urlscan.io logo urlscan.io
SecurityTrails logo

risk.wazoku.com Open in urlscan Pro
51.141.34.112  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://risk.wazoku.com/user/b85eb78208924241896833e254b02ee5
Effective URL: https://risk.wazoku.com/
Submission: On May 28 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 15 HTTP transactions. The main IP is 51.141.34.112, located in Cardiff, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is risk.wazoku.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on June 6th 2017. Valid for: 3 years.
This is the only time risk.wazoku.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 51.141.34.112 8075 (MICROSOFT...)
3 2a00:1450:400... 15169 (GOOGLE)
1 1 104.18.70.113 13335 (CLOUDFLAR...)
1 104.18.71.113 13335 (CLOUDFLAR...)
1 2600:9000:20b... 16509 (AMAZON-02)
15 5
9    51.141.34.112 (Cardiff, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
risk.wazoku.com
3    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
1    104.18.70.113 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
assets.zendesk.com
1    104.18.71.113 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
static.zdassets.com
1    2600:9000:20bb:d200:14:e8dc:9940:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
ekr.zdassets.com
Domain Requested by
9 risk.wazoku.com risk.wazoku.com
ajax.googleapis.com
3 ajax.googleapis.com risk.wazoku.com
1 ekr.zdassets.com static.zdassets.com
1 static.zdassets.com
1 assets.zendesk.com 1 redirects
0 adfederationservices.it.global.hsbc Failed risk.wazoku.com
15 6

This site contains no links.

Subject Issuer Validity Valid
*.wazoku.com
COMODO RSA Domain Validation Secure Server CA		 2017-06-06 -
2020-06-09		 3 years crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-05-07 -
2019-07-30		 3 months crt.sh
*.zdassets.com
COMODO RSA Domain Validation Secure Server CA		 2017-09-14 -
2020-09-13		 3 years crt.sh

This page contains 2 frames:

Frame: https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJdT8IwFP0rS9%2B3bhOjNoxkQgwkqBOmD7yYsl2goWuhtxPw19sNlWgivrX3nq%2BetKswZGltV2oC2xrQevtKKmRunJDaKKY5CnflFSCzBZum92MWByHbGG11oSX5JkTnCRwRjBVaES%2F9Ova1wroCMwXzJgp4nowTsrJ2g4xSI3Ad7Pi7XtdBoSuKvJKvWlKpl8JpDFxWoXijcuLwcgElmHaKR00MhA2WUs%2B5DFY4LxoMUomUeKNBQkTpx9zkT6lKt7P9ng8779ptEGsYKbRc2YTEYXTjh5d%2BfJ1HHRaH7OJqRrzss4BboUqhlucfPz%2BCkA3zPPOzx2lOvBcw2KZ3ANLrugJZ62u8O20qbs8rNhMXftFCGSgr7IH0%2FiqvS0%2FyjVXIHhx%2FNMi0FMXBS6XUu74BbiEh1tRA%2Fs0QBdGvDLXCDRRiIaAkHu01lj%2B%2FVu8D
Frame ID: 9E15A07BB204CFD5FE3D04B29099F912
Requests: 13 HTTP requests in this frame

Frame: https://static.zdassets.com/ekr/asset_composer.js
Frame ID: B887B61DC3CDBF5BBEE7BE663388A59E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://risk.wazoku.com/user/b85eb78208924241896833e254b02ee5 Page URL
  2. https://risk.wazoku.com/ Page URL

Page Statistics

15
Requests

93 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

1594 kB
Transfer

9222 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://risk.wazoku.com/user/b85eb78208924241896833e254b02ee5 Page URL
  2. https://risk.wazoku.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://assets.zendesk.com/embeddable_framework/main.js HTTP 301
  • https://static.zdassets.com/ekr/asset_composer.js
Request Chain 12
  • https://risk.wazoku.com/api/v1/authorisation/login?integration_type=saml&id=2&redirect_to=%2Fuser%2Fb85eb78208924241896833e254b02ee5 HTTP 302
  • https://risk.wazoku.com/saml_ol/login?redirect_to=%2Fuser%2Fb85eb78208924241896833e254b02ee5&id=2 HTTP 302
  • https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJdT8IwFP0rS9%2B3bhOjNoxkQgwkqBOmD7yYsl2goWuhtxPw19sNlWgivrX3nq%2BetKswZGltV2oC2xrQevtKKmRunJDaKKY5CnflFSCzBZum92MWByHbGG11oSX5JkTnCRwRjBVaES%2F9Ova1wroCMwXzJgp4nowTsrJ2g4xSI3Ad7Pi7XtdBoSuKvJKvWlKpl8JpDFxWoXijcuLwcgElmHaKR00MhA2WUs%2B5DFY4LxoMUomUeKNBQkTpx9zkT6lKt7P9ng8779ptEGsYKbRc2YTEYXTjh5d%2BfJ1HHRaH7OJqRrzss4BboUqhlucfPz%2BCkA3zPPOzx2lOvBcw2KZ3ANLrugJZ62u8O20qbs8rNhMXftFCGSgr7IH0%2FiqvS0%2FyjVXIHhx%2FNMi0FMXBS6XUu74BbiEh1tRA%2Fs0QBdGvDLXCDRRiIaAkHu01lj%2B%2FVu8D

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set b85eb78208924241896833e254b02ee5
risk.wazoku.com/user/ 		603 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/user/b85eb78208924241896833e254b02ee5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
risk.wazoku.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:20:34 GMT
Content-Type
text/html; charset=utf-8
Content-Length
333
Connection
keep-alive
Vary
Cookie, Accept-Encoding
X-App-CSRF
BSnoNMFfGsrh5CO8sPHJJt6yCdXSQaeIKL3fH1IDqMGLMpnWDGOlMnNd3S9VAsYR
Content-Encoding
gzip
Set-Cookie
csrftoken=BSnoNMFfGsrh5CO8sPHJJt6yCdXSQaeIKL3fH1IDqMGLMpnWDGOlMnNd3S9VAsYR; expires=Tue, 26-May-2020 14:20:34 GMT; HttpOnly; Max-Age=31449600; Path=/; Secure
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Control
private, max-age=0, no-cache, no-store
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
Primary Request Cookie set /
risk.wazoku.com/ 		62 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/user/b85eb78208924241896833e254b02ee5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
dc6964ab5a24a97f847a8cfd82e16534fe85497f55b0a85acdc59b4870f28b2e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
risk.wazoku.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://risk.wazoku.com/user/b85eb78208924241896833e254b02ee5
Accept-Encoding
gzip, deflate, br
Cookie
csrftoken=BSnoNMFfGsrh5CO8sPHJJt6yCdXSQaeIKL3fH1IDqMGLMpnWDGOlMnNd3S9VAsYR
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/user/b85eb78208924241896833e254b02ee5

Response headers

Date
Tue, 28 May 2019 14:20:34 GMT
Content-Type
text/html; charset=utf-8
Content-Length
12719
Connection
keep-alive
P3P
CP="NOI ADM DEV COM NAV OUR STP"
Vary
Cookie, Accept-Encoding
X-App-CSRF
BSnoNMFfGsrh5CO8sPHJJt6yCdXSQaeIKL3fH1IDqMGLMpnWDGOlMnNd3S9VAsYR
Content-Encoding
gzip
Set-Cookie
csrftoken=BSnoNMFfGsrh5CO8sPHJJt6yCdXSQaeIKL3fH1IDqMGLMpnWDGOlMnNd3S9VAsYR; expires=Tue, 26-May-2020 14:20:34 GMT; HttpOnly; Max-Age=31449600; Path=/; Secure
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Control
private, max-age=0, no-cache, no-store
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
main.min.css
risk.wazoku.com/static/build/clients/base/ 		1 MB
150 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/clients/base/main.min.css?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
4e027742263c9daa5748ff72ad489bd89e683c5b622413f3eed79ddd757d7df1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:20:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 May 2019 16:02:13 GMT
ETag
W/"5ce81585-141095"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
text/css
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.0/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

date
Mon, 15 Apr 2019 18:38:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3699739
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
30768
x-xss-protection
0
last-modified
Mon, 15 Apr 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Apr 2020 18:38:16 GMT
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/ 		248 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

date
Sat, 09 Mar 2019 02:20:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6955199
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
67948
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 08 Mar 2020 02:20:36 GMT
angular.min.js
ajax.googleapis.com/ajax/libs/angularjs/1.7.3/ 		288 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/angularjs/1.7.3/angular.min.js
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
4e6229ccf9349a51709641a6a52181c3d37952ddfa75d091daa6560fbf41c929
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

date
Tue, 07 May 2019 17:25:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1803303
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
73203
x-xss-protection
0
last-modified
Fri, 21 Sep 2018 18:41:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 May 2020 17:25:32 GMT
vendor.min.js
risk.wazoku.com/static/build/v2/ 		3 MB
532 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/v2/vendor.min.js?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
05473a6431cf509eb7016abfff4c008a2242376dde9c1457d490660b8261c41d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:20:35 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 May 2019 15:59:21 GMT
ETag
W/"5ce814d9-2947a0"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/javascript
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
hsbcabout.js
risk.wazoku.com/static/new/locale/ 		574 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/new/locale/hsbcabout.js?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
68fdef4e38500b88f9031b80a53dd97aa581b423d927917e052042cb6aeaaf1a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:20:35 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 May 2019 15:57:34 GMT
ETag
W/"5ce8146e-8f706"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/javascript
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
scripts.min.js
risk.wazoku.com/static/build/v2/ 		4 MB
628 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/v2/scripts.min.js?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
fb71f44e318cf699277b8f0ab9e4111036ff1c1da264a2771d9d53776e37fb7c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:20:35 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 May 2019 16:00:56 GMT
ETag
W/"5ce81538-3e63eb"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/javascript
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
ajax-loader.gif
risk.wazoku.com/static/img/icons/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://risk.wazoku.com/static/img/icons/ajax-loader.gif?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
b732d60567a14ab30d56b947ba7f394435eb186ba923214c7a92c4aa1648aa9e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:20:35 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
2506
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 02 Apr 2019 09:51:51 GMT
X-Frame-Options
DENY
ETag
"5ca330b7-9ca"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
image/gif
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Accept-Ranges
bytes
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
asset_composer.js
static.zdassets.com/ekr/ Frame B887
Redirect Chain
  • https://assets.zendesk.com/embeddable_framework/main.js
  • https://static.zdassets.com/ekr/asset_composer.js
24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/asset_composer.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.71.113 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 28 May 2019 14:20:37 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
A383ACC1B221A667
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=0
content-type
application/javascript
x-amz-id-2
P8ZNVlTXmrknrt7aPIWPCMmMqUze3AdABK62gMjMbDKXqX4XdhlZp48S6ljmSfjhLMNfLCtsHTI=
last-modified
Thu, 09 May 2019 06:26:10 GMT
server
cloudflare
etag
W/"900f9b4dedbc0f34b05b14425f37386b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
2Kdt9_2NDyrC16g7mZ8PRxgDRyOPYaJR
cache-control
public, max-age=3600, s-maxage=60
cf-ray
4de0ded009346a1d-LHR

Redirect headers

date
Tue, 28 May 2019 14:20:37 GMT
server
cloudflare
location
https://static.zdassets.com/ekr/asset_composer.js
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
status
301
cache-control
max-age=3600
strict-transport-security
max-age=0
cf-ray
4de0decccebbc833-AMS
expires
Tue, 28 May 2019 15:20:37 GMT
open-sans-v13-latin-regular.woff2
risk.wazoku.com/static/build/fonts/ 		15 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/fonts/open-sans-v13-latin-regular.woff2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/static/build/clients/base/main.min.css?v=e0b4f25f2e29fd59f22d1bbb466580f4
Origin
https://risk.wazoku.com

Response headers

Date
Tue, 28 May 2019 14:20:37 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
15572
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 02 Apr 2019 09:51:51 GMT
X-Frame-Options
DENY
ETag
"5ca330b7-3cd4"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/octet-stream
Access-Control-Allow-Origin
https://risk.wazoku.com
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Accept-Ranges
bytes
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
ajax-loader.gif
risk.wazoku.com/static/img/icons/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://risk.wazoku.com/static/img/icons/ajax-loader.gif?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:20:37 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
2506
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 02 Apr 2019 09:51:51 GMT
X-Frame-Options
DENY
ETag
"5ca330b7-9ca"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
image/gif
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Accept-Ranges
bytes
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
/
adfederationservices.it.global.hsbc/adfs/ls/
Redirect Chain
  • https://risk.wazoku.com/api/v1/authorisation/login?integration_type=saml&id=2&redirect_to=%2Fuser%2Fb85eb78208924241896833e254b02ee5
  • https://risk.wazoku.com/saml_ol/login?redirect_to=%2Fuser%2Fb85eb78208924241896833e254b02ee5&id=2
  • https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJdT8IwFP0rS9%2B3bhOjNoxkQgwkqBOmD7yYsl2goWuhtxPw19sNlWgivrX3nq%2BetKswZGltV2oC2xrQevtKKmRunJDaKKY5CnflFSCzBZum92MWByHbGG11oSX5JkTn...
0
0
wazoku.zendesk.com
ekr.zdassets.com/compose/web_widget/ Frame B887 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/web_widget/wazoku.zendesk.com
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/asset_composer.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20bb:d200:14:e8dc:9940:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
adfederationservices.it.global.hsbc
URL
https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJdT8IwFP0rS9%2B3bhOjNoxkQgwkqBOmD7yYsl2goWuhtxPw19sNlWgivrX3nq%2BetKswZGltV2oC2xrQevtKKmRunJDaKKY5CnflFSCzBZum92MWByHbGG11oSX5JkTnCRwRjBVaES%2F9Ova1wroCMwXzJgp4nowTsrJ2g4xSI3Ad7Pi7XtdBoSuKvJKvWlKpl8JpDFxWoXijcuLwcgElmHaKR00MhA2WUs%2B5DFY4LxoMUomUeKNBQkTpx9zkT6lKt7P9ng8779ptEGsYKbRc2YTEYXTjh5d%2BfJ1HHRaH7OJqRrzss4BboUqhlucfPz%2BCkA3zPPOzx2lOvBcw2KZ3ANLrugJZ62u8O20qbs8rNhMXftFCGSgr7IH0%2FiqvS0%2FyjVXIHhx%2FNMi0FMXBS6XUu74BbiEh1tRA%2Fs0QBdGvDLXCDRRiIaAkHu01lj%2B%2FVu8D

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
console-api error URL: https://static.zdassets.com/ekr/asset_composer.js(Line 1)
Message:
Error: compose request failed

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block