Submitted URL: http://sprintprepaidcard.com/
Effective URL: https://sprint.bes.blackhawknetwork.com/
Submission: On March 27 via manual from PH — Scanned from DE

Summary

This website contacted 5 IPs in 2 countries across 7 domains to perform 16 HTTP transactions. The main IP is 216.104.233.47, located in United States and belongs to CENTURYLINK-LEGACY-SAVVIS, US. The main domain is sprint.bes.blackhawknetwork.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on August 2nd 2022. Valid for: a year.
This is the only time sprint.bes.blackhawknetwork.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 199.73.27.221 396167 (BHN-BGP)
7 216.104.233.47 3561 (CENTURYLI...)
2 2a00:1450:400... 15169 (GOOGLE)
5 2606:4700:440... 13335 (CLOUDFLAR...)
1 151.101.2.137 54113 (FASTLY)
16 5
Apex Domain
Subdomains
Transfer
7 blackhawknetwork.com
sprint.bes.blackhawknetwork.com
241 KB
5 arkoselabs.com
client-api.arkoselabs.com — Cisco Umbrella Rank: 17043
125 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 25
20 KB
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 354
18 KB
1 sprintprepaidcard.com
sprintprepaidcard.com
144 B
0 nr-data.net Failed
bam.nr-data.net Failed
0 Failed
function sub() { [native code] }. Failed
16 7
Domain Requested by
7 sprint.bes.blackhawknetwork.com sprint.bes.blackhawknetwork.com
5 client-api.arkoselabs.com sprint.bes.blackhawknetwork.com
client-api.arkoselabs.com
2 www.google-analytics.com sprint.bes.blackhawknetwork.com
1 js-agent.newrelic.com sprint.bes.blackhawknetwork.com
1 sprintprepaidcard.com 1 redirects
0 bam.nr-data.net Failed sprint.bes.blackhawknetwork.com
0 truncated Failed sprint.bes.blackhawknetwork.com
16 7

This site contains links to these domains. Also see Links.

Domain
blackhawknetwork.com
Subject Issuer Validity Valid
*.bes.blackhawknetwork.com
DigiCert TLS RSA SHA256 2020 CA1
2022-08-02 -
2023-09-02
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-03-06 -
2023-05-29
3 months crt.sh
arkoselabs.com
Cloudflare Inc ECC CA-3
2022-09-23 -
2023-09-22
a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2
2022-07-10 -
2023-08-11
a year crt.sh

This page contains 2 frames:

Primary Page: https://sprint.bes.blackhawknetwork.com/
Frame ID: 6BC2765A4BC64B2BD3F962235F99CB13
Requests: 13 HTTP requests in this frame

Frame: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.a4509a640c842e6916adc4acb59cd0b7.html
Frame ID: 92A49780EA2468FCC628BFBB4B95739C
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Card Account Login | Blackhawk Engagement Solutions

Page URL History Show full URLs

  1. http://sprintprepaidcard.com/ HTTP 302
    https://sprint.bes.blackhawknetwork.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

94 %
HTTPS

40 %
IPv6

7
Domains

7
Subdomains

5
IPs

2
Countries

404 kB
Transfer

692 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sprintprepaidcard.com/ HTTP 302
    https://sprint.bes.blackhawknetwork.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
sprint.bes.blackhawknetwork.com/
Redirect Chain
  • http://sprintprepaidcard.com/
  • https://sprint.bes.blackhawknetwork.com/
38 KB
39 KB
Document
General
Full URL
https://sprint.bes.blackhawknetwork.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
216.104.233.47 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software
/
Resource Hash
8280bae31b1a5e50516966d3aec5fd0ca53ef1ad582da6a7f9345e55bd8e1584
Security Headers
Name Value
Content-Security-Policy default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
public, max-age=30
Content-Length
38530
Content-Security-Policy
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
Content-Type
text/html; charset=utf-8
Date
Mon, 27 Mar 2023 16:52:30 GMT
Expires
Mon, 27 Mar 2023 16:53:00 GMT
Last-Modified
Mon, 27 Mar 2023 16:52:30 GMT
Vary
*
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-TraceId
YTFlM2VhZTUtYjcyMy00NjMzLWEwZTAtMjg2NjFjYTIzNmZk
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
https://sprint.bes.blackhawknetwork.com/
Server
BigIP
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sprint.bes.blackhawknetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 27 Mar 2023 16:05:11 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
2839
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Mon, 27 Mar 2023 18:05:11 GMT
site.min.css
sprint.bes.blackhawknetwork.com/_1234_/styles/
39 KB
41 KB
Stylesheet
General
Full URL
https://sprint.bes.blackhawknetwork.com/_1234_/styles/site.min.css?v=1.0.8357.31897
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
216.104.233.47 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software
/
Resource Hash
89689ee793233e38bc345e9b1d5178c396695039ca5bf162a6ec6dd82b824318
Security Headers
Name Value
Content-Security-Policy default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sprint.bes.blackhawknetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
Date
Mon, 27 Mar 2023 16:52:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 27 Mar 2023 16:52:30 GMT
Vary
*
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
public, max-age=31536000
X-TraceId
OWEzYjBkNmEtZGQ1My00Y2EzLTlkNWMtOTllZmU1NTZjYWUw
Content-Length
40440
X-XSS-Protection
1; mode=block
Expires
Tue, 26 Mar 2024 16:52:30 GMT
header.png
sprint.bes.blackhawknetwork.com/_1234_/images/
3 KB
5 KB
Image
General
Full URL
https://sprint.bes.blackhawknetwork.com/_1234_/images/header.png
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
216.104.233.47 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software
/
Resource Hash
a8a31cfc2808ff39fba4af492b1810a4540e60b8478e470fca456682533ba1fc
Security Headers
Name Value
Content-Security-Policy default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sprint.bes.blackhawknetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
Date
Mon, 27 Mar 2023 16:52:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 27 Mar 2023 16:52:30 GMT
Vary
*
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
public, max-age=31536000
X-TraceId
OWM3ZjgxMDgtZTliYS00MWI2LWE4OGItNzljYzI4OTVkMWZh
Content-Length
3545
X-XSS-Protection
1; mode=block
Expires
Tue, 26 Mar 2024 16:52:30 GMT
login_0.png
sprint.bes.blackhawknetwork.com/_1234_/images/
14 KB
15 KB
Image
General
Full URL
https://sprint.bes.blackhawknetwork.com/_1234_/images/login_0.png
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
216.104.233.47 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software
/
Resource Hash
976569c5f4063e5df8fd22a4ed1cb92179bb610b6f3622f73d69742f360fb83d
Security Headers
Name Value
Content-Security-Policy default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sprint.bes.blackhawknetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
Date
Mon, 27 Mar 2023 16:52:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 27 Mar 2023 16:52:30 GMT
Vary
*
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
public, max-age=31536000
X-TraceId
ZDVmMGFlZTMtYzY2YS00MjIwLWI4NTQtNTM3MTA3ZDY0ZGRi
Content-Length
14111
X-XSS-Protection
1; mode=block
Expires
Tue, 26 Mar 2024 16:52:30 GMT
jquery
sprint.bes.blackhawknetwork.com/_1234_/bundles/
130 KB
131 KB
Script
General
Full URL
https://sprint.bes.blackhawknetwork.com/_1234_/bundles/jquery
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
216.104.233.47 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b4e0e4bafdba979ed97fde06c409478becd96dde7a53023aae7858a19f15a67b
Security Headers
Name Value
Content-Security-Policy default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sprint.bes.blackhawknetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
Date
Mon, 27 Mar 2023 16:52:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 27 Mar 2023 16:38:02 GMT
Server
Microsoft-IIS/10.0
Vary
User-Agent
X-Frame-Options
DENY
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Content-Length
133121
X-XSS-Protection
1; mode=block
Expires
Tue, 26 Mar 2024 16:38:02 GMT
common.min.js
sprint.bes.blackhawknetwork.com/_1234_/scripts/
6 KB
8 KB
Script
General
Full URL
https://sprint.bes.blackhawknetwork.com/_1234_/scripts/common.min.js?v=1.0.8357.31897
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
216.104.233.47 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software
/
Resource Hash
31597392b9d78f33928030f2e0ca3b3f45a6f155e366f4d3e8187e055a2429fe
Security Headers
Name Value
Content-Security-Policy default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sprint.bes.blackhawknetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
Date
Mon, 27 Mar 2023 16:52:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 27 Mar 2023 16:52:30 GMT
Vary
*
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
public, max-age=31536000
X-TraceId
YmZhMDBhODAtMjZjNS00MmU3LWJhOTAtY2MzYjgxYmQzYTBj
Content-Length
6399
X-XSS-Protection
1; mode=block
Expires
Tue, 26 Mar 2024 16:52:30 GMT
captcha-common-js
sprint.bes.blackhawknetwork.com/_1234_/bundles/
1 KB
3 KB
Script
General
Full URL
https://sprint.bes.blackhawknetwork.com/_1234_/bundles/captcha-common-js?v=1.0.8357.31897
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
216.104.233.47 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),
Reverse DNS
Software
/
Resource Hash
63b88c463dc3d0437f448c38ab457130966998f2ba18da1aba620f98cdd677a8
Security Headers
Name Value
Content-Security-Policy default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sprint.bes.blackhawknetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
Date
Mon, 27 Mar 2023 16:52:30 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Content-Length
1493
X-XSS-Protection
1; mode=block
Expires
-1
api.js
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/
49 KB
17 KB
Script
General
Full URL
https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/api.js
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
2606:4700:4400::6812:2ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91a9357ab43bbde310460328c3465ea605b74912cac00d6495a0c1f09ebc45c1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; style-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sprint.bes.blackhawknetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 27 Mar 2023 16:52:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
content-security-policy
default-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; style-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
age
4834185
x-amz-request-id
WAKWCE11CEVZYSS8
x-amz-version-id
AOfXYcp2_22Y_Q0P3vd7NzDOrAq587Vz
cache-tag
25F047CE-AC4D-A023-583D-14FEE20E4E1E
capi-worker-type
dedicated
x-amz-id-2
a3isvG/FGW2e5D/eROXdJAnVWsZ3/vv+BiG/txDP21iRKu3PXuwTIFBJbi+rm+aFJtaDD3R4Uu11y+GTazS/y8wqKHo3gIRyQvTR0WM6eIk=
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 30 Jan 2023 17:57:00 GMT
server
cloudflare
etag
W/"4d0821c7e07ced760b02307eea493987"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, s-maxage=31536000
permissions-policy
accelerometer=*, autoplay=*, camera=*, display-capture=*, document-domain=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, midi=*, payment=*, picture-in-picture=*, sync-xhr=*, usb=*
cf-ray
7ae924eac8e5bb4d-FRA
collect
www.google-analytics.com/j/
3 B
219 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1222685777&t=pageview&_s=1&dl=https%3A%2F%2Fsprint.bes.blackhawknetwork.com%2F&ul=en-us&de=UTF-8&dt=Card%20Account%20Login%20%7C%20Blackhawk%20Engagement%20Solutions&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=476379085&gjid=1240246330&cid=1478435421.1679935951&tid=UA-64146908-2&_gid=939990225.1679935951&_r=1&_slc=1&z=342370202
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://sprint.bes.blackhawknetwork.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 27 Mar 2023 16:52:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://sprint.bes.blackhawknetwork.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/
0
0

enforcement.a4509a640c842e6916adc4acb59cd0b7.html
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 92A4
651 B
656 B
Document
General
Full URL
https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.a4509a640c842e6916adc4acb59cd0b7.html
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
2606:4700:4400::6812:2ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93851d5db64609b5685ea1872da9a562b9fbdfe62c7c760f1dd6fc7bf706e0bd
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; style-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://sprint.bes.blackhawknetwork.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
age
4834185
cache-control
public, max-age=31536000, immutable
cache-tag
25F047CE-AC4D-A023-583D-14FEE20E4E1E
capi-worker-type
dedicated
cf-cache-status
HIT
cf-ray
7ae924ef2f1abb4d-FRA
content-encoding
br
content-security-policy
default-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; style-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
content-type
text/html; charset=utf-8
date
Mon, 27 Mar 2023 16:52:31 GMT
last-modified
Mon, 30 Jan 2023 17:57:00 GMT
permissions-policy
accelerometer=*, autoplay=*, camera=*, display-capture=*, document-domain=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, midi=*, payment=*, picture-in-picture=*, sync-xhr=*, usb=*
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-amz-id-2
/OqGWJKANw2HaGc4xXxSQfKm2YhisG7At8YeqfVjep5Yn30GaWb6ctLkgd5kLGSxKbedjD7rrU8=
x-amz-request-id
RCQRFRDEZ72AJ3KF
x-amz-version-id
k5cwpPPxn7aKeKb.o0X_gccGJNIV_q.c
x-content-type-options
nosniff
x-xss-protection
1; mode=block
enforcement.a4509a640c842e6916adc4acb59cd0b7.js
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 92A4
165 KB
57 KB
Script
General
Full URL
https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.a4509a640c842e6916adc4acb59cd0b7.js
Requested by
Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.a4509a640c842e6916adc4acb59cd0b7.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
2606:4700:4400::6812:2ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7089cb3b0c0a1c5ea1b4dccdd02aa177eda94b1ab3c40051a596d4a69ef529bf
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; style-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.a4509a640c842e6916adc4acb59cd0b7.html
Origin
https://client-api.arkoselabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 27 Mar 2023 16:52:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
content-security-policy
default-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; connect-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; font-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; frame-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; img-src 'self' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn data:; script-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn; style-src 'self' 'unsafe-inline' *.arkoselabs.com *.funcaptcha.com *.arkoselabs.cn *.arkose.com.cn;
age
789009
x-amz-request-id
H1X8AQ6DJM1MP9D7
x-amz-server-side-encryption
AES256
x-amz-version-id
YByyQ3v4jfLFTomiaWBfGi5LVpBMVI6H
cache-tag
25F047CE-AC4D-A023-583D-14FEE20E4E1E
capi-worker-type
dedicated
x-amz-id-2
S95RA13RH/20ObtxE5+a+aEwwuGC/0pSWuC8fpGCGmAHEzhBwruhk35I/RgvEkmZq7OYB5jGMo4=
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 30 Jan 2023 17:57:00 GMT
server
cloudflare
etag
W/"b8719b6960b41bc58c031acecb6c2645"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
permissions-policy
accelerometer=*, autoplay=*, camera=*, display-capture=*, document-domain=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, midi=*, payment=*, picture-in-picture=*, sync-xhr=*, usb=*
cf-ray
7ae924ef9fbfbb4d-FRA
/
client-api.arkoselabs.com/fc/api/sri/ Frame 92A4
145 B
214 B
XHR
General
Full URL
https://client-api.arkoselabs.com/fc/api/sri/
Requested by
Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.a4509a640c842e6916adc4acb59cd0b7.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
2606:4700:4400::6812:2ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
582e5b9f98ab45c3c449a8b3cc78c7e3a9c8b98cfbc5bc55b5314bd82bb4fb9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.a4509a640c842e6916adc4acb59cd0b7.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 27 Mar 2023 16:52:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cf-ray
7ae924f07916bb4d-FRA
x-xss-protection
1; mode=block
nr-spa-1216.min.js
js-agent.newrelic.com/
49 KB
18 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-spa-1216.min.js
Requested by
Host: sprint.bes.blackhawknetwork.com
URL: https://sprint.bes.blackhawknetwork.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sprint.bes.blackhawknetwork.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

x-amz-version-id
UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-encoding
gzip
via
1.1 varnish
date
Mon, 27 Mar 2023 16:52:31 GMT
x-amz-request-id
RJY6T5W7EXKZY6C7
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
18216
x-amz-id-2
p8OOy5HznCScdGWKk6Y/P6WG//44FNY0+XPCya/0wwGIVH9elN7jCPp1QVoKigySC0P6rLBN2u8=
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Thu, 14 Apr 2022 16:45:57 GMT
server
AmazonS3
x-timer
S1679935952.527727,VS0,VE0
etag
"63e2df852d15ab21d7ff8fc4363222e8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
276
funcaptcha_api.js
client-api.arkoselabs.com/cdn/fc/js/f9e9a66de775dbdbbe438a38c30dbefe118d3f49/standard/ Frame 92A4
148 KB
50 KB
Script
General
Full URL
https://client-api.arkoselabs.com/cdn/fc/js/f9e9a66de775dbdbbe438a38c30dbefe118d3f49/standard/funcaptcha_api.js?onload=loadChallenge
Requested by
Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.a4509a640c842e6916adc4acb59cd0b7.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
2606:4700:4400::6812:2ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7c58806baa71ad29e4739218f4e1a478b24b8a3afa59f996a6d40bda9a6c6c8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; media-src 'self' data:; connect-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.a4509a640c842e6916adc4acb59cd0b7.html
Origin
https://client-api.arkoselabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 27 Mar 2023 16:52:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
content-security-policy
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; media-src 'self' data:; connect-src 'self'
age
1612792
x-amz-request-id
1QWDY0DTQ188J5HD
x-amz-server-side-encryption
AES256
x-amz-version-id
_ZjnacrCARB9YDDb2rtO9o3W2YB9q7Q2
x-amz-id-2
R7foD9o25j+zA8BdbBeF3v2E9ma0iKWHA6g+DRBdNyhbHZl6hEI9aXucF4Qa8vqjKE6yuIJ5Ln4=
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 02 Mar 2023 00:12:33 GMT
server
cloudflare
etag
W/"ccd1257965b662591d6e137148901b9e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
cf-ray
7ae924f0d990bb4d-FRA
673ac2fa6e
bam.nr-data.net/1/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
truncated
URL
data:truncated
Domain
bam.nr-data.net
URL
https://bam.nr-data.net/1/673ac2fa6e?a=1737242258&v=1216.487a282&to=ZFVbZUIHC0RWU0IMDF0fdGdzSSRUVF9DCxdwX1dFQgkJW1JCGSkMVFlX&rst=2348&ck=1&ref=https://sprint.bes.blackhawknetwork.com/&ap=19&be=1155&fe=2192&dc=1979&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1679935949231,%22n%22:0,%22f%22:347,%22dn%22:347,%22dne%22:362,%22c%22:362,%22s%22:548,%22ce%22:740,%22rq%22:740,%22rp%22:965,%22rpe%22:1152,%22dl%22:969,%22di%22:1978,%22ds%22:1978,%22de%22:1990,%22dc%22:2191,%22l%22:2191,%22le%22:2192%7D,%22navigation%22:%7B%7D%7D&fp=1419&fcp=1419&jsonp=NREUM.setToken

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| NREUM object| newrelic function| __nr_require string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| $ function| jQuery object| html5 object| Modernizr function| LoadRecaptcha function| ArkoseInit object| arkoseEnforcement object| arkoseLabsClientApi879ce088 object| regeneratorRuntime object| jQuery110202857385376732091

7 Cookies

Domain/Path Name / Value
sprint.bes.blackhawknetwork.com/ Name: ASP.NET_SessionId
Value: ib5z5silk5csmjxltejjifru
sprint.bes.blackhawknetwork.com/ Name: _culture
Value: en-US
sprint.bes.blackhawknetwork.com/ Name: __RequestVerificationToken
Value: Lkluao1gbthVGtVpaEFb1WHV1zDXM7iM5gGroY-LryhUEry9cLF0MYfvfx-YC5PwF6Sn3FZNBkO8A2Q6065Mqf0YJfDfRiw1g05WDNhuDjY1
.blackhawknetwork.com/ Name: _ga
Value: GA1.2.1478435421.1679935951
.blackhawknetwork.com/ Name: _gid
Value: GA1.2.939990225.1679935951
.blackhawknetwork.com/ Name: _gat
Value: 1
sprint.bes.blackhawknetwork.com/ Name: fontSize
Value: 0

4 Console Messages

Source Level URL
Text
security error URL: https://sprint.bes.blackhawknetwork.com/(Line 8)
Message:
Refused to load the image 'data:;base64,iVBORw0KGgo=' because it violates the following Content Security Policy directive: "img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com".
security error URL: https://sprint.bes.blackhawknetwork.com/
Message:
Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEwAAAATCAIAAAC1LXxeAAAABnRSTlMAAAAAAABupgeRAAAC2UlEQVR4AdWXg490SRTF+49ZWxh9tm1rbNu2bdu2bdu2rbOpxUsL2VHfnFQK9/dOFydDI2FsbJySkpLOKfz9/e/du0cQPgOrqqpmZ2dXV1fXOMXS0tL4+LiysjKfgW5ubsC2trY2uYv19fXOzi4BAQE+AmnNzc2Y9zovMTU1JS8vf7Bgd3ePi6tHfn7hYYC0vr6+ZR4DpKGhISswJydvbGyMV1BdU/vn3wTPnb9yGOBfk1zgMSYmJkAyBf38A2Gpqq7JEzg0NATK0cnl8y+/y8zKPmCQTHKaWTx/+cbO3onpEDaKWLKiYIxR7kEfXz8gqIhJSCurahwwSCY5NjZOp+qaWlExyZu37qPOqJGREWLJSMESFbAenj7cgzBSVFZDBRT2BK/FQYJkkoMMoaNnEBQcSkrGURwSk...B9Q8NPvwoAIU3Uo6NjuQHl5BWv37zzb1NTWxfuBwmSSba2tlGFS3X1xm0jYzMIvzUvr4Auoaenl1jSUVhXqqRl5TmCVVXVyBQ5c/7R4+dEsEaPl7fvgYFkktgEqh48eopLbGBoDL1++wElXQKOPkg68Mr1W9TMmNh4WJaUlLIHgSANJVXCp8/D98BAMkmsyr+KiIy+fPXmv838/IKffvkTFara29uJJZWCJZKpafgObjV7UPjU+Zev39F9HxS+lpySejAgmWRRccm/+igmoamlS+3BXwVjE3NqT0tLK7GkUkhDhSp8R1DkHBuQPIm29o50YEZmFvqBHwxIJpmbm8eTGhsbQf5/EK/ajz//wTTz6fNXgsJnDwqkYUMzMjPT0jO4F866srIyH4G0kJCQ0rKyhIRE7tXe3nHu3Dk+AmmI1tbWwsIivIeRUTHslZiUgttsY2MDip9AEuHh4fhHpo9T4P1UUFAgCB+B+4cRect56T5iAAAAAElFTkSuQmCC' because it violates the following Content Security Policy directive: "img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com".
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security error URL: https://sprint.bes.blackhawknetwork.com/(Line 4)
Message:
Refused to load the script 'https://bam.nr-data.net/1/673ac2fa6e?a=1737242258&v=1216.487a282&to=ZFVbZUIHC0RWU0IMDF0fdGdzSSRUVF9DCxdwX1dFQgkJW1JCGSkMVFlX&rst=2348&ck=1&ref=https://sprint.bes.blackhawknetwork.com/&ap=19&be=1155&fe=2192&dc=1979&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1679935949231,%22n%22:0,%22f%22:347,%22dn%22:347,%22dne%22:362,%22c%22:362,%22s%22:548,%22ce%22:740,%22rq%22:740,%22rp%22:965,%22rpe%22:1152,%22dl%22:969,%22di%22:1978,%22ds%22:1978,%22de%22:1990,%22dc%22:2191,%22l%22:2191,%22le%22:2192%7D,%22navigation%22:%7B%7D%7D&fp=1419&fcp=1419&jsonp=NREUM.setToken' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com bam-cell.nr-data.net; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com bam-cell.nr-data.net stats.g.doubleclick.net; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src *; object-src 'none';media-src 'self' data: mpsnare.iesnare.com; frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block