urlscan.io logo urlscan.io
SecurityTrails logo

merchant-login.dev.us.zip.co Open in urlscan Pro
104.17.254.182  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://merchant-portal.sand.us.zip.co/
Effective URL: https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIH...
Submission Tags: @phish_report
Submission: On September 11 via api from FI — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 104.17.254.182, located in and belongs to CLOUDFLARENET, US. The main domain is merchant-login.dev.us.zip.co.
TLS certificate: Issued by E5 on August 13th 2024. Valid for: 3 months.
This is the only time merchant-login.dev.us.zip.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 13.107.246.31 8075 (MICROSOFT...)
1 104.18.66.57 13335 (CLOUDFLAR...)
1 2 104.17.254.182 13335 (CLOUDFLAR...)
1 108.158.21.40 16509 (AMAZON-02)
1 172.64.150.121 13335 (CLOUDFLAR...)
1 172.64.147.196 13335 (CLOUDFLAR...)
17 7
10    13.107.246.31 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
merchant-portal.sand.us.zip.co
1    104.18.66.57 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.optimizely.com
2    104.17.254.182 (None, )

ASN13335 (CLOUDFLARENET, US)
merchant-login.dev.us.zip.co
1    108.158.21.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-158-21-40.syd62.r.cloudfront.net
cdn.auth0.com
1    172.64.150.121 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
zip.co
1    172.64.147.196 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
assets.quadpay.com
Apex Domain
Subdomains		 Transfer
13 zip.co
merchant-portal.sand.us.zip.co
merchant-login.dev.us.zip.co
zip.co — Cisco Umbrella Rank: 35679
771 KB
1 quadpay.com
assets.quadpay.com — Cisco Umbrella Rank: 82636
51 KB
1 auth0.com
cdn.auth0.com — Cisco Umbrella Rank: 10656
63 KB
1 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 1042
2 KB
0 wpengine.com Failed
zipus.wpengine.com Failed
17 5
Domain Requested by
10 merchant-portal.sand.us.zip.co merchant-portal.sand.us.zip.co
2 merchant-login.dev.us.zip.co 1 redirects merchant-portal.sand.us.zip.co
1 assets.quadpay.com merchant-login.dev.us.zip.co
1 zip.co merchant-login.dev.us.zip.co
1 cdn.auth0.com merchant-login.dev.us.zip.co
1 cdn.optimizely.com merchant-portal.sand.us.zip.co
0 zipus.wpengine.com Failed
17 7

This site contains links to these domains. Also see Links.

Domain
zip.co
Subject Issuer Validity Valid
merchant-portal.sand.us.zip.co
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2024-09-10 -
2025-03-10		 6 months crt.sh
cdn.optimizely.com
WE1		 2024-08-23 -
2024-11-21		 3 months crt.sh
merchant-login.dev.us.zip.co
E5		 2024-08-13 -
2024-11-11		 3 months crt.sh
*.auth0.com
Amazon RSA 2048 M03		 2024-01-25 -
2025-02-22		 a year crt.sh
zip.co
WE1		 2024-09-03 -
2024-12-02		 3 months crt.sh
quadpay.com
WE1		 2024-08-08 -
2024-11-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHZaNzBScG1RS1pRUERiazZxQ0FqWHhpWkM3a3d5SHFHo2NpZNkgNGZDVllQRGRwaE1CUFF5clZZU3pYOEZzdXNnaWhxZlo
Frame ID: E9411BE3E2077A30761A353FB29DDCB0
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in | React Merchant Portal (UT)

Page URL History Show full URLs

  1. http://merchant-portal.sand.us.zip.co/ HTTP 307
    https://merchant-portal.sand.us.zip.co/ Page URL
  2. https://merchant-login.dev.us.zip.co/authorize?audience=https%3A%2F%2Fmerchants-auth-dev.quadpay.com&scope=openid... HTTP 302
    https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcn... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • zip\.co
Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Page Statistics

17
Requests

88 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

7
IPs

2
Countries

886 kB
Transfer

2927 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://merchant-portal.sand.us.zip.co/ HTTP 307
    https://merchant-portal.sand.us.zip.co/ Page URL
  2. https://merchant-login.dev.us.zip.co/authorize?audience=https%3A%2F%2Fmerchants-auth-dev.quadpay.com&scope=openid%20profile%20email&client_id=4fCVYPDdphMBPQyrVYSzX8FsusgihqfZ&redirect_uri=https%3A%2F%2Fmerchant-portal.sand.us.zip.co%3FreturnUrl%3D%2F&response_type=code&response_mode=query&state=Z2VWblF2R2pFZUtjWndlZnZNbFM3SVh4SmhHOVlGbkdEN3JiQW50MDZNfg%3D%3D&nonce=NzVvT0pwazdqNjNsdVFHa2tqaGVkdmtsYVdwbUx3eGJ6TGdGYjNZLnh1Tw%3D%3D&code_challenge=dqVCz53jrq6J2vOGl7_MDJ10t-Rl-4UjwaZZ8-O5vmw&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS4xMi4xIn0%3D HTTP 302
    https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHZaNzBScG1RS1pRUERiazZxQ0FqWHhpWkM3a3d5SHFHo2NpZNkgNGZDVllQRGRwaE1CUFF5clZZU3pYOEZzdXNnaWhxZlo Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://merchant-portal.sand.us.zip.co/ HTTP 307
  • https://merchant-portal.sand.us.zip.co/

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
merchant-portal.sand.us.zip.co/
Redirect Chain
  • http://merchant-portal.sand.us.zip.co/
  • https://merchant-portal.sand.us.zip.co/
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ Next.js
Resource Hash
970be97042af71b93f5bef0cef784e2e35f0233bcdd1905a95616af571987366
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

cache-control
s-maxage=31536000, stale-while-revalidate
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 11 Sep 2024 10:17:23 GMT
etag
"7gprx0v7sz410"
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-azure-ref
20240911T101722Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vqw
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-envoy-upstream-service-time
3
x-nextjs-cache
HIT
x-powered-by
Next.js
x-xss-protection
1; mode=block

Redirect headers

Location
https://merchant-portal.sand.us.zip.co/
Non-Authoritative-Reason
HttpsUpgrades
ff0b19aba3a4776f.css
merchant-portal.sand.us.zip.co/_next/static/css/ 		3 KB
995 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/_next/static/css/ff0b19aba3a4776f.css
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ab1ba22c7e3e842772e01a8820d5b3de5643ad87e37aaaa133ac1f78e1760ae7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 11 Sep 2024 05:22:29 GMT
etag
W/"a54-191df887a08"
vary
Accept-Encoding
x-azure-ref
20240911T101723Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vte
content-type
text/css; charset=UTF-8
x-cache
CONFIG_NOCACHE
cache-control
public, max-age=31536000, immutable
x-envoy-upstream-service-time
2
x-xss-protection
1; mode=block
webpack-e00aa6e53c89487e.js
merchant-portal.sand.us.zip.co/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/_next/static/chunks/webpack-e00aa6e53c89487e.js
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3387a4ff4d6d15d7e402f42557cc00a0636a24266313019d405ac4fa989e9f55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 11 Sep 2024 05:22:29 GMT
etag
W/"10bb-191df887a08"
vary
Accept-Encoding
x-azure-ref
20240911T101723Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vtf
content-type
application/javascript; charset=UTF-8
x-cache
CONFIG_NOCACHE
cache-control
public, max-age=31536000, immutable
x-envoy-upstream-service-time
3
x-xss-protection
1; mode=block
framework-92584e9d970f1310.js
merchant-portal.sand.us.zip.co/_next/static/chunks/ 		138 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/_next/static/chunks/framework-92584e9d970f1310.js
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
af237019a692d4303533e13c7d2db4c3ca9649416c3ae20cfa80c591e7a7c370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 11 Sep 2024 05:22:29 GMT
etag
W/"22749-191df887a08"
vary
Accept-Encoding
x-azure-ref
20240911T101723Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vtk
content-type
application/javascript; charset=UTF-8
x-cache
CONFIG_NOCACHE
cache-control
public, max-age=31536000, immutable
x-envoy-upstream-service-time
3
x-xss-protection
1; mode=block
main-358f189c8a1377ad.js
merchant-portal.sand.us.zip.co/_next/static/chunks/ 		101 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/_next/static/chunks/main-358f189c8a1377ad.js
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
829c0248894ee5d0f45159e4ff77819a47c225f5625496b9a9675a41501298f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 11 Sep 2024 05:22:29 GMT
etag
W/"1944c-191df887a08"
vary
Accept-Encoding
x-azure-ref
20240911T101723Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vtm
content-type
application/javascript; charset=UTF-8
x-cache
CONFIG_NOCACHE
cache-control
public, max-age=31536000, immutable
x-envoy-upstream-service-time
6
x-xss-protection
1; mode=block
_app-2d0e34f986bd8751.js
merchant-portal.sand.us.zip.co/_next/static/chunks/pages/ 		2 MB
631 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/_next/static/chunks/pages/_app-2d0e34f986bd8751.js
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3d2b02618d0b98564b55996149d12fc4acc275a26e583810e58585f4d1433e86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 11 Sep 2024 05:22:29 GMT
etag
W/"21b5a3-191df887a08"
vary
Accept-Encoding
x-azure-ref
20240911T101723Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vtn
content-type
application/javascript; charset=UTF-8
x-cache
CONFIG_NOCACHE
cache-control
public, max-age=31536000, immutable
x-envoy-upstream-service-time
3
x-xss-protection
1; mode=block
index-d66b49bd48e2b3be.js
merchant-portal.sand.us.zip.co/_next/static/chunks/pages/ 		720 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/_next/static/chunks/pages/index-d66b49bd48e2b3be.js
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0f49f94ffe04d3fe8501ae1285e813e3945609c3c99b26765fb7b2c2addb424c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 11 Sep 2024 05:22:29 GMT
etag
W/"2d0-191df887a08"
vary
Accept-Encoding
x-azure-ref
20240911T101723Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vtp
content-type
application/javascript; charset=UTF-8
x-cache
CONFIG_NOCACHE
cache-control
public, max-age=31536000, immutable
x-envoy-upstream-service-time
1
accept-ranges
bytes
content-length
720
x-xss-protection
1; mode=block
_buildManifest.js
merchant-portal.sand.us.zip.co/_next/static/C05zqer9diuIXW-zw3ICS/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/_next/static/C05zqer9diuIXW-zw3ICS/_buildManifest.js
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aa8ad1fe3dc15530d196e7d9fe2e42b8d43bab999c7f0ee90758a2a60637e431
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 11 Sep 2024 05:22:29 GMT
etag
W/"86d-191df887a08"
vary
Accept-Encoding
x-azure-ref
20240911T101723Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vtq
content-type
application/javascript; charset=UTF-8
x-cache
CONFIG_NOCACHE
cache-control
public, max-age=31536000, immutable
x-envoy-upstream-service-time
2
x-xss-protection
1; mode=block
_ssgManifest.js
merchant-portal.sand.us.zip.co/_next/static/C05zqer9diuIXW-zw3ICS/ 		421 B
839 B 		Script
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/_next/static/C05zqer9diuIXW-zw3ICS/_ssgManifest.js
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
51a27d012ed5c27eab96361882e16da4fcf06a2ca7b27df0f09094fa2c5bf982
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 11 Sep 2024 05:22:44 GMT
etag
W/"1a5-191df88b4a0"
vary
Accept-Encoding
x-azure-ref
20240911T101723Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vtr
content-type
application/javascript; charset=UTF-8
x-cache
CONFIG_NOCACHE
cache-control
public, max-age=31536000, immutable
x-envoy-upstream-service-time
2
accept-ranges
bytes
content-length
421
x-xss-protection
1; mode=block
Aw1bx3q4xwfwHKNGfzQAZ.json
cdn.optimizely.com/datafiles/ 		11 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/datafiles/Aw1bx3q4xwfwHKNGfzQAZ.json
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/_next/static/chunks/pages/_app-2d0e34f986bd8751.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.66.57 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

x-amz-meta-pci_enabled
False
date
Wed, 11 Sep 2024 10:17:25 GMT
content-encoding
gzip
x-amz-version-id
.tVbplG.fvf_SyIU497IEDjVONsbUxTX
cf-cache-status
HIT
x-amz-request-id
50W6WCV5AZ31AZ8Z
x-amz-server-side-encryption
AES256
x-amz-meta-revision
279
x-amz-replication-status
COMPLETED
content-length
1804
x-amz-id-2
O6aquEnabOqQdeqtahc2JakNLGYHqORD3iMjeLLe1RY+URFRzWyOXbNzTjHUZZdBAmn3XTeseb0=
last-modified
Mon, 05 Feb 2024 22:48:17 GMT
server
cloudflare
etag
"cdbed44d26dad11d12cbc597796974c7"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=120
access-control-allow-credentials
false
access-control-max-age
604800
accept-ranges
bytes
cf-ray
8c16e86bbeb1a94a-SYD
access-control-allow-headers
*
favicon.ico
merchant-portal.sand.us.zip.co/ 		25 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://merchant-portal.sand.us.zip.co/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 11 Sep 2024 05:20:28 GMT
etag
W/"654b-191df86a160"
vary
Accept-Encoding
x-azure-ref
20240911T101725Z-r15988889dfxcljgsfd4ycq9fw0000000k70000000006vy0
content-type
image/x-icon
x-cache
CONFIG_NOCACHE
cache-control
public, max-age=0
x-envoy-upstream-service-time
2
x-xss-protection
1; mode=block
Primary Request login
merchant-login.dev.us.zip.co/u/
Redirect Chain
  • https://merchant-login.dev.us.zip.co/authorize?audience=https%3A%2F%2Fmerchants-auth-dev.quadpay.com&scope=openid%20profile%20email&client_id=4fCVYPDdphMBPQyrVYSzX8FsusgihqfZ&redirect_uri=https%3A%...
  • https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHZaNzBScG1RS1pRUERiazZxQ0FqWHhpWkM3a3d5SHFHo2NpZNkgNGZDVllQRGRwaE...
42 KB
42 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHZaNzBScG1RS1pRUERiazZxQ0FqWHhpWkM3a3d5SHFHo2NpZNkgNGZDVllQRGRwaE1CUFF5clZZU3pYOEZzdXNnaWhxZlo
Requested by
Host: merchant-portal.sand.us.zip.co
URL: https://merchant-portal.sand.us.zip.co/_next/static/chunks/pages/_app-2d0e34f986bd8751.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.254.182 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36eb5fd96af5b44e5769fb3d816ed6e5f00c092396ee6abfc15e7645c3bcc74a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://merchant-portal.sand.us.zip.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, max-age=0, no-transform
cf-cache-status
DYNAMIC
cf-ray
8c16e86eee72a961-SYD
content-language
en
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=utf-8
date
Wed, 11 Sep 2024 10:17:26 GMT
etag
W/"a727-IOVrXPDlLAnQX9d3aiN/lR48mis"
expires
Wed, 11 Sep 2024 10:17:26 GMT
pragma
no-cache
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-auth0-dl
296
x-auth0-requestid
b603af8611518efb574b
x-content-type-options
nosniff
x-frame-options
deny
x-ratelimit-limit
20
x-ratelimit-remaining
19
x-ratelimit-reset
1726049853
x-robots-tag
noindex, nofollow
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, max-age=0, no-transform
cf-cache-status
DYNAMIC
cf-ray
8c16e86cbc08a961-SYD
content-length
424
content-type
text/html; charset=utf-8
date
Wed, 11 Sep 2024 10:17:25 GMT
location
/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHZaNzBScG1RS1pRUERiazZxQ0FqWHhpWkM3a3d5SHFHo2NpZNkgNGZDVllQRGRwaE1CUFF5clZZU3pYOEZzdXNnaWhxZlo
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept, Accept-Encoding
x-auth0-requestid
8f306ed095d7c666d409
x-content-type-options
nosniff
x-ratelimit-limit
100
x-ratelimit-remaining
99
x-ratelimit-reset
1726049846
main.cdn.min.css
cdn.auth0.com/ulp/react-components/1.95.0/css/ 		278 KB
63 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.auth0.com/ulp/react-components/1.95.0/css/main.cdn.min.css
Requested by
Host: merchant-login.dev.us.zip.co
URL: https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHZaNzBScG1RS1pRUERiazZxQ0FqWHhpWkM3a3d5SHFHo2NpZNkgNGZDVllQRGRwaE1CUFF5clZZU3pYOEZzdXNnaWhxZlo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.158.21.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-158-21-40.syd62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e01ee182c3edd33151075d139238cd34bfd31434ffd3b93d6caf940a2cad19a0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

x-amz-version-id
E38Qx_Fb50f02Wuf_xHfOlOM1q.Euraw
content-encoding
gzip
via
1.1 237cbfb8cde372b8f33bda5565e9b52c.cloudfront.net (CloudFront)
date
Wed, 11 Sep 2024 04:52:14 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-amz-cf-pop
SYD62-P3
age
19513
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
FAILED
last-modified
Fri, 30 Aug 2024 18:26:34 GMT
server
AmazonS3
etag
W/"8f2ea3821b702993163ea3db8580e9f7"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=86400
x-robots-tag
noindex
x-amz-cf-id
EUnwJhQjkwpTtFpa05NWDsY-CT6Pew-fo6fMUHxeup8jdrO2SdRDJw==
black.svg
zip.co/assets/fearless/logos/zip/ 		975 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zip.co/assets/fearless/logos/zip/black.svg
Requested by
Host: merchant-login.dev.us.zip.co
URL: https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHZaNzBScG1RS1pRUERiazZxQ0FqWHhpWkM3a3d5SHFHo2NpZNkgNGZDVllQRGRwaE1CUFF5clZZU3pYOEZzdXNnaWhxZlo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.150.121 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6857f1ddbfc8d2211fbac2383e1e0ede3b3e1f9c86a748e7807fc96023b9ba8b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 11 Sep 2024 10:17:26 GMT
via
1.1 6eb4925a459e5104745cfd7f77596766.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 30 Oct 2023 02:59:26 GMT
server
cloudflare
strict-transport-security
max-age=31536000; preload
x-amz-cf-pop
SYD62-P3
age
27130
etag
W/"9aacd22f7596f10f319b4cded5536266"
x-cache
Hit from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
cf-ray
8c16e8759e99a7f9-SYD
x-amz-cf-id
Ovg2mp3xSXMapuK_IWl7fpx5H-2O25sTCSo9AzdtbRlFu5xZ84lWFg==
auth0-login-background_US.svg
assets.quadpay.com/auth0-universal/ 		157 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.quadpay.com/auth0-universal/auth0-login-background_US.svg
Requested by
Host: merchant-login.dev.us.zip.co
URL: https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHZaNzBScG1RS1pRUERiazZxQ0FqWHhpWkM3a3d5SHFHo2NpZNkgNGZDVllQRGRwaE1CUFF5clZZU3pYOEZzdXNnaWhxZlo
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.147.196 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14997af1d3d5ece87d847eb290efcbefd476033ac066bfaed3f166bd0ebe66fa

Request headers

Referer
https://merchant-login.dev.us.zip.co/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 11 Sep 2024 10:17:27 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
2VKk6ZaRxId/2Shw/uLSMg==
age
272
alt-svc
h3=":443"; ma=86400
x-ms-lease-state
available
x-ms-lease-status
unlocked
last-modified
Thu, 28 Jul 2022 11:34:05 GMT
server
cloudflare
etag
W/"0x8DA708D14350098"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
465a4cc4-701e-00a3-4f5a-7975d6000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type
x-ms-version
2014-02-14
cf-ray
8c16e877ad31d5d7-SYD
truncated
/ 		650 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aaf1eac584819e98c7f78a20216bd2fb10ee29e10b290983bc0fa82d0f293bce

Request headers

Referer
Origin
https://merchant-login.dev.us.zip.co
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml;charset=utf-8
sharp-grotesk-book-20.woff2
zip.co/static-assets/fonts/ 		0
0
Square-Favicon.svg
zipus.wpengine.com/wp-content/uploads/2021/08/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
zip.co
URL
https://zip.co/static-assets/fonts/sharp-grotesk-book-20.woff2
Domain
zipus.wpengine.com
URL
https://zipus.wpengine.com/wp-content/uploads/2021/08/Square-Favicon.svg

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| customizeResetPasswordEmailScreen function| customizeSignUpUrlInLoginScreen object| ulpFlags

6 Cookies

Domain/Path Name / Value
merchant-login.dev.us.zip.co/ Name: did
Value: s%3Av0%3A2be12a5f-d8e2-4087-9695-8f7545618f00.aJzRBd5SKagel9YGs%2BCQ3XwEidHWQrF8wGueZuCVeCI
merchant-login.dev.us.zip.co/ Name: auth0
Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQNJE7mzbrM6bDgxMHxTPYVZjxrfYztpE6KwnKD8biTN1hDro6-t-czGsQo__6omdLyAsRtDnCdjB7D9gyVJUCbKmY29va2llg6dleHBpcmVz1_92BGcAZuVita5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.IGMyCXc0CWIzkCM25txYWWl1UFyg1OyJ4olJRoG%2FLF0
merchant-login.dev.us.zip.co/ Name: did_compat
Value: s%3Av0%3A2be12a5f-d8e2-4087-9695-8f7545618f00.aJzRBd5SKagel9YGs%2BCQ3XwEidHWQrF8wGueZuCVeCI
merchant-login.dev.us.zip.co/ Name: auth0_compat
Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQNJE7mzbrM6bDgxMHxTPYVZjxrfYztpE6KwnKD8biTN1hDro6-t-czGsQo__6omdLyAsRtDnCdjB7D9gyVJUCbKmY29va2llg6dleHBpcmVz1_92BGcAZuVita5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.IGMyCXc0CWIzkCM25txYWWl1UFyg1OyJ4olJRoG%2FLF0
.zip.co/ Name: __cf_bm
Value: URESnB8SvyW_e.7i.ohgjsE._jk2ys6luYfwLlltnV0-1726049846-1.0.1.1-Ym4EfHgKEGBpbRVdwU67S7qlRZR1EgGDSlv54fS3Ec4o0W_TUEMaegcaGYxpD3BInFrLIFqjHuuPocFB3B7FPQ
.quadpay.com/ Name: __cf_bm
Value: SzWCLPWfKHK4S3YSYDGly2CMPA8.YD4JQc5JF2qJhmk-1726049847-1.0.1.1-.xPzNMG5SHY9nNZFQHB1uOeLIueHkagw6Z8bGUkiGOq7uaJP8AfzGNtJ.XcNL1X0CFI75A9UwvIuzELQ1eMRoQ

2 Console Messages

Source Level URL
Text
javascript error URL: https://merchant-login.dev.us.zip.co/u/login?state=hKFo2SA4TXdleWpWSE0tRVRydGZtWGo3TWVncUs5LUdzRnhRV6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHZaNzBScG1RS1pRUERiazZxQ0FqWHhpWkM3a3d5SHFHo2NpZNkgNGZDVllQRGRwaE1CUFF5clZZU3pYOEZzdXNnaWhxZlo
Message:
Access to font at 'https://zip.co/static-assets/fonts/sharp-grotesk-book-20.woff2' from origin 'https://merchant-login.dev.us.zip.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://zip.co/static-assets/fonts/sharp-grotesk-book-20.woff2
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block