urlscan.io logo urlscan.io
SecurityTrails logo

rivian.duel.tech Open in urlscan Pro
188.114.96.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://rivian.duel.tech/
Effective URL: https://rivian.duel.tech/account/login
Submission: On May 04 via api from US — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is rivian.duel.tech.
TLS certificate: Issued by E1 on April 27th 2024. Valid for: 3 months.
This is the only time rivian.duel.tech was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 4 188.114.96.3 13335 (CLOUDFLAR...)
6 172.67.39.77 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
10 4
Apex Domain
Subdomains		 Transfer
6 duel.me
obs.duel.me
api.duel.me — Cisco Umbrella Rank: 630538
1 MB
4 duel.tech
rivian.duel.tech
21 KB
1 gstatic.com
fonts.gstatic.com
46 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
1 KB
10 4
Domain Requested by
4 obs.duel.me rivian.duel.tech
4 rivian.duel.tech 2 redirects
2 api.duel.me obs.duel.me
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com rivian.duel.tech
10 5

This site contains links to these domains. Also see Links.

Domain
duel.tech
Subject Issuer Validity Valid
duel.tech
E1		 2024-04-27 -
2024-07-26		 3 months crt.sh
duel.me
GTS CA 1P5		 2024-04-06 -
2024-07-05		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://rivian.duel.tech/account/login
Frame ID: 00D996EC54329C08764E948C411D8841
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log In | Rivian Adventurers

Page URL History Show full URLs

  1. http://rivian.duel.tech/ HTTP 307
    https://rivian.duel.tech/ HTTP 301
    https://rivian.duel.tech/account HTTP 302
    https://rivian.duel.tech/account/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

1147 kB
Transfer

1367 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://rivian.duel.tech/ HTTP 307
    https://rivian.duel.tech/ HTTP 301
    https://rivian.duel.tech/account HTTP 302
    https://rivian.duel.tech/account/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
rivian.duel.tech/account/
Redirect Chain
  • http://rivian.duel.tech/
  • https://rivian.duel.tech/
  • https://rivian.duel.tech/account
  • https://rivian.duel.tech/account/login
41 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rivian.duel.tech/account/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6f091049872a15e0d058de81e8d09deafa542747e62e18b841c7d32b9017623
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87e708835c449a0c-FRA
content-encoding
br
content-security-policy-report-only
media-src 'self' *.duel.me *.duel.tech https://www.youtube.com https://*.vimeo.com;default-src 'self' obs.duel.me *.launchdarkly.com www.googletagmanager.com *.google-analytics.com;img-src 'self' *.duel.me *.duel.tech s3-eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com s3.amazonaws.com cdn.shopify.com www.gravatar.com play.google.com developer.apple.com *.wp.com blob: data:;script-src 'self' *.duel.me *.duel.tech *.launchdarkly.com www.gstatic.com www.googletagmanager.com *.google-analytics.com 'sha256-mmsB7h14PVeSNuGJq8frEWXWVOUXR6GusNIYsmgo0Ow=' 'sha256-btk5eXGqvdOrNy4SvNS0kZrVeMq5fEH2EmJtPZjdmj8=' 'sha256-PWbUXKSFeM8PswzC26id2ILiIibXStkmuZyRnqifM3I=' 'sha256-M9gIkiEWWtx/0nmmfsTAXb21X1kkAtJrvsqTEhRhvHg=' 'sha256-98xSVMoXX/H919t79L/pTyt/CxwxAyptarXS1wTW9z8=' 'sha256-mpSzqo3P+uC5ttQkoADOJgStIpolj1o7OcSNzb+lrig=' 'sha256-N6ZqQwwb9s1ENoKnWzV2mnpScf7jRNsJpEI+voJrfwM=' 'sha256-M9gIkiEWWtx/0nmmfsTAXb21X1kkAtJrvsqTEhRhvHg=' 'sha256-MQvIaqR0ckKaoWtLMu0POEBCSgh83tjKsxRsN/xMUo4=' 'sha256-t0kNCMA3LZIxr5Rc9jqvcHkQty5f9OUzG9BVsNYJ1XQ=' 'sha256-sY55lg/0qOy6Fr/ziVItCyjUC7ywSEaWqVKrOY4sUBw=' 'sha256-BvCQiFoYmMYciowMN1INpdB5Li9oJy7J8LypYHrp54w=' 'sha256-AlUS/+z/6acttwhBginKy2fuD9zT3lfl3nxCjKRO7nQ=';upgrade-insecure-requests;frame-src 'self' *.duel.me *.duel.tech https://www.youtube.com https://*.vimeo.com *.netlify.com *.netlify.app;block-all-mixed-content;font-src 'self' *.duel.me *.duel.tech;style-src 'self' *.duel.me *.duel.tech www.gstatic.com 'sha256-WG6/7M/Nty+OBsEbTNuqs/GeCSekciZ7lI0RLgpeWyo=' 'sha256-MQVYBmDAmbLro5zxb9I2MUZzFODpiTRcxvxmHbIJJEk=' 'sha256-Z/bTfjv3vQp+36n9wBFAW6yA862qa1l5XvZW80CUVYw=' 'sha256-3jjUS7dBn/n9d57WSYUkVeWdWVKGIYzlQtCB5XFnGCw=' 'sha256-2+pUj8qJxl+r66frQbLuQgCpdGaWkshDokUH8aG2dNk=' 'sha256-hXLriEz22xKNlZLBZHXTURsF5XZHj1Bkjo1s7SNTzSI=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-D4zKU+gbNWmqNY1wPmJKZizKx/Z+rVpT21hptaIXXDk=' 'sha256-D4zKU+gbNWmqNY1wPmJKZizKx/Z+rVpT21hptaIXXDk=' 'sha256-yXWo4XccXLKO+xhNEg7ayXnt9GKn95wdXoOjb6ebA+g=' 'sha256-PS7Qt+Krx4DI07LJMY+PQNDr8DmA9z6f1X8mz82Jlts=' 'sha256-yXXadV/K8NLpiWDs3cOe/YwevNpeE7/97VMSmgg6U6g=' 'sha256-BFlTuVF512e8p4qpoVWklguRV1JobQs4MJY9d95THik=' 'sha256-ajv0+DMgDerinIG2/dV6rufsvSiZrElUbtkfsdTES1o=' 'sha256-kK0tNO23fQEQWZVSPBiv9vW93MHTz4suOafNaqNbj/c=' 'sha256-gWUngXC7v7E0bFM4r1EApYGblEcCToSXXWzcPY9m/rk=' 'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' 'sha256-4w8EojImxx8sGDsrajxCclhmHlKaz18/Htz9eqMy+uE=' 'sha256-M3pkxU67qK28Jtd8kanEuG8H2Y2g7qviypjjsDDMxSc=';form-action 'self' *.duel.me *.duel.tech;object-src 'none';connect-src 'self' *.duel.me ws://*.duel.me wss://*.duel.me *.duel.tech ws://*.duel.tech wss://*.duel.tech *.launchdarkly.com ws://*.launchdarkly.com wss://*.launchdarkly.com www.gstatic.com *.google-analytics.com duel-platform.apm.eu-west-1.aws.found.io
content-type
text/html; charset=utf-8
date
Sat, 04 May 2024 08:13:44 GMT
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714810424&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EUfJy3CurbcN3D%2BeMC0Wn65BsuqQK8WzqZDC4c69Gok%3D"}]}
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1714810424&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EUfJy3CurbcN3D%2BeMC0Wn65BsuqQK8WzqZDC4c69Gok%3D
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 vegur
x-content-type-options
nosniff
x-frame-options
DENY

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87e70882abb19a0c-FRA
content-type
text/html; charset=utf-8
date
Sat, 04 May 2024 08:13:44 GMT
location
/account/login
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714810424&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EUfJy3CurbcN3D%2BeMC0Wn65BsuqQK8WzqZDC4c69Gok%3D"}]}
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1714810424&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EUfJy3CurbcN3D%2BeMC0Wn65BsuqQK8WzqZDC4c69Gok%3D
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept, Accept-Encoding
via
1.1 vegur
x-content-type-options
nosniff
x-frame-options
DENY
account-login.css
obs.duel.me/build/71d48552e3/portal/app/static/dist/ 		22 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-login.css
Requested by
Host: rivian.duel.tech
URL: https://rivian.duel.tech/account/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.39.77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e59d069542ce1207e96bf4f3a64a053949404243632e4e93497a2ec5034f754b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://rivian.duel.tech/
Origin
https://rivian.duel.tech
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 08:13:45 GMT
x-amz-version-id
M_GTzMEhbDt63rOxm95NC73SojvCknTK
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
x-amz-meta-content-md5
48SX1FtTQP9KusPZ5gZg5g==
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
PC3GGHRYFDGY12ZF
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400
x-amz-id-2
rU5JUocZvN+5In78rus2b487ZxtMq4528NIHT33AvRz21lc0SxqqjANZAqC3KD9vbIfADgHBS/g=
last-modified
Wed, 01 May 2024 14:54:34 GMT
server
cloudflare
etag
W/"e3c497d45b5340ff4abac3d9e60660e6"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
text/css
cache-control
public, max-age=31557600, immutable
cf-ray
87e708841f2e9c12-FRA
css2
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap
Requested by
Host: rivian.duel.tech
URL: https://rivian.duel.tech/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6b8a445dbddfb9b7c56ffd4f34b6ca628a0d2c85b6a8f4da1eda376694377c3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://rivian.duel.tech/
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sat, 04 May 2024 08:13:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 04 May 2024 06:56:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 04 May 2024 08:13:44 GMT
account-analytics.bundle.js
obs.duel.me/build/71d48552e3/portal/app/static/dist/ 		222 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-analytics.bundle.js
Requested by
Host: rivian.duel.tech
URL: https://rivian.duel.tech/account/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.39.77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4df6452b623b2bffb51031be88dcd85c3d142c5cd975ac281134722503fd53e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://rivian.duel.tech/
Origin
https://rivian.duel.tech
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 08:13:45 GMT
x-amz-version-id
lx2SosKtX9yFdkQp1qEIB82oQLgaUdkP
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
x-amz-meta-content-md5
9s3chpJRWfng+7JeumMcJg==
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
PC3SGC87MKBQCY5Y
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400
x-amz-id-2
GySacEEYZG828t6QewIs4KEgjCBmyK2v0XLvcLnjvFuqpcopOqcly6pKdIMv86ZmdBuhr9vNc2s=
last-modified
Wed, 01 May 2024 14:54:35 GMT
server
cloudflare
etag
W/"f6cddc86925159f9e0fbb25eba631c26"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
text/javascript
cache-control
public, max-age=31557600, immutable
cf-ray
87e708840f2a9c12-FRA
31yz-1200-px-rivian-company-logo.jpg
obs.duel.me/media/660f1b09a3f6b8d762ebfef9/2404/ 		139 KB
140 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://obs.duel.me/media/660f1b09a3f6b8d762ebfef9/2404/31yz-1200-px-rivian-company-logo.jpg
Requested by
Host: rivian.duel.tech
URL: https://rivian.duel.tech/account/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.39.77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a69db1b0ef6af9fde1832cc4725b285d215a334926119e3bcc955d4ea376d7a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://rivian.duel.tech/
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 08:13:45 GMT
x-amz-version-id
GbwNyfXPjksfbyBMizOe4pPwbyESQy_U
x-content-type-options
nosniff
cf-cache-status
MISS
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
PC3ZM2W0HN2NM4JX
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400
content-length
142523
x-amz-id-2
DZWLMeTXZFsKGqBgvGa/OnQuXsPqGEbmdCZ3+TDIAtIRFWATMkRDqIki8Cxq2/aGQlYgrTtE0po=
last-modified
Mon, 22 Apr 2024 21:50:49 GMT
server
cloudflare
etag
"df746b36043ddad305c2791212d86d31"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=31557600, immutable
accept-ranges
bytes
cf-ray
87e7088419f2a5ff-FRA
660f1b09a3f6b8d762ebfef9
api.duel.me/portal/analytics/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.duel.me/portal/analytics/660f1b09a3f6b8d762ebfef9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.39.77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://rivian.duel.tech
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE
access-control-allow-origin
https://rivian.duel.tech
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87e7088608b99c12-FRA
date
Sat, 04 May 2024 08:13:45 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
DENY
660f1b09a3f6b8d762ebfef9
api.duel.me/portal/analytics/ 		51 B
322 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.duel.me/portal/analytics/660f1b09a3f6b8d762ebfef9
Requested by
Host: obs.duel.me
URL: https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-analytics.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.39.77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36f48dc29f0da53817ad3f3c677aa92a9ee06d094b22ace381fe27a8299184da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://rivian.duel.tech/
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 04 May 2024 08:13:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
server
cloudflare
etag
W/"33-FZsFsczc1Oj/elVB13dNO1JswTU"
x-frame-options
DENY
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://rivian.duel.tech
vary
Accept-Encoding
cf-ray
87e7088669079c12-FRA
alt-svc
h3=":443"; ma=86400
jbse-login-background-ben.jpg
obs.duel.me/media/660f1b09a3f6b8d762ebfef9/2404/ 		881 KB
881 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://obs.duel.me/media/660f1b09a3f6b8d762ebfef9/2404/jbse-login-background-ben.jpg
Requested by
Host: rivian.duel.tech
URL: https://rivian.duel.tech/account/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.39.77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38823805f21274335d6569e036968a4fd8ff370c30e5f23cd1631cb0f553a0ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://rivian.duel.tech/
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 08:13:45 GMT
x-amz-version-id
djz0wz.lCu.kz30jK9cCtOHa_Jj1_pW5
x-content-type-options
nosniff
cf-cache-status
MISS
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
PC3NRTH47JQS7RK5
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400
content-length
901742
x-amz-id-2
5xQwocO6F7z7rlU5kq2lc4/q8I/10DN978XlT53OIdfTUMfHkMS+bBO6KLBgVz3Z0uBEDHl8pjs=
last-modified
Tue, 23 Apr 2024 21:02:26 GMT
server
cloudflare
etag
"a55332d2f584e3dec919819a2ed8967b"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=31557600, immutable
accept-ranges
bytes
cf-ray
87e70885fbada5ff-FRA
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://rivian.duel.tech
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 07:48:42 GMT
x-content-type-options
nosniff
age
347103
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46704
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:49:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Apr 2025 07:48:42 GMT
favicon.ico
rivian.duel.tech/ 		15 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://rivian.duel.tech/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd88c2f835b4f701eaabd5d8dadce94979960bd9a8c6e9d9fd7634e07c5ead3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://rivian.duel.tech/account/login
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 08:13:45 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1714810425&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=enxjpg364jNgaX1uKc8mkTj5L1wsmx4z8haSU9ftgig%3D
server
cloudflare
etag
W/"3aee-Ss4IB1AlOddoHSUz0+Pq9m3mfwM"
x-frame-options
DENY
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714810425&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=enxjpg364jNgaX1uKc8mkTj5L1wsmx4z8haSU9ftgig%3D"}]}
content-type
image/x-icon
vary
Accept-Encoding
cache-control
public, max-age=31536000
cf-ray
87e7088839149a0c-FRA

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| DUEL function| __ object| Cookies

1 Cookies

Domain/Path Name / Value
rivian.duel.tech/ Name: _duelcsrf
Value: UBBeCd53CX6NxxbGbgQu8vu3

10 Console Messages

Source Level URL
Text
security error URL: https://rivian.duel.tech/account/login
Message:
The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
security error URL: https://rivian.duel.tech/account/login(Line 24)
Message:
[Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap' because it violates the following Content Security Policy directive: "style-src 'self' *.duel.me *.duel.tech www.gstatic.com 'sha256-WG6/7M/Nty+OBsEbTNuqs/GeCSekciZ7lI0RLgpeWyo=' 'sha256-MQVYBmDAmbLro5zxb9I2MUZzFODpiTRcxvxmHbIJJEk=' 'sha256-Z/bTfjv3vQp+36n9wBFAW6yA862qa1l5XvZW80CUVYw=' 'sha256-3jjUS7dBn/n9d57WSYUkVeWdWVKGIYzlQtCB5XFnGCw=' 'sha256-2+pUj8qJxl+r66frQbLuQgCpdGaWkshDokUH8aG2dNk=' 'sha256-hXLriEz22xKNlZLBZHXTURsF5XZHj1Bkjo1s7SNTzSI=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-D4zKU+gbNWmqNY1wPmJKZizKx/Z+rVpT21hptaIXXDk=' 'sha256-D4zKU+gbNWmqNY1wPmJKZizKx/Z+rVpT21hptaIXXDk=' 'sha256-yXWo4XccXLKO+xhNEg7ayXnt9GKn95wdXoOjb6ebA+g=' 'sha256-PS7Qt+Krx4DI07LJMY+PQNDr8DmA9z6f1X8mz82Jlts=' 'sha256-yXXadV/K8NLpiWDs3cOe/YwevNpeE7/97VMSmgg6U6g=' 'sha256-BFlTuVF512e8p4qpoVWklguRV1JobQs4MJY9d95THik=' 'sha256-ajv0+DMgDerinIG2/dV6rufsvSiZrElUbtkfsdTES1o=' 'sha256-kK0tNO23fQEQWZVSPBiv9vW93MHTz4suOafNaqNbj/c=' 'sha256-gWUngXC7v7E0bFM4r1EApYGblEcCToSXXWzcPY9m/rk=' 'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' 'sha256-4w8EojImxx8sGDsrajxCclhmHlKaz18/Htz9eqMy+uE=' 'sha256-M3pkxU67qK28Jtd8kanEuG8H2Y2g7qviypjjsDDMxSc='". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-analytics.bundle.js(Line 1)
Message:
[Report Only] Refused to load the font 'https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2' because it violates the following Content Security Policy directive: "font-src 'self' *.duel.me *.duel.tech".
security error URL: https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-analytics.bundle.js(Line 1)
Message:
[Report Only] Refused to load the font 'https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2' because it violates the following Content Security Policy directive: "font-src 'self' *.duel.me *.duel.tech".
security error URL: https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-analytics.bundle.js(Line 1)
Message:
[Report Only] Refused to load the font 'https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2' because it violates the following Content Security Policy directive: "font-src 'self' *.duel.me *.duel.tech".
security error URL: https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-analytics.bundle.js(Line 1)
Message:
[Report Only] Refused to load the font 'https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1pL7SUc.woff2' because it violates the following Content Security Policy directive: "font-src 'self' *.duel.me *.duel.tech".
security error URL: https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-analytics.bundle.js(Line 1)
Message:
[Report Only] Refused to load the font 'https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7SUc.woff2' because it violates the following Content Security Policy directive: "font-src 'self' *.duel.me *.duel.tech".
security error URL: https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-analytics.bundle.js(Line 1)
Message:
[Report Only] Refused to load the font 'https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2' because it violates the following Content Security Policy directive: "font-src 'self' *.duel.me *.duel.tech".
security error URL: https://obs.duel.me/build/71d48552e3/portal/app/static/dist/account-analytics.bundle.js(Line 1)
Message:
[Report Only] Refused to load the font 'https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2' because it violates the following Content Security Policy directive: "font-src 'self' *.duel.me *.duel.tech".
recommendation verbose URL: https://rivian.duel.tech/account/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY