urlscan.io logo urlscan.io
SecurityTrails logo

zlapp.canpayapp.com Open in urlscan Pro
174.143.55.175  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://zlapp.canpayapp.com/V2/app.php
Effective URL: https://zlapp.canpayapp.com/V2/app.php
Submission: On July 29 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 31 HTTP transactions. The main IP is 174.143.55.175, located in United States and belongs to RMH-14, US. The main domain is zlapp.canpayapp.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on July 16th 2021. Valid for: a year.
This is the only time zlapp.canpayapp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 28 174.143.55.175 33070 (RMH-14)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
31 3
Apex Domain
Subdomains		 Transfer
20 canpayapp.com
zlapp.canpayapp.com
256 KB
8 paymentcard.com
secure.paymentcard.com
80 KB
3 google.com
maps.google.com
165 KB
1 googleapis.com
maps.googleapis.com
608 B
31 4
Domain Requested by
20 zlapp.canpayapp.com 1 redirects zlapp.canpayapp.com
8 secure.paymentcard.com zlapp.canpayapp.com
3 maps.google.com zlapp.canpayapp.com
maps.google.com
1 maps.googleapis.com maps.google.com
31 4

This site contains no links.

Subject Issuer Validity Valid
zlapp.canpayapp.com
Go Daddy Secure Certificate Authority - G2		 2021-07-16 -
2022-07-16		 a year crt.sh
paymentcard.com
Go Daddy Secure Certificate Authority - G2		 2021-01-14 -
2022-02-15		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-06-28 -
2021-09-20		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://zlapp.canpayapp.com/V2/app.php
Frame ID: AF3240B4CDD62767DEBF0581FB44947E
Requests: 8 HTTP requests in this frame

Frame: https://zlapp.canpayapp.com/V2/enroll.php
Frame ID: 44E928ACD46AB4C4AA8EF7C6D8FA5255
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://zlapp.canpayapp.com/V2/app.php HTTP 301
    https://zlapp.canpayapp.com/V2/app.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • script /bootstrap[.-]([\d.]*\d)[^/]*\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

31
Requests

100 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

501 kB
Transfer

1765 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://zlapp.canpayapp.com/V2/app.php HTTP 301
    https://zlapp.canpayapp.com/V2/app.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set app.php
zlapp.canpayapp.com/V2/
Redirect Chain
  • http://zlapp.canpayapp.com/V2/app.php
  • https://zlapp.canpayapp.com/V2/app.php
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/app.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
5ad3019d4ccc2c69b639367d6e90f89c9e078e8cdbb404cbb79caa502d67de31
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Host
zlapp.canpayapp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:45 GMT
Server
Apache
Strict-Transport-Security
max-age=15768000;includeSubdomains
Set-Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7; path=/; secure; HttpOnly
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1153
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 29 Jul 2021 19:19:45 GMT
Server
Apache
Location
https://zlapp.canpayapp.com/V2/app.php
Content-Length
315
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
jquery-2.min.js
secure.paymentcard.com/js/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.paymentcard.com/js/jquery-2.min.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/app.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 Dec 2016 03:52:41 GMT
Server
Apache
ETag
"14e9b-5440ef7ca1440-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
29893
bootstrap-3.min.js
secure.paymentcard.com/js/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.paymentcard.com/js/bootstrap-3.min.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/app.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Content-Encoding
gzip
Last-Modified
Sun, 25 Dec 2016 01:16:00 GMT
Server
Apache
ETag
"90b5-544715ca71400-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
9833
bootstrap-accessibility.min.js
secure.paymentcard.com/js/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.paymentcard.com/js/bootstrap-accessibility.min.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/app.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
a4e20eeadff48aad469fd9a1455bf46991d6914e5dda57c9a8b7a1676614174c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Content-Encoding
gzip
Last-Modified
Sun, 25 Dec 2016 14:17:01 GMT
Server
Apache
ETag
"3b21-5447c45c93140-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
4219
date.min.js
secure.paymentcard.com/js/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.paymentcard.com/js/date.min.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/app.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
50d720edb599ed10d720cef4ec69a952432817227cac03b0ceed57c0a2e25709
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Dec 2016 20:40:57 GMT
Server
Apache
ETag
"5ef4-54408efca6840-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
7115
jquery.mask.min.js
secure.paymentcard.com/js/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.paymentcard.com/js/jquery.mask.min.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/app.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
4c9642535c100efcbf60c2f9b488ad866a5d7cd1e4e076fd5b8a6f2dfc68b362
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Content-Encoding
gzip
Last-Modified
Mon, 14 Aug 2017 14:35:35 GMT
Server
Apache
ETag
"1d30-556b793656540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3157
bootbox.min.js
secure.paymentcard.com/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.paymentcard.com/js/bootbox.min.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/app.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
0b68aaac3e45adb02662c1388312fe8c35713d54c159042ef6c0c7b65ce8ae8c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Dec 2016 21:06:35 GMT
Server
Apache
ETag
"28dd-544094b766cc0-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3867
app.js
zlapp.canpayapp.com/V2/js/ 		863 B
910 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/js/app.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/app.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
3e4d8e7e9cfc7e7af0172365f1128df34b651e410befffd2bfe7f76571525c3f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://zlapp.canpayapp.com/V2/app.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/app.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"35f-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
514
enroll.php
zlapp.canpayapp.com/V2/ Frame 44E9 		12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/enroll.php
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/app.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
24cd4ff4afdc5a704d460cc86e0e1599a649c14e9bdcde5890e856c3ae8cea97
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Host
zlapp.canpayapp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://zlapp.canpayapp.com/V2/app.php
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://zlapp.canpayapp.com/V2/app.php

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Server
Apache
Strict-Transport-Security
max-age=15768000;includeSubdomains
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
2989
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
bootstrap-3.min.css
secure.paymentcard.com//css/ Frame 44E9 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.paymentcard.com//css/bootstrap-3.min.css
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Content-Encoding
gzip
Last-Modified
Sun, 25 Dec 2016 01:14:45 GMT
Server
Apache
ETag
"1d970-54471582eab40-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
19744
bootstrap-accessibility.min.css
secure.paymentcard.com//css/ Frame 44E9 		1 KB
922 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.paymentcard.com//css/bootstrap-accessibility.min.css
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
2c5dc7b54d1d0bbaa036ab989aa4a411896e93713383a1b0c2ffbad5604a52e0
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:46 GMT
Content-Encoding
gzip
Last-Modified
Sun, 25 Dec 2016 14:12:07 GMT
Server
Apache
ETag
"52e-5447c34431bc0-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
508
jquery-2.2.4.js
zlapp.canpayapp.com/V2/js/ Frame 44E9 		252 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/js/jquery-2.2.4.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"3ee0f-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
bootstrap.min.js
zlapp.canpayapp.com/V2/js/ Frame 44E9 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/js/bootstrap.min.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"9004-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
9765
footable.js
zlapp.canpayapp.com/V2/js/ Frame 44E9 		252 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/js/footable.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
9fea94259f5f8d1beea2c3d6b0440c4181ea527b2ca229c03fe11629d7f4eafa
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"3efee-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
48702
footable.core.js
zlapp.canpayapp.com/V2/js/ Frame 44E9 		127 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/js/footable.core.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
bf70e81db9da7c840793cae1d66ed3218dae56f86d480a0f806d149ef5c7db81
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"1fdd5-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
26880
footable.paging.js
zlapp.canpayapp.com/V2/js/ Frame 44E9 		26 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/js/footable.paging.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
acf6ace570c34075d24afbaded31a0670c97035ca5e85472e755c8055af7acf4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"66ee-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
5466
jquery.qrcode.min.js
zlapp.canpayapp.com/V2/js/ Frame 44E9 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/js/jquery.qrcode.min.js
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
f4ccf02b69092819ac24575c717a080c3b6c6d6161f1b8d82bf0bb523075032d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"36ab-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
4751
js
maps.google.com/maps/api/ Frame 44E9 		136 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps/api/js?key=AIzaSyBxHF6FeTzjK1sppNI3WM81qC_tOvDCSGw
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
195b7bef3b235c229043e2fcf281b2a270e15ed2b70ae57bfd52c4ec720c05c7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Jul 2021 19:19:47 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
server-timing
gfet4t7; dur=19
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45280
x-xss-protection
0
expires
Thu, 29 Jul 2021 19:49:47 GMT
submit.js
zlapp.canpayapp.com/V2/js/ Frame 44E9 		19 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/js/submit.js?v=1561644589
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
286073f8c42a43a9e6278cf5a025bc1995671389f578bfd6485baceeec2364ab
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"4bb5-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
3837
bootstrap.css
zlapp.canpayapp.com/V2/css/ Frame 44E9 		143 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/css/bootstrap.css
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
3f15892dd89cf44e8d5bd0350904496e72eab6729a6902d6f542b0439f7d42b6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"23a79-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
21294
footable.bootstrap.css
zlapp.canpayapp.com/V2/css/ Frame 44E9 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/css/footable.bootstrap.css
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
01d9dd14d609eae58602204d2cc93191bc97532149865e95a755bd7335fee1f0
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"21af-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
1753
footable.core.bootstrap.css
zlapp.canpayapp.com/V2/css/ Frame 44E9 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/css/footable.core.bootstrap.css
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
cabf97c9a2e7f9bf8685d76a0ecc6f86fae5135a58ac564d7db40c07cd7fc763
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"1024-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
1095
footable.paging.css
zlapp.canpayapp.com/V2/css/ Frame 44E9 		925 B
768 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/css/footable.paging.css
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
53009f407687faeac5513e76bdaf0b92761f6bc2ee17e4dd5661467465806188
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"39d-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
385
signin.css
zlapp.canpayapp.com/V2/css/ Frame 44E9 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/css/signin.css?v=1561644589
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
0e00dd42c8201620d2c5a2e40f3d5a6a713a0b81e98a9b413a6e1025be05b505
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"1d8d-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2262
lg.png
zlapp.canpayapp.com/V2/images/ Frame 44E9 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zlapp.canpayapp.com/V2/images/lg.png
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
5e5821d3702146a7ee9c140f9a55f5892b5c6568ae22954634d840d72a215038
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Last-Modified
Thu, 27 Jun 2019 14:09:50 GMT
Server
Apache
ETag
"9f3d-58c4eb70d6780"
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
40765
Screen%20Shot%202016-06-29%20at%204.13.03%20PM.png
zlapp.canpayapp.com/V2/images/ Frame 44E9 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zlapp.canpayapp.com/V2/images/Screen%20Shot%202016-06-29%20at%204.13.03%20PM.png
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
db99dc08ad6d5c9092d292e339f17ce7bc710eab9f20e801af20293e29631e97
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Last-Modified
Thu, 27 Jun 2019 14:09:50 GMT
Server
Apache
ETag
"634-58c4eb70d6780"
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1588
Screen%20Shot%202016-06-29%20at%204.13.18%20PM.png
zlapp.canpayapp.com/V2/images/ Frame 44E9 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zlapp.canpayapp.com/V2/images/Screen%20Shot%202016-06-29%20at%204.13.18%20PM.png
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
d193cd24ace59b1ea2e27cd186957c6d62fb9a252c35fb505b4b482d899716a8
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Last-Modified
Thu, 27 Jun 2019 14:09:50 GMT
Server
Apache
ETag
"a66-58c4eb70d6780"
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=93
Content-Length
2662
footable.bootstrap.css
zlapp.canpayapp.com/V2/css/ Frame 44E9 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zlapp.canpayapp.com/V2/css/footable.bootstrap.css
Requested by
Host: zlapp.canpayapp.com
URL: https://zlapp.canpayapp.com/V2/enroll.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.143.55.175 , United States, ASN33070 (RMH-14, US),
Reverse DNS
secure.paymentcard.com
Software
Apache /
Resource Hash
01d9dd14d609eae58602204d2cc93191bc97532149865e95a755bd7335fee1f0
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
zlapp.canpayapp.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://zlapp.canpayapp.com/V2/enroll.php
Cookie
PHPSESSID=0o51mjmajn10eglsr4dbprdfr7
Connection
keep-alive
Referer
https://zlapp.canpayapp.com/V2/enroll.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 29 Jul 2021 19:19:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 14:09:49 GMT
Server
Apache
ETag
"21af-58c4eb6fe2540-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000;includeSubdomains
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
1753
common.js
maps.google.com/maps-api-v3/api/js/45/8/ Frame 44E9 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/45/8/common.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyBxHF6FeTzjK1sppNI3WM81qC_tOvDCSGw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
84e47bf4156a4d3a5bc06fd4f1d4f49c9276afa0d144cc511b7a9b79bcb61d32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 28 Jul 2021 17:56:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91430
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32207
x-xss-protection
0
last-modified
Tue, 27 Jul 2021 18:45:00 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 28 Jul 2022 17:56:03 GMT
util.js
maps.google.com/maps-api-v3/api/js/45/8/ Frame 44E9 		289 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.google.com/maps-api-v3/api/js/45/8/util.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?key=AIzaSyBxHF6FeTzjK1sppNI3WM81qC_tOvDCSGw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0ade6adab8476a2d9965160c2be5e27e1ecc79256e854094c985ef1edb60d9b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 28 Jul 2021 17:56:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91430
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
90465
x-xss-protection
0
last-modified
Tue, 27 Jul 2021 18:45:00 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 28 Jul 2022 17:56:03 GMT
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ Frame 44E9 		233 B
608 B 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fzlapp.canpayapp.com%2FV2%2Fenroll.php&4sAIzaSyBxHF6FeTzjK1sppNI3WM81qC_tOvDCSGw&callback=_xdc_._g681os&key=AIzaSyBxHF6FeTzjK1sppNI3WM81qC_tOvDCSGw&token=73704
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps-api-v3/api/js/45/8/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
722c2d606fba9bba204b618ae65c079de9f2acedb1a18576713b9de733e02549
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://zlapp.canpayapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Jul 2021 19:19:53 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment
server-timing
gfet4t7; dur=19
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
193
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| $jscomp object| bootbox function| updateSite

1 Cookies

Domain/Path Name / Value
zlapp.canpayapp.com/ Name: PHPSESSID
Value: 0o51mjmajn10eglsr4dbprdfr7

2 Console Messages

Source Level URL
Text
console-api log URL: https://zlapp.canpayapp.com/V2/js/app.js(Line 24)
Message:
Service Worker Registered
console-api error URL: https://maps.google.com/maps/api/js?key=AIzaSyBxHF6FeTzjK1sppNI3WM81qC_tOvDCSGw(Line 73)
Message:
Google Maps JavaScript API error: RefererNotAllowedMapError https://developers.google.com/maps/documentation/javascript/error-messages#referer-not-allowed-map-error Your site URL to be authorized: https://zlapp.canpayapp.com/V2/enroll.php

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000;includeSubdomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

maps.google.com
maps.googleapis.com
secure.paymentcard.com
zlapp.canpayapp.com
174.143.55.175
2a00:1450:4001:813::200a
2a00:1450:4001:813::200e
01d9dd14d609eae58602204d2cc93191bc97532149865e95a755bd7335fee1f0
0ade6adab8476a2d9965160c2be5e27e1ecc79256e854094c985ef1edb60d9b9
0b68aaac3e45adb02662c1388312fe8c35713d54c159042ef6c0c7b65ce8ae8c
0e00dd42c8201620d2c5a2e40f3d5a6a713a0b81e98a9b413a6e1025be05b505
195b7bef3b235c229043e2fcf281b2a270e15ed2b70ae57bfd52c4ec720c05c7
24cd4ff4afdc5a704d460cc86e0e1599a649c14e9bdcde5890e856c3ae8cea97
286073f8c42a43a9e6278cf5a025bc1995671389f578bfd6485baceeec2364ab
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
2c5dc7b54d1d0bbaa036ab989aa4a411896e93713383a1b0c2ffbad5604a52e0
3e4d8e7e9cfc7e7af0172365f1128df34b651e410befffd2bfe7f76571525c3f
3f15892dd89cf44e8d5bd0350904496e72eab6729a6902d6f542b0439f7d42b6
4c9642535c100efcbf60c2f9b488ad866a5d7cd1e4e076fd5b8a6f2dfc68b362
50d720edb599ed10d720cef4ec69a952432817227cac03b0ceed57c0a2e25709
53009f407687faeac5513e76bdaf0b92761f6bc2ee17e4dd5661467465806188
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5ad3019d4ccc2c69b639367d6e90f89c9e078e8cdbb404cbb79caa502d67de31
5e5821d3702146a7ee9c140f9a55f5892b5c6568ae22954634d840d72a215038
6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a
722c2d606fba9bba204b618ae65c079de9f2acedb1a18576713b9de733e02549
84e47bf4156a4d3a5bc06fd4f1d4f49c9276afa0d144cc511b7a9b79bcb61d32
893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2
9fea94259f5f8d1beea2c3d6b0440c4181ea527b2ca229c03fe11629d7f4eafa
a4e20eeadff48aad469fd9a1455bf46991d6914e5dda57c9a8b7a1676614174c
acf6ace570c34075d24afbaded31a0670c97035ca5e85472e755c8055af7acf4
bf70e81db9da7c840793cae1d66ed3218dae56f86d480a0f806d149ef5c7db81
cabf97c9a2e7f9bf8685d76a0ecc6f86fae5135a58ac564d7db40c07cd7fc763
d193cd24ace59b1ea2e27cd186957c6d62fb9a252c35fb505b4b482d899716a8
db99dc08ad6d5c9092d292e339f17ce7bc710eab9f20e801af20293e29631e97
f4ccf02b69092819ac24575c717a080c3b6c6d6161f1b8d82bf0bb523075032d
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c