Submitted URL: https://api.getjusto.com/redirect?to=https%3A%2F%2Festacionessanjose.pe%2Foff%2Fday%2Fauth%2Fbxkxt6%2F%2F%2F%2Fc3Rhci5zbW...
Effective URL: https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
Submission: On May 08 via api from US — Scanned from DE

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 21 HTTP transactions. The main IP is 2606:4700:e0::ac40:681a, located in United States and belongs to CLOUDFLARENET, US. The main domain is rrsnq.0ff365files.com.
TLS certificate: Issued by GTS CA 1P5 on May 2nd 2023. Valid for: 3 months.
This is the only time rrsnq.0ff365files.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 44.193.55.9 14618 (AMAZON-AES)
1 149.56.185.74 16276 (OVH)
7 2606:4700:e0:... 13335 (CLOUDFLAR...)
7 2606:4700::68... 13335 (CLOUDFLAR...)
21 4
Apex Domain
Subdomains
Transfer
7 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 6491
122 KB
7 0ff365files.com
rrsnq.0ff365files.com
176 KB
1 estacionessanjose.pe
estacionessanjose.pe
283 B
1 getjusto.com
api.getjusto.com — Cisco Umbrella Rank: 830910
562 B
21 4
Domain Requested by
7 challenges.cloudflare.com rrsnq.0ff365files.com
challenges.cloudflare.com
estacionessanjose.pe
7 rrsnq.0ff365files.com rrsnq.0ff365files.com
1 estacionessanjose.pe
1 api.getjusto.com 1 redirects
21 4

This site contains no links.

Subject Issuer Validity Valid
*.estacionessanjose.pe
R3
2023-04-10 -
2023-07-09
3 months crt.sh
0ff365files.com
GTS CA 1P5
2023-05-02 -
2023-07-31
3 months crt.sh
challenges.cloudflare.com
Cloudflare Inc ECC CA-3
2022-09-18 -
2023-09-17
a year crt.sh

This page contains 2 frames:

Primary Page: https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
Frame ID: 37748D96ACA862F29723CE2D6D8D430E
Requests: 14 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Frame ID: 28E02A06B7FE3D1BA3EF5CE9FC85403D
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

Loading...

Page Statistics

21
Requests

71 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

298 kB
Transfer

601 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://api.getjusto.com/redirect?to=https%3A%2F%2Festacionessanjose.pe%2Foff%2Fday%2Fauth%2Fbxkxt6%2F%2F%2F%2Fc3Rhci5zbWl0aEBmYW5kdWVsLmNvbQ== HTTP 302
  • https://estacionessanjose.pe/off/day/auth/bxkxt6////c3Rhci5zbWl0aEBmYW5kdWVsLmNvbQ==

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
c3Rhci5zbWl0aEBmYW5kdWVsLmNvbQ==
estacionessanjose.pe/off/day/auth/bxkxt6////
Redirect Chain
  • https://api.getjusto.com/redirect?to=https%3A%2F%2Festacionessanjose.pe%2Foff%2Fday%2Fauth%2Fbxkxt6%2F%2F%2F%2Fc3Rhci5zbWl0aEBmYW5kdWVsLmNvbQ==
  • https://estacionessanjose.pe/off/day/auth/bxkxt6////c3Rhci5zbWl0aEBmYW5kdWVsLmNvbQ==
0
283 B
Document
General
Full URL
https://estacionessanjose.pe/off/day/auth/bxkxt6////c3Rhci5zbWl0aEBmYW5kdWVsLmNvbQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.56.185.74 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
h1.a1center.net
Software
Apache / PHP/7.3.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 May 2023 18:48:27 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
X-Powered-By
PHP/7.3.33
refresh
0;url=https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Access-Control-Allow-Origin,X-HTTP-Method-Override,Content-Type,Authorization,Accept,x-orion-nonce,x-orion-platform,x-orion-publickey,x-orion-signature,x-orion-locale,x-orion-twofactor,x-orion-deviceid,x-orion-fp,x-orion-domain,x-orion-appcode,x-orion-referrer,x-orion-posversion,x-orion-timezone,x-orion-pathname,x-orion-device-country-code,x-orion-jwt,x-orion-refresh,x-orion-wrapped-website,sentry-trace
access-control-allow-methods
POST,GET,PUT,PATCH,DELETE,OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
date
Mon, 08 May 2023 18:48:27 GMT
location
https://estacionessanjose.pe/off/day/auth/bxkxt6////c3Rhci5zbWl0aEBmYW5kdWVsLmNvbQ==
Primary Request Mstar.smith@fanduel.com
rrsnq.0ff365files.com/
8 KB
5 KB
Document
General
Full URL
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:681a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e4bc769ecd1046932014cef0c0d09e422f55934638e381784f87a96f14a5293
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://estacionessanjose.pe/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated
challenge
cf-ray
7c43e0875e7e382e-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Mon, 08 May 2023 18:48:28 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2BdHsUJbmUyGf41whqLQ8sVmZWkh2TB3Sw9Vq1n8TAz2MCDNhBtrB0eLRo6SuoFzpXExsPetjjQmotidhVMFQZhk6vlpggRNarIunKmwxGFruYpKhCLBbqxfMYj4aJP94FAT5KUFq53KnBID%2B28Ytt80n8A%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
v1
rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/
146 KB
52 KB
Script
General
Full URL
https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c43e0875e7e382e
Requested by
Host: rrsnq.0ff365files.com
URL: https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:681a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dcc29e6059829a58ccc5c18a424bc02a529d78b8539dbb855183d25a0a577e74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com?__cf_chl_rt_tk=tQrXdzmcETqUNzJN0XyJ99M4Po4qa3Pd5A3NQUtS4LE-1683571708-0-gaNycGzNC-U
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 18:48:28 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AXt8g3b6lwKOfQE2xiezeJHT136%2BomZxx7GHV%2B0CTPX5dXrBUr7BiCCValcbSnKgH267SslXojOSZBLJyvIDXFdB8WDwR3lvUDr2oO30jxCC2Aa2YV1efbuNUDCyxeIa9Ke0DhSxf4m%2Bj18RY3PH01Oxo6o%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, must-revalidate
cf-ray
7c43e0879ee1382e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
transparent.gif
rrsnq.0ff365files.com/cdn-cgi/images/trace/managed/js/
42 B
220 B
Image
General
Full URL
https://rrsnq.0ff365files.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c43e0875e7e382e
Requested by
Host: rrsnq.0ff365files.com
URL: https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com?__cf_chl_rt_tk=tQrXdzmcETqUNzJN0XyJ99M4Po4qa3Pd5A3NQUtS4LE-1683571708-0-gaNycGzNC-U
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:681a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com?__cf_chl_rt_tk=tQrXdzmcETqUNzJN0XyJ99M4Po4qa3Pd5A3NQUtS4LE-1683571708-0-gaNycGzNC-U
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 18:48:28 GMT
x-content-type-options
nosniff
last-modified
Fri, 28 Apr 2023 14:11:18 GMT
server
cloudflare
etag
"644bd406-2a"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
7c43e0879ee4382e-FRA
content-length
42
expires
Mon, 08 May 2023 20:48:28 GMT
api.js
challenges.cloudflare.com/turnstile/v0/g/b5e45436/
15 KB
5 KB
Script
General
Full URL
https://challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit
Requested by
Host: rrsnq.0ff365files.com
URL: https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c43e0875e7e382e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5205e201bbd649a3a4af0ecb9b1e8a80f73aa8ea4aee1740302b1b8f7435b27f

Request headers

Referer
Origin
https://rrsnq.0ff365files.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 18:48:28 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
cf-ray
7c43e0880e5b03a0-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
1cf9021e0756856
rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1779680925:1683569248:uR6v0DoThFg-3Ewab3uXXj-Z3Igp2KYYyKXZIHsjCq4/7c43e0875e7e382e/
150 KB
111 KB
XHR
General
Full URL
https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1779680925:1683569248:uR6v0DoThFg-3Ewab3uXXj-Z3Igp2KYYyKXZIHsjCq4/7c43e0875e7e382e/1cf9021e0756856
Requested by
Host: rrsnq.0ff365files.com
URL: https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c43e0875e7e382e
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:681a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2acea97470f63da605ee0b91a80d913c04affb1567c60d4b3b271c17bb2825d5

Request headers

Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge
1cf9021e0756856
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 08 May 2023 18:48:28 GMT
content-encoding
br
cf_chl_gen
TAdf39IBSmEHn/U83yhGE2kRzCeTidYLlJH/ogskksu+gRTy7FQSU5Oz5L9xCj9u2+cZwf5rTUnA88r9enO3vpELF4j9WEvtftYsIqAEO98NAXKyIiZVGk3OySqf5WwAszQFUzJvnsPZVN+CuZdFTAdHrfDq88JJHov8vdPk8WSEykwsqYPxwIy9/VTLG+O4wOl0N9Z7t0M7wRybhGXbp1kcf+xbb7wX2gtZ4z1e3EWIZGGb/jl7J8aHtdOpHC/UOHnpwHeADPE6/5AjVIJ/OaJyKPxs96D7g+WpzLuks6+7Bb8qag9SzEuK7B4UwA0WvzDJL+dore8lpgMoBhdw7uoMgksXb/M/7e5nOddH3/87gdHxrXis/jCAOV0LO6ZhCAyjiu9qNxCwsSJARVOgBu8vIkmSk5ykLYwJNwXFH0pDgivyhSzeCv79gUlhmTr600dl2afmJSa0HszsyTTooJ7oK0S29MQsM79UCOCD2hIOWxxilRvJWo3qXt8szAOy$/IonagB9HjDVrhX5J1u9Rw==
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qywmjMKyRP8%2F10g%2BKNWR1xbHKPFAouB9YUXb%2F8kgSYt%2FRx57uVIcez8F5U45Nkoxmv7p5lQ%2FtgnjykTrTa0dLBNi6QWtT2tBUHbTzFgzqi%2FG4dRk4ULpxzHHIoR%2BeqdtoIUKJTMHiNeXlkElLeOlOTQ%2F1M4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7c43e0888b3018d4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
k6MSda0weBWT0u5
rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/pat/7c43e0875e7e382e/1683571708261/7d73b4a370e4b79471370e030b8d5650a00847dbdafc91c4796c468c8408e652/
1 B
935 B
Fetch
General
Full URL
https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/pat/7c43e0875e7e382e/1683571708261/7d73b4a370e4b79471370e030b8d5650a00847dbdafc91c4796c468c8408e652/k6MSda0weBWT0u5
Requested by
Host: rrsnq.0ff365files.com
URL: https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c43e0875e7e382e
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:681a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 18:48:28 GMT
www-authenticate
PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gfXO0o3Dkt5RxNw4DC41WUKAIR9va_JHEeWxGjIQI5lIAFXJyc25xLjBmZjM2NWZpbGVzLmNvbQ==, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAn23qyGdHVs28an7XXJsPKj7kVCaC9GVfIA_hqz7TYAdgPPPWwl9HHr2M2TPFejyc6bFISKBkmpvDiLNyAvKEm13RN65hHys38F97m-W3nV3CX88cMDzDhHNeSKqQo1MoCrKUVRA-HzoI7whFpb6oZatrsiQfT6e0EDSrkJ6AGKwW_hqtTq7Q8oQ8NMvLvQL4MtSLPzPcvwFOz2xb4cnOAAux7Xqj_X9nqx6jEU9gIxdjYa3s0NPyqM-bXlYDhp2Sss_2cyjfmadXK8iNYTmz68Ee9rJbH-kOjl28L1MjBPE6_7T93xkwiDUx1oIe6PkSyh1uv2wJROfbRBP3WttzJwIDAQAB, max-age=20
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0%2FefToj0On85yFbOu4zblCFanTblozTzHvlOBN0ef4SM65XAcFaeS%2BGUuwQ2vt1fyFtJ6VVzxmEd8Wqcj8erRZnzgcSih6aNc9DWeWtzQfBxiejmkVnlPi0UUKV6axyYv2bTlSgoQiy3zYME%2FrQHhUaBp8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7c43e089acf118d4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
yF9clgOccz0CQmG
rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/img/7c43e0875e7e382e/1683571708263/
61 B
464 B
Image
General
Full URL
https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/img/7c43e0875e7e382e/1683571708263/yF9clgOccz0CQmG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:681a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
edef72ac444c19f9387816dc0f6a5cf0d074e0b25639375306ca79b36bf32fc8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 18:48:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
7c43e08cb95918d4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IqlM7q3pvnIXXKjgyP4LdVpa2Nd1AzUOA3cyiEPrkRpiFqt2Degdu9NHLoNjese1I3hV%2B5E3OpyyFH0mUhG%2BsZF9kU%2B0GMFmhu%2F0%2FbFTd%2BZ%2BUmQEju5ElvvHJMZ6p24dbTwqmRDBiLj9tjeS%2Bv4ii0dRsxU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
c9bdf78a-7a36-4e73-84ea-01faf95fdcb6
https://rrsnq.0ff365files.com/
656 B
0
Other
General
Full URL
blob:https://rrsnq.0ff365files.com/c9bdf78a-7a36-4e73-84ea-01faf95fdcb6
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length
656
Content-Type
text/javascript
a16e79ef-a40c-4e72-b41d-bcc511e7dc7d
https://rrsnq.0ff365files.com/
3 KB
0
Other
General
Full URL
blob:https://rrsnq.0ff365files.com/a16e79ef-a40c-4e72-b41d-bcc511e7dc7d
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a2a3b28db3192f2aeda7c1626153516e529c3c05ee9c72e35d4cfcd56b174f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length
2636
Content-Type
text/javascript
a16e79ef-a40c-4e72-b41d-bcc511e7dc7d
https://rrsnq.0ff365files.com/
3 KB
0
Other
General
Full URL
blob:https://rrsnq.0ff365files.com/a16e79ef-a40c-4e72-b41d-bcc511e7dc7d
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a2a3b28db3192f2aeda7c1626153516e529c3c05ee9c72e35d4cfcd56b174f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length
2636
Content-Type
text/javascript
a16e79ef-a40c-4e72-b41d-bcc511e7dc7d
https://rrsnq.0ff365files.com/
3 KB
0
Other
General
Full URL
blob:https://rrsnq.0ff365files.com/a16e79ef-a40c-4e72-b41d-bcc511e7dc7d
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a2a3b28db3192f2aeda7c1626153516e529c3c05ee9c72e35d4cfcd56b174f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length
2636
Content-Type
text/javascript
25336b00-50cf-4f41-a5b5-2daf6244f878
https://rrsnq.0ff365files.com/
539 B
0
Other
General
Full URL
blob:https://rrsnq.0ff365files.com/25336b00-50cf-4f41-a5b5-2daf6244f878
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length
539
Content-Type
text/javascript
1cf9021e0756856
rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1779680925:1683569248:uR6v0DoThFg-3Ewab3uXXj-Z3Igp2KYYyKXZIHsjCq4/7c43e0875e7e382e/
7 KB
6 KB
XHR
General
Full URL
https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1779680925:1683569248:uR6v0DoThFg-3Ewab3uXXj-Z3Igp2KYYyKXZIHsjCq4/7c43e0875e7e382e/1cf9021e0756856
Requested by
Host: rrsnq.0ff365files.com
URL: https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c43e0875e7e382e
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:681a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1abd468f6770157d591b85c9a9166488c7de732a7dae5004796625783dc16ef8

Request headers

Referer
https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge
1cf9021e0756856
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 08 May 2023 18:48:30 GMT
content-encoding
br
cf_chl_gen
GEw37qv69HgKTjVU5VitE/60LPhBR0+v0j70QGZ6cVBna4a4Ca4NHw4tJH+ODam7$QCV+somPxLDrMyJ6KDDHEg==
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Z4L7e24xARUKW9W2bFg9VxhFfQrMXswNZpuWkfAfrugaBuh6PouRSp3kcHpAoFubO44oO3IWvR%2BXRAjb0Q9EWgsx9Lk%2F6FxFzwbGx%2BXNpKDExdjb9%2FbBv%2BzxoPQ%2BunqArxpFhHQdo%2FTBmvJ%2F7ZBAJGXxoU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7c43e0963f1218d4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame 28E0
22 KB
7 KB
Document
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b29f46860df3d9a01638c89db9608e4602ee4757e9786627a3d39c295fb49a26

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0, must-revalidate
cf-ray
7c43e096fff59042-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Mon, 08 May 2023 18:48:30 GMT
document-policy
js-profiling
permissions-policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
v1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame 28E0
157 KB
57 KB
Script
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c43e096fff59042
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63b8221f4b7ae2967685ec62afa086945401dba62dd18b647de085126563b9e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 18:48:30 GMT
cache-control
max-age=0, must-revalidate
content-encoding
br
server
cloudflare
cf-ray
7c43e09768509042-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
application/javascript; charset=UTF-8
2b85d130fe42dc9
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/170645264:1683569294:gJsF081q_3f1Sqt3iVQtU31Z_eTkbGR6PLJ-gt-hFrI/7c43e096fff59042/ Frame 28E0
75 KB
44 KB
XHR
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/170645264:1683569294:gJsF081q_3f1Sqt3iVQtU31Z_eTkbGR6PLJ-gt-hFrI/7c43e096fff59042/2b85d130fe42dc9
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c43e096fff59042
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
846052e6c6483f35cc124a0701eed8eae13be2ee26b750e073adafceaecde749

Request headers

Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge
2b85d130fe42dc9
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 08 May 2023 18:48:30 GMT
content-encoding
br
cf_chl_gen
N6uHxmaSO0tQKRCxW3wCPgSZ2HJfOj5dcOs+puer07x04vFpwnW5idbyNfi8C5IcUMIaxsHwJOYgPomBIAMYoV7Z0gwdVWJop+2MK2+so7e2LV0OKTwwBxLa/518e/D/OgkL1vPfj5AutkZB7p0jN1Hshk6Qsa42zWbvmzZqIK91edjUY+G89Yqldr+Iu1WsIcE/HPGcKVO/s4tHSnuOVyWo0sjaRRXBF8JN7mv0ISOUEnPMXiq2Bw+LXJZQFxGbMVYx0ReRLFQ/XNaClJqYpaTNXhl48OT1gZEcmvkvLxAeV/jiVVnD3roIHM+iApDpFC6xJvJnwhtzIHSp4YqtqqgvEpjkWZ+akCkoFwF3Gr2h6DSqc8nNl/ZV2V0efiCoVEvK6adxKYTVVr29oCNo2ozNsLWiJzPnk56Y12A7gtw=$ltIo5rAeXWAJUEePDipxog==
server
cloudflare
cf-ray
7c43e098b9cb9042-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
text/plain; charset=UTF-8
NLYJOQxkXmDYr83
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7c43e096fff59042/1683571710849/ Frame 28E0
61 B
165 B
Image
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7c43e096fff59042/1683571710849/NLYJOQxkXmDYr83
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cabc501fa99cb4994f7327ca614a6702666e4b8e6e3a001e496c6c498a46f7b3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 18:48:32 GMT
server
cloudflare
cf-ray
7c43e0a02ae89042-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
image/png
8fca1b03-0fa3-48ef-99b2-e1be9ee83fa1
https://challenges.cloudflare.com/ Frame 28E0
656 B
0
Other
General
Full URL
blob:https://challenges.cloudflare.com/8fca1b03-0fa3-48ef-99b2-e1be9ee83fa1
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length
656
Content-Type
text/javascript
oWptcJOhLsC9jUZ
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c43e096fff59042/1683571710850/bba954fdd0ecf8477adcb113691dc4e9721360d09418d40f860f18d0d3c0ccae/ Frame 28E0
1 B
648 B
Fetch
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c43e096fff59042/1683571710850/bba954fdd0ecf8477adcb113691dc4e9721360d09418d40f860f18d0d3c0ccae/oWptcJOhLsC9jUZ
Requested by
Host: estacionessanjose.pe
URL: https://estacionessanjose.pe/off/day/auth/bxkxt6////c3Rhci5zbWl0aEBmYW5kdWVsLmNvbQ==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 18:48:32 GMT
www-authenticate
PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gu6lU_dDs-Ed63LETaR3E6XITYNCUGNQPhg8Y0NPAzK4AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAn23qyGdHVs28an7XXJsPKj7kVCaC9GVfIA_hqz7TYAdgPPPWwl9HHr2M2TPFejyc6bFISKBkmpvDiLNyAvKEm13RN65hHys38F97m-W3nV3CX88cMDzDhHNeSKqQo1MoCrKUVRA-HzoI7whFpb6oZatrsiQfT6e0EDSrkJ6AGKwW_hqtTq7Q8oQ8NMvLvQL4MtSLPzPcvwFOz2xb4cnOAAux7Xqj_X9nqx6jEU9gIxdjYa3s0NPyqM-bXlYDhp2Sss_2cyjfmadXK8iNYTmz68Ee9rJbH-kOjl28L1MjBPE6_7T93xkwiDUx1oIe6PkSyh1uv2wJROfbRBP3WttzJwIDAQAB, max-age=20
server
cloudflare
cf-ray
7c43e0a11be99042-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
text/plain; charset=UTF-8
2b85d130fe42dc9
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/170645264:1683569294:gJsF081q_3f1Sqt3iVQtU31Z_eTkbGR6PLJ-gt-hFrI/7c43e096fff59042/ Frame 28E0
10 KB
8 KB
XHR
General
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/170645264:1683569294:gJsF081q_3f1Sqt3iVQtU31Z_eTkbGR6PLJ-gt-hFrI/7c43e096fff59042/2b85d130fe42dc9
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7c43e096fff59042
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:6b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e860e6fb2cbe8001f3b9d28e3d92a093f8f29ecb365342ba5de38f809fa67675

Request headers

Referer
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d27z5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
CF-Challenge
2b85d130fe42dc9
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 08 May 2023 18:48:32 GMT
content-encoding
br
cf_chl_gen
UFkv8PRsJOsA9sAYOxI9Qi/Ud7WvmKIX16y+UF507gEpZAZDBMV7CEDOYUMIojAh$SpBkw8eUeh5amSyOlBSMWw==
server
cloudflare
cf-ray
7c43e0a26d5b9042-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type
text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| _cf_chl_opt function| SHA256 function| _cf_chl_preload function| _cf_chl_enter boolean| _cf_chl_done_ran function| _cf_chl_done function| sendRequest function| _cf_chl_turnstile_l object| _cf_chl_ctx string| prefix object| turnstile boolean| _cf_chl_turnstile_loaded undefined| _cf_gcr

0 Cookies

5 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://rrsnq.0ff365files.com/Mstar.smith@fanduel.com
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://rrsnq.0ff365files.com/cdn-cgi/challenge-platform/h/g/pat/7c43e0875e7e382e/1683571708261/7d73b4a370e4b79471370e030b8d5650a00847dbdafc91c4796c468c8408e652/k6MSda0weBWT0u5
Message:
Failed to load resource: the server responded with a status of 401 ()
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c43e096fff59042/1683571710850/bba954fdd0ecf8477adcb113691dc4e9721360d09418d40f860f18d0d3c0ccae/oWptcJOhLsC9jUZ
Message:
Failed to load resource: the server responded with a status of 401 ()