diff --git a/src/zap.conf b/src/zap.conf
index a857688e3..ef172937c 100644
--- a/src/zap.conf
+++ b/src/zap.conf
@@ -52,7 +52,7 @@
 10038	OUTOFSCOPE	http://app:8080/users
 10038	OUTOFSCOPE	http://app:8080/users/add
 10038	OUTOFSCOPE	http://app:8080/delete
-11038   OUTOFSCOPE  http://app:8080/withdraw 
+10038   OUTOFSCOPE  http://app:8080/withdraw 
 # This URL always returns 404, so include it as well.
 10038	OUTOFSCOPE	http://app:8080/todo
 # OIDC isn't configured in the test environment and DEBUG=True so this gives a 500 without CSP headers