huntr.dev Open in urlscan Pro
2600:9000:223d:6400:14:bb32:5f00:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Submission: On January 12 via api (January 12th 2022, 1:36:28 pm UTC) from US — Scanned from DE

Summary HTTP 81 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 17 IPs in 2 countries across 11 domains to perform 81 HTTP transactions. The main IP is 2600:9000:223d:6400:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon on February 25th 2021. Valid for: a year.

This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 35	2600:9000:223... 2600:9000:223d:6400:14:bb32:5f00:93a1	16509 (AMAZON-02) (AMAZON-02)
8	99.86.7.85 99.86.7.85	16509 (AMAZON-02) (AMAZON-02)
2 12	18.205.222.128 18.205.222.128	14618 (AMAZON-AES) (AMAZON-AES)
2	3.93.205.7 3.93.205.7	14618 (AMAZON-AES) (AMAZON-AES)
10	13.35.253.118 13.35.253.118	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:214... 2600:9000:214f:3c00:7:dce7:b680:21	16509 (AMAZON-02) (AMAZON-02)
2	52.216.81.128 52.216.81.128	16509 (AMAZON-02) (AMAZON-02)
2	2606:50c0:800... 2606:50c0:8002::154	54113 (FASTLY) (FASTLY)
1	13.32.22.41 13.32.22.41	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42:600... 2a04:4e42:600::729	54113 (FASTLY) (FASTLY)
1	54.200.147.126 54.200.147.126	16509 (AMAZON-02) (AMAZON-02)
1	13.32.22.63 13.32.22.63	16509 (AMAZON-02) (AMAZON-02)
1	143.204.215.95 143.204.215.95	16509 (AMAZON-02) (AMAZON-02)
1	52.209.125.250 52.209.125.250	16509 (AMAZON-02) (AMAZON-02)
1	65.9.61.115 65.9.61.115	16509 (AMAZON-02) (AMAZON-02)
1	34.243.159.102 34.243.159.102	16509 (AMAZON-02) (AMAZON-02)
81	17

35 2600:9000:223d:6400:14:bb32:5f00:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

huntr.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 99.86.7.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-85.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 18.205.222.128 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-222-128.compute-1.amazonaws.com

app.chatwoot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.93.205.7 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-93-205-7.compute-1.amazonaws.com

app.posthog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.35.253.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-118.fra6.r.cloudfront.net

mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:214f:3c00:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)

d3tq67kexc2w2i.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.216.81.128 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

prod-chatwoot-assets.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:50c0:8002::154 (United States)

ASN54113 (FASTLY, US)

avatars.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.22.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-41.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::729 (United States)

ASN54113 (FASTLY, US)

browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.200.147.126 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-200-147-126.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.22.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-63.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-95.fra53.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.209.125.250 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-125-250.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.61.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-61-115.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.243.159.102 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-159-102.eu-west-1.compute.amazonaws.com

ws30.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	huntr.dev 1 redirects huntr.dev	1 MB
12	amazonaws.com mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com prod-chatwoot-assets.s3.amazonaws.com	138 KB
12	chatwoot.com 2 redirects app.chatwoot.com — Cisco Umbrella Rank: 567321	34 KB
8	segment.com cdn.segment.com — Cisco Umbrella Rank: 1486	82 KB
5	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 573 script.hotjar.com — Cisco Umbrella Rank: 719 vars.hotjar.com — Cisco Umbrella Rank: 857 in.hotjar.com — Cisco Umbrella Rank: 1592 ws30.hotjar.com — Cisco Umbrella Rank: 66091	66 KB
4	cloudfront.net d3tq67kexc2w2i.cloudfront.net	261 KB
2	sentry-cdn.com browser.sentry-cdn.com — Cisco Umbrella Rank: 4330	19 KB
2	githubusercontent.com avatars.githubusercontent.com — Cisco Umbrella Rank: 7766	29 KB
2	posthog.com app.posthog.com — Cisco Umbrella Rank: 85202	776 B
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 2046	258 B
1	segment.io api.segment.io — Cisco Umbrella Rank: 991	138 B
81	11

	Domain	Requested by
35	huntr.dev	1 redirects huntr.dev
12	app.chatwoot.com	2 redirects huntr.dev app.chatwoot.com d3tq67kexc2w2i.cloudfront.net
10	mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com	huntr.dev
8	cdn.segment.com	huntr.dev cdn.segment.com
4	d3tq67kexc2w2i.cloudfront.net	app.chatwoot.com d3tq67kexc2w2i.cloudfront.net
2	browser.sentry-cdn.com	cdn.segment.com
2	avatars.githubusercontent.com	huntr.dev
2	prod-chatwoot-assets.s3.amazonaws.com	huntr.dev
2	app.posthog.com	huntr.dev browser.sentry-cdn.com
1	ws30.hotjar.com	browser.sentry-cdn.com
1	vc.hotjar.io	browser.sentry-cdn.com
1	in.hotjar.com	browser.sentry-cdn.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	api.segment.io	cdn.segment.com
1	static.hotjar.com	cdn.segment.com
81	16

This site contains links to these domains. Also see Links.

Domain
www.github.com
github.com
nvd.nist.gov
cwe.mitre.org
twitter.com
www.youtube.com
linkedin.com
instagram.com
418sec.com
www.418sec.com

Subject Issuer	Validity	Valid
*.huntr.dev Amazon	`2021-02-25` - `2022-03-26`	a year	crt.sh
*.segment.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-19` - `2022-08-09`	a year	crt.sh
app.chatwoot.com R3	`2021-11-19` - `2022-02-17`	3 months	crt.sh
app.posthog.com Amazon	`2021-11-04` - `2022-12-02`	a year	crt.sh
*.appsync-api.eu-west-1.amazonaws.com Amazon	`2022-01-06` - `2023-02-04`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-11-26` - `2022-12-28`	a year	crt.sh
*.hotjar.io Amazon	`2021-08-17` - `2022-09-15`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Frame ID: 928E55DA04F60AD7BE1267EB4D9D5EAD
Requests: 61 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: 71AD0F7E2036A4C2EA44F0FB2605A436
Requests: 15 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html
Frame ID: ABCFA201D639642FA5D77590C2758C08
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Improper Access Control vulnerability found in snipe-it

Page URL History Show full URLs

https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7 HTTP 301
https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/ Page URL

Detected technologies

Sentry (Issue Trackers) Expand

Overall confidence: 100%
Detected patterns

browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

Page Statistics

81
Requests

98 %
HTTPS

25 %
IPv6

11
Domains

16
Subdomains

17
IPs

2
Countries

1815 kB
Transfer

5314 kB
Size

10
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.github.com/snipe/snipe-it
Title: snipe/snipe-it

Search URL Search Domain Scan URL

URL: https://github.com/snipe/snipe-it
Title: snipe/snipe-it

Search URL Search Domain Scan URL

URL: https://github.com/snipe/snipe-it/compare/HEAD...haxatron:fix-access-control
Title: patch

Search URL Search Domain Scan URL

URL: https://github.com/Haxatron/snipe-it/commit/bb095641c2f421f744796d184287c46fc9303591
Title: https://github.com/Haxatron/snipe-it/commit/bb095641c2f421f744796d184287c46fc9303591

Search URL Search Domain Scan URL

URL: https://www.github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e
Title: cf14a0

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0179
Title: CVE-2022-0179

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/284.html
Title: CWE-284

Search URL Search Domain Scan URL

URL: https://github.com/haxatron

Search URL Search Domain Scan URL

URL: https://twitter.com/Haxatron1

Search URL Search Domain Scan URL

URL: https://github.com/418sec/huntr

Search URL Search Domain Scan URL

URL: https://twitter.com/huntrdev

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC33YyLk3vdtnPqLeOuEZc2w

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/huntrdev

Search URL Search Domain Scan URL

URL: https://instagram.com/huntr.dev

Search URL Search Domain Scan URL

URL: https://418sec.com/
Title: company

Search URL Search Domain Scan URL

URL: https://www.418sec.com/#about
Title: about

Search URL Search Domain Scan URL

URL: https://www.418sec.com/#team
Title: team

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7 HTTP 301
https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJYW5CbkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--d5bd8600745fd77201f6159b61f8b9f6f6f54b0a/huntr_logo.jpg HTTP 302
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133624Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=eee1ff7292052ef0cf7c684052f1df67dc0a191793763fe1aed4c86893db27d4

Request Chain 76

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBclZUIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--31ae538bf9d04000e44a5bbe8feed382c0892b6f/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--0ebc19c01420fe8a8c6a202fcf9e63947dea59fd/profile.png HTTP 302
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133624Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=38afcec7d6e24abacf64e9325d4b814e38a3297ac6946021d673112b86cbe00f

81 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request / Show response
huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Redirect Chain

https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7
https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

5 KB
2 KB

102ms
102ms

Document
text/html

2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6190ebed8568901a2628a503e0bd1e72c10e6a5cc207193038f4a8c13fac9485

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html
date: Wed, 12 Jan 2022 13:36:22 GMT
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: x491h2KcLqa2l6nnI8YnEyq-UuZ1dJSwmn3QCEhTttRXhexPR-dZXQ==

Redirect headers

content-type: application/xml
content-length: 0
date: Wed, 12 Jan 2022 13:36:22 GMT
server: AmazonS3
location: /bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
x-cache: Miss from cloudfront
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: UCuR3mxRHEk7NmDwOiGWM23fkR5nrR3MtRqddkI0RSbELgdY2p_6Hg==

GET
H2 200 f09ddd7.js Show response
huntr.dev/_nuxt/ 3 KB
3 KB 74ms
73ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/f09ddd7.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3ef0abb4845e08bf9ee05a34d8457724a637662a9030904aab5214c0e24a27a4

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"1637828b6467e9eba7ccaf747060225a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: esHDRXXFH0i-nl1YtlfN1aswJ9PyIfRGKgs5nLnwbeQZBHh_8hsY5A==

GET
H2 200 31a45b0.js Show response
huntr.dev/_nuxt/ 299 KB
104 KB 89ms
88ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/31a45b0.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d3dcec4f248e2811281de6c0e8755ae7e03a72c54dc9b4d1e1ca7ce6ba3de30c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"753b0b0c61eb75e0594361a492eb0f96"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: KwPwzwkqGkUK8yJSM4Cuih_Anh3NbJuETh7Q3ZNDqZwUG70p51ENZg==

GET
H2 200 fbe198b.js Show response
huntr.dev/_nuxt/ 1 MB
308 KB 76ms
75ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/fbe198b.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b91bb18b545e5ae1b449eb4861af099fba89ce33c280f9b95f692d2367ea66ca

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"38a252c1a4726c2910305a7100db45ae"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 2zLGLvvTH01HA5K1SVjDbIcKOURAfNvUOYpnLDe-8QfDxfVgAbZ-yA==

GET
H2 200 d6b8649.js Show response
huntr.dev/_nuxt/ 74 KB
14 KB 89ms
89ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/d6b8649.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

78bb08ba17e489b63c7ceac9b4e8f4ac40450b9b64b40016626cb4d554297f69

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"a940690290b4af643ee4d8848fae79c5"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: oWFx4SCr796s6xOCRf86i0jCyHQk7wnpciKvDAn6J2PLXF5WuDNXiQ==

GET
H2 200 5e1f917.js Show response
huntr.dev/_nuxt/ 14 KB
6 KB 79ms
78ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/5e1f917.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

52bfe2c491b876e967ad8d9a46e5c43e4b342c204e865e049f3b74daaed7af84

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"4f650a111ec29530e868ed62dda88f76"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: jX2EI0Hd-4KqJJI_shBVFrOqLqe1PdYjW-cSYblAHex2PV-3ad27YQ==

GET
H2 200 bf1611b.js Show response
huntr.dev/_nuxt/ 66 KB
19 KB 71ms
70ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/bf1611b.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6807e1d77edfeb9a4bb6d32f2bd8bea0e411aa158df9c3dc13a0be01dfca8f6b

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"3b49b6665c0823f885ce24348563538a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 1834DBbH5gvNrgfra1m1TC5Snpn_M-8UKIYx6cak9D-an6uM7kaudw==

GET
H2 200 6c6d905.js Show response
huntr.dev/_nuxt/ 863 KB
274 KB 77ms
76ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/6c6d905.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7561fb9f36929fc5ee536239058b9ecff2d8075c5953dc2f81571a4d0fb0bbec

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"3a735ec63de389352387485e74332657"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: VbkoMzLMS97BLk9zBklJ953U5Um7_iMEgcB151116tvYtqGVPnIyHg==

GET
H2 200 7599c55.js Show response
huntr.dev/_nuxt/ 68 KB
15 KB 74ms
73ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/7599c55.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

506aa0ea770d002656c5a0884b149d33efd23951ca16bdbe7e3d76e8d0531a4c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"60f2fd04c9bea401a4ef96568780c81a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: K7Xe96tZM09Cz3v0cE67Eh6KOqhRQSJZpt0EIP0IqrW-aQGMh-gofw==

GET
H2 200 6377196.js Show response
huntr.dev/_nuxt/ 183 KB
42 KB 158ms
158ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/6377196.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

10f593138390e0dca1a2bb1fd8b75b95e21e85363ed6e8941ac7ca9b73eaa58a

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"c44183da06fe8cb0d29fbdcbddb7aa6b"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: IV34QOnUFc39nySSU2YYDWAqYfDiKDNkhBYJkym0ws_RkN6ufC5ebA==

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 89 KB
24 KB 668ms
632ms Script
text/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae3711b69005cf8726b54df4b235f63d7ff9fb121ee2f3300b3b390215d09cb6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: QmhhTelhGE5paszzoYpPSspve3d4V_3d
content-encoding: br
etag: W/"23c66d249d6007e9395c095924914eb0"
x-amz-cf-pop: FRA6-C1
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Fri, 19 Nov 2021 21:20:02 GMT
server: AmazonS3
date: Wed, 12 Jan 2022 13:36:25 GMT
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
cache-control: public, max-age=120
x-amz-cf-id: XYnBHrDl0Mu4xrX2eG4uLfRYRWwj24NaBg5d-4xfqGJwbgtD4G1GbA==

GET
H/1.1 200
OK sdk.js Show response
app.chatwoot.com/packs/js/ 51 KB
16 KB 329ms
103ms Script
application/javascript 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/packs/js/sdk.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/d6b8649.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

5c1941d5f7e989c15891c78441408048088fcd0ce5330b958187504340e0d528

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:36:23 GMT
Content-Encoding: br
Last-Modified: Wed, 12 Jan 2022 06:48:38 GMT
Server: Cowboy
Vary: Accept-Encoding, Origin
Connection: keep-alive
Content-Type: application/javascript
Via: 1.1 vegur
Cache-Control: public, max-age=31556952
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 16254

POST
H2 200 / Show response
app.posthog.com/decide/ 193 B
479 B 351ms
129ms XHR
application/json 3.93.205.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.posthog.com/decide/?v=2&ip=1&_=1641994583515

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.93.205.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-93-205-7.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 12 Jan 2022 13:36:23 GMT
referrer-policy: same-origin
server: gunicorn
x-frame-options: DENY
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://huntr.dev
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
content-length: 193
x-content-type-options: nosniff

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 4 KB
2 KB 340ms
340ms XHR
application/json 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash: b31f151521a901006a71ba693ec632c0dbbc29e54e1d1fbebeae08b9cf19c76f

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 47678dd8-8f7f-4121-8213-e955d473bd37
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id: RKTF9YAGMHXWFM-FCCeAaZDo-o2C9ODHQ-aKg4RDjIfpE4g091rbaQ==
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 120ms
88ms Preflight 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:36:23 GMT
x-amzn-requestid: a4ebb970-e6da-4c90-a674-6bcd3296f21b
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: i1L3n532JRXkMU4CubwdHPVkvjm7WFA8GIDbyP290EObWyxuFKwvIQ==

GET
H2 200 Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 240 KB
111 KB 81ms
81ms Font
font/ttf 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"ee6539921d713482b8ccd4d0d23961bb"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/ttf
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: E7nxxDwgYnLzpihuCJdSGlQQhLdypQgEfjYSjM0GJJnxcEUQejVUjA==

GET
H2 200 Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 237 KB
110 KB 75ms
75ms Font
font/ttf 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"c8b6e083af3f94009801989c3739425e"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/ttf
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: IZzPXbBvhsauX4DYsCe33D7ZS888JI1UfhYf5oZrLHK5_TmZvqlWfQ==

GET
H2 200 22e71a7.js Show response
huntr.dev/_nuxt/ 37 KB
9 KB 147ms
146ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/22e71a7.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

43caf074caf0b74abf298083d24582bcc6222300c4758a34923b25664d964896

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"299e600939836addc690948bdc899d44"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: CCoWiuAyF9bF1aXdmzOW7qQrbYp5MxG_DN7Rqonzdnf5JnVt_3_4uA==

GET
H2 200 manifest.js Show response
huntr.dev/_nuxt/static/1641578563/ 89 KB
29 KB 93ms
93ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/manifest.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

581328a6d6e6e92f7eccc5237174bd8ed73c929960bd4c838de73afea046e87a

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"ace4503cfb70368daf6b9d3d9634e5e4"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 1DUI6nzfHVAhTqtSmkJmrg0NmHdMyWcia5sAuSDWgrBtoG0sULzXbQ==

GET
H2 200 65a6cfc.js Show response
huntr.dev/_nuxt/ 49 KB
13 KB 78ms
78ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/65a6cfc.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

211b5a9c89ca2bdb19447e2159875ba8be570b4e42d1962beca5bfad01b93b41

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"fac665e2ab8da270fc3fe50dc9636e0a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: FnfozAh-CPC1hjnvCI6q8UIahhhMQOObs3Xgtj2PgQ3q7c0MnCTF_Q==

GET
H2 200 ab902e6.js Show response
huntr.dev/_nuxt/ 183 KB
48 KB 83ms
83ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/ab902e6.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8993e0383e40e5bd3b61be2e4e7acbf8e8325863491928a06a1a0c25cfa7fdaa

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"60b2eb6b70bbfcac0f3eb9dd9fcf96c7"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 7ZfidbdBeRFuo9MsoT7i6goA_WfzRGzSB4ye6vb-nw6n64a_piMruw==

GET
H2 200 a7f1227.js Show response
huntr.dev/_nuxt/ 47 KB
15 KB 79ms
78ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/a7f1227.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b9917ccf39f0ee3919543b9e3e00f636f66b3a22c67f30887708e2c6b5bfd439

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"635f2284a670fff39f4472ced5544fce"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: XrcwrazIZJnosjy0e5-niQixWtxibVxQ-hNlb5nVrHGEXDudRjjm2g==

GET
H2 200 5ae2eef.js Show response
huntr.dev/_nuxt/ 6 KB
3 KB 84ms
83ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/5ae2eef.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6da167fbba631ae8858acb2511800949ad269156bb7a7af0e9b5455d887d7e8c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"4fe46ce58718ca2d678c49b9dc35d4ff"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: gyjkXZRBVRsahYdVPuAGkRR_Z4LZlfJIFdqcKq9f2k988GMJ--EH5A==

GET
H2 200 7b78e9f.js Show response
huntr.dev/_nuxt/ 4 KB
3 KB 99ms
98ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/7b78e9f.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f120052d211097e6bedc7819573661081c96151aeef903e657927c66260937c1

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"2f965042178b317436d8035317592b30"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: Xn1vMWq8gjsdnnUXlhEMAccpjiCD2x02oZGX3WBnb9jCns7e2vyfAQ==

GET
H2 200 1c3acf0.js Show response
huntr.dev/_nuxt/ 23 KB
7 KB 75ms
74ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/1c3acf0.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6ec4210b7a41340415fcad48cdcd9fabf3497b1512d43c297077806fe9aed7c7

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"7ed623eb3afcc7f474b753b9e33a1005"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: qzfxgYJxRlHgDKgnm5ImpRn3N1ToB_0uudbfwAioHcMBUIZjm1PfXw==

GET
H2 200 ba2849c.js Show response
huntr.dev/_nuxt/ 1 KB
2 KB 77ms
77ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/ba2849c.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4e0a3da788c1c015983887d374c806e0e22e00c1a05478ff48d4ddd00bc22830

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"be10b6951d5a8ed2d6dc34a728e8a821"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: kFpHsEt8gODJwOP9HxnV3nrlaHLl4fx6LVbh7Az4dRcWEBEph3CFdg==

GET
H2 200 ee0fe59.js Show response
huntr.dev/_nuxt/ 1 KB
2 KB 90ms
89ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/ee0fe59.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0069019b0f2cbc057ad4f69c01c9f510a46e86d4160f4093709f4da5999e8f76

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"951d2cbf6ecf7eef122de0b28315fb78"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: xTjQRfb65ynoeeTLi7wFiOqutQifIOIp_SgHiTjnLcM1N-vm0O9v3g==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/ 1 KB
1 KB 88ms
87ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"126dd630135f2a51a22e58e9f9dbb73b"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: uLMxBQQRlaKFsjeb_BTYtgk1LN4w3r0sFVareC8ziyoVtCjhvKc8DQ==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/ 70 B
1 KB 73ms
72ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "ed9a10c88c5ac705aee93e7d26c4fc32"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: 64m6nE4NcvOu64GPwn_Xigyr-OX28Demp1HOayZWfohWhVi4u8CrHw==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/disclose/ 79 B
1 KB 74ms
73ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/disclose/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 79
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "11e86df8ac1d9c85f55c418a4fbf5255"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: DvJeI9MB4hwO-u3Tu6i5CrPtGq45EeXvV3PB96XUSseZy7SP-H3roQ==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/faq/ 15 KB
5 KB 76ms
75ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/faq/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d41e5b545a338f280a64fb8f04cd5c3c4f5f006149559c7aaec1d6c3899f97a4

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"85273804bdff17f9fe54c2dbf2f1c2cd"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: aR9k2NTIpOpgb52xKpe6kJf8BODT7pQUVEVhX0o43Ib6zcXv9_oJMw==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/contact-us/ 72 B
1 KB 79ms
78ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/contact-us/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 72
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "366dc6ea76591bc89566ac85b90aec65"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: aM-vcwompQx1IeE9mK-KVlHNZ8AcYbZIhPY7y5_ds6bzDrtUCYsFLw==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/terms/ 23 KB
7 KB 75ms
75ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/terms/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

833e44e0f40eada5a7ca9770aea05768e576ee5ca6ce20ec636fa51bde65b03c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"8f45459c6a4fb30926c84cab9308c2d2"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: mXPDPc541XVSyf8byZekH9GbXZe8wNnvTSXXwnsBGAjz26TuscGDLQ==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/privacy/ 35 KB
10 KB 88ms
88ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/privacy/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7aabb3c3be9e964e33990c63a17c294a2dfd348422dda57ea50feb8355a34414

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"fab7e71c2829b15ec4b9dca695eb4763"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: xQl0BFe5IfXxU2alSIKSvoTmN76CwICfUR0O95sWcFJedWS3t74JNw==

GET
H/1.1 200
OK widget Show response
app.chatwoot.com/ Frame 71AD 5 KB
7 KB 137ms
137ms Document
text/html 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

74a348f44f646a5869060116a0a51cfeacd9c52338f834e81806c03644cdf5a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/

Response headers

Server: Cowboy
Date: Wed, 12 Jan 2022 13:36:23 GMT
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Etag: W/"74a348f44f646a5869060116a0a51cfe"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 1cc12508-4a61-4439-a3c9-8766008f7e36
X-Runtime: 0.035633
Strict-Transport-Security: max-age=63072000; includeSubDomains
Transfer-Encoding: chunked
Via: 1.1 vegur

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 84ms
84ms Preflight 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:36:24 GMT
x-amzn-requestid: c7bffb71-fde7-44b5-9d82-d255392f6c14
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: Vp-2wG6J1M2IhOxZXMWs5wDF5lE3pvjiUyzctimQKINY6XZ4S7iHog==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 84ms
83ms Preflight 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:36:24 GMT
x-amzn-requestid: c8d29a7a-cc5d-4520-905d-d4872dd57f9d
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: D5lBA2FdGc1eOBd5lMUJRnl501UNjgsmZDbWyS2zvqzHjSrvRDy_Jg==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 8 KB
2 KB 360ms
359ms XHR
application/json 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash: caa5f72527e871922763c493af6384144451a172db5db4566235196b07ce3e3a

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 3a71252f-7368-4343-a3c1-6c81f82da0d1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id: iW5Ir-2J15TXVp8iXGnx2GqPwq_ttagbGz5oPTI0J4UJu2bxIDwvSw==
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 482 B
877 B 206ms
205ms XHR
application/json 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash: a5de64ce9eac87ca74a4dd88c3fe95a78f0514029e18b1ddc6542fbe1f99ffc0

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 757b5493-98ee-4b2e-ad2f-f5c87bbe1b32
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 482
x-amz-cf-id: 2_Da7KHY9eviqEXfD-wYkfc1osclMWk2PZPleGNNJ1CsQF6IJfwYMg==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 2 KB
3 KB 183ms
182ms XHR
application/json 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash: 305a75b75a2968ceb39778f2802f3e33e41d3b611f87de43d6b989c56a8c57b1

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: d082e4b1-459e-4acb-9d9a-e9d131d94d2a
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 2374
x-amz-cf-id: YCDUmDnsw1OLlIfuHz7n7-CMms1Iaqp1Mnt_3jIfBFiV13Hx3pgxlg==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 110ms
109ms Preflight 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:36:24 GMT
x-amzn-requestid: f5346b95-f9b1-4cfd-b1f7-4315a3af6d0b
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: oz4SNHeyZIGatZyo_8oMW8Xk2MLmGyolgHdNBhKiSZRVb1_MwNIOaA==

GET
H2 200 widget-962da5bb0691e5c58b54.js Show response
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 71AD 646 KB
182 KB 70ms
11ms Script
application/javascript 2600:9000:214f:3c00:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Requested by

Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:3c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

c7bb7011639a2c9a6ebb7ac5d5c77e24e51babbffc2cfa2b3a1bf17cd37b6bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 06:52:04 GMT
content-encoding: gzip
last-modified: Wed, 12 Jan 2022 06:48:38 GMT
server: Cowboy
age: 24260
vary: Accept-Encoding,Origin
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
via: 1.1 vegur, 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
cache-control: public, max-age=31556952
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA53-C1
content-length: 186244
x-amz-cf-id: yGCLSTE8wI0W_fuNS1x9cR-QsLF2E9BDbd8sHUbWtSGAZo6CPNB4Kw==

GET
H2 200 widget-d3adafff.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 71AD 36 KB
9 KB 68ms
9ms Stylesheet
text/css 2600:9000:214f:3c00:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css

Requested by

Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:3c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

24c5c51ddb40e7b5a0b3f5aef0c2c344600214ad11de22c6d3d770b1400d8443

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 06:52:03 GMT
content-encoding: gzip
last-modified: Wed, 12 Jan 2022 06:48:38 GMT
server: Cowboy
age: 24260
vary: Accept-Encoding,Origin
strict-transport-security: max-age=63072000; includeSubDomains
content-type: text/css
via: 1.1 vegur, 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
cache-control: public, max-age=31556952
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA53-C1
content-length: 8455
x-amz-cf-id: OTJP83nPC01yzed_jra1q_nfZNU3q00574ZNRR72PVb1Z3ZIlTpxCg==

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 2 KB
1 KB 25ms
8ms XHR
application/json 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 04e927aedd7e61c330b08636fb4a8ed48f53a74b6f804838d58d40f4a1631f4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: fMRaECo1ddvhaCCpmS9MNNcM4pHj6SCw
content-encoding: br
etag: W/"441c711770a14e48ac8c7bf30078ca2b"
age: 6913
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Thu, 09 Dec 2021 15:32:10 GMT
server: AmazonS3
date: Wed, 12 Jan 2022 11:41:12 GMT
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
via: 1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
cache-control: public, max-age=10800
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: Dys-l73Rd1Q67DSSdpjG7Ey5PYYke7gDl2yO2kCAky-Cc4gx1gZEBg==

GET
H2 200 130.bundle.55742ac9337d9e12bdd6.js Show response
cdn.segment.com/analytics-next/bundles/ 10 KB
4 KB 9ms
8ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/130.bundle.55742ac9337d9e12bdd6.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 98cfbc4941d976520dde0a548b87b499e1c0454f9bc38aeb581b9e13b1e219a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:32:35 GMT
content-encoding: br
vary: Accept-Encoding
age: 4053830
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Thu, 25 Nov 2021 23:09:33 GMT
server: AmazonS3
etag: W/"c32e07e36ae390e42c9cea85fcb9bb33"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: 7wIf9T6uzKT9TQ8NphPW2FKHVOtBcj40
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
content-type: application/javascript
x-amz-cf-id: JjhuiPHgPw7jG11Bba2zsMxKnu3BEq7eUnFT_Ywd77c18ChNwG5ylQ==

GET
H2 200 ajs-destination.bundle.36b90a11867ae217be52.js Show response
cdn.segment.com/analytics-next/bundles/ 10 KB
3 KB 9ms
9ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.36b90a11867ae217be52.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4397a57f8357b3b0371c6df32a62b87eaa43218c42fa538fb34980bfb0b20a78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 02 Nov 2021 11:40:37 GMT
content-encoding: br
vary: Accept-Encoding
age: 6141348
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Fri, 29 Oct 2021 23:16:36 GMT
server: AmazonS3
etag: W/"605f393e8c3fbadf09528d469743232e"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: FjBsbHA.8FN2h5.3COmnYMKZvuK7a99Y
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
content-type: application/javascript
x-amz-cf-id: kEl_ihEQDv1EvAv7cnVgpU-Sp0uzna_KuK-1-aDy8IaOge49Z-Yp3A==

GET
H2 200 hotjar.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/ 3 KB
2 KB 8ms
7ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:50:52 GMT
content-encoding: gzip
age: 654333
x-cache: Hit from cloudfront
content-length: 1342
access-control-allow-origin: *
last-modified: Thu, 09 Dec 2021 17:29:39 GMT
server: AmazonS3
etag: "8efb1862102ff23cb16241a0b8ff3c9b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: s_9RULedH0BaifUc7v3ON5hu_HkkOIFq
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: tbRK-gaX8FxeizK816S-zTxQUeaJdqqXQ4t_UBFovBX8RLcWeisTMw==

GET
H2 200 sentry.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 4 KB
2 KB 11ms
10ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e758112ff101392ac7e7b217a21f74bcafa7c8b7b60452014b41826160c87d6f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 23:22:51 GMT
content-encoding: gzip
age: 8950414
x-cache: Hit from cloudfront
content-length: 1639
access-control-allow-origin: *
last-modified: Tue, 28 Sep 2021 23:16:39 GMT
server: AmazonS3
etag: "9434992b2088ef157a888e645136ddd9"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: KkLGnWMXwwsyOOOBY8OvOj7JaKaevyLL
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: w-VY_sgmS6S8v4DoO_gSFkIufQmBtsEcGdWW_RVDcZLK40e70fQDoA==

GET
H/1.1 200
OK conversations Show response
app.chatwoot.com/api/v1/widget/ Frame 71AD 2 B
646 B 116ms
116ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI5ODZhN2MzYS1iNThlLTQyZTQtOWViNi1kNGQzNDVlMDc2Y2QiLCJpbmJveF9pZCI6MTQxMn0.cUn3tGkyiXfyas6eeFS96wu_23f5_A3JyQEFYA_5srw
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:36:24 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 7053b5ff-7077-4cc9-be4d-cd7bd8a632a8
X-Runtime: 0.014848
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK ding.mp3 Show response
app.chatwoot.com/dashboard/audios/ Frame 71AD 3 KB
3 KB 216ms
102ms XHR
audio/mpeg 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/dashboard/audios/ding.mp3

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

42b9d70c9c51cfdff6ed60e874771049df657c93a0361220174582f07dceba53

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:36:24 GMT
Via: 1.1 vegur
Last-Modified: Wed, 12 Jan 2022 03:28:49 GMT
Server: Cowboy
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: audio/mpeg
Cache-Control: public, max-age=31556952
Connection: keep-alive
Content-Length: 2667

GET
H/1.1

200
OK

367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7
prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/ Frame 71AD
Redirect Chain

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJ...
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filenam...

37 KB
38 KB

428ms
127ms

Image
image/jpeg

52.216.81.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133624Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=eee1ff7292052ef0cf7c684052f1df67dc0a191793763fe1aed4c86893db27d4
Requested by: Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Protocol: HTTP/1.1
Server: 52.216.81.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Wed, 12 Jan 2022 13:36:26 GMT
Last-Modified: Thu, 05 Aug 2021 20:31:19 GMT
Server: AmazonS3
x-amz-request-id: G60TPGWZPH84M02R
ETag: "ab29439c87f225b2b0b1025797f85380"
Content-Type: image/jpeg
Content-Disposition: inline; filename="huntr_logo.jpg"; filename*=UTF-8''huntr_logo.jpg
Accept-Ranges: bytes
Content-Length: 38205
x-amz-id-2: lIkenYcr3HFMwANhuAJf+PPQCWJvIz4O6qXuedrQKV1S2ZrNlTHnQ16ZDWVUVTijPwuQPJK78RY=

Redirect headers

Date: Wed, 12 Jan 2022 13:36:24 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 08818604-18a7-47dc-9c16-9662f29ab153
X-Runtime: 0.030899
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: text/html; charset=utf-8
Location: https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133624Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=eee1ff7292052ef0cf7c684052f1df67dc0a191793763fe1aed4c86893db27d4
Cache-Control: max-age=300, private

GET
H/1.1 200
OK logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame 71AD 916 B
1 KB 328ms
101ms Image
image/svg+xml 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.chatwoot.com/brand-assets/logo_thumbnail.svg

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:36:24 GMT
Via: 1.1 vegur
Last-Modified: Wed, 12 Jan 2022 03:28:49 GMT
Server: Cowboy
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: public, max-age=31556952
Connection: keep-alive
Content-Length: 916

GET
H2 200 Inter-Regular-b35f79d43d03b9a20047efe416c35d08.woff2
d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/ Frame 71AD 34 KB
35 KB 26ms
9ms Font
application/font-woff2 2600:9000:214f:3c00:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/Inter-Regular-b35f79d43d03b9a20047efe416c35d08.woff2

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:3c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

9ff1509605edb93b5b09373cc654addcf9afe913bc0ca69082e5683348e2ba75

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css
Origin: https://app.chatwoot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 23:53:24 GMT
via: 1.1 vegur, 1.1 511c8b6c7e903efca023a504d527516a.cloudfront.net (CloudFront)
vary: Origin
age: 913379
x-cache: Hit from cloudfront
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 34832
last-modified: Tue, 28 Dec 2021 16:38:47 GMT
server: Cowboy
access-control-max-age: 7200
access-control-allow-methods: GET, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=31556952
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: Ti0Xh3vl0l0Tocg7W9BxzwgvDs1Z6GviMf0QkNTCiBMXOeTiACZlmg==

GET
H2 200 Inter-Medium-aec38a6b266a908bc320e30f261771d1.woff2
d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/ Frame 71AD 34 KB
35 KB 26ms
9ms Font
application/font-woff2 2600:9000:214f:3c00:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/Inter-Medium-aec38a6b266a908bc320e30f261771d1.woff2

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:3c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

9177550934c7d4516a148a4d0bc2cd709da01789a4d6d2862c6d17b083a7d8cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css
Origin: https://app.chatwoot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 23:23:35 GMT
via: 1.1 vegur, 1.1 511c8b6c7e903efca023a504d527516a.cloudfront.net (CloudFront)
vary: Origin
age: 7654368
x-cache: Hit from cloudfront
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 35264
last-modified: Fri, 15 Oct 2021 19:23:44 GMT
server: Cowboy
access-control-max-age: 7200
access-control-allow-methods: GET, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=31556952
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: 1gWlwtT1iFl5F_5vniyD5Hz2aNPkX4e8Mzt0SVXCkO_bZXcKsXg0xA==

GET
DATA 200
OK truncated
/ 424 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 commons.54701049fd6fb8497e9e.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 9ms
9ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 08 Jan 2022 11:33:50 GMT
content-encoding: gzip
age: 352955
x-cache: Hit from cloudfront
content-length: 22174
access-control-allow-origin: *
last-modified: Thu, 09 Dec 2021 17:29:38 GMT
server: AmazonS3
etag: "7741fd16ad2418cd17ab981f8207b106"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: yMEgoyLxEpM8Rf_rEzgJOY.2Rwl34IeV
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 5dJZM_HwN_1ejdDj7uOv-vTiwUL13c5t4YatXdB-q1bediiUc1o5Gw==

GET
H2 200 commons.3495c86769f191d6894f.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 11ms
10ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7b5e884ac6bca471440d62a21038e1b0342c4bc6e840388256b5f4137c2e666e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 14:16:30 GMT
content-encoding: gzip
age: 1639195
x-cache: Hit from cloudfront
content-length: 22175
access-control-allow-origin: *
last-modified: Tue, 12 Oct 2021 23:21:28 GMT
server: AmazonS3
etag: "97bdd3686696ee0e0f60bfaaa6b5693b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: p.AJWplN18GgEfmDvELKjPajEH9VF9mT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: bR24cMEmwu_9BnTsOvv1wVzUa0NDi7J0srCR_bYRFnvU2zDiW9PHzQ==

GET
H/1.1 200
OK messages Show response
app.chatwoot.com/api/v1/widget/ Frame 71AD 2 B
646 B 326ms
149ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI5ODZhN2MzYS1iNThlLTQyZTQtOWViNi1kNGQzNDVlMDc2Y2QiLCJpbmJveF9pZCI6MTQxMn0.cUn3tGkyiXfyas6eeFS96wu_23f5_A3JyQEFYA_5srw
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:36:24 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 79cdc890-8ca6-4e5b-b74c-68ebf027a43f
X-Runtime: 0.041852
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK inbox_members Show response
app.chatwoot.com/api/v1/widget/ Frame 71AD 959 B
2 KB 350ms
173ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI5ODZhN2MzYS1iNThlLTQyZTQtOWViNi1kNGQzNDVlMDc2Y2QiLCJpbmJveF9pZCI6MTQxMn0.cUn3tGkyiXfyas6eeFS96wu_23f5_A3JyQEFYA_5srw
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:36:23 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 1e3a0c68-3bf8-41e0-92d6-57cafbc08adf
X-Runtime: 0.069878
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"76f1b39cfb3063a87ebc0b127fdedbf2"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK contact Show response
app.chatwoot.com/api/v1/widget/ Frame 71AD 56 B
701 B 307ms
130ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

9979befce6c83db092079feedfaf888f83aeef17beef59075577ff16baad7589

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI5ODZhN2MzYS1iNThlLTQyZTQtOWViNi1kNGQzNDVlMDc2Y2QiLCJpbmJveF9pZCI6MTQxMn0.cUn3tGkyiXfyas6eeFS96wu_23f5_A3JyQEFYA_5srw
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:36:24 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 5563d567-d026-49e8-a091-ad5da7a0cc52
X-Runtime: 0.025536
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"9979befce6c83db092079feedfaf888f"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK campaigns Show response
app.chatwoot.com/api/v1/widget/ Frame 71AD 2 B
646 B 320ms
132ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI5ODZhN2MzYS1iNThlLTQyZTQtOWViNi1kNGQzNDVlMDc2Y2QiLCJpbmJveF9pZCI6MTQxMn0.cUn3tGkyiXfyas6eeFS96wu_23f5_A3JyQEFYA_5srw
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:36:24 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 64ac8dfc-8d37-4082-b5b3-e961eda77e6d
X-Runtime: 0.023206
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 26 B
419 B 181ms
180ms XHR
application/json 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash: 6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 4c81ea6c-f5a3-42f1-bab3-d2b203278a1c
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 26
x-amz-cf-id: OAxI56UZ7t4vwT0ViFFiR-LQw_cSAE5mmDSF3MJFate5TbkFxO7H4g==

GET
H2 200 76475453
avatars.githubusercontent.com/u/ 2 KB
2 KB 37ms
7ms Image
image/png 2606:50c0:8002::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/76475453?v=4

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5147a815de3a26be091fcf10e707e74ea15835dceb388aa69a03b50b32fde99a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-fastly-request-id: efcbb36dba744aefe54c936b2719c25c871bf439
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 1549
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4077-HHN
last-modified: Fri, 13 Jan 2012 11:45:41 GMT
x-github-request-id: A14E:1247D:1097C2:11C831:61DCD666
x-timer: S1641994584.460121,VS0,VE1
x-frame-options: deny
date: Wed, 12 Jan 2022 13:36:24 GMT
source-age: 131826
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "5147a815de3a26be091fcf10e707e74ea15835dceb388aa69a03b50b32fde99a"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 12 Jan 2022 13:41:24 GMT

GET
H2 200 3bf14b9.js Show response
huntr.dev/_nuxt/ 52 KB
13 KB 99ms
99ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/3bf14b9.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d7ca3e432a3e1e2da46375be32a3f4f8006232808e00dd834bef57a1edad2f7c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"ec8276824992cc85a4af78a05796d3b0"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: XyKoZrOk1fiHKcTAVxBi1TUo9uDUKu-JafitV_eWyHVjV6efFZ-MLA==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/users/haxatron/ 76 B
1 KB 94ms
94ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/users/haxatron/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e6cb28220805df2d8d624f0cac59a3a516a74f8940ea1bc3bd37e35248125124

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:25 GMT
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 76
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:54 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "15ae76c3b256dd8ea5aa8c53932b9b59"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: vjGbfTO2WTwoSkg4ZspCnbfQ0YenvT1lAcS3m4XdXXT0uy-BPKX8JQ==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 132ms
132ms Preflight 13.35.253.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-118.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:36:24 GMT
x-amzn-requestid: 3a35ad23-c090-4efa-9e0d-a7b485aac7fc
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: oaxAolpeaZOsr4pxRKoUdxBQ1YaEOMUypVumvspgwGExth0IshycDw==

GET
H2 200 hotjar-2380708.js Show response
static.hotjar.com/c/ 8 KB
3 KB 54ms
36ms Script
application/javascript 13.32.22.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2380708.js?sv=6

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.22.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-22-41.fra56.r.cloudfront.net

Software

Resource Hash

5f0949724bdd234e9ad2104b9917a306c55aad89f52b4bfa9d04efc5d6a36857

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA56-C2
etag: W/c583c69d393d6add1da8cd630a48b5ae
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: Qbi3s1q3xMKFFACkn3B42H6_JZ42cR88iRjtPjWu6XZBTCWQHH9TiA==
via: 1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)

GET
H2 200 bundle.min.js Show response
browser.sentry-cdn.com/5.12.1/ 55 KB
17 KB 23ms
7ms Script
application/javascript 2a04:4e42:600::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/5.12.1/bundle.min.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://huntr.dev/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 11:19:05 GMT
server: Fastly
age: 12372421
etag: "1c5228c89d281d08aa0ce908f582609a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 17201
expires: Mon, 22 Aug 2022 08:49:23 GMT

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/eeb1508f-a986-45cb-9aaf-312deb225a84/ 259 B
1 KB 93ms
92ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/eeb1508f-a986-45cb-9aaf-312deb225a84/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

62c691fb84e766d1140d4ed45474d379708c7815ec1ac770e82ddd77184691dc

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:25 GMT
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 259
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "3dbcde5116b8bcf647a1eb8e77bf73aa"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: aU9wNtQvXPllaiBC6GXKqFvRMxMg8AJQ838v5YzRKzA-D9eXVzDNag==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df/ 259 B
1 KB 113ms
112ms Script
application/javascript 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

ef194ca71890600317872e8ad974670ff0be419e9264644f97d6b94fcfc97b45

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:25 GMT
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 259
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:49 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "d3784cc40e0133a5718d2c5543b8dbf2"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: vERLto8Ypzdk0eR22QK2H_H1Nx-VvLB2j088WXJ12Et60EhIMQN7uQ==

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
138 B 513ms
168ms Fetch
application/json 54.200.147.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.segment.io/v1/p
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.147.126 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-147-126.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://huntr.dev
date: Wed, 12 Jan 2022 13:36:24 GMT
content-length: 21
vary: Origin
content-type: application/json

GET
H2 200 rewriteframes.min.js Show response
browser.sentry-cdn.com/5.12.1/ 5 KB
2 KB 7ms
7ms Script
application/javascript 2a04:4e42:600::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://huntr.dev/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 11:19:05 GMT
server: Fastly
age: 3136263
etag: "4e240097ab71acf709caa48e23cd6411"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 1807
expires: Wed, 07 Dec 2022 06:25:22 GMT

GET
H2 200 modules.95d56a8fe70e88a7dcd9.js Show response
script.hotjar.com/ 229 KB
61 KB 25ms
8ms Script
application/javascript 13.32.22.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.95d56a8fe70e88a7dcd9.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.22.63 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-22-63.fra56.r.cloudfront.net

Software

Resource Hash

4fd4f9c63843aebb667973c535aa77d95795ebb28635e01b62cf81dfb44aee32

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 13:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88219
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 61466
access-control-allow-origin: *
last-modified: Tue, 11 Jan 2022 13:05:10 GMT
etag: "e2ccd91105747342ee4a8ed27f9e5793"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 b25bc331cb2e5e7e25d9488f5ecdc940.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: DlDphaPmFtTEzrf7paIyAOLJT8zw72kF6JqI7e8nNWTNylOgN1N5Aw==

GET
H2 200 box-21ccaa45726c0f3c8c458f7a87eb2298.html Show response
vars.hotjar.com/ Frame ABCF 2 KB
1 KB 40ms
7ms Document
text/html 143.204.215.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-95.fra53.r.cloudfront.net
Software: /
Resource Hash: c5da2e1eefbe4efd64ec18b775495cf3011d9ae03842917bfe1b0a50e03a7a44

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/

Response headers

content-type: text/html
content-length: 1044
date: Mon, 08 Nov 2021 14:05:19 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "6a4e2ae376c29011d2e53de65a08d0b7"
last-modified: Tue, 01 Jun 2021 09:17:15 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: SCFyYJl_PhSxvjGPtm_oVmeJHTWw1eOARLQjRHKFqRcNARqb6o8eSg==
age: 5614265

GET
H2 200 generic-avatar.9a3295c.png
huntr.dev/_nuxt/img/ 5 KB
6 KB 82ms
82ms Image
image/png 2600:9000:223d:6400:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://huntr.dev/_nuxt/img/generic-avatar.9a3295c.png

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:6400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

aec2c5330d63222d6def1e45d8f5412b86059dcecb921b259a95f65fe66a4c7d

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:25 GMT
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 5573
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:46 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "24f19f6fffd8809bee79b6ea162af382"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: ub_facvzW_QARmwr1bW-xc3YeSi82NUPU-3_cbpiJwr_8GcwPnh_9Q==

GET
H2 200 197404
avatars.githubusercontent.com/u/ 27 KB
27 KB 8ms
7ms Image
image/jpeg 2606:50c0:8002::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/197404?v=4

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dbc65505e4eb5d51660dd058b6c1d21c0049626749f5e6b5098f4d163bfac235

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-fastly-request-id: 4147bbee7e05dfefa35fc00c8f150b61ee18a505
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 27162
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4077-HHN
last-modified: Fri, 10 Apr 2020 00:17:47 GMT
x-github-request-id: 8456:14B4:10414F:114DC3:61DCCA7B
x-timer: S1641994585.691117,VS0,VE1
x-frame-options: deny
date: Wed, 12 Jan 2022 13:36:24 GMT
source-age: 134877
strict-transport-security: max-age=31557600
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
etag: "07e79134bc4983d0352ee937a698f6730780a8685f324e05d9dd12236174cabf"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 12 Jan 2022 13:41:24 GMT

GET
H/1.1 200
OK logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame 71AD 916 B
1 KB 101ms
101ms Image
image/svg+xml 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.chatwoot.com/brand-assets/logo_thumbnail.svg

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:36:24 GMT
Via: 1.1 vegur
Last-Modified: Wed, 12 Jan 2022 03:28:49 GMT
Server: Cowboy
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: public, max-age=31556952
Connection: keep-alive
Content-Length: 916

GET
H/1.1

200
OK

57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e
prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/ Frame 71AD
Redirect Chain

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBclZUIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--31ae538bf9d04000e44a5bbe8feed382c0892b6f/eyJ...
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filenam...

91 KB
92 KB

413ms
126ms

Image
image/png

52.216.81.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133624Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=38afcec7d6e24abacf64e9325d4b814e38a3297ac6946021d673112b86cbe00f
Protocol: HTTP/1.1
Server: 52.216.81.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4a95b5c247339fdab7e5a42415d06af62c2338c1570cdadee683f256c49d0916

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Wed, 12 Jan 2022 13:36:26 GMT
Last-Modified: Thu, 05 Aug 2021 20:40:50 GMT
Server: AmazonS3
x-amz-request-id: G60QY7KYBP2TW0V6
ETag: "9fd358b18d93851b67b6b768bddd8bb6"
Content-Type: image/png
Content-Disposition: inline; filename="profile.png"; filename*=UTF-8''profile.png
Accept-Ranges: bytes
Content-Length: 93584
x-amz-id-2: 0yFCDcaZStzVXHqDUH3w/rNEZRfkPJlmPr9vJyX+qiD3jAvalvHi1psp3uIgfuCN96jNqcOeYu0=

Redirect headers

Date: Wed, 12 Jan 2022 13:36:24 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: d63d222a-dd13-4a5c-91ec-aef88cc15883
X-Runtime: 0.039359
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: text/html; charset=utf-8
Location: https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133624Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=38afcec7d6e24abacf64e9325d4b814e38a3297ac6946021d673112b86cbe00f
Cache-Control: max-age=300, private

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2380708/ 146 B
321 B 102ms
35ms XHR
application/json 52.209.125.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2380708/visit-data?sv=6
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.125.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-125-250.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 30886bcaa4bc9292431c9ae196c0b6bbcc4e4311b4839780c91a09c771c76c6e

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 204 2380708 Show response
vc.hotjar.io/sessions/ 0
258 B 71ms
35ms XHR
text/plain 65.9.61.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/2380708?s=0.25&r=0.20357170699698268
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.61.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-61-115.fra56.r.cloudfront.net
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:36:24 GMT
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
server: Python/3.7 aiohttp/3.5.4
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: 9yoMO1LD5RDS39fUmGAnUPZZwvGgPxgdWdYhOL9vm_n1iaeijZANYQ==

POST
H/1.1 200
OK content Show response
ws30.hotjar.com/api/v2/sites/2380708/recordings/ 66 B
394 B 314ms
139ms XHR
application/json 34.243.159.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws30.hotjar.com/api/v2/sites/2380708/recordings/content
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.159.102 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-159-102.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 96f44d6ed2de8482fdd60cf1fe19d27ccfe37f5d88db9a53af8bd31211d562e2

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Date: Wed, 12 Jan 2022 13:36:25 GMT
Content-Encoding: br
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked

POST
H2 200 / Show response
app.posthog.com/e/ 13 B
297 B 132ms
131ms XHR
application/json 3.93.205.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1641994586517

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.93.205.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-93-205-7.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Jan 2022 13:36:26 GMT
referrer-policy: same-origin
server: gunicorn
x-frame-options: DENY
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://huntr.dev
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
content-length: 13
x-content-type-options: nosniff

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
huntr.dev/	1969-12-31 23:59:59	Name: auth.strategy Value: cognito
.huntr.dev/	1970-01-20 08:52:10	Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog Value: %7B%22distinct_id%22%3A%2217e4e80fdd8cd8-0bca624eb51936-f791b31-1d4c00-17e4e80fdd9e02%22%2C%22%24device_id%22%3A%2217e4e80fdd8cd8-0bca624eb51936-f791b31-1d4c00-17e4e80fdd9e02%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1641994583522%2C%2217e4e80fde3109b-03efca91523d41-f791b31-1d4c00-17e4e80fde42e1%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
huntr.dev/	1970-01-20 08:52:10	Name: cw_conversation Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI5ODZhN2MzYS1iNThlLTQyZTQtOWViNi1kNGQzNDVlMDc2Y2QiLCJpbmJveF9pZCI6MTQxMn0.cUn3tGkyiXfyas6eeFS96wu_23f5_A3JyQEFYA_5srw
.huntr.dev/	1970-01-20 08:52:10	Name: ajs_anonymous_id Value: 16b727cc-34c0-4f34-bfcf-40cae5360646
.huntr.dev/	1970-01-20 08:52:10	Name: _hjSessionUser_2380708 Value: eyJpZCI6IjAyOWM0YjZhLWM1MDktNTIxZi1hNGExLTlkYTQzZTYzMTUwMSIsImNyZWF0ZWQiOjE2NDE5OTQ1ODQ1NzAsImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/	1970-01-20 00:06:36	Name: _hjFirstSeen Value: 1
huntr.dev/	1970-01-20 00:06:34	Name: _hjIncludedInSessionSample Value: 1
.huntr.dev/	1970-01-20 00:06:36	Name: _hjSession_2380708 Value: eyJpZCI6IjU2MTc5MGZmLTkzZjUtNDE5ZC1hNDQ0LWNhN2Q3N2QwNjk5YSIsImNyZWF0ZWQiOjE2NDE5OTQ1ODQ3MjUsImluU2FtcGxlIjp0cnVlfQ==
huntr.dev/	1970-01-20 00:06:34	Name: _hjIncludedInPageviewSample Value: 1
.huntr.dev/	1970-01-20 00:06:36	Name: _hjAbsoluteSessionInProgress Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/ Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js(Line 1) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
huntr.dev
in.hotjar.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
vc.hotjar.io
ws30.hotjar.com
13.32.22.41
13.32.22.63
13.35.253.118
143.204.215.95
18.205.222.128
2600:9000:214f:3c00:7:dce7:b680:21
2600:9000:223d:6400:14:bb32:5f00:93a1
2606:50c0:8002::154
2a04:4e42:600::729
3.93.205.7
34.243.159.102
52.209.125.250
52.216.81.128
54.200.147.126
65.9.61.115
99.86.7.85
0069019b0f2cbc057ad4f69c01c9f510a46e86d4160f4093709f4da5999e8f76
04e927aedd7e61c330b08636fb4a8ed48f53a74b6f804838d58d40f4a1631f4b
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2
10f593138390e0dca1a2bb1fd8b75b95e21e85363ed6e8941ac7ca9b73eaa58a
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7
211b5a9c89ca2bdb19447e2159875ba8be570b4e42d1962beca5bfad01b93b41
24c5c51ddb40e7b5a0b3f5aef0c2c344600214ad11de22c6d3d770b1400d8443
305a75b75a2968ceb39778f2802f3e33e41d3b611f87de43d6b989c56a8c57b1
30886bcaa4bc9292431c9ae196c0b6bbcc4e4311b4839780c91a09c771c76c6e
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
3ef0abb4845e08bf9ee05a34d8457724a637662a9030904aab5214c0e24a27a4
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
42b9d70c9c51cfdff6ed60e874771049df657c93a0361220174582f07dceba53
4397a57f8357b3b0371c6df32a62b87eaa43218c42fa538fb34980bfb0b20a78
43caf074caf0b74abf298083d24582bcc6222300c4758a34923b25664d964896
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a95b5c247339fdab7e5a42415d06af62c2338c1570cdadee683f256c49d0916
4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400
4e0a3da788c1c015983887d374c806e0e22e00c1a05478ff48d4ddd00bc22830
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fd4f9c63843aebb667973c535aa77d95795ebb28635e01b62cf81dfb44aee32
506aa0ea770d002656c5a0884b149d33efd23951ca16bdbe7e3d76e8d0531a4c
5147a815de3a26be091fcf10e707e74ea15835dceb388aa69a03b50b32fde99a
52bfe2c491b876e967ad8d9a46e5c43e4b342c204e865e049f3b74daaed7af84
581328a6d6e6e92f7eccc5237174bd8ed73c929960bd4c838de73afea046e87a
5c1941d5f7e989c15891c78441408048088fcd0ce5330b958187504340e0d528
5f0949724bdd234e9ad2104b9917a306c55aad89f52b4bfa9d04efc5d6a36857
6190ebed8568901a2628a503e0bd1e72c10e6a5cc207193038f4a8c13fac9485
62c691fb84e766d1140d4ed45474d379708c7815ec1ac770e82ddd77184691dc
6807e1d77edfeb9a4bb6d32f2bd8bea0e411aa158df9c3dc13a0be01dfca8f6b
6da167fbba631ae8858acb2511800949ad269156bb7a7af0e9b5455d887d7e8c
6ec4210b7a41340415fcad48cdcd9fabf3497b1512d43c297077806fe9aed7c7
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
74a348f44f646a5869060116a0a51cfeacd9c52338f834e81806c03644cdf5a3
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
7561fb9f36929fc5ee536239058b9ecff2d8075c5953dc2f81571a4d0fb0bbec
76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
78bb08ba17e489b63c7ceac9b4e8f4ac40450b9b64b40016626cb4d554297f69
7aabb3c3be9e964e33990c63a17c294a2dfd348422dda57ea50feb8355a34414
7b5e884ac6bca471440d62a21038e1b0342c4bc6e840388256b5f4137c2e666e
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
833e44e0f40eada5a7ca9770aea05768e576ee5ca6ce20ec636fa51bde65b03c
8993e0383e40e5bd3b61be2e4e7acbf8e8325863491928a06a1a0c25cfa7fdaa
9177550934c7d4516a148a4d0bc2cd709da01789a4d6d2862c6d17b083a7d8cb
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
96f44d6ed2de8482fdd60cf1fe19d27ccfe37f5d88db9a53af8bd31211d562e2
98cfbc4941d976520dde0a548b87b499e1c0454f9bc38aeb581b9e13b1e219a7
9979befce6c83db092079feedfaf888f83aeef17beef59075577ff16baad7589
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
9ff1509605edb93b5b09373cc654addcf9afe913bc0ca69082e5683348e2ba75
a5de64ce9eac87ca74a4dd88c3fe95a78f0514029e18b1ddc6542fbe1f99ffc0
ae3711b69005cf8726b54df4b235f63d7ff9fb121ee2f3300b3b390215d09cb6
aec2c5330d63222d6def1e45d8f5412b86059dcecb921b259a95f65fe66a4c7d
b31f151521a901006a71ba693ec632c0dbbc29e54e1d1fbebeae08b9cf19c76f
b91bb18b545e5ae1b449eb4861af099fba89ce33c280f9b95f692d2367ea66ca
b9917ccf39f0ee3919543b9e3e00f636f66b3a22c67f30887708e2c6b5bfd439
bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b
c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32
c5da2e1eefbe4efd64ec18b775495cf3011d9ae03842917bfe1b0a50e03a7a44
c7bb7011639a2c9a6ebb7ac5d5c77e24e51babbffc2cfa2b3a1bf17cd37b6bc7
caa5f72527e871922763c493af6384144451a172db5db4566235196b07ce3e3a
d3dcec4f248e2811281de6c0e8755ae7e03a72c54dc9b4d1e1ca7ce6ba3de30c
d41e5b545a338f280a64fb8f04cd5c3c4f5f006149559c7aaec1d6c3899f97a4
d7ca3e432a3e1e2da46375be32a3f4f8006232808e00dd834bef57a1edad2f7c
dbc65505e4eb5d51660dd058b6c1d21c0049626749f5e6b5098f4d163bfac235
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6cb28220805df2d8d624f0cac59a3a516a74f8940ea1bc3bd37e35248125124
e758112ff101392ac7e7b217a21f74bcafa7c8b7b60452014b41826160c87d6f
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa
ef194ca71890600317872e8ad974670ff0be419e9264644f97d6b94fcfc97b45
f120052d211097e6bedc7819573661081c96151aeef903e657927c66260937c1

huntr.dev Open in urlscan Pro 2600:9000:223d:6400:14:bb32:5f00:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

81 Requests

98 %HTTPS

25 %IPv6

11 Domains

16 Subdomains

17 IPs

2 Countries

1815 kBTransfer

5314 kBSize

10 Cookies

17 Outgoing links

Page URL History

Redirected requests

81 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

huntr.dev Open in urlscan Pro
2600:9000:223d:6400:14:bb32:5f00:93a1 Public Scan

Screenshot
Live screenshot

Full Image

81
Requests

98 %
HTTPS

25 %
IPv6

11
Domains

16
Subdomains

17
IPs

2
Countries

1815 kB
Transfer

5314 kB
Size

10
Cookies

81 HTTP transactions
1 data transactions