urlscan.io logo urlscan.io
SecurityTrails logo

risk.wazoku.com Open in urlscan Pro
51.141.34.112  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://risk.wazoku.com/#/idea/ac5eeb7d46be445e9bf27af155dba68c
Effective URL: https://risk.wazoku.com/
Submission: On May 28 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 15 HTTP transactions. The main IP is 51.141.34.112, located in Cardiff, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is risk.wazoku.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on June 6th 2017. Valid for: 3 years.
This is the only time risk.wazoku.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 51.141.34.112 8075 (MICROSOFT...)
3 2a00:1450:400... 15169 (GOOGLE)
1 1 104.18.70.113 13335 (CLOUDFLAR...)
1 104.18.71.113 13335 (CLOUDFLAR...)
1 2600:9000:200... 16509 (AMAZON-02)
15 5
9    51.141.34.112 (Cardiff, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
risk.wazoku.com
3    2a00:1450:4001:81a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
1    104.18.70.113 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
assets.zendesk.com
1    104.18.71.113 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
static.zdassets.com
1    2600:9000:200c:1200:14:e8dc:9940:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
ekr.zdassets.com
Domain Requested by
9 risk.wazoku.com risk.wazoku.com
3 ajax.googleapis.com risk.wazoku.com
1 ekr.zdassets.com static.zdassets.com
1 static.zdassets.com
1 assets.zendesk.com 1 redirects
0 adfederationservices.it.global.hsbc Failed risk.wazoku.com
15 6

This site contains no links.

Subject Issuer Validity Valid
*.wazoku.com
COMODO RSA Domain Validation Secure Server CA		 2017-06-06 -
2020-06-09		 3 years crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-05-07 -
2019-07-30		 3 months crt.sh
*.zdassets.com
COMODO RSA Domain Validation Secure Server CA		 2017-09-14 -
2020-09-13		 3 years crt.sh

This page contains 2 frames:

Frame: https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJbT8IwFP4rS9%2FZTTTYsCUIMZIgIsxLeDFlO4yGrsWeVsBfbzdUoon41p7z3fqlXYkh7VmzklN4tYDG21VCInXjhFgtqWLI3ZVVgNTkdNa7HdHYD%2BlGK6NyJcg3ITpNYIigDVeSeL2vY19JtBXoGeg3nsPDdJSQlTEbpEGgOa79LXtXa%2BvnqgqQVeJFiUCokjuNgcvKJatVjhxWLKEA3UzxoIk%2BN34p1IIJf4WLvMZgIDAg3nCQEF607i9s%2Bbwbj6zYPuX77XztNogWhhINkyYhcRhdtsLzVtzJojaNz2i7Myfe5LOAKy4LLsvTj18cQEhvsmzSmtzNMuI9gsYmvQOQtOsKpI2v9q6Vrpg5rVhPXPhlA6UgDTd7kv5VXjc4ytdWIR07%2FnAwUYLne68nhNr2NTADCTHaAvk3Q%2BRHvzJYiRvI%2BZJDQbwgrS1%2Ffq30Aw%3D%3D
Frame ID: 817DA2CB80685583826BCAE79FE4D474
Requests: 13 HTTP requests in this frame

Frame: https://static.zdassets.com/ekr/asset_composer.js
Frame ID: 6DB87CE2BB5E36053FDFB26820CC9980
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

15
Requests

93 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

1592 kB
Transfer

9219 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://assets.zendesk.com/embeddable_framework/main.js HTTP 301
  • https://static.zdassets.com/ekr/asset_composer.js
Request Chain 13
  • https://risk.wazoku.com/api/v1/authorisation/login?integration_type=saml&id=2&redirect_to=%23%2Fidea%2Fac5eeb7d46be445e9bf27af155dba68c HTTP 302
  • https://risk.wazoku.com/saml_ol/login?redirect_to=%2F%23%2Fidea%2Fac5eeb7d46be445e9bf27af155dba68c&id=2 HTTP 302
  • https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJbT8IwFP4rS9%2FZTTTYsCUIMZIgIsxLeDFlO4yGrsWeVsBfbzdUoon41p7z3fqlXYkh7VmzklN4tYDG21VCInXjhFgtqWLI3ZVVgNTkdNa7HdHYD%2BlGK6NyJcg3ITpNYIigDVeSeL2vY19JtBXoGeg3nsPDdJSQlTEbpEGgOa79LXtXa%2BvnqgqQVeJFiUCokjuNgcvKJatVjhxWLKEA3UzxoIk%2BN34p1IIJf4WLvMZgIDAg3nCQEF607i9s%2Bbwbj6zYPuX77XztNogWhhINkyYhcRhdtsLzVtzJojaNz2i7Myfe5LOAKy4LLsvTj18cQEhvsmzSmtzNMuI9gsYmvQOQtOsKpI2v9q6Vrpg5rVhPXPhlA6UgDTd7kv5VXjc4ytdWIR07%2FnAwUYLne68nhNr2NTADCTHaAvk3Q%2BRHvzJYiRvI%2BZJDQbwgrS1%2Ffq30Aw%3D%3D

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
risk.wazoku.com/ 		62 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
7013a1f3f4e6d86af35bebdede1e7d70ce113356b6299437f84332167f9990c5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
risk.wazoku.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:23:46 GMT
Content-Type
text/html; charset=utf-8
Content-Length
12720
Connection
keep-alive
P3P
CP="NOI ADM DEV COM NAV OUR STP"
Vary
Cookie, Accept-Encoding
X-App-CSRF
TYbhEOgtdEmT8m052v9PfioLHtlyA6ufmPVPS5fTdlWNIQStRVR66nkes98J9mBC
Content-Encoding
gzip
Set-Cookie
csrftoken=TYbhEOgtdEmT8m052v9PfioLHtlyA6ufmPVPS5fTdlWNIQStRVR66nkes98J9mBC; expires=Tue, 26-May-2020 14:23:46 GMT; HttpOnly; Max-Age=31449600; Path=/; Secure
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Control
private, max-age=0, no-cache, no-store
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
main.min.css
risk.wazoku.com/static/build/clients/base/ 		1 MB
150 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/clients/base/main.min.css?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
4e027742263c9daa5748ff72ad489bd89e683c5b622413f3eed79ddd757d7df1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:23:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 May 2019 16:02:13 GMT
ETag
W/"5ce81585-141095"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
text/css
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.0/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

date
Mon, 15 Apr 2019 19:01:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3698526
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
30768
x-xss-protection
0
last-modified
Mon, 15 Apr 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Apr 2020 19:01:41 GMT
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/ 		248 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

date
Sat, 09 Mar 2019 20:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6888311
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
67948
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 08 Mar 2020 20:58:36 GMT
angular.min.js
ajax.googleapis.com/ajax/libs/angularjs/1.7.3/ 		288 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/angularjs/1.7.3/angular.min.js
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
4e6229ccf9349a51709641a6a52181c3d37952ddfa75d091daa6560fbf41c929
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

date
Tue, 07 May 2019 16:47:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1805803
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
73203
x-xss-protection
0
last-modified
Fri, 21 Sep 2018 18:41:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 May 2020 16:47:04 GMT
vendor.min.js
risk.wazoku.com/static/build/v2/ 		3 MB
532 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/v2/vendor.min.js?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
05473a6431cf509eb7016abfff4c008a2242376dde9c1457d490660b8261c41d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:23:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 May 2019 15:59:21 GMT
ETag
W/"5ce814d9-2947a0"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/javascript
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
hsbcabout.js
risk.wazoku.com/static/new/locale/ 		574 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/new/locale/hsbcabout.js?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
68fdef4e38500b88f9031b80a53dd97aa581b423d927917e052042cb6aeaaf1a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:23:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 May 2019 15:57:34 GMT
ETag
W/"5ce8146e-8f706"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/javascript
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
scripts.min.js
risk.wazoku.com/static/build/v2/ 		4 MB
628 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/v2/scripts.min.js?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
fb71f44e318cf699277b8f0ab9e4111036ff1c1da264a2771d9d53776e37fb7c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:23:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 May 2019 16:00:56 GMT
ETag
W/"5ce81538-3e63eb"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/javascript
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
ajax-loader.gif
risk.wazoku.com/static/img/icons/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://risk.wazoku.com/static/img/icons/ajax-loader.gif?v=e0b4f25f2e29fd59f22d1bbb466580f4
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
b732d60567a14ab30d56b947ba7f394435eb186ba923214c7a92c4aa1648aa9e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 28 May 2019 14:23:47 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
2506
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 02 Apr 2019 09:51:51 GMT
X-Frame-Options
DENY
ETag
"5ca330b7-9ca"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
image/gif
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Accept-Ranges
bytes
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
open-sans-v13-latin-regular.woff2
risk.wazoku.com/static/build/fonts/ 		15 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/fonts/open-sans-v13-latin-regular.woff2
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/static/build/clients/base/main.min.css?v=e0b4f25f2e29fd59f22d1bbb466580f4
Origin
https://risk.wazoku.com

Response headers

Date
Tue, 28 May 2019 14:23:47 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
15572
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 02 Apr 2019 09:51:51 GMT
X-Frame-Options
DENY
ETag
"5ca330b7-3cd4"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/octet-stream
Access-Control-Allow-Origin
https://risk.wazoku.com
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Accept-Ranges
bytes
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
asset_composer.js
static.zdassets.com/ekr/ Frame 6DB8
Redirect Chain
  • https://assets.zendesk.com/embeddable_framework/main.js
  • https://static.zdassets.com/ekr/asset_composer.js
24 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/asset_composer.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.71.113 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbe42375f89b1b60e63cab69f39cf643e51318e004b58af528a3f44c4cafd711
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 28 May 2019 14:23:48 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
A383ACC1B221A667
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=0
content-type
application/javascript
x-amz-id-2
P8ZNVlTXmrknrt7aPIWPCMmMqUze3AdABK62gMjMbDKXqX4XdhlZp48S6ljmSfjhLMNfLCtsHTI=
last-modified
Thu, 09 May 2019 06:26:10 GMT
server
cloudflare
etag
W/"900f9b4dedbc0f34b05b14425f37386b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
2Kdt9_2NDyrC16g7mZ8PRxgDRyOPYaJR
cache-control
public, max-age=3600, s-maxage=60
cf-ray
4de0e375ca38357c-LHR

Redirect headers

date
Tue, 28 May 2019 14:23:48 GMT
server
cloudflare
location
https://static.zdassets.com/ekr/asset_composer.js
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
status
301
cache-control
max-age=3600
strict-transport-security
max-age=0
cf-ray
4de0e375990e3480-LHR
expires
Tue, 28 May 2019 15:23:48 GMT
ac5eeb7d46be445e9bf27af155dba68c
risk.wazoku.com/api/v1/idea/ 		188 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/api/v1/idea/ac5eeb7d46be445e9bf27af155dba68c
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/static/build/v2/vendor.min.js?v=e0b4f25f2e29fd59f22d1bbb466580f4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Referer
https://risk.wazoku.com/
If-Modified-Since
Mon, 26 Jul 1997 05:00:00 GMT
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-CSRFToken
stCtn0de74CU9PVk5Q01vqM7spqOKFQHVkm1BhcE7LcOJjNIUgIimvIAd5dZjVX4

Response headers

Date
Tue, 28 May 2019 14:23:48 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-App-CSRF
QwHutP68ZYZzNz22RLM7bMvG5TDNpG1eUalFExmmj0YDui7dCPpZQo1w98MdBdys
Transfer-Encoding
chunked
P3P
CP="NOI ADM DEV COM NAV OUR STP"
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Allow
GET, PUT, PATCH, DELETE, HEAD, OPTIONS
X-Frame-Options
DENY
Vary
Accept-Encoding, Accept-Encoding, Cookie
Strict-Transport-Security
max-age=31536000; includeSubdomains
Content-Type
application/json
Cache-Control
private, max-age=0, no-cache, no-store
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
form
risk.wazoku.com/api/v1/idea/ac5eeb7d46be445e9bf27af155dba68c/ 		63 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/api/v1/idea/ac5eeb7d46be445e9bf27af155dba68c/form
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/static/build/v2/vendor.min.js?v=e0b4f25f2e29fd59f22d1bbb466580f4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Referer
https://risk.wazoku.com/
If-Modified-Since
Mon, 26 Jul 1997 05:00:00 GMT
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-CSRFToken
stCtn0de74CU9PVk5Q01vqM7spqOKFQHVkm1BhcE7LcOJjNIUgIimvIAd5dZjVX4

Response headers

Date
Tue, 28 May 2019 14:23:48 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-App-CSRF
8hPFV3kji1hMGCgZ1NULMGg57M0XX11C7Brgig10geEGMkINCdyULFIC7qVRirKk
Transfer-Encoding
chunked
P3P
CP="NOI ADM DEV COM NAV OUR STP"
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Allow
GET, HEAD, OPTIONS
X-Frame-Options
DENY
Vary
Accept-Encoding, Accept-Encoding, Cookie
Strict-Transport-Security
max-age=31536000; includeSubdomains
Content-Type
application/json
Cache-Control
private, max-age=0, no-cache, no-store
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
wazoku.zendesk.com
ekr.zdassets.com/compose/web_widget/ Frame 6DB8 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/web_widget/wazoku.zendesk.com
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/asset_composer.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:200c:1200:14:e8dc:9940:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers
/
adfederationservices.it.global.hsbc/adfs/ls/
Redirect Chain
  • https://risk.wazoku.com/api/v1/authorisation/login?integration_type=saml&id=2&redirect_to=%23%2Fidea%2Fac5eeb7d46be445e9bf27af155dba68c
  • https://risk.wazoku.com/saml_ol/login?redirect_to=%2F%23%2Fidea%2Fac5eeb7d46be445e9bf27af155dba68c&id=2
  • https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJbT8IwFP4rS9%2FZTTTYsCUIMZIgIsxLeDFlO4yGrsWeVsBfbzdUoon41p7z3fqlXYkh7VmzklN4tYDG21VCInXjhFgtqWLI3ZVVgNTkdNa7HdHYD%2BlGK6NyJcg3ITpN...
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
adfederationservices.it.global.hsbc
URL
https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJbT8IwFP4rS9%2FZTTTYsCUIMZIgIsxLeDFlO4yGrsWeVsBfbzdUoon41p7z3fqlXYkh7VmzklN4tYDG21VCInXjhFgtqWLI3ZVVgNTkdNa7HdHYD%2BlGK6NyJcg3ITpNYIigDVeSeL2vY19JtBXoGeg3nsPDdJSQlTEbpEGgOa79LXtXa%2BvnqgqQVeJFiUCokjuNgcvKJatVjhxWLKEA3UzxoIk%2BN34p1IIJf4WLvMZgIDAg3nCQEF607i9s%2Bbwbj6zYPuX77XztNogWhhINkyYhcRhdtsLzVtzJojaNz2i7Myfe5LOAKy4LLsvTj18cQEhvsmzSmtzNMuI9gsYmvQOQtOsKpI2v9q6Vrpg5rVhPXPhlA6UgDTd7kv5VXjc4ytdWIR07%2FnAwUYLne68nhNr2NTADCTHaAvk3Q%2BRHvzJYiRvI%2BZJDQbwgrS1%2Ffq30Aw%3D%3D

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
console-api error URL: https://static.zdassets.com/ekr/asset_composer.js(Line 1)
Message:
Error: compose request failed

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block