fc7ff283cc3e4c6ff95981f0f882aed
446d8b5e41f5fc6ea9c93fee9b031e8d4cfbb6e1bc6be56871c240a7c849d222
4fbd9d0c89f856369b656e40c7ae162f2c25d6802d16daaca6595b0ac0574a1e
5ee4edf43aa3153b5e926cdfdb6ebdedbe4afa2adc9c2978e76872e526c6a0c6
730b326958be2e5be03226dd891a883a3b10f06553c58c51c966304fc65f6c0b
7e5131c29386419d95ef57756f89937391ddbe874ef04161ae7d8dc817333b1b
7e8228dad4df4dae3ab57977342b72e67d9fd742c56af37738a9aea66375d0b6
847f7c5de42220bbcf3d187536a3a15a2f96738dfe7302474f9718a0405ec8d3
94dc7c2d5004b5087e929677e9b5cbf763df235fb63a76efc677cabeadbff6cd
97a863e663d8b7b4a570b1d57b5fcb2f71c6e9b4d3daa7f8e6f424c6b631589e
acc00bc00b06448b59a4a5a856889d50c1c03846599fba96e530b95f007c13cc
bb91512f65a6e36bf2901ae2d7640b615c4fe56fcd0d19c3bf781a078a831e42
bc6e187fdd1cee208693533058a4c65978fd0735328e6c1e9719706b41a7a7d7
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d7eba4ee23c81e6395bf44265331f3ce3dff16e05713d33e7ed16c1c28ed6b9b
eb732facc10dcfc69f8dbb8a8be7d396ded9f97f2061d1b64fd0ca0682e00957
f9fbba50d2fdc022ec2f72ac2c68e5e46547d4aff2a24bef458bacd2d5450310
fec509d8f74bf82f4a6bbae59c4249f68634291f60256e37f2085d33716c462f

hsbc.investflow.io Open in urlscan Pro 2606:4700:20::681a:548 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

37 Requests

84 %HTTPS

67 %IPv6

2 Domains

3 Subdomains

4 IPs

1 Countries

3453 kBTransfer

12692 kBSize

0 Cookies

0 Outgoing links

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hsbc.investflow.io Open in urlscan Pro
2606:4700:20::681a:548 Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

84 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

3453 kB
Transfer

12692 kB
Size

0
Cookies

37 HTTP transactions
0 data transactions