urlscan.io logo urlscan.io
SecurityTrails logo

auth.uber.com Open in urlscan Pro
69.48.216.12  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://email.uber.com/ls/click?upn=u001.4vISPEHPdGeEimxnuJSpQTvAxgHvviFPgrQlwEr49dAXM1Edt02dWi-2FUZiMufp34rm-Z_ojqgjH6...
Effective URL: https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=htt...
Submission: On September 22 via api from US — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 18 HTTP transactions. The main IP is 69.48.216.12, located in United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is auth.uber.com. The Cisco Umbrella rank of the primary domain is 42218.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 10th 2024. Valid for: a year.
This is the only time auth.uber.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.98.127.226 396982 (GOOGLE-CL...)
1 10 69.48.216.12 396982 (GOOGLE-CL...)
1 2600:9000:264... 16509 (AMAZON-02)
3 2a00:1450:401... 15169 (GOOGLE)
1 23.215.17.144 16625 (AKAMAI-AS)
2 35.201.81.34 396982 (GOOGLE-CL...)
1 2600:9000:264... 16509 (AMAZON-02)
18 7
1    34.98.127.226 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 226.127.98.34.bc.googleusercontent.com
email.uber.com
10    69.48.216.12 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
accounts.uber.com
auth.uber.com
csp.uber.com
1    2600:9000:2646:8200:5:57ff:7880:93a1 (United States)

ASN16509 (AMAZON-02, US)
uber-api.arkoselabs.com
3    2a00:1450:4013:c16::54 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
accounts.google.com
1    23.215.17.144 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-215-17-144.deploy.static.akamaitechnologies.com
appleid.cdn-apple.com
2    35.201.81.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.81.201.35.bc.googleusercontent.com
cn-geo1.uber.com
1    2600:9000:2646:da00:5:57ff:7880:93a1 (United States)

ASN16509 (AMAZON-02, US)
uber-api.arkoselabs.com
Apex Domain
Subdomains		 Transfer
13 uber.com
email.uber.com — Cisco Umbrella Rank: 40660
accounts.uber.com — Cisco Umbrella Rank: 603206
auth.uber.com — Cisco Umbrella Rank: 42218
csp.uber.com — Cisco Umbrella Rank: 24292
cn-geo1.uber.com — Cisco Umbrella Rank: 6278
241 KB
3 google.com
accounts.google.com — Cisco Umbrella Rank: 17
88 KB
2 arkoselabs.com
uber-api.arkoselabs.com — Cisco Umbrella Rank: 60512
27 KB
1 cdn-apple.com
appleid.cdn-apple.com — Cisco Umbrella Rank: 3874
17 KB
0 cdn-net.com Failed
www.cdn-net.com Failed
18 5
Domain Requested by
8 auth.uber.com auth.uber.com
3 accounts.google.com auth.uber.com
accounts.google.com
2 cn-geo1.uber.com auth.uber.com
2 uber-api.arkoselabs.com auth.uber.com
uber-api.arkoselabs.com
1 appleid.cdn-apple.com auth.uber.com
1 csp.uber.com auth.uber.com
1 accounts.uber.com 1 redirects
1 email.uber.com 1 redirects
0 www.cdn-net.com Failed auth.uber.com
18 9

This site contains no links.

Subject Issuer Validity Valid
*.uber.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-06-10 -
2025-06-09		 a year crt.sh
arkoselabs.com
Amazon RSA 2048 M02		 2024-04-29 -
2025-05-28		 a year crt.sh
accounts.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
appleid.cdn-apple.com
Apple Public EV Server RSA CA 2 - G1		 2024-06-06 -
2024-12-03		 6 months crt.sh

This page contains 2 frames:

Primary Page: https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
Frame ID: B9B0ADF35FBD7C5F7F8764AC559012A4
Requests: 16 HTTP requests in this frame

Frame: https://uber-api.arkoselabs.com/v2/2.9.0/enforcement.b3b1c9343f2ef3887d61d74272d6a3af.html
Frame ID: 65172489F0780846DD53BA8C8F0A16B7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Uber

Page URL History Show full URLs

  1. https://email.uber.com/ls/click?upn=u001.4vISPEHPdGeEimxnuJSpQTvAxgHvviFPgrQlwEr49dAXM1Edt02dWi-2FU... HTTP 302
    https://accounts.uber.com/communication HTTP 302
    https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zon... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • appleid\.auth\.js
Overall confidence: 100%
Detected patterns
  • accounts\.google\.com/gsi/client
Overall confidence: 100%
Detected patterns
  • react(?:-with-addons)?[.-]([\d.]*\d)[^/]*\.js

Page Statistics

18
Requests

94 %
HTTPS

43 %
IPv6

5
Domains

9
Subdomains

7
IPs

3
Countries

372 kB
Transfer

1424 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://email.uber.com/ls/click?upn=u001.4vISPEHPdGeEimxnuJSpQTvAxgHvviFPgrQlwEr49dAXM1Edt02dWi-2FUZiMufp34rm-Z_ojqgjH6TTYJp0butnciSTawaXKzr7q6X2xUcQIfzo9aJylsBIaD1NQD7-2BS3vj1DB4GADOkSb4QyiWgoOxswoYY5vHLHGkSER3Prsn-2FccMbQRwjUQ4Db44EyolJYB28ppFFWZzFc1zdY1g5JCh34G40iQ7kknrH-2F9L6Uj-2Fc6CadrSWGt3hkGowzxhqqtP1TTBssekClVqSt-2BaPLxFMnawgremdPayB0jiQJs-2BH27KFCPvseNy8sYIh6yr4uIJnICb-2FffIUKQ7g8ynItlOsYwZoKHOC7LOJCXioXgtts7ILNdCOPNSizVZfCb6mrovoLIt87xmcu62es9opOgQmoeuYmA67i5c8GgJ6nNDcuZ-2FnYVDxxZn2ohZMuu-2FtLEzU9svNkz-2FfnBAJw6MukaiT-2F7-2Bf28-2F-2FtoiEP2-2BPOSlwvMUcTXfeXeuC5wtJYfsk-2BOKg3YWfPjUS9iVjzhsLiNzAHRDBEaTMMwPadbfCx1Ipc5hfy7cyD15d4x8lBdqTUCMY7hVJyjwK0e9bUB17ToGMjBhP25S5L18Sxy4-2B2-2FOl00bH0zYBNJfiMNKrit6U0bXjHqP3Opr0R5NfSHff6S3xQ9tgaTxQdiH-2BoLTXHkpt7OntDiZ42pXEXP7Vmuije4v0MLi HTTP 302
    https://accounts.uber.com/communication HTTP 302
    https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
auth.uber.com/v2/
Redirect Chain
  • https://email.uber.com/ls/click?upn=u001.4vISPEHPdGeEimxnuJSpQTvAxgHvviFPgrQlwEr49dAXM1Edt02dWi-2FUZiMufp34rm-Z_ojqgjH6TTYJp0butnciSTawaXKzr7q6X2xUcQIfzo9aJylsBIaD1NQD7-2BS3vj1DB4GADOkSb4QyiWgoOxsw...
  • https://accounts.uber.com/communication
  • https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASL...
198 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.216.12 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
ufe /
Resource Hash
69909959742225af7c73ad7e07903d42e5fa563e56a9c5c861f8d9c87ec6d82e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-src 'self' https://accounts.google.com 'self' https://staticxx.facebook.com 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.arkoselabs.com https://web-payments-tokenizer.prod.use1.u1f4b2.com/; worker-src 'self'; child-src 'self' https://web-payments-tokenizer.prod.use1.u1f4b2.com/; connect-src 'self' https://cn-geo1.uber.com https://accounts.google.com https://*.cdn-net.com https://*.arkoselabs.com https://web-payments-tokenizer.prod.use1.u1f4b2.com/ https://api-js.mixpanel.com; manifest-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-d06825e9-6cd7-40f0-a7c9-94b206c9936b' https://accounts.google.com 'self' https://apis.google.com 'self' 'unsafe-eval' https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js 'self' https://connect.facebook.net/en_US/sdk.js 'self' https://js.braintreegateway.com/v1/braintree.js https://*.cdn-net.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.arkoselabs.com https://web-payments-tokenizer.prod.use1.u1f4b2.com/ https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://accounts.google.com; img-src https://web-payments-tokenizer.prod.use1.u1f4b2.com/; report-uri https://csp.uber.com/csp?a=arch-web&ro=false
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
max-age=0
content-encoding
gzip
content-security-policy
block-all-mixed-content; frame-src 'self' https://accounts.google.com 'self' https://staticxx.facebook.com 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.arkoselabs.com https://web-payments-tokenizer.prod.use1.u1f4b2.com/; worker-src 'self'; child-src 'self' https://web-payments-tokenizer.prod.use1.u1f4b2.com/; connect-src 'self' https://cn-geo1.uber.com https://accounts.google.com https://*.cdn-net.com https://*.arkoselabs.com https://web-payments-tokenizer.prod.use1.u1f4b2.com/ https://api-js.mixpanel.com; manifest-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-d06825e9-6cd7-40f0-a7c9-94b206c9936b' https://accounts.google.com 'self' https://apis.google.com 'self' 'unsafe-eval' https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js 'self' https://connect.facebook.net/en_US/sdk.js 'self' https://js.braintreegateway.com/v1/braintree.js https://*.cdn-net.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.arkoselabs.com https://web-payments-tokenizer.prod.use1.u1f4b2.com/ https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://accounts.google.com; img-src https://web-payments-tokenizer.prod.use1.u1f4b2.com/; report-uri https://csp.uber.com/csp?a=arch-web&ro=false
content-type
text/html; charset=utf-8
date
Sun, 22 Sep 2024 23:36:45 GMT
server
ufe
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-envoy-upstream-service-time
120
x-frame-options
SAMEORIGIN
x-uber-edge
e4-dca24:w:1270454040,ufe:production-cloud-gateway:compute-0:dca23,ufe:production-cloud-ecg-l7:default:bru2
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
max-age=0
content-encoding
gzip
content-type
text/html
date
Sun, 22 Sep 2024 23:36:44 GMT
location
https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
server
ufe
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-envoy-upstream-service-time
82
x-frame-options
SAMEORIGIN
x-uber-edge
e4-dca11:w:1320964252,ufe:production-cloud-gateway:compute-0:dca22,ufe:production-cloud-ecg-l7:default:bru3
x-xss-protection
1; mode=block
client-main-12b9da379350c8ca.js
auth.uber.com/v2/_static/ 		545 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.uber.com/v2/_static/client-main-12b9da379350c8ca.js
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.216.12 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
ufe /
Resource Hash
51751d12ac7358e7e45841c633f76f7f8f87228ee121ca2a29ec50c6e1d299ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://auth.uber.com
Referer
https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D

Response headers

content-encoding
br
etag
"0fdf4355f1d50a021d2e5c80c9a12501"
age
204270
x-content-type-options
nosniff
rpc-service
terrablob-gateway-tier3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 14:52:15 GMT
last-modified
Fri, 20 Sep 2024 12:28:34 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
timing-allow-origin
*
x-uber-app
terrablob-gateway-tier3
x-envoy-upstream-service-time
199
x-uber-edge
e4-dca23:w:1068690667,ufe:production-cloud-gateway:compute-0:dca18,ufe:production-cloud-ecg-l7:default:bru2
x-tb-source
terrablob
via
1.1 google
accept-ranges
bytes
content-length
121050
x-xss-protection
1; mode=block
server
ufe
client-vendor-react-8a2cd83a6834b463.js
auth.uber.com/v2/_static/ 		171 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.uber.com/v2/_static/client-vendor-react-8a2cd83a6834b463.js
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.216.12 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
ufe /
Resource Hash
a745b0df4aca294912cb7e817364eef77f46cee95cea40c400a528bebb5b4dde
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://auth.uber.com
Referer
https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D

Response headers

content-encoding
br
etag
"5a69cca6178dad5d381e69315c360d99"
age
809075
x-content-type-options
nosniff
rpc-service
terrablob-gateway-tier3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Sep 2024 14:52:10 GMT
last-modified
Fri, 13 Sep 2024 08:04:31 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
timing-allow-origin
*
x-uber-app
terrablob-gateway-tier3
x-envoy-upstream-service-time
283
x-uber-edge
e4-dca23:w:1068690667,ufe:production-cloud-gateway:compute-0:dca18,ufe:production-cloud-ecg-l7:default:bru2
x-tb-source
terrablob
via
1.1 google
accept-ranges
bytes
content-length
49608
x-xss-protection
1; mode=block
server
ufe
client-vendor-fusion-197861592b06d4e9.js
auth.uber.com/v2/_static/ 		159 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.uber.com/v2/_static/client-vendor-fusion-197861592b06d4e9.js
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.216.12 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
ufe /
Resource Hash
83425ade29faa3970ef28264b78ce5508d050460661d72d50170aa72aac4b1e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://auth.uber.com
Referer
https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D

Response headers

content-encoding
br
age
29363
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 22 Sep 2024 15:27:22 GMT
last-modified
Fri, 20 Sep 2024 12:28:45 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
timing-allow-origin
*
x-uber-edge
e4-dca23:w:1068690667,ufe:production-cloud-gateway:compute-0:dca22,ufe:production-cloud-ecg-l7:default:bru1
x-envoy-upstream-service-time
94
via
1.1 google
content-length
44490
x-xss-protection
1; mode=block
server
ufe
client-642-db9fa60e0777faa3.js
auth.uber.com/v2/_static/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.uber.com/v2/_static/client-642-db9fa60e0777faa3.js
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.216.12 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
ufe /
Resource Hash
f09d41aeaa87448c010218061e7c27ab85f2aa3bbb33bb7cfaa3c606f6e49fbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://auth.uber.com
Referer
https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D

Response headers

content-encoding
br
etag
"b8299a040c827dea22f1bb4386f43aa9"
age
809075
x-content-type-options
nosniff
rpc-service
terrablob-gateway-tier3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Sep 2024 14:52:10 GMT
last-modified
Fri, 13 Sep 2024 08:04:31 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
timing-allow-origin
*
x-uber-app
terrablob-gateway-tier3
x-envoy-upstream-service-time
232
x-uber-edge
e4-dca22:w:1333095919,ufe:production-cloud-gateway:compute-0:dca22,ufe:production-cloud-ecg-l7:default:bru1
x-tb-source
terrablob
via
1.1 google
accept-ranges
bytes
content-length
1046
x-xss-protection
1; mode=block
server
ufe
client-runtime-7f1533706fe341e5.js
auth.uber.com/v2/_static/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.uber.com/v2/_static/client-runtime-7f1533706fe341e5.js
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.216.12 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
ufe /
Resource Hash
115c3b4ae02aabc0766f28bff808fb9f70d7466f9175fe0f202b9984ad196398
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://auth.uber.com
Referer
https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D

Response headers

content-encoding
br
etag
"28fd5b1f235390040552a6c081572f9a"
age
204270
x-content-type-options
nosniff
rpc-service
terrablob-gateway-tier3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 14:52:15 GMT
last-modified
Fri, 20 Sep 2024 12:28:34 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
timing-allow-origin
*
x-uber-app
terrablob-gateway-tier3
x-envoy-upstream-service-time
195
x-uber-edge
e4-dca11:w:1315985043,ufe:production-cloud-gateway:compute-0:dca18,ufe:production-cloud-ecg-l7:default:bru3
x-tb-source
terrablob
via
1.1 google
accept-ranges
bytes
content-length
2330
x-xss-protection
1; mode=block
server
ufe
csp
csp.uber.com/ 		0
308 B 		Other
General
Check archive.org
Download Go to
Full URL
https://csp.uber.com/csp?a=arch-web&ro=false
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.216.12 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
ufe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://auth.uber.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=0
x-uber-edge
e4-dca23:w:1068690667,ufe:production-cloud-gateway:compute-0:dca18,ufe:production-cloud-ecg-l7:default:bru2
x-envoy-upstream-service-time
82
x-content-type-options
nosniff
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sun, 22 Sep 2024 23:36:45 GMT
x-xss-protection
1; mode=block
server
ufe
x-frame-options
SAMEORIGIN
_events
auth.uber.com/v2/ 		2 B
22 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://auth.uber.com/v2/_events
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/_static/client-main-12b9da379350c8ca.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
69.48.216.12 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
ufe /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

x-csrf-token
x
Referer
https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
application/json

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=0
x-uber-edge
e4-dca11:w:1320763254,ufe:production-cloud-gateway:compute-0:dca11,ufe:production-cloud-ecg-l7:default:bru2
x-envoy-upstream-service-time
86
x-content-type-options
nosniff
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Sun, 22 Sep 2024 23:36:45 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=utf-8
server
ufe
x-frame-options
SAMEORIGIN
cc.js
www.cdn-net.com/ 		0
0
api.js
uber-api.arkoselabs.com/v2/30000F36-CADF-490C-929A-C6A7DD8B33C4/ 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uber-api.arkoselabs.com/v2/30000F36-CADF-490C-929A-C6A7DD8B33C4/api.js
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/_static/client-main-12b9da379350c8ca.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:8200:5:57ff:7880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
cloudfront /
Resource Hash
a39f6c840b1dc4a1dbf254e2dd5d7b828c6455ecaa34f916acdb9c5caaf257e9
Security Headers
Name Value
Content-Security-Policy connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; default-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; style-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://auth.uber.com/

Response headers

content-encoding
gzip
etag
W/"f4996d38ad50751e7defcba7e5b54577"
age
80967
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P5",cdn-rid;desc="4d5lJdH4ASmsfymtwCB0aDFF1vMRiEHriAaxgJSuliSVzF593ULe5Q==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
x-cache
Hit from cloudfront
x-amz-cf-id
4d5lJdH4ASmsfymtwCB0aDFF1vMRiEHriAaxgJSuliSVzF593ULe5Q==
date
Sun, 22 Sep 2024 01:07:22 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding, Origin
last-modified
Mon, 22 Jul 2024 03:14:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; default-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; style-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
cache-control
public, max-age=0, s-maxage=31536000
accept-ch
Device-Memory, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-DPR, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-Viewport-Width, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-Width, Sec-CH-UA-Form-Factor
cf-request-time
1
referrer-policy
strict-origin-when-cross-origin
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
permissions-policy
accelerometer=*, autoplay=*, camera=*, display-capture=*, document-domain=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, midi=*, payment=*, picture-in-picture=*, sync-xhr=*, usb=*
capi-worker-type
cloudfront
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA60-P5
server
cloudfront
x-amz-server-side-encryption
AES256
client
accounts.google.com/gsi/ 		227 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/client
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/_static/client-main-12b9da379350c8ca.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4013:c16::54 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
85889ae36f5e7e04a701e623e072d3073680fcb34f46f7e7234ca34495286212
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-qo-1uNGM-MsdI_GZK5M7kg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://auth.uber.com/

Response headers

content-security-policy
script-src 'report-sample' 'nonce-qo-1uNGM-MsdI_GZK5M7kg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cache-control
private, max-age=1800
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
x-content-type-options
nosniff
expires
Sun, 22 Sep 2024 23:36:45 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
date
Sun, 22 Sep 2024 23:36:45 GMT
x-xss-protection
0
content-type
application/javascript; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server
ESF
x-frame-options
SAMEORIGIN
appleid.auth.js
appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/ 		42 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/_static/client-main-12b9da379350c8ca.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.215.17.144 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-17-144.deploy.static.akamaitechnologies.com
Software
Apple /
Resource Hash
8356948d6f3bef342ff37a4deca7f6b64b58ca0b90ca128c1929c1bb76cc7a54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://auth.uber.com
Referer
https://auth.uber.com/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=86400,stale-while-revalidate=86400
Content-Encoding
gzip
ETag
W/"43171-1726530311681"
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
17356
Date
Sun, 22 Sep 2024 23:36:45 GMT
Content-Type
application/javascript;charset=UTF-8
Last-Modified
Mon, 16 Sep 2024 23:45:11 GMT
Server
Apple
Vary
accept-encoding
get-auth-options
cn-geo1.uber.com/rt/webauthn-api/ 		313 B
553 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cn-geo1.uber.com/rt/webauthn-api/get-auth-options
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/_static/client-main-12b9da379350c8ca.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.81.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
34.81.201.35.bc.googleusercontent.com
Software
ufe /
Resource Hash
47740fe7d3f02d76f8da80d2aca04619ab6699ec9f42a6bd7be2aa9efcbf72f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

x-uber-client-name
usl_desktop
x-uber-device
undefined
x-uber-request-uuid
dbbd919d-0788-4d35-b841-028c5cc12d9c
Referer
https://auth.uber.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

x-request-id
002388d6-6558-46db-92bf-f3aba0a22dfa
access-control-max-age
86400
content-encoding
gzip
access-control-allow-methods
OPTIONS, GET, HEAD, POST
x-content-type-options
nosniff
rpc-service
api-gateway-http
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 22 Sep 2024 23:36:45 GMT
content-type
application/json
vary
Accept-Encoding
access-control-allow-headers
Accept, Origin, Keep-Alive, Content-Type, X-Uber-Analytics-Session-Id, X-Uber-App-Device-Id, X-Uber-App-Variant, X-Uber-Challenge-Provider, X-Uber-Challenge-Token, X-Uber-Client-Claim, X-Uber-Client-Id, X-Uber-Client-Name, X-Uber-Client-Version, X-Uber-Cold-Launch-Id, X-Uber-Dcurl, X-Uber-Device, X-Uber-Device-Epoch, X-Uber-Device-Id, X-Uber-Device-Ids, X-Uber-Device-Language, X-Uber-Device-Location-Accuracy, X-Uber-Device-Location-Altitude, X-Uber-Device-Location-Course, X-Uber-Device-Location-Latitude, X-Uber-Device-Location-Longitude, X-Uber-Device-Location-Provider, X-Uber-Device-Location-Speed, X-Uber-Device-Model, X-Uber-Device-Os, X-Uber-Device-UDID, X-Uber-Did, X-Uber-Hot-Launch-Id, X-Uber-Launch-Id, X-Uber-Marketing-Id, X-Uber-Request-UUID, X-Uber-Redirectcount, X-Uber-Privileged-Op-Url, X-Uber-Pwv-Instance-Id, X-Uber-Pwv-Client-Id, X-Uber-Sig-Status, X-Uber-Target-Location-Latitude, X-Uber-Target-Location-Longitude, X-Uber-Usl-Id, X-Uber-User-Cloud-Id, X-Uber-User-Identifier, X-Recaptcha-Token, X-Uber-Token
strict-transport-security
max-age=31536000
x-uber-app
api-gateway-http
x-uber-edge
e4-dca22:p:1327959577,ufe:production-cloud-gateway:compute-0:dca22,ufe:production-cloud-l7:default:lhr3
x-envoy-upstream-service-time
79
x-uber-rtapi-duration
3
via
1.1 google
access-control-allow-origin
https://auth.uber.com
x-xss-protection
1; mode=block
server
ufe
get-auth-options
cn-geo1.uber.com/rt/webauthn-api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cn-geo1.uber.com/rt/webauthn-api/get-auth-options
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.81.34 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
34.81.201.35.bc.googleusercontent.com
Software
ufe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-uber-client-name,x-uber-device,x-uber-request-uuid
Access-Control-Request-Method
POST
Origin
https://auth.uber.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept, Origin, Keep-Alive, Content-Type, X-Uber-Analytics-Session-Id, X-Uber-App-Device-Id, X-Uber-App-Variant, X-Uber-Challenge-Provider, X-Uber-Challenge-Token, X-Uber-Client-Claim, X-Uber-Client-Id, X-Uber-Client-Name, X-Uber-Client-Version, X-Uber-Cold-Launch-Id, X-Uber-Dcurl, X-Uber-Device, X-Uber-Device-Epoch, X-Uber-Device-Id, X-Uber-Device-Ids, X-Uber-Device-Language, X-Uber-Device-Location-Accuracy, X-Uber-Device-Location-Altitude, X-Uber-Device-Location-Course, X-Uber-Device-Location-Latitude, X-Uber-Device-Location-Longitude, X-Uber-Device-Location-Provider, X-Uber-Device-Location-Speed, X-Uber-Device-Model, X-Uber-Device-Os, X-Uber-Device-UDID, X-Uber-Did, X-Uber-Hot-Launch-Id, X-Uber-Launch-Id, X-Uber-Marketing-Id, X-Uber-Request-UUID, X-Uber-Redirectcount, X-Uber-Privileged-Op-Url, X-Uber-Pwv-Instance-Id, X-Uber-Pwv-Client-Id, X-Uber-Sig-Status, X-Uber-Target-Location-Latitude, X-Uber-Target-Location-Longitude, X-Uber-Usl-Id, X-Uber-User-Cloud-Id, X-Uber-User-Identifier, X-Recaptcha-Token, X-Uber-Token
access-control-allow-methods
OPTIONS, GET, HEAD, POST
access-control-allow-origin
https://auth.uber.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 22 Sep 2024 23:36:45 GMT
server
ufe
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-envoy-upstream-service-time
77
x-uber-edge
e4-dca50:p:1662106523,ufe:production-cloud-gateway:compute-0:dca24,ufe:production-cloud-l7:default:lhr1
x-xss-protection
1; mode=block
style
accounts.google.com/gsi/ 		533 B
586 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/style
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/gsi/client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4013:c16::54 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-XQc4m5iR6QqXBop-mhV6gg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://auth.uber.com/

Response headers

content-security-policy
script-src 'report-sample' 'nonce-XQc4m5iR6QqXBop-mhV6gg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cache-control
private, max-age=86400
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
x-content-type-options
nosniff
expires
Sun, 22 Sep 2024 23:36:45 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
date
Sun, 22 Sep 2024 23:36:45 GMT
x-xss-protection
0
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server
ESF
x-frame-options
SAMEORIGIN
status
accounts.google.com/gsi/ 		40 B
525 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/status?client_id=89939265457-enilmfbsacgcj2b7qq3sc7jc51u5b3ge.apps.googleusercontent.com&as=FFHHfd13WpWA695LC03Sgg&has_opted_out_fedcm=true
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/gsi/client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4013:c16::54 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a62fd175e41896ea4521f804d78aa453d7b299da7bcfd356a25d9956bf6ada87
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-gXZf-l4F7vx87RbppSSVrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://auth.uber.com/

Response headers

content-encoding
gzip
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
access-control-allow-methods
GET
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 22 Sep 2024 23:36:45 GMT
content-type
application/json; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-disposition
attachment; filename="json.txt"; filename*=UTF-8''json.txt
x-frame-options
SAMEORIGIN
content-security-policy
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-gXZf-l4F7vx87RbppSSVrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://auth.uber.com
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
x-xss-protection
0
server
ESF
enforcement.b3b1c9343f2ef3887d61d74272d6a3af.html
uber-api.arkoselabs.com/v2/2.9.0/ Frame 6517 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://uber-api.arkoselabs.com/v2/2.9.0/enforcement.b3b1c9343f2ef3887d61d74272d6a3af.html
Requested by
Host: uber-api.arkoselabs.com
URL: https://uber-api.arkoselabs.com/v2/30000F36-CADF-490C-929A-C6A7DD8B33C4/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:da00:5:57ff:7880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth.uber.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
Device-Memory, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-DPR, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-Viewport-Width, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-Width, Sec-CH-UA-Form-Factor
accept-ranges
bytes
age
76250
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=31536000, immutable
capi-worker-type
cloudfront
cf-request-time
0
content-length
977
content-security-policy
connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
content-type
text/html; charset=utf-8
date
Sun, 22 Sep 2024 02:25:58 GMT
etag
"e780abe27e9d6fe2204e7ec710091613"
last-modified
Mon, 22 Jul 2024 03:14:49 GMT
permissions-policy
accelerometer=*, autoplay=*, camera=*, display-capture=*, document-domain=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, midi=*, payment=*, picture-in-picture=*, sync-xhr=*, usb=*
referrer-policy
strict-origin-when-cross-origin
server
cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P5",cdn-rid;desc="aBFOE5utkss6Yq9IpcYm1iC4Jq_4LEPK12qjgZfDAX2WZEJME1ygWw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Origin
via
1.1 934815569b3b6127560be81f148ef706.cloudfront.net (CloudFront)
x-amz-cf-id
aBFOE5utkss6Yq9IpcYm1iC4Jq_4LEPK12qjgZfDAX2WZEJME1ygWw==
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
_events
auth.uber.com/v2/ 		2 B
22 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://auth.uber.com/v2/_events
Requested by
Host: auth.uber.com
URL: https://auth.uber.com/v2/_static/client-main-12b9da379350c8ca.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
69.48.216.12 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
ufe /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=0
x-uber-edge
e4-dca23:w:1061175560,ufe:production-cloud-gateway:compute-0:dca11,ufe:production-cloud-ecg-l7:default:bru2
x-envoy-upstream-service-time
90
x-content-type-options
nosniff
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Sun, 22 Sep 2024 23:36:47 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=utf-8
server
ufe
x-frame-options
SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.cdn-net.com
URL
https://www.cdn-net.com/cc.js

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| __ROUTE_PREFIX__ string| __FUSION_ASSET_PATH__ string| __NONCE__ object| webpackChunkFusion function| clearImmediate function| setImmediate object| _cc number| reactStartTime function| setupEnforcement object| default_gsi object| _F_toggles object| google object| closure_lm_940707 object| __G_ID_CLIENT__ object| AppleID number| __uslAppleAuthInit object| arkoseLabsClientApi2e161da7 object| regeneratorRuntime

9 Cookies

Domain/Path Name / Value
.accounts.uber.com/ Name: state
Value: JF0333C63bI0EH.1727049104916.d9grRx2j6slTPXkRbNXFjDsb9H4OWE5Pvz2tLOLNCOs=
auth.uber.com/ Name: _ua
Value: {"session_id":"29ccb5d9-0924-4d3b-a5b4-bf512c730d6d","session_time_ms":1727048205068}
.uber.com/ Name: marketing_vistor_id
Value: 7211a78d-a36c-4d69-9a2c-7a0ebfbdd923
.uber.com/ Name: x-uber-analytics-session-id
Value: edb28ad4-e3e3-45d9-9bb3-c95564ecfd19
.auth.uber.com/ Name: usl.territory
Value: 18.p22NnsyxDg2ckfmqExl1yhOJ4S2O54UxQOcyOzXJISs=
.uber.com/ Name: udi-id
Value: RTSAmPCXXMtg94HFPqWDeKTww8aPis1QwP5iHpjBPIGt58ctBq8lQplBVmOpU/KoT3uh4+bfVFs/kkD5KwAkuNo8PNrDPp4AWK04pfPuER4jT893xO/Jba8X9lQgO5P1n5aAMJijNA+QiWSE1H/4jEOYhIBRjfbZ0+js/iGNZq9TOIshSJWQoWBzu1n62z5uiy4kW5Q2CLS9ZczeUtzRHw==Imrz1pHfFzMrHeUXrBeFew==peg7+ftwV+aJm50Eev72zNJW8qFkaN3pzwhuhyZBD6Y=
auth.uber.com/ Name: jwt-session
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MjcwNDgyMDUsImV4cCI6MTcyNzEzNDYwNX0.S9mMFjeE0n0BxMUHL691KF8K7EdOrPBLJJLAtZpifPs
.arkoselabs.com/ Name: _cfuvid
Value: 2Tcy_EqLJ0qhYnviOGCTm_1P9sZBMu9.hAx5FSqz2z4-1717104076479-0.0.1.1-604800000
uber-api.arkoselabs.com/ Name: timestamp
Value: 172704800207058

1 Console Messages

Source Level URL
Text
security error URL: https://auth.uber.com/v2/?breeze_init_req_id=d68d39c9-7ec9-4152-b2e5-f661b1398e66&breeze_local_zone=dca11&next_url=https%3A%2F%2Faccounts.uber.com%2Fcommunication&state=apzXMdlW3oMXUTXBGH_UVbBn0ASLcyfy2ID5YA3cQiA%3D(Line 39)
Message:
Refused to load the image 'https://auth.uber.com/v2/_static/99c4bc580c8b57b7.ico' because it violates the following Content Security Policy directive: "img-src https://web-payments-tokenizer.prod.use1.u1f4b2.com/".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-src 'self' https://accounts.google.com 'self' https://staticxx.facebook.com 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.arkoselabs.com https://web-payments-tokenizer.prod.use1.u1f4b2.com/; worker-src 'self'; child-src 'self' https://web-payments-tokenizer.prod.use1.u1f4b2.com/; connect-src 'self' https://cn-geo1.uber.com https://accounts.google.com https://*.cdn-net.com https://*.arkoselabs.com https://web-payments-tokenizer.prod.use1.u1f4b2.com/ https://api-js.mixpanel.com; manifest-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-d06825e9-6cd7-40f0-a7c9-94b206c9936b' https://accounts.google.com 'self' https://apis.google.com 'self' 'unsafe-eval' https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js 'self' https://connect.facebook.net/en_US/sdk.js 'self' https://js.braintreegateway.com/v1/braintree.js https://*.cdn-net.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.arkoselabs.com https://web-payments-tokenizer.prod.use1.u1f4b2.com/ https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://accounts.google.com; img-src https://web-payments-tokenizer.prod.use1.u1f4b2.com/; report-uri https://csp.uber.com/csp?a=arch-web&ro=false
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block