urlscan.io logo urlscan.io
SecurityTrails logo

uat-auth.zenki.fi Open in urlscan Pro
44.239.52.234  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://portal-uat.zenki.fi/
Effective URL: https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/auth?client_id=merchant&redirect_uri=https%3A%2F%2Fporta...
Submission: On January 10 via manual from AR — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 37 HTTP transactions. The main IP is 44.239.52.234, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is uat-auth.zenki.fi.
TLS certificate: Issued by Amazon on May 20th 2022. Valid for: a year.
This is the only time uat-auth.zenki.fi was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.224.189.125 16509 (AMAZON-02)
11 13.224.189.54 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
1 10 44.239.52.234 16509 (AMAZON-02)
37 7
1    13.224.189.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-125.fra2.r.cloudfront.net
portal-uat.zenki.fi
11    13.224.189.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-54.fra2.r.cloudfront.net
portal-uat.zenki.fi
1    2a00:1450:400d:80c::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
4    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
10    44.239.52.234 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-52-234.us-west-2.compute.amazonaws.com
uat-auth.zenki.fi
Apex Domain
Subdomains		 Transfer
22 zenki.fi
portal-uat.zenki.fi
uat-auth.zenki.fi
3 MB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 127
maps.googleapis.com — Cisco Umbrella Rank: 559
189 KB
4 gstatic.com
fonts.gstatic.com
89 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 356
29 KB
0 productfruits.com Failed
app.productfruits.com Failed
37 5
Domain Requested by
12 portal-uat.zenki.fi 1 redirects portal-uat.zenki.fi
10 uat-auth.zenki.fi 1 redirects portal-uat.zenki.fi
uat-auth.zenki.fi
4 fonts.gstatic.com fonts.googleapis.com
uat-auth.zenki.fi
4 maps.googleapis.com portal-uat.zenki.fi
maps.googleapis.com
1 cdnjs.cloudflare.com portal-uat.zenki.fi
1 fonts.googleapis.com portal-uat.zenki.fi
0 app.productfruits.com Failed portal-uat.zenki.fi
37 7

This site contains links to these domains. Also see Links.

Domain
portal-uat.zenki.fi
Subject Issuer Validity Valid
zenki.fi
Amazon		 2022-02-28 -
2023-03-29		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/auth?client_id=merchant&redirect_uri=https%3A%2F%2Fportal-uat.zenki.fi%2F%23%2Fresolver&state=76ce46d4-b53f-4143-9f93-1496dcc0c189&response_mode=fragment&response_type=code&scope=openid&nonce=8cbdf251-2b87-4edd-8b8a-63741b67761f
Frame ID: D22F6414FB00E077EDA4256FC0EE04C8
Requests: 37 HTTP requests in this frame

Frame: https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/3p-cookies/step2.html
Frame ID: AD29ECAE0024B58F7FD4DB23BEB98223
Requests: 2 HTTP requests in this frame

Frame: https://portal-uat.zenki.fi/assets/silent-check-sso.html
Frame ID: 0FBFB4510D37BD64B0EB25C89042956B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to Zenki

Page URL History Show full URLs

  1. http://portal-uat.zenki.fi/ HTTP 301
    https://portal-uat.zenki.fi/ Page URL
  2. https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/auth?client_id=merchant&redirect_uri... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • /(?:([\d.])+/)?highlight(?:\.min)?\.js

Page Statistics

37
Requests

81 %
HTTPS

57 %
IPv6

5
Domains

7
Subdomains

7
IPs

3
Countries

3494 kB
Transfer

15020 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://portal-uat.zenki.fi/ HTTP 301
    https://portal-uat.zenki.fi/ Page URL
  2. https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/auth?client_id=merchant&redirect_uri=https%3A%2F%2Fportal-uat.zenki.fi%2F%23%2Fresolver&state=76ce46d4-b53f-4143-9f93-1496dcc0c189&response_mode=fragment&response_type=code&scope=openid&nonce=8cbdf251-2b87-4edd-8b8a-63741b67761f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://portal-uat.zenki.fi/ HTTP 301
  • https://portal-uat.zenki.fi/
Request Chain 16
  • https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/auth?client_id=merchant&redirect_uri=https%3A%2F%2Fportal-uat.zenki.fi%2Fassets%2Fsilent-check-sso.html&state=b489a262-c0c8-4a4a-bf8b-6b7d8ac9ba48&response_mode=fragment&response_type=code&scope=openid&nonce=283df0b4-224f-4069-b124-f2c2189db841&prompt=none HTTP 302
  • https://portal-uat.zenki.fi/assets/silent-check-sso.html

37 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
portal-uat.zenki.fi/
Redirect Chain
  • http://portal-uat.zenki.fi/
  • https://portal-uat.zenki.fi/
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3dab5068d4710ff18c167264ab4c616a236585e6f4130ae891869419691d1297
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

age
5942
content-encoding
gzip
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
content-type
text/html
date
Tue, 10 Jan 2023 13:26:13 GMT
etag
W/"7edf57e07cc31ded2238a0a4eeb3285d"
last-modified
Tue, 10 Jan 2023 01:26:21 GMT
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-id
0LUSRF3Es7nTIpKxpfSO2Da2wMzweWyXkbZyWPBidWUqNhpV6u_4lw==
x-amz-cf-pop
FRA2-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Content-Type
text/html
Date
Tue, 10 Jan 2023 15:05:14 GMT
Location
https://portal-uat.zenki.fi/
Referrer-Policy
same-origin
Server
CloudFront
Via
1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
X-Amz-Cf-Id
LvrnNWwDROBbPrhUV9pHQ6fgOzZIO9FnGU7BOWSDMzS-6lET0fVLfw==
X-Amz-Cf-Pop
FRA2-C1
X-Cache
Redirect from cloudfront
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
css2
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;1,400;1,500;1,600
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d412e37ad91838a27d9db29a2c39f6baf75e1ca71f41566d61b114c0aa8b7886
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 10 Jan 2023 15:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 10 Jan 2023 15:05:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 10 Jan 2023 15:05:15 GMT
js
maps.googleapis.com/maps/api/ 		163 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyBgjNW0WA93qphgZW-joXVR6VC3IiYFjfo
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
1fcd19e66b375a32e97cfa5ebb67495cfb287fd45f650b520f44dc6d81e429a1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:15 GMT
content-encoding
gzip
server
mafe
vary
Accept-Language
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
server-timing
gfet4t7; dur=41
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55272
x-xss-protection
0
expires
Tue, 10 Jan 2023 15:35:15 GMT
highlight.min.js
cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.2/ 		98 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.2/highlight.min.js
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a446896ed6dd5086841d19eefeb98551a65a848e961ac248050254d66e758fb
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
11273299
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
28749
last-modified
Thu, 23 Jul 2020 21:15:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f19fdfb-187b4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PxcQzqgr2Y9oXVM4jua9E1jtASpEBkcHhZ%2F13TQyF13QbslIHoHYr2P4ASfR5Mn5wtOPfK0SdH4jtcye96SKMjwQRsd01M4PfqBQHTct1XS5P9F9jBf0AqZ3Rce7D5fnEWftw3uSB2xzmVBYwQtQJ70K"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
78764f4c7abfd912-HEL
expires
Sun, 31 Dec 2023 15:05:14 GMT
styles.css
portal-uat.zenki.fi/ 		982 KB
223 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal-uat.zenki.fi/styles.css
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4b4daab15d27cd4c1bfc8c7faf26390dc5560242775b0d1f6d16339a4517c139
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://portal-uat.zenki.fi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:16 GMT
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
referrer-policy
same-origin
last-modified
Tue, 10 Jan 2023 01:26:22 GMT
server
AmazonS3
etag
W/"f42fff68cf1171cd4a0e22c2c0e4c1cd"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
x-amz-cf-id
dOnfwHDCrcpBYfgpPJkM0yYrFZEfSdteW-G0Cf3uDT-J9kxPuLsCNQ==
logo.png
portal-uat.zenki.fi/assets/images/logo/ 		94 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal-uat.zenki.fi/assets/images/logo/logo.png
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0e6169bf4bd8a48051a55b625385f96bcb7ca7705f0c16f5b8279adea257b5cc
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://portal-uat.zenki.fi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:16 GMT
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
content-length
96625
referrer-policy
same-origin
last-modified
Tue, 10 Jan 2023 01:26:20 GMT
server
AmazonS3
etag
"b6d4aaef78db322d89faa399ab003c1f"
x-frame-options
SAMEORIGIN
content-type
image/png
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
W-OIIjPoHV7QRlDDQRT-Ixm6fqRCq6QhoxGYMddPI2nqaNHY3D83nA==
runtime.js
portal-uat.zenki.fi/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal-uat.zenki.fi/runtime.js
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8bb0481e52105c23f5b60e49708831753ad42fa5c7b9282711ef54ceaa46c684
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://portal-uat.zenki.fi/
Origin
https://portal-uat.zenki.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:16 GMT
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
referrer-policy
same-origin
last-modified
Tue, 10 Jan 2023 01:26:22 GMT
server
AmazonS3
etag
W/"dfa3fd1aaa5093ec408d798d3054c371"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
x-amz-cf-id
LKvX-xahFaNcU9dz7CQ5XFHj62ZauMG0gOpf2A1I_UBjRTD8t8EZzw==
polyfills.js
portal-uat.zenki.fi/ 		133 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal-uat.zenki.fi/polyfills.js
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
232426c713248c84706182114d83492f3bb35e40950d456439678d3400522bbe
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://portal-uat.zenki.fi/
Origin
https://portal-uat.zenki.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:16 GMT
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
referrer-policy
same-origin
last-modified
Tue, 10 Jan 2023 01:26:22 GMT
server
AmazonS3
etag
W/"1756aef2d8042a33540050bf24ebff8c"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
x-amz-cf-id
WOPqNkv_rJAlu1FHT0nZenwcoS2YWMw65rRuWhzxF0T6bt81vHegsA==
scripts.js
portal-uat.zenki.fi/ 		2 MB
554 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal-uat.zenki.fi/scripts.js
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
657acdc289d80da34d5d971b477531879c0af735ef9a87aac75086d55f34b65d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://portal-uat.zenki.fi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:16 GMT
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
referrer-policy
same-origin
last-modified
Tue, 10 Jan 2023 01:26:22 GMT
server
AmazonS3
etag
W/"1398ec3bf807aa955e67f3c098dd99ce"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
x-amz-cf-id
-PV9bmZp_Elp4t_HPCVQ_Q6z1nhMEJyMiHcZEl7ApLrtPzYOncwFGg==
vendor.js
portal-uat.zenki.fi/ 		8 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal-uat.zenki.fi/vendor.js
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bd09afe1e7889fcf816db1b58aecf5108cd570a0e21b5113ca921b5189e362b9
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://portal-uat.zenki.fi/
Origin
https://portal-uat.zenki.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:16 GMT
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
referrer-policy
same-origin
last-modified
Tue, 10 Jan 2023 01:26:23 GMT
server
AmazonS3
etag
W/"9be5bbf8a4bfb26986ce77fbc53d5682"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
x-amz-cf-id
ZLsYDuRGH4PbWZgH7ABnv6nBTMEzErWlbNCNVbVSFe7_G4Uw0V_kOg==
main.js
portal-uat.zenki.fi/ 		3 MB
533 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal-uat.zenki.fi/main.js
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
aafc0ea7d14c6b710c192417e3a063e473a754d167af6c7d7d392926e02a683b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://portal-uat.zenki.fi/
Origin
https://portal-uat.zenki.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:16 GMT
content-encoding
gzip
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
referrer-policy
same-origin
last-modified
Tue, 10 Jan 2023 01:26:22 GMT
server
AmazonS3
etag
W/"245715b0a2b79cc7c2495d9326f90401"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
x-amz-cf-id
t_UHtG7BZimjtd_DG0UuWb_645tjyhgUE3s8z_Hj_RyyP7tSBX3zsw==
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBgjNW0WA93qphgZW-joXVR6VC3IiYFjfo
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://portal-uat.zenki.fi
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23
x-xss-protection
0
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;1,400;1,500;1,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://portal-uat.zenki.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 16:06:09 GMT
x-content-type-options
nosniff
age
601149
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30928
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:57:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Jan 2024 16:06:09 GMT
step1.html
uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/3p-cookies/ Frame AD29 		757 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/3p-cookies/step1.html
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/vendor.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.52.234 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-52-234.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
669a31a113b7353d324d3b19ad3181cd33116c691b1aeb130823848bd7b52dd1
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-cache, must-revalidate, no-transform, no-store
content-length
757
content-security-policy
frame-src 'self'; object-src 'none';
content-type
text/html;charset=utf-8
date
Tue, 10 Jan 2023 15:05:19 GMT
p3p
CP="This is not a P3P policy!"
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-robots-tag
none
x-xss-protection
1; mode=block
meta.json
portal-uat.zenki.fi/ 		173 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://portal-uat.zenki.fi/meta.json?timestamp=1673363119022
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/polyfills.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
56f69948ba68b96c8a703692995bfdeec3addbf13293f1daf7cb324dc4a569cf
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

X-Accept-Timezone
Etc/Unknown
Pragma
no-cache
Accept-Language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Language
en-US;q=0.8,*;q=0.7
Accept
application/json, text/plain, */*
Cache-Control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Referer
https://portal-uat.zenki.fi/
Expires
0

Response headers

date
Tue, 10 Jan 2023 15:05:20 GMT
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
content-length
173
referrer-policy
same-origin
last-modified
Tue, 10 Jan 2023 01:26:22 GMT
server
AmazonS3
etag
"d1fb0e247f1d67eb6cea8ade3e0c59d4"
x-frame-options
SAMEORIGIN
content-type
application/json
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
--hlxqufyGVhhyxZQ885Lcy0srjOo5CNN6Rrw4BtO9QefRv4FfnVeQ==
step2.html
uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/3p-cookies/ Frame AD29 		442 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/3p-cookies/step2.html
Requested by
Host: uat-auth.zenki.fi
URL: https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/3p-cookies/step1.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.52.234 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-52-234.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
7c83d54a3f5b8ebcffc9bb1fbd20a4ca4da6d7eee5987dd621a81dd016f0d557
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-cache, must-revalidate, no-transform, no-store
content-length
442
content-security-policy
frame-src 'self'; object-src 'none';
content-type
text/html;charset=utf-8
date
Tue, 10 Jan 2023 15:05:19 GMT
p3p
CP="This is not a P3P policy!"
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-robots-tag
none
x-xss-protection
1; mode=block
silent-check-sso.html
portal-uat.zenki.fi/assets/ Frame 0FBF
Redirect Chain
  • https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/auth?client_id=merchant&redirect_uri=https%3A%2F%2Fportal-uat.zenki.fi%2Fassets%2Fsilent-check-sso.html&state=b489a262-c0c8-4a4a-bf...
  • https://portal-uat.zenki.fi/assets/silent-check-sso.html
105 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal-uat.zenki.fi/assets/silent-check-sso.html
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/vendor.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c0ef90407cc9b7d47843fd82be3e4df23740d9e97e97be72b157259e3ea53c23
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ranges
bytes
content-length
105
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
content-type
text/html
date
Tue, 10 Jan 2023 15:05:21 GMT
etag
"8ae399b0acc9797af3968e6cd0756352"
last-modified
Tue, 10 Jan 2023 01:26:20 GMT
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-id
A9onFpC17Lr8AF0QQHBIYeW0gbWfJmVCz_N2zHZZc583391BavQx8Q==
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

cache-control
no-store, must-revalidate, max-age=0
content-length
0
date
Tue, 10 Jan 2023 15:05:19 GMT
location
https://portal-uat.zenki.fi/assets/silent-check-sso.html#error=login_required&state=b489a262-c0c8-4a4a-bf8b-6b7d8ac9ba48
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-xss-protection
1; mode=block
common.js
maps.googleapis.com/maps-api-v3/api/js/51/4/intl/fi_ALL/ 		271 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/51/4/intl/fi_ALL/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBgjNW0WA93qphgZW-joXVR6VC3IiYFjfo
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8a5834d574bdfb45dc0986bf70be3bfdbd62a7224137a797d479ad3c9829df0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 07 Jan 2023 04:34:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
297041
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
77249
x-xss-protection
0
last-modified
Tue, 03 Jan 2023 19:44:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 07 Jan 2024 04:34:39 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/51/4/intl/fi_ALL/ 		158 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/51/4/intl/fi_ALL/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBgjNW0WA93qphgZW-joXVR6VC3IiYFjfo
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e1e82c2bd428f0cae47fcb6c3e7b0ec288e70c68feacfb6a52da74bd6f2ea8d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 07:01:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
29019
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59552
x-xss-protection
0
last-modified
Tue, 03 Jan 2023 19:44:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 10 Jan 2024 07:01:41 GMT
us.svg
portal-uat.zenki.fi/ 		0
0
JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
fonts.gstatic.com/s/montserrat/v25/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;1,400;1,500;1,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://portal-uat.zenki.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 05 Jan 2023 01:27:11 GMT
x-content-type-options
nosniff
age
481089
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31760
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:54:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 05 Jan 2024 01:27:11 GMT
feather.woff
portal-uat.zenki.fi/ 		0
0
logout
uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/ 		0
0
Primary Request auth
uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/ 		7 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/auth?client_id=merchant&redirect_uri=https%3A%2F%2Fportal-uat.zenki.fi%2F%23%2Fresolver&state=76ce46d4-b53f-4143-9f93-1496dcc0c189&response_mode=fragment&response_type=code&scope=openid&nonce=8cbdf251-2b87-4edd-8b8a-63741b67761f
Requested by
Host: portal-uat.zenki.fi
URL: https://portal-uat.zenki.fi/vendor.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.52.234 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-52-234.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
916cc99c123184d86e763ea3f961179e93f8543887a2c4773d6f6e98fdebbb94
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-store, must-revalidate, max-age=0
content-language
en
content-length
7316
content-security-policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type
text/html;charset=utf-8
date
Tue, 10 Jan 2023 15:05:20 GMT
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
none
x-xss-protection
1; mode=block
en_US.json
portal-uat.zenki.fi/assets/i18n/ 		0
0
logo.png
portal-uat.zenki.fi/assets/images/logo/ 		94 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal-uat.zenki.fi/assets/images/logo/logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-54.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://portal-uat.zenki.fi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:16 GMT
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
age
5
x-cache
Hit from cloudfront
content-length
96625
referrer-policy
same-origin
last-modified
Tue, 10 Jan 2023 01:26:20 GMT
server
AmazonS3
etag
"b6d4aaef78db322d89faa399ab003c1f"
x-frame-options
SAMEORIGIN
content-type
image/png
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=*, display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock =(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
aWX4iUTcD8jv6bDY4sEiQJ3o5MEwvb1ezwIzeuRKo9_II8tGV6XgDA==
logo.svg
portal-uat.zenki.fi/assets/images/logo/ 		0
0
script.js
app.productfruits.com/static/ 		0
0
feather.ttf
portal-uat.zenki.fi/ 		0
0
login.css
uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/ 		7 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/login.css
Requested by
Host: uat-auth.zenki.fi
URL: https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/auth?client_id=merchant&redirect_uri=https%3A%2F%2Fportal-uat.zenki.fi%2F%23%2Fresolver&state=76ce46d4-b53f-4143-9f93-1496dcc0c189&response_mode=fragment&response_type=code&scope=openid&nonce=8cbdf251-2b87-4edd-8b8a-63741b67761f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.52.234 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-52-234.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
abd848d70356589968d0bdb2dd29a8d3104ac270427fc03b3657786198c2367a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
3611
x-xss-protection
1; mode=block
logo.svg
uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/img/ 		13 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/img/logo.svg
Requested by
Host: uat-auth.zenki.fi
URL: https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/auth?client_id=merchant&redirect_uri=https%3A%2F%2Fportal-uat.zenki.fi%2F%23%2Fresolver&state=76ce46d4-b53f-4143-9f93-1496dcc0c189&response_mode=fragment&response_type=code&scope=openid&nonce=8cbdf251-2b87-4edd-8b8a-63741b67761f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.52.234 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-52-234.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
7602e9d09cfbd76335422dd0ccdf800a26adf78fd23ed7270fb4f8ad4705ad5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
image/svg+xml
cache-control
max-age=2592000
content-length
4953
x-xss-protection
1; mode=block
font-family.css
uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/ 		12 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/font-family.css
Requested by
Host: uat-auth.zenki.fi
URL: https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/login.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.52.234 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-52-234.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
a08e9bcd740b0f72932e3e50c21931aa8286cb62555e989853919e86a7bcb326
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
803
x-xss-protection
1; mode=block
base.css
uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/ 		785 KB
188 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/base.css
Requested by
Host: uat-auth.zenki.fi
URL: https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/login.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.52.234 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-52-234.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
fd891e6cff2034625f0a87af4b27423f215fe4f384b6753f97ebb3d044c24c93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
x-xss-protection
1; mode=block
flex-layout.css
uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/ 		524 B
800 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/flex-layout.css
Requested by
Host: uat-auth.zenki.fi
URL: https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/login.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.52.234 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-52-234.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
dc7dfe3b63c00625e2c08ff2710fb4803650595e1fb5fa34453e7ef23c47a18e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
239
x-xss-protection
1; mode=block
layout.css
uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/layout.css
Requested by
Host: uat-auth.zenki.fi
URL: https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/login.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.52.234 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-52-234.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
d9286f4e446c6d7cab3194aacc1d1e5f75465943bda6acf1ddf141347700b8bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:05:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
1650
x-xss-protection
1; mode=block
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5df6dcf4e6b45247686bd1ae3afbce7af2327e0810394aa72d1ed485016ccbf9

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		241 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7dc4560bad960919b933b8e7ed6a5a34bf2d0176e3f6d9fb6bc5dad7235ed50

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2145c0f0fe101af3f84552cf06c59a3ac00d0c1855161f4d18f3279bf92ce26e

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
JTURjIg1_i6t8kCHKm45_ZpC3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v15/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_ZpC3gnD_vx3rCs.woff2
Requested by
Host: uat-auth.zenki.fi
URL: https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/font-family.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cedb226bd7759d04b58baa1a609e1aeecc1aa5c6c3280c4db153019f426f3de0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://uat-auth.zenki.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 09:56:57 GMT
x-content-type-options
nosniff
age
536905
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13640
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:11:07 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 04 Jan 2024 09:56:57 GMT
JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v15/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
Requested by
Host: uat-auth.zenki.fi
URL: https://uat-auth.zenki.fi/auth/resources/f6n37/login/zenki-uat/css/font-family.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://uat-auth.zenki.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:02:39 GMT
x-content-type-options
nosniff
age
568963
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13708
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:12:14 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 04 Jan 2024 01:02:39 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
portal-uat.zenki.fi
URL
https://portal-uat.zenki.fi/us.svg
Domain
portal-uat.zenki.fi
URL
https://portal-uat.zenki.fi/feather.woff?t=1525787366991
Domain
uat-auth.zenki.fi
URL
https://uat-auth.zenki.fi/auth/realms/pbw/protocol/openid-connect/logout?client_id=merchant&post_logout_redirect_uri=https%3A%2F%2Fportal-uat.zenki.fi%2F
Domain
portal-uat.zenki.fi
URL
https://portal-uat.zenki.fi/assets/i18n/en_US.json
Domain
portal-uat.zenki.fi
URL
https://portal-uat.zenki.fi/assets/images/logo/logo.svg
Domain
app.productfruits.com
URL
https://app.productfruits.com/static/script.js
Domain
portal-uat.zenki.fi
URL
https://portal-uat.zenki.fi/feather.ttf?t=1525787366991

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

5 Cookies

Domain/Path Name / Value
uat-auth.zenki.fi/auth/realms/pbw/ Name: AUTH_SESSION_ID
Value: 19d469be-1197-4887-aa6c-a90c5301fcca.fce79eeda6c4-64511
uat-auth.zenki.fi/auth/realms/pbw/ Name: AUTH_SESSION_ID_LEGACY
Value: 19d469be-1197-4887-aa6c-a90c5301fcca.fce79eeda6c4-64511
uat-auth.zenki.fi/auth/realms/pbw/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0OTJjOGMxYy0yYzE3LTQyMjctODBjZS05MzdlOTY4YjI3NWIifQ.eyJjaWQiOiJtZXJjaGFudCIsInB0eSI6Im9wZW5pZC1jb25uZWN0IiwicnVyaSI6Imh0dHBzOi8vcG9ydGFsLXVhdC56ZW5raS5maS8jL3Jlc29sdmVyIiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsic2NvcGUiOiJvcGVuaWQiLCJpc3MiOiJodHRwczovL3VhdC1hdXRoLnplbmtpLmZpL2F1dGgvcmVhbG1zL3BidyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9wb3J0YWwtdWF0LnplbmtpLmZpLyMvcmVzb2x2ZXIiLCJzdGF0ZSI6Ijc2Y2U0NmQ0LWI1M2YtNDE0My05ZjkzLTE0OTZkY2MwYzE4OSIsIm5vbmNlIjoiOGNiZGYyNTEtMmI4Ny00ZWRkLThiOGEtNjM3NDFiNjc3NjFmIiwicmVzcG9uc2VfbW9kZSI6ImZyYWdtZW50In19.iuNOyrMd-A-OqTAvF_YKkmE4b1UGW0UhMvPyqdl62zY
uat-auth.zenki.fi/ Name: AWSALB
Value: lIndKi8PkHz1/VDQzCUtEbwSrnkLLT5/opZO/42b3cdBoON3pOWMt+021Y/Lm1yim5g+EjS9hLHrHFK1FPV/6ibCh6b/k7sAi4Mn2XsC879sPfAnU7EH4jSAm211
uat-auth.zenki.fi/ Name: AWSALBCORS
Value: lIndKi8PkHz1/VDQzCUtEbwSrnkLLT5/opZO/42b3cdBoON3pOWMt+021Y/Lm1yim5g+EjS9hLHrHFK1FPV/6ibCh6b/k7sAi4Mn2XsC879sPfAnU7EH4jSAm211

2 Console Messages

Source Level URL
Text
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.productfruits.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
maps.googleapis.com
portal-uat.zenki.fi
uat-auth.zenki.fi
app.productfruits.com
portal-uat.zenki.fi
uat-auth.zenki.fi
13.224.189.125
13.224.189.54
2606:4700::6811:190e
2a00:1450:4001:80b::2003
2a00:1450:4001:80f::200a
2a00:1450:400d:80c::200a
44.239.52.234
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
0e6169bf4bd8a48051a55b625385f96bcb7ca7705f0c16f5b8279adea257b5cc
1fcd19e66b375a32e97cfa5ebb67495cfb287fd45f650b520f44dc6d81e429a1
2145c0f0fe101af3f84552cf06c59a3ac00d0c1855161f4d18f3279bf92ce26e
232426c713248c84706182114d83492f3bb35e40950d456439678d3400522bbe
3dab5068d4710ff18c167264ab4c616a236585e6f4130ae891869419691d1297
4b4daab15d27cd4c1bfc8c7faf26390dc5560242775b0d1f6d16339a4517c139
56f69948ba68b96c8a703692995bfdeec3addbf13293f1daf7cb324dc4a569cf
5df6dcf4e6b45247686bd1ae3afbce7af2327e0810394aa72d1ed485016ccbf9
657acdc289d80da34d5d971b477531879c0af735ef9a87aac75086d55f34b65d
669a31a113b7353d324d3b19ad3181cd33116c691b1aeb130823848bd7b52dd1
7602e9d09cfbd76335422dd0ccdf800a26adf78fd23ed7270fb4f8ad4705ad5f
7c83d54a3f5b8ebcffc9bb1fbd20a4ca4da6d7eee5987dd621a81dd016f0d557
8a446896ed6dd5086841d19eefeb98551a65a848e961ac248050254d66e758fb
8bb0481e52105c23f5b60e49708831753ad42fa5c7b9282711ef54ceaa46c684
916cc99c123184d86e763ea3f961179e93f8543887a2c4773d6f6e98fdebbb94
a08e9bcd740b0f72932e3e50c21931aa8286cb62555e989853919e86a7bcb326
a7dc4560bad960919b933b8e7ed6a5a34bf2d0176e3f6d9fb6bc5dad7235ed50
aafc0ea7d14c6b710c192417e3a063e473a754d167af6c7d7d392926e02a683b
abd848d70356589968d0bdb2dd29a8d3104ac270427fc03b3657786198c2367a
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
bd09afe1e7889fcf816db1b58aecf5108cd570a0e21b5113ca921b5189e362b9
c0ef90407cc9b7d47843fd82be3e4df23740d9e97e97be72b157259e3ea53c23
c8a5834d574bdfb45dc0986bf70be3bfdbd62a7224137a797d479ad3c9829df0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cedb226bd7759d04b58baa1a609e1aeecc1aa5c6c3280c4db153019f426f3de0
d412e37ad91838a27d9db29a2c39f6baf75e1ca71f41566d61b114c0aa8b7886
d9286f4e446c6d7cab3194aacc1d1e5f75465943bda6acf1ddf141347700b8bf
dc7dfe3b63c00625e2c08ff2710fb4803650595e1fb5fa34453e7ef23c47a18e
e1e82c2bd428f0cae47fcb6c3e7b0ec288e70c68feacfb6a52da74bd6f2ea8d2
fd891e6cff2034625f0a87af4b27423f215fe4f384b6753f97ebb3d044c24c93