No Security Risks Detected
This domain appears to be safe and secure
100%
Score
Disclaimer: This assessment is based on automated analysis of publicly available information. Results are for informational purposes only. For critical applications, consult security professionals.
Scan Information
Last checked:December 19, 2025 12:11:58
Scan Complete
Refresh page after 10 minutes
for updated results
Page Information
Target URL
https://bnppf.castellan-uk.com/users/password/edit?reset_password_token=b6vSVMxARHgrPzeYA-Z1
Page Title
Riskonnect Business Continuity
Status
Active
Host Information
Domain
bnppf.castellan-uk.com
Server
N/A
Country
United Kingdom
IP Address
20.108.216.80
ASN Information
8075
MICROSOFT-CORP-MSN-AS-BLOCK
Technologies
Ruby
Programming languages
Ruby on Rails
Web frameworks
Stimulus
JavaScript frameworks
HSTS
Security
SSL Certificate
HTTPS Enabled
Secure
Certificate Issuer
R12
Valid From
2025-12-09 07:24:26
Valid Until
2026-03-09 07:24:25
Subject Name
*.castellan-uk.com
Performance Statistics
10
Total Requests
2
Domains
2
IP Addresses
2.39 MB
Transfer Size
Content Size2.36 MB
HTTP Headers
cache-control
max-age=0, private, must-revalidate
content-length
83716
content-security-policy
default-src 'self'; base-uri 'self'; child-src 'self'; connect-src 'self' wss://widget-mediator.zopim.com https://avalution.zendesk.com https://bam-cell.nr-data.net https://bam.nr-data.net https://ekr.zdassets.com https://api.luzmo.com https://cdn.walkme.com https://ec-playback.walkme.com https://ec.walkme.com https://rapi.walkme.com https://playerserver.walkme.com https://cdn.equalweb.com https://access.equalweb.com https://ocr.equalweb.com https://devaccess.equalweb.com https://*.blob.core.windows.net; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.walkme.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://app.luzmo.com https://cdn.walkme.com https://app.powerbi.com; img-src 'self' data: blob: https://developer.apple.com https://manula.r.sizr.io https://maps.googleapis.com https://maps.gstatic.com https://play.google.com https://cdn.walkme.com https://ec.walkme.com https://s3.walkmeusercontent.com https://cdn.equalweb.com https://access.equalweb.com https://devaccess.equalweb.com https://*.blob.core.windows.net *.google.com *.bccatalyst.com *.bccatalyst.ca *.castellan-au.com *.castellan-ae.com *.castellan-ca.com *.castellan-eu.com *.castellan-in.com *.castellan-ksa.com *.castellan-sa.com *.castellan-uk.com *.castellan-us.com *.catalyst-ae.com *.catalyst-au.com *.castellan-test.com; manifest-src 'self' https://api.twilio.com https://static.zdassets.com; media-src 'self' https://api.twilio.com; object-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: blob: javascript: https://js-agent.newrelic.com https://maps.googleapis.com https://code.highcharts.com https://cdn.walkme.com https://cdn.jsdelivr.net https://cdn.equalweb.com https://access.equalweb.com https://devaccess.equalweb.com; script-src-attr 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: blob: javascript: https://js-agent.newrelic.com https://maps.googleapis.com https://code.highcharts.com https://cdn.walkme.com https://cdn.jsdelivr.net https://cdn.equalweb.com https://access.equalweb.com https://devaccess.equalweb.com; style-src 'self' 'report-sample' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.walkme.com https://cdn.equalweb.com https://access.equalweb.com https://devaccess.equalweb.com; upgrade-insecure-requests; worker-src blob:
content-security-policy-report-only
default-src 'self'; base-uri 'self'; child-src 'self'; connect-src 'self' wss://widget-mediator.zopim.com https://avalution.zendesk.com https://bam-cell.nr-data.net https://bam.nr-data.net https://ekr.zdassets.com https://api.luzmo.com https://cdn.walkme.com https://ec-playback.walkme.com https://ec.walkme.com https://rapi.walkme.com https://playerserver.walkme.com https://cdn.equalweb.com https://access.equalweb.com https://ocr.equalweb.com https://devaccess.equalweb.com https://*.blob.core.windows.net; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.walkme.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://app.luzmo.com https://cdn.walkme.com https://app.powerbi.com; img-src 'self' data: blob: https://developer.apple.com https://manula.r.sizr.io https://maps.googleapis.com https://maps.gstatic.com https://play.google.com https://cdn.walkme.com https://ec.walkme.com https://s3.walkmeusercontent.com https://cdn.equalweb.com https://access.equalweb.com https://devaccess.equalweb.com https://*.blob.core.windows.net *.google.com *.bccatalyst.com *.bccatalyst.ca *.castellan-au.com *.castellan-ae.com *.castellan-ca.com *.castellan-eu.com *.castellan-in.com *.castellan-ksa.com *.castellan-sa.com *.castellan-uk.com *.castellan-us.com *.catalyst-ae.com *.catalyst-au.com *.castellan-test.com; manifest-src 'self' https://api.twilio.com https://static.zdassets.com; media-src 'self' https://api.twilio.com; object-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: blob: javascript: https://js-agent.newrelic.com https://maps.googleapis.com https://code.highcharts.com https://cdn.walkme.com https://cdn.jsdelivr.net https://cdn.equalweb.com https://access.equalweb.com https://devaccess.equalweb.com; script-src-attr 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: blob: javascript: https://js-agent.newrelic.com https://maps.googleapis.com https://code.highcharts.com https://cdn.walkme.com https://cdn.jsdelivr.net https://cdn.equalweb.com https://access.equalweb.com https://devaccess.equalweb.com; style-src 'self' 'report-sample' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.walkme.com https://cdn.equalweb.com https://access.equalweb.com https://devaccess.equalweb.com; worker-src blob:
content-type
text/html; charset=utf-8
date
Fri, 19 Dec 2025 12:12:08 GMT
etag
W/"d0f5b707533b1017c1deec18d2faf70f"
link
</assets/change_password-a3bcd9d1.css>; rel=preload; as=style; nopush,</assets/entrypoints/sign_in-577917a8.css>; rel=preload; as=style; nopush,</assets/sign_in_static-ef8dacac.js>; rel=preload; as=script; crossorigin=anonymous; nopush,</assets/sign_in-4923d2f5.js>; rel=modulepreload; as=script; crossorigin=anonymous; nopush
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://catalyst.report-uri.com/a/d/g"}],"include_subdomains":true}
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
2ebb5fa881c5eab43eb61d4e9025c895
x-runtime
0.082908
x-xss-protection
1; mode=block
19 headers detected
Technology Stack Analysis
Ruby
Programming languages
Ruby is an open-source object-oriented programming language.
Ruby on Rails
Web frameworks
Ruby on Rails is a server-side web application framework written in Ruby under the MIT License.
Stimulus
JavaScript frameworks
A modest JavaScript framework for the HTML you already have.
HSTS
Security
HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.
Website Cookies 1
_subscriptions_session
bnppf.castellan-uk.com
HttpOnly Secure Lax
Value
[_subscriptions_session redacted]
Expires:Session
External Links 2
Requested Domains 2
bnppf.castellan-uk.com
Subdomain
No category information available
js-agent.newrelic.com
Unknown Type
No category information available