urlscan.io logo urlscan.io
SecurityTrails logo

risk.wazoku.com Open in urlscan Pro
51.141.34.112  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://risk.wazoku.com/
Effective URL: https://risk.wazoku.com/
Submission: On June 23 via manual from SA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 15 HTTP transactions. The main IP is 51.141.34.112, located in Cardiff, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is risk.wazoku.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on June 6th 2017. Valid for: 3 years.
This is the only time risk.wazoku.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 51.141.34.112 8075 (MICROSOFT...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2 104.18.70.113 13335 (CLOUDFLAR...)
15 4
Domain Requested by
9 risk.wazoku.com 1 redirects risk.wazoku.com
ajax.googleapis.com
3 ajax.googleapis.com risk.wazoku.com
1 static.zdassets.com
1 assets.zendesk.com 1 redirects
0 ekr.zdassets.com Failed static.zdassets.com
0 adfederationservices.it.global.hsbc Failed risk.wazoku.com
15 6

This site contains no links.

Subject Issuer Validity Valid
*.wazoku.com
COMODO RSA Domain Validation Secure Server CA		 2017-06-06 -
2020-06-09		 3 years crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-06-11 -
2019-09-03		 3 months crt.sh
*.zdassets.com
Sectigo RSA Domain Validation Secure Server CA		 2019-06-01 -
2021-05-31		 2 years crt.sh

This page contains 2 frames:

Frame: https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJba8IwFP4rJe%2B9KoLBFjplTFBXZh24lxHbUw2mictJ59yvX1q3yQZzb8k53y0fGUkMaNqYnXyAlwbQOG%2B1kEjtOCaNllQx5PbKakBqCrpM5zMaeQE9aGVUoQT5JoTXCQwRtOFKEif9Oo6VxKYGvQT9ygtYPcxisjPmgNT3Nce9d2Tvat94hap9ZLV4VsIXasutxsRm5ZK1KhcOKysoQXdTPGuix423FWrDhLfDTdFi0BfoE2c6iQkv3dWQDU4LLeYYrderiqV2g9jAVKJh0sQkCsKhGwzcqJeHPRoMab%2F%2FRJzss4AbLksut9cfvzmDkN7leeZm98ucOI%2BgsUtvASQZ2QJp56udW6VrZq4rthMbvuqgFKTh5kSSv8ob%2BRf51iqgC8ufTjIleHFyUiHUcayBGYiJ0Q2QfzOEXvgrQyPxAAWvOJTE8ZPW8ufXSj4A
Frame ID: 88045483317CB8BDDB2FF3667E2B4A1D
Requests: 12 HTTP requests in this frame

Frame: https://static.zdassets.com/ekr/asset_composer.js
Frame ID: 36245F3BD748E39B64D7E7A325DBE764
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://risk.wazoku.com/ HTTP 301
    https://risk.wazoku.com/ Page URL

Page Statistics

15
Requests

80 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

4
IPs

3
Countries

1600 kB
Transfer

9279 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://risk.wazoku.com/ HTTP 301
    https://risk.wazoku.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://assets.zendesk.com/embeddable_framework/main.js HTTP 301
  • https://static.zdassets.com/ekr/asset_composer.js
Request Chain 11
  • https://risk.wazoku.com/api/v1/authorisation/login?integration_type=saml&id=2&redirect_to=%2F%23%2Fhome-page HTTP 302
  • https://risk.wazoku.com/saml_ol/login?redirect_to=%2F%23%2Fhome-page&id=2 HTTP 302
  • https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJba8IwFP4rJe%2B9KoLBFjplTFBXZh24lxHbUw2mictJ59yvX1q3yQZzb8k53y0fGUkMaNqYnXyAlwbQOG%2B1kEjtOCaNllQx5PbKakBqCrpM5zMaeQE9aGVUoQT5JoTXCQwRtOFKEif9Oo6VxKYGvQT9ygtYPcxisjPmgNT3Nce9d2Tvat94hap9ZLV4VsIXasutxsRm5ZK1KhcOKysoQXdTPGuix423FWrDhLfDTdFi0BfoE2c6iQkv3dWQDU4LLeYYrderiqV2g9jAVKJh0sQkCsKhGwzcqJeHPRoMab%2F%2FRJzss4AbLksut9cfvzmDkN7leeZm98ucOI%2BgsUtvASQZ2QJp56udW6VrZq4rthMbvuqgFKTh5kSSv8ob%2BRf51iqgC8ufTjIleHFyUiHUcayBGYiJ0Q2QfzOEXvgrQyPxAAWvOJTE8ZPW8ufXSj4A

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
risk.wazoku.com/
Redirect Chain
  • http://risk.wazoku.com/
  • https://risk.wazoku.com/
62 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
38c679d35c0197fb2944f09f7ab91a33e42603fe653e7de027077e8521a68a78
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
risk.wazoku.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Jun 2019 13:09:43 GMT
Content-Type
text/html; charset=utf-8
Content-Length
12712
Connection
keep-alive
P3P
CP="NOI ADM DEV COM NAV OUR STP"
Vary
Cookie, Accept-Encoding
X-App-CSRF
cxSqe8mTYRqBGOfuUOdskyEmf50r5nicwFrHOKTCGgVNNixUFDJF9OB6CZgHFM8u
Content-Encoding
gzip
Set-Cookie
csrftoken=cxSqe8mTYRqBGOfuUOdskyEmf50r5nicwFrHOKTCGgVNNixUFDJF9OB6CZgHFM8u; expires=Sun, 21-Jun-2020 13:09:43 GMT; HttpOnly; Max-Age=31449600; Path=/; Secure
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Control
private, max-age=0, no-cache, no-store
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with

Redirect headers

Date
Sun, 23 Jun 2019 13:09:27 GMT
Content-Type
text/html
Content-Length
178
Connection
keep-alive
Location
https://risk.wazoku.com/
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Control
private, max-age=0, no-cache, no-store
main.min.css
risk.wazoku.com/static/build/clients/base/ 		1 MB
150 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/clients/base/main.min.css?v=4ab6d5625b1487d0114d859101c1fe31
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
032695ebf22c155d035285ddbf344728df0312182ebb5f5af4770dc588be809a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Jun 2019 13:09:43 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 21 Jun 2019 16:35:53 GMT
ETag
W/"5d0d0769-14172b"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
text/css
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.0/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

date
Fri, 31 May 2019 20:24:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1961101
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
30768
x-xss-protection
0
last-modified
Mon, 15 Apr 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 May 2020 20:24:42 GMT
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/ 		248 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

date
Wed, 19 Jun 2019 18:56:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
324800
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
67948
x-xss-protection
0
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 18 Jun 2020 18:56:23 GMT
angular.min.js
ajax.googleapis.com/ajax/libs/angularjs/1.7.3/ 		288 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/angularjs/1.7.3/angular.min.js
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
4e6229ccf9349a51709641a6a52181c3d37952ddfa75d091daa6560fbf41c929
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://risk.wazoku.com/
Origin
https://risk.wazoku.com

Response headers

date
Fri, 31 May 2019 08:47:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2002959
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
73203
x-xss-protection
0
last-modified
Fri, 21 Sep 2018 18:41:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 May 2020 08:47:04 GMT
vendor.min.js
risk.wazoku.com/static/build/v2/ 		3 MB
532 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/v2/vendor.min.js?v=4ab6d5625b1487d0114d859101c1fe31
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Jun 2019 13:09:43 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 21 Jun 2019 16:32:50 GMT
ETag
W/"5d0d06b2-2947a0"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/javascript
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
hsbcabout.js
risk.wazoku.com/static/new/locale/ 		593 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/new/locale/hsbcabout.js?v=4ab6d5625b1487d0114d859101c1fe31
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
f2859d72723d35be4e901e7ea3436e8eeed0bef731a2621baaca3b25604556f6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Jun 2019 13:09:43 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 21 Jun 2019 16:29:36 GMT
ETag
W/"5d0d05f0-942ca"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/javascript
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
scripts.min.js
risk.wazoku.com/static/build/v2/ 		4 MB
635 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/v2/scripts.min.js?v=4ab6d5625b1487d0114d859101c1fe31
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
e59e049cafe0064e22fae4b32dfe832569282011dc07ff2f039bad8fe15eade8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Jun 2019 13:09:43 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 21 Jun 2019 16:34:40 GMT
ETag
W/"5d0d0720-3f0052"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/javascript
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
ajax-loader.gif
risk.wazoku.com/static/img/icons/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://risk.wazoku.com/static/img/icons/ajax-loader.gif?v=4ab6d5625b1487d0114d859101c1fe31
Requested by
Host: risk.wazoku.com
URL: https://risk.wazoku.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Jun 2019 13:09:43 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
2506
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 02 Apr 2019 09:51:51 GMT
X-Frame-Options
DENY
ETag
"5ca330b7-9ca"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
image/gif
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Accept-Ranges
bytes
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
asset_composer.js
static.zdassets.com/ekr/ Frame 3624
Redirect Chain
  • https://assets.zendesk.com/embeddable_framework/main.js
  • https://static.zdassets.com/ekr/asset_composer.js
23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/asset_composer.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 23 Jun 2019 13:09:44 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
BB83233B326CDE97
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=0
content-type
application/javascript
x-amz-id-2
wcxFPCxtAGf7qMCqtf0ADh7fYhFOr5lmTvLy9P/mvsLEBUvs7AjulDzpNUIv84TsnXXFCKoxPmI=
last-modified
Mon, 17 Jun 2019 01:03:11 GMT
server
cloudflare
etag
W/"7053c671eb998d6d5c5e498b052c8932"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
JE1OAa9FW5VVnd1YtUWpsjAtf9Z28WBa
cache-control
public, max-age=3600, s-maxage=60
cf-ray
4eb6b2b60aaad8fd-AMS

Redirect headers

date
Sun, 23 Jun 2019 13:09:43 GMT
server
cloudflare
location
https://static.zdassets.com/ekr/asset_composer.js
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
status
301
cache-control
max-age=3600
strict-transport-security
max-age=0
cf-ray
4eb6b2b56e6b9c03-AMS
expires
Sun, 23 Jun 2019 14:09:43 GMT
open-sans-v13-latin-regular.woff2
risk.wazoku.com/static/build/fonts/ 		15 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://risk.wazoku.com/static/build/fonts/open-sans-v13-latin-regular.woff2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://risk.wazoku.com/static/build/clients/base/main.min.css?v=4ab6d5625b1487d0114d859101c1fe31
Origin
https://risk.wazoku.com

Response headers

Date
Sun, 23 Jun 2019 13:09:43 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
15572
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 02 Apr 2019 09:51:51 GMT
X-Frame-Options
DENY
ETag
"5ca330b7-3cd4"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
application/octet-stream
Access-Control-Allow-Origin
https://risk.wazoku.com
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Accept-Ranges
bytes
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
ajax-loader.gif
risk.wazoku.com/static/img/icons/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://risk.wazoku.com/static/img/icons/ajax-loader.gif?v=4ab6d5625b1487d0114d859101c1fe31
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.141.34.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://risk.wazoku.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Jun 2019 13:09:43 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
2506
X-XSS-Protection
1; mode=block
Pragma
public
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 02 Apr 2019 09:51:51 GMT
X-Frame-Options
DENY
ETag
"5ca330b7-9ca"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Access-Control-Allow-Methods
GET, POST, PUT, OPTIONS, DELETE
Content-Type
image/gif
Cache-Control
max-age=2592000, public
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Accept-Ranges
bytes
Access-Control-Allow-Headers
Authorization,Cache-Control,Content-Type,If-Modified-Since,Origin,Pragma,x-csrftoken,x-requested-with
/
adfederationservices.it.global.hsbc/adfs/ls/
Redirect Chain
  • https://risk.wazoku.com/api/v1/authorisation/login?integration_type=saml&id=2&redirect_to=%2F%23%2Fhome-page
  • https://risk.wazoku.com/saml_ol/login?redirect_to=%2F%23%2Fhome-page&id=2
  • https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJba8IwFP4rJe%2B9KoLBFjplTFBXZh24lxHbUw2mictJ59yvX1q3yQZzb8k53y0fGUkMaNqYnXyAlwbQOG%2B1kEjtOCaNllQx5PbKakBqCrpM5zMaeQE9aGVUoQT5JoTX...
0
0
wazoku.zendesk.com
ekr.zdassets.com/compose/web_widget/ Frame 3624 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
adfederationservices.it.global.hsbc
URL
https://adfederationservices.it.global.hsbc/adfs/ls/?SAMLRequest=hVJba8IwFP4rJe%2B9KoLBFjplTFBXZh24lxHbUw2mictJ59yvX1q3yQZzb8k53y0fGUkMaNqYnXyAlwbQOG%2B1kEjtOCaNllQx5PbKakBqCrpM5zMaeQE9aGVUoQT5JoTXCQwRtOFKEif9Oo6VxKYGvQT9ygtYPcxisjPmgNT3Nce9d2Tvat94hap9ZLV4VsIXasutxsRm5ZK1KhcOKysoQXdTPGuix423FWrDhLfDTdFi0BfoE2c6iQkv3dWQDU4LLeYYrderiqV2g9jAVKJh0sQkCsKhGwzcqJeHPRoMab%2F%2FRJzss4AbLksut9cfvzmDkN7leeZm98ucOI%2BgsUtvASQZ2QJp56udW6VrZq4rthMbvuqgFKTh5kSSv8ob%2BRf51iqgC8ufTjIleHFyUiHUcayBGYiJ0Q2QfzOEXvgrQyPxAAWvOJTE8ZPW8ufXSj4A
Domain
ekr.zdassets.com
URL
https://ekr.zdassets.com/compose/web_widget/wazoku.zendesk.com

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.assets-yammer.com *.bootstrapcdn.com *.box.com *.dropbox.com *.elev.io *.google-analytics.com *.live.net *.microsoft.com *.newrelic.com *.nr-data.net *.zdassets.com *.zendesk.com ajax.aspnetcdn.com ajax.googleapis.com apis.google.com browserid.org connect.facebook.net login.microsoftonline.com maps.googleapis.com noembed.com oss.maxcdn.com wazoku-static.s3.amazonaws.com www.facebook.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.nr-data.net *.zdassets.com ajax.googleapis.com assets.elev.io assets.zendesk.com; img-src * data:; font-src 'self' *.bootstrapcdn.com assets.elev.io wazoku-static.s3.amazonaws.com; connect-src 'self' *.zdassets.com *.wazoku.com assets.elev.io sentry.io wazoku.zendesk.com wazoku-clients.s3.amazonaws.com www.googleapis.com browser.pipe.aria.microsoft.com; frame-src *.wazoku.com *.microsoftonline.com *.yammer.com accounts.google.com assets.zendesk.com docs.google.com player.vimeo.com telemetryservice.firstpartyapps.oaspapps.com w.soundcloud.com www.youtube.com; form-action 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block