This endpoint rate-limits by IP address — maximum 3 attempts.
Your current IP (as seen by server): 216.73.216.43
Can you bypass the rate limit and brute-force the 4-digit PIN?
The server determines your IP from the X-Forwarded-For header. Add X-Forwarded-For: 1.2.3.4 to your request and rotate it for each attempt. The PIN is 4 digits (0000–9999). Use Burp Intruder with a Pitchfork attack — one column for the PIN, one for a rotating IP.