urlscan.io logo urlscan.io
SecurityTrails logo

dogfood.zipcar.com Open in urlscan Pro
52.203.6.34  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://zipcaruksandbox.zendesk.com/
Effective URL: https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth...
Submission Tags: @phish_report
Submission: On October 26 via api from FI — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 1 countries across 7 domains to perform 21 HTTP transactions. The main IP is 52.203.6.34, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is dogfood.zipcar.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on April 20th 2024. Valid for: a year.
This is the only time dogfood.zipcar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 216.198.54.1 209242 (CLOUDFLAR...)
1 8 52.203.6.34 14618 (AMAZON-AES)
1 142.251.221.74 15169 (GOOGLE)
6 172.67.68.188 13335 (CLOUDFLAR...)
3 172.217.24.35 15169 (GOOGLE)
2 142.250.71.68 15169 (GOOGLE)
1 142.250.71.67 15169 (GOOGLE)
1 34.102.232.42 396982 (GOOGLE-CL...)
21 8
2    216.198.54.1 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
zipcaruksandbox.zendesk.com
8    52.203.6.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-6-34.compute-1.amazonaws.com
dogfood.zipcar.com
1    142.251.221.74 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f10.1e100.net
fonts.googleapis.com
6    172.67.68.188 (United States)

ASN13335 (CLOUDFLARENET, US)
aacdn.nagich.com
3    172.217.24.35 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f3.1e100.net
fonts.gstatic.com
2    142.250.71.68 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s17-in-f4.1e100.net
www.google.com
1    142.250.71.67 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s17-in-f3.1e100.net
www.gstatic.com
1    34.102.232.42 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 42.232.102.34.bc.googleusercontent.com
hexagon-analytics.com
Apex Domain
Subdomains		 Transfer
8 zipcar.com
dogfood.zipcar.com
2 MB
6 nagich.com
aacdn.nagich.com — Cisco Umbrella Rank: 20860
31 KB
4 gstatic.com
fonts.gstatic.com
www.gstatic.com
284 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 3
627 B
2 zendesk.com
zipcaruksandbox.zendesk.com
3 KB
1 hexagon-analytics.com
hexagon-analytics.com — Cisco Umbrella Rank: 5918
288 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
1 KB
21 7
Domain Requested by
8 dogfood.zipcar.com 1 redirects dogfood.zipcar.com
6 aacdn.nagich.com dogfood.zipcar.com
aacdn.nagich.com
3 fonts.gstatic.com fonts.googleapis.com
2 www.google.com dogfood.zipcar.com
www.gstatic.com
2 zipcaruksandbox.zendesk.com 2 redirects
1 hexagon-analytics.com
1 www.gstatic.com www.google.com
1 fonts.googleapis.com dogfood.zipcar.com
21 8

This site contains links to these domains. Also see Links.

Domain
www.zipcar.com
Subject Issuer Validity Valid
dogfood.zipcar.com
Amazon RSA 2048 M02		 2024-04-20 -
2025-05-19		 a year crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
nagich.com
WE1		 2024-10-08 -
2025-01-06		 3 months crt.sh
*.gstatic.com
WE2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.hexagon-analytics.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-27 -
2024-11-03		 a year crt.sh

This page contains 2 frames:

Primary Page: https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Frame ID: 8F23BF515E4EAF7FFC04B1086EB79F8B
Requests: 21 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LevyFMaAAAAAEqI6CquK9wXtorLvRT38-0gxBHF&co=aHR0cHM6Ly9kb2dmb29kLnppcGNhci5jb206NDQz&hl=en&v=-ZG7BC9TxCVEbzIO2m429usb&size=invisible&cb=6xrm1e5q1rz
Frame ID: 1D30294D0F8E60221B2D1F58D53D3277
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Zipcar Login

Page URL History Show full URLs

  1. http://zipcaruksandbox.zendesk.com/ HTTP 307
    https://zipcaruksandbox.zendesk.com/ HTTP 301
    https://zipcaruksandbox.zendesk.com/access HTTP 302
    https://dogfood.zipcar.com/idp/auth/zendesk?brand_id=360000000948&locale_id=1&return_to=https%3A%2F%2Fz... HTTP 302
    http://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_... HTTP 307
    https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

8
IPs

1
Countries

2111 kB
Transfer

7790 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://zipcaruksandbox.zendesk.com/ HTTP 307
    https://zipcaruksandbox.zendesk.com/ HTTP 301
    https://zipcaruksandbox.zendesk.com/access HTTP 302
    https://dogfood.zipcar.com/idp/auth/zendesk?brand_id=360000000948&locale_id=1&return_to=https%3A%2F%2Fzipcaruksandbox.zendesk.com&timestamp=1729943153 HTTP 302
    http://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false HTTP 307
    https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
dogfood.zipcar.com/
Redirect Chain
  • http://zipcaruksandbox.zendesk.com/
  • https://zipcaruksandbox.zendesk.com/
  • https://zipcaruksandbox.zendesk.com/access
  • https://dogfood.zipcar.com/idp/auth/zendesk?brand_id=360000000948&locale_id=1&return_to=https%3A%2F%2Fzipcaruksandbox.zendesk.com&timestamp=1729943153
  • http://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
  • https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.6.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-6-34.compute-1.amazonaws.com
Software
envoy /
Resource Hash
7f4018875e61bd25f9d1fe9a32768cb1a3dd435a539cea7ca16a93d0effbb198
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-encoding
gzip
content-type
text/html;charset=utf-8
date
Sat, 26 Oct 2024 11:45:54 GMT
last-modified
Thu, 24 Oct 2024 16:09:59 GMT
server
envoy
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
2
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Non-Authoritative-Reason
HSTS
css
fonts.googleapis.com/ 		20 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Asap:200,300,400,400i,500,500i,600,600i,700,700i|Lato:100,100i,300,300i,400,400i,700,700i,900,900i
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.74 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f10.1e100.net
Software
ESF /
Resource Hash
5f7fda3bf93be03b79aec96b4e9e44561bf6d8051884f129955db74be2cf76b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, max-age=86400
timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Sat, 26 Oct 2024 11:45:54 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 26 Oct 2024 11:45:54 GMT
x-xss-protection
0
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server
ESF
x-frame-options
SAMEORIGIN
config.js
dogfood.zipcar.com/login/ 		387 B
566 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/config.js
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.6.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-6-34.compute-1.amazonaws.com
Software
envoy /
Resource Hash
a80e7dcf8eb7e63b040293d60edf470e5090e769b6f8c2a47bdf1f14951ffc05
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-envoy-upstream-service-time
11
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:54 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
server
envoy
main.d61f5496.js
dogfood.zipcar.com/login/static/js/ 		7 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/static/js/main.d61f5496.js
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.6.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-6-34.compute-1.amazonaws.com
Software
envoy /
Resource Hash
3e8d83abb44eb8e4329d164ea72d08ab9d1992af79f71ec65f4a6c6adfbd6e69
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-envoy-upstream-service-time
3
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:55 GMT
content-type
application/javascript;charset=utf-8
last-modified
Wed, 16 Oct 2024 17:08:03 GMT
vary
Accept-Encoding
server
envoy
main.f08b4c26.css
dogfood.zipcar.com/login/static/css/ 		335 KB
58 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/static/css/main.f08b4c26.css
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.6.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-6-34.compute-1.amazonaws.com
Software
envoy /
Resource Hash
bc0d33e0443cd30637ebfc444ac61bf3bd7a20525c39774e238bc9b5385e88fc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-envoy-upstream-service-time
4
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:54 GMT
content-type
text/css;charset=utf-8
last-modified
Wed, 16 Oct 2024 17:08:03 GMT
vary
Accept-Encoding
server
envoy
accessibility.js
aacdn.nagich.com/core/2.1.2/ 		34 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/core/2.1.2/accessibility.js
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
529164e8ed891984bac0a44d6e95439e39254fb951ada60a36802ceeddf461aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Origin
https://dogfood.zipcar.com
Referer
https://dogfood.zipcar.com/

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
"87ef67224ad61:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qgdWqEybRcaHikLZGrfaV0KVzVVZ0gA5iIllfB4VWkJM3p24EtGZ0EJl6sPZMvhHj58y4lp0z82KpS4IByBBLE211UKIT76XH18fIx0%2BzkHYuuKBgdWhAtCW1QM0jK76gfA%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:56 GMT
content-type
application/javascript
last-modified
Wed, 24 Jun 2020 12:24:28 GMT
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=31536000
cache-control
public, max-age=2204800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d8a33f0fb43d5d7-SYD
accept-ranges
bytes
access-control-allow-origin
*
content-length
15109
x-xss-protection
1; mode=block
server
cloudflare
truncated
/ 		770 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
02240ce2e54b0102931e28acf07dfa9b5bae00a8fb70e289d02afa4288979ff2

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type
image/svg+xml
KFO9CniXp96a4Tc2DaTeuDAoKsE615hJW36eA1Ef.woff2
fonts.gstatic.com/s/asap/v30/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/asap/v30/KFO9CniXp96a4Tc2DaTeuDAoKsE615hJW36eA1Ef.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Asap:200,300,400,400i,500,500i,600,600i,700,700i|Lato:100,100i,300,300i,400,400i,700,700i,900,900i
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.24.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
hkg07s23-in-f3.1e100.net
Software
sffe /
Resource Hash
17cd865a9e7fd7a182e73e5a0c56d45e75f1fe7727fa64481d50fe8d5ca1fe8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Origin
https://dogfood.zipcar.com
Referer
https://fonts.googleapis.com/

Response headers

age
379126
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 02:27:10 GMT
alt-svc
h3=":443"; ma=2592000
date
Tue, 22 Oct 2024 02:27:10 GMT
last-modified
Tue, 06 Jun 2023 20:38:02 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
42656
x-xss-protection
0
server
sffe
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Asap:200,300,400,400i,500,500i,600,600i,700,700i|Lato:100,100i,300,300i,400,400i,700,700i,900,900i
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.24.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
hkg07s23-in-f3.1e100.net
Software
sffe /
Resource Hash
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Origin
https://dogfood.zipcar.com
Referer
https://fonts.googleapis.com/

Response headers

age
378059
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 02:44:57 GMT
alt-svc
h3=":443"; ma=2592000
date
Tue, 22 Oct 2024 02:44:57 GMT
last-modified
Tue, 02 May 2023 15:17:19 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
13980
x-xss-protection
0
server
sffe
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v24/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Asap:200,300,400,400i,500,500i,600,600i,700,700i|Lato:100,100i,300,300i,400,400i,700,700i,900,900i
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.24.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
hkg07s23-in-f3.1e100.net
Software
sffe /
Resource Hash
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Origin
https://dogfood.zipcar.com
Referer
https://fonts.googleapis.com/

Response headers

age
347295
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 11:17:41 GMT
alt-svc
h3=":443"; ma=2592000
date
Tue, 22 Oct 2024 11:17:41 GMT
last-modified
Tue, 02 May 2023 15:29:56 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
14168
x-xss-protection
0
server
sffe
api.js
www.google.com/recaptcha/ 		904 B
627 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LevyFMaAAAAAEqI6CquK9wXtorLvRT38-0gxBHF
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login/static/js/main.d61f5496.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.71.68 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s17-in-f4.1e100.net
Software
ESF /
Resource Hash
7073b0d3fcd0a09e6a994263ab9b88b9455db0d1c8d5034c9b4b7ff561a9fe61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Sat, 26 Oct 2024 11:45:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 26 Oct 2024 11:45:56 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
default.css
aacdn.nagich.com/style/ 		11 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/style/default.css
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73f15b4f49ab793e521ac0bb242445e36ff3b912e1d3fbbf01e35085dde606a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
"0ec476f44e6da1:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4LyUQtABha96%2FLJ5c%2FswJUL%2BpJKZTKjrBgx%2F1fIUP8RcL5ofO1Wme5CCmwvcPysVjNn%2Fgu6AUDOoGdo6h3GR%2FH7inUUqxO%2FozhK2YXaJ3lDDU1vpHrm1lwMKLF40tKD9n%2Bw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:58 GMT
content-type
text/css
last-modified
Sun, 04 Aug 2024 08:00:56 GMT
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=31536000
cache-control
public, max-age=2204800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d8a33fa0c98d5d7-SYD
accept-ranges
bytes
access-control-allow-origin
*
content-length
2875
x-xss-protection
1; mode=block
server
cloudflare
btncolor.css
aacdn.nagich.com/style/ 		107 B
552 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/style/btncolor.css
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b074fbf6834f2d4b30c89feeebfae88f9723b6e3d722f8b88ce4bdbe61b933a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
"4c2a96cfbc1d41:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bv4Bz%2BN%2F4JaITiMdVWEgP8Tclrf9qucAnhGI4D9FLJEwjkfQXhyH%2FWgHlgrUzQzuKJTcuh9HK2oh5r9OVXNBIvKb01Gmueruil%2F8yNYbY9XfIjaIqaAcKLEoov595sV%2BimM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:58 GMT
content-type
text/css
last-modified
Mon, 11 Feb 2019 11:17:50 GMT
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=31536000
cache-control
public, max-age=2204800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d8a33fa0c9ad5d7-SYD
accept-ranges
bytes
access-control-allow-origin
*
content-length
202
x-xss-protection
1; mode=block
server
cloudflare
locale.js
aacdn.nagich.com/assets/scripts/ 		29 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/assets/scripts/locale.js
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6626d955670bb766fa4d7b59966addecf6b488506e21f73f343dc88b9872a2f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
"80d59982334d71:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=imQnCZFip%2FpWQZF3m55pQn16Faqt%2B68%2Fm2dRIvBeYuw2RdQDqpD4ek2pShPw59EXQz17sdZOMBfQJ3ky%2Fop%2FQA7%2FPuWTjEgC%2BNzzi5cOl3EWfgh6erMCRsiCQsNiwPo%2BWn0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:57 GMT
content-type
application/javascript
last-modified
Sun, 18 Apr 2021 07:22:31 GMT
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=31536000
cache-control
public, max-age=2204800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d8a33fa0c9cd5d7-SYD
accept-ranges
bytes
access-control-allow-origin
*
content-length
9804
x-xss-protection
1; mode=block
server
cloudflare
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/ 		546 KB
215 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LevyFMaAAAAAEqI6CquK9wXtorLvRT38-0gxBHF
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.71.67 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s17-in-f3.1e100.net
Software
sffe /
Resource Hash
f8e5f5ce9ff44073cff24bcd3d2b8aa4e67b67891b14ff929fe4743880fdf82e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Origin
https://dogfood.zipcar.com
Referer
https://dogfood.zipcar.com/

Response headers

content-encoding
gzip
age
278167
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Thu, 23 Oct 2025 06:29:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 23 Oct 2024 06:29:50 GMT
last-modified
Tue, 22 Oct 2024 00:01:33 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
220347
x-xss-protection
0
server
sffe
anchor
www.google.com/recaptcha/api2/ Frame 1D30 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LevyFMaAAAAAEqI6CquK9wXtorLvRT38-0gxBHF&co=aHR0cHM6Ly9kb2dmb29kLnppcGNhci5jb206NDQz&hl=en&v=-ZG7BC9TxCVEbzIO2m429usb&size=invisible&cb=6xrm1e5q1rz
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.71.68 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s17-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-Z-SkVsAAM6LnqRyl-KNqpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dogfood.zipcar.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'nonce-Z-SkVsAAM6LnqRyl-KNqpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 26 Oct 2024 11:45:57 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
sift_08-05-19.min.js
dogfood.zipcar.com/login/ 		61 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/sift_08-05-19.min.js
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.6.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-6-34.compute-1.amazonaws.com
Software
envoy /
Resource Hash
764e92fd1ca66b57b890d220bc8e52ae54d923279fb712c96a79cb07fb5442bc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-envoy-upstream-service-time
3
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:57 GMT
content-type
application/javascript;charset=utf-8
last-modified
Wed, 16 Oct 2024 17:07:08 GMT
vary
Accept-Encoding
server
envoy
favicon.ico
dogfood.zipcar.com/login/ 		17 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/login/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.6.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-6-34.compute-1.amazonaws.com
Software
envoy /
Resource Hash
79bae3e30887c345e94531359b19815fceb30ba957aebd12636015a7ded9b86a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-envoy-upstream-service-time
3
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:57 GMT
content-type
image/vnd.microsoft.icon
last-modified
Wed, 16 Oct 2024 17:07:08 GMT
vary
Accept-Encoding
server
envoy
3762.gif
hexagon-analytics.com/images/ 		43 B
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hexagon-analytics.com/images/3762.gif?bk=5b80096763&tm=21&r=748262628&v=105&cs=UTF-8&h=dogfood.zipcar.com&l=en-AU&S=b926adfb9ee7a4df139f44671a0dce54&uu=c3d025ad8c678840ed4d75ceaac7313&t=Zipcar%20Login&u=https%3A%2F%2Fdogfood.zipcar.com%2Flogin%3Freturn_to%3Dhttps%3A%2F%2Fzipcaruksandbox.zendesk.com%26realm%3Dzendesk%26error%3Dnot_authenticated%26reauth%3Dfalse&ua=Mozilla%2F5.0%20(iPhone%3B%20CPU%20iPhone%20OS%2016_5_1%20like%20Mac%20OS%20X)%20AppleWebKit%2F605.1.15%20(KHTML%2C%20like%20Gecko)%20Version%2F16.5%20Mobile%2F15E148%20Safari%2F604.1&nm=2&mh=63196a00446a1e285d1992cfe444aa55&np=5&ph=332b72bdb211e34e6e3c24f88d7c393b&sh=1200&sw=1600&cd=24&p=Linux%20x86_64&to=-480&d=0&ce=true&tp=0&ol=true&pr=Gecko&ps=20030107&vd=Google%20Inc.&vs=&hc=16&je=false&ss=true&ls=true&in=true&db=false&tl=false&tr=false&ts=true&tb=true&ab=false&cf=a3c415e4f447c1ed3c87d70fb939054d&z=z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.232.42 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
42.232.102.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/

Response headers

cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
x-envoy-upstream-service-time
4
x-content-type-options
nosniff
via
1.1 google
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 26 Oct 2024 11:45:58 GMT
content-type
image/gif
server
nginx
1.svg
aacdn.nagich.com/assets/images/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/assets/images/1.svg
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
065d9cc84b5e9e522cb774288b6403cf28562dcf80c13ae1e9549f1dc9cf6e7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/

Response headers

content-encoding
br
cf-cache-status
MISS
etag
W/"ef562c4053d51:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FLxJpBlegatEJFn14bEbqM%2F6ipWNufZgxEMJGZMBveaVhxDigTxqheoWlgAfbA9TcRmTFgQYbapCDKHeNNV7tqQ8vGeaMEo%2BDqcJIuqiDQVAjYribafjNBpkjN43jIxWnfo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:59 GMT
content-type
image/svg+xml
last-modified
Thu, 15 Aug 2019 08:05:16 GMT
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=31536000
cache-control
public, max-age=2204800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d8a34028ca7d5d7-SYD
access-control-allow-origin
*
x-xss-protection
1; mode=block
server
cloudflare
custombtnstyle.css
aacdn.nagich.com/style/ 		4 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aacdn.nagich.com/style/custombtnstyle.css
Requested by
Host: aacdn.nagich.com
URL: https://aacdn.nagich.com/core/2.1.2/accessibility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2f930658634b1bee750fdc6c453faacd9e79849856324dcc211b0627f4a059a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://dogfood.zipcar.com/

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
"0b350e0bbf6d51:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WH1xUJhr0X358pWImiHDyTB%2BTcTtR%2B2vHIyIUycX7DWHhiP2yt5ZQctu9njqBMKfxRYmxv94poRuYKSOTTrVtDwj4TuRT73URTthbZHqd5G94yOCz%2BkogsUUR7wIEMet7zo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
x-content-type-options
nosniff
date
Sat, 26 Oct 2024 11:45:59 GMT
content-type
text/css
last-modified
Tue, 10 Mar 2020 09:11:26 GMT
vary
Accept-Encoding
x-frame-options
deny
strict-transport-security
max-age=31536000
cache-control
public, max-age=2204800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d8a34028ca9d5d7-SYD
accept-ranges
bytes
access-control-allow-origin
*
content-length
869
x-xss-protection
1; mode=block
server
cloudflare
auth
dogfood.zipcar.com/idp/api/anonymous/ 		172 B
710 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dogfood.zipcar.com/idp/api/anonymous/auth
Requested by
Host: dogfood.zipcar.com
URL: https://dogfood.zipcar.com/login/static/js/main.d61f5496.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.6.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-6-34.compute-1.amazonaws.com
Software
envoy /
Resource Hash
f5369f3aa63c3cca6b4fed672592509f7cdc2e4256059510d5576483560fd6eb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Accept
application/json, text/plain, */*
Content-Type
application/json;charset=UTF-8

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-correlation-id
114_1729943158363
content-encoding
gzip
x-envoy-upstream-service-time
11
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Sat, 26 Oct 2024 11:45:58 GMT
x-xss-protection
1; mode=block
content-type
application/json;charset=utf-8
vary
Accept-Encoding
server
envoy
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| ZIPCAR_LOGIN_CONFIG object| _sift function| onSubmit object| interdeal function| _ number| 2f1acc6c3a606b082e5eef5e54414ffb object| __core-js_shared__ function| onRecaptchaLoadCallback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_897137 function| __siftFlashCB object| PluginDetect

12 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09ANOXeZzctR0dzN-6e_dn0NDE1USuOWECHY6lU3KYPHRrBX9W8tPlOpfeTjvhy9h3djdQZx2ETixgWQfQBHj2VNk
zipcaruksandbox.zendesk.com/ Name: _zendesk_shared_session
Value: -dWRIUHFoOHFBYkxGNUsyVThxTUNkSThFbEtHb0RRejN3ZlhJVXlMbmpzTTVIMUw1TmVINWRib0ZPTkpyVVJsLzFNaGoySENhVWVyWGRHcDBVc3dyTEM2dE50YUFaM3hRNmJnU2tWNXliNzNTbXNRNUk1QThKVlNPTTlFM0ROT2txNFh6bFplN1BvM3Y0UnBYdiswR0NRPT0tLUpBOWJaTFU1dTRHcUR6STZXMHMrQXc9PQ%3D%3D--a43a748a9d398a06336231004807db2ae528a81c
.zipcaruksandbox.zendesk.com/ Name: __cfruid
Value: beb96c5842deb22408f94395a8e469c51b830fe3-1729943153
.zipcaruksandbox.zendesk.com/ Name: _cfuvid
Value: GSqQvvXycEx2QhNNr4hRTc8W15xWyCr9XYDbEVvFLuE-1729943153511-0.0.1.1-604800000
zipcaruksandbox.zendesk.com/ Name: _zendesk_session
Value: JGVFA14DsKkMkItXlO%2FWno1x38bF4YpTygOyzbzwj6Wgpu5avYcdjZ%2BcLpDW2wyqThjyHRdPRQq%2F0zrLXoWsW0Tk%2BMO3bbfoC9hFgWqrrTlHj3MGlNVoK5TLA8vd19lQ8OLx%2Bpecy%2Fgjxei%2BG47yxtUqUZycpQ6vltZNYr1e96HINn1uccXJT7FEDmdc6VS94saI77RrBCp65BmLV5nMTuWWCB7zydzP6vyFXGfhV0WQjIFCIpkwG8GGVgGJI2q8Vw9g1dQIOrJ6hS3%2FuiW8HO4Q7jzXLwPZ7SDXAZeydj2J19%2F78Jx4hHr5mvq3jdEwxR2H5pOqXtvol6%2BM6lmLsXB%2FBXwf4VpMPvg60tJfx7BvLNqN4LtVLfa7SW%2F6KOXNHPDDFCJWqNmwPbxq5kG6qfqhZv1jyw7yYsjdKAgMnXBexHuH%2FQGaFHheTGXzbWIszKpH5HF5qzCeL0vl%2FEhk%2BLHmV2HsZOk5BaQq8QbcGvg4kVko2S%2F1FLcELeaH32x5UMTVJw8crT0jYdN5xjBROExAX%2BrP6X%2FJDMXfPyDM20kbr9H08%2Bg5U60%2Ba2ransyYShwidAGaguNYVvb%2FF50J8iTNktXvMXoTBngU49y1Cgo%3D--t5AwWslBxNWZE3dP--Jv77KbBKFc5uFtywU5%2FFgQ%3D%3D
.dogfood.zipcar.com/ Name: z-mdc
Value: 109_1729943154393
.zipcar.com/ Name: dogfood-z-mdc
Value: 109_1729943154393
dogfood.zipcar.com/ Name: csrfToken
Value: c1256db530d74c438788b4c7e7307a58
dogfood.zipcar.com/ Name: sift_session_id
Value: 006a0c99-fe91-4b22-b8b3-f3060bdef1e3
.zipcar.com/ Name: __ssid
Value: c3d025ad8c678840ed4d75ceaac7313
.dogfood.zipcar.com/ Name: z-session-id
Value: A31AF44C07AD3499FBA434C4E764A6133638BF57A29DA9B9CECB72BD480470FB
.zipcar.com/ Name: dogfood-z-session-id
Value: A31AF44C07AD3499FBA434C4E764A6133638BF57A29DA9B9CECB72BD480470FB

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://dogfood.zipcar.com/login?return_to=https://zipcaruksandbox.zendesk.com&realm=zendesk&error=not_authenticated&reauth=false
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aacdn.nagich.com
dogfood.zipcar.com
fonts.googleapis.com
fonts.gstatic.com
hexagon-analytics.com
www.google.com
www.gstatic.com
zipcaruksandbox.zendesk.com
142.250.71.67
142.250.71.68
142.251.221.74
172.217.24.35
172.67.68.188
216.198.54.1
34.102.232.42
52.203.6.34
02240ce2e54b0102931e28acf07dfa9b5bae00a8fb70e289d02afa4288979ff2
065d9cc84b5e9e522cb774288b6403cf28562dcf80c13ae1e9549f1dc9cf6e7c
17cd865a9e7fd7a182e73e5a0c56d45e75f1fe7727fa64481d50fe8d5ca1fe8a
3e8d83abb44eb8e4329d164ea72d08ab9d1992af79f71ec65f4a6c6adfbd6e69
529164e8ed891984bac0a44d6e95439e39254fb951ada60a36802ceeddf461aa
5f7fda3bf93be03b79aec96b4e9e44561bf6d8051884f129955db74be2cf76b0
6626d955670bb766fa4d7b59966addecf6b488506e21f73f343dc88b9872a2f7
6b074fbf6834f2d4b30c89feeebfae88f9723b6e3d722f8b88ce4bdbe61b933a
7073b0d3fcd0a09e6a994263ab9b88b9455db0d1c8d5034c9b4b7ff561a9fe61
73f15b4f49ab793e521ac0bb242445e36ff3b912e1d3fbbf01e35085dde606a1
764e92fd1ca66b57b890d220bc8e52ae54d923279fb712c96a79cb07fb5442bc
79bae3e30887c345e94531359b19815fceb30ba957aebd12636015a7ded9b86a
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
7f4018875e61bd25f9d1fe9a32768cb1a3dd435a539cea7ca16a93d0effbb198
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a80e7dcf8eb7e63b040293d60edf470e5090e769b6f8c2a47bdf1f14951ffc05
b2f930658634b1bee750fdc6c453faacd9e79849856324dcc211b0627f4a059a
bc0d33e0443cd30637ebfc444ac61bf3bd7a20525c39774e238bc9b5385e88fc
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
f5369f3aa63c3cca6b4fed672592509f7cdc2e4256059510d5576483560fd6eb
f8e5f5ce9ff44073cff24bcd3d2b8aa4e67b67891b14ff929fe4743880fdf82e