urlscan.io logo urlscan.io
SecurityTrails logo

huntr.dev Open in urlscan Pro
2600:9000:206e:3e00:14:bb32:5f00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Submission: On January 04 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 1 countries across 10 domains to perform 72 HTTP transactions. The main IP is 2600:9000:206e:3e00:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon on December 26th 2022. Valid for: a year.
This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 28 2600:9000:206... 16509 (AMAZON-02)
3 2606:50c0:800... 54113 (FASTLY)
7 99.86.8.175 16509 (AMAZON-02)
3 11 54.237.133.81 14618 (AMAZON-AES)
2 54.205.45.55 14618 (AMAZON-AES)
12 13.225.78.45 16509 (AMAZON-02)
1 13.32.27.7 16509 (AMAZON-02)
2 2a04:4e42::729 54113 (FASTLY)
1 54.70.150.187 16509 (AMAZON-02)
1 13.32.27.19 16509 (AMAZON-02)
4 2600:9000:214... 16509 (AMAZON-02)
1 18.66.15.82 16509 (AMAZON-02)
3 52.216.63.25 16509 (AMAZON-02)
72 13
28    2600:9000:206e:3e00:14:bb32:5f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
huntr.dev
3    2606:50c0:8002::154 (United States)

ASN54113 (FASTLY, US)
avatars.githubusercontent.com
7    99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net
cdn.segment.com
11    54.237.133.81 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-237-133-81.compute-1.amazonaws.com
app.chatwoot.com
2    54.205.45.55 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-45-55.compute-1.amazonaws.com
app.posthog.com
12    13.225.78.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-45.fra2.r.cloudfront.net
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
1    13.32.27.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-7.fra56.r.cloudfront.net
static.hotjar.com
2    2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    54.70.150.187 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-70-150-187.us-west-2.compute.amazonaws.com
api.segment.io
1    13.32.27.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-19.fra56.r.cloudfront.net
script.hotjar.com
4    2600:9000:214f:6c00:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)
d3tq67kexc2w2i.cloudfront.net
1    18.66.15.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-15-82.vie50.r.cloudfront.net
vars.hotjar.com
3    52.216.63.25 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
Apex Domain
Subdomains		 Transfer
28 huntr.dev
huntr.dev
1 MB
15 amazonaws.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
103 KB
11 chatwoot.com
app.chatwoot.com — Cisco Umbrella Rank: 305996
45 KB
7 segment.com
cdn.segment.com — Cisco Umbrella Rank: 2324
59 KB
4 cloudfront.net
d3tq67kexc2w2i.cloudfront.net
208 KB
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 877
script.hotjar.com — Cisco Umbrella Rank: 1181
vars.hotjar.com — Cisco Umbrella Rank: 1235
75 KB
3 githubusercontent.com
avatars.githubusercontent.com — Cisco Umbrella Rank: 13525
89 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4703
19 KB
2 posthog.com
app.posthog.com — Cisco Umbrella Rank: 44294
791 B
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1304
170 B
72 10
Domain Requested by
28 huntr.dev 1 redirects huntr.dev
12 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.dev
browser.sentry-cdn.com
11 app.chatwoot.com 3 redirects huntr.dev
app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
7 cdn.segment.com huntr.dev
cdn.segment.com
4 d3tq67kexc2w2i.cloudfront.net app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
3 prod-chatwoot-assets.s3.amazonaws.com
3 avatars.githubusercontent.com huntr.dev
2 browser.sentry-cdn.com cdn.segment.com
2 app.posthog.com huntr.dev
browser.sentry-cdn.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 api.segment.io cdn.segment.com
1 static.hotjar.com cdn.segment.com
72 13
Subject Issuer Validity Valid
*.huntr.dev
Amazon		 2022-12-26 -
2024-01-24		 a year crt.sh
*.github.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-07 -
2023-04-07		 a year crt.sh
*.segment.com
Amazon		 2022-12-13 -
2024-01-12		 a year crt.sh
app.chatwoot.com
R3		 2022-11-11 -
2023-02-09		 3 months crt.sh
app.posthog.com
Amazon		 2022-10-04 -
2023-11-02		 a year crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon		 2022-12-07 -
2024-01-05		 a year crt.sh
*.hotjar.com
Amazon		 2022-10-25 -
2023-11-23		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2022 Q3		 2022-09-28 -
2023-10-30		 a year crt.sh
*.segment.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh

This page contains 3 frames:

Primary Page: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Frame ID: D4F2A74B114822DDA07CCA07DAEA8BEB
Requests: 51 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: E594AFA016858E0D25AD4695D270E7B1
Requests: 14 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
Frame ID: DEBC058C516753619C036F8EDBDB1097
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

CSRF to add shortcuts to victim account vulnerability found in memos

Page URL History Show full URLs

  1. https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc HTTP 301
    https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

72
Requests

96 %
HTTPS

31 %
IPv6

10
Domains

13
Subdomains

13
IPs

1
Countries

1901 kB
Transfer

5871 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc HTTP 301
    https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0d564/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--0ebc19c01420fe8a8c6a202fcf9e63947dea59fd/New%20Project%20(16).png HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T165951Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=9e610927b708703c4fbd95bc499c44e332aba07f56d892822388312fab88de3d
Request Chain 65
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBMFpJUVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--a71f54fcf98f35989ed7806e9b39afabf2d5e8cc/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lKYW5CbFp3WTZCa1ZVT2d0eVpYTnBlbVZKSWd3eU5UQjRNalV3QmpzR1ZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--65970b4fc496e138b1a127af54d1d34df55993de/71952212_10157104405428183_1114828348736929792_n.jpeg HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68?response-content-disposition=inline%3B%20filename%3D%2271952212_10157104405428183_1114828348736929792_n.jpeg%22%3B%20filename%2A%3DUTF-8%27%2771952212_10157104405428183_1114828348736929792_n.jpeg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T165951Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=802494908ab78de860e2934215267c4790bf306a6ba08c633c4893852747734d
Request Chain 66
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBcEJZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--587b3538cac76a48501a212e82a5f6b107c07bc3/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJYW5CbkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--d5bd8600745fd77201f6159b61f8b9f6f6f54b0a/headshot.jpg HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T165951Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=cae12826750a3da66d1eacc30df89e886f8b593e63129c7e704cb25270327fed

72 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Redirect Chain
  • https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc
  • https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
178 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b581dbda003d928d5c486c7a9720bac3b82a22e9641fdcf64ded23b3cefe5a59
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=600
content-encoding
gzip
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-type
text/html
date
Wed, 04 Jan 2023 16:59:50 GMT
etag
W/"601e25aaab51ad1d9e054622c8308e4f"
last-modified
Fri, 30 Dec 2022 02:09:17 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-id
C7rQxiX5ppKCi8sdbw32q9qp-v5AiwmjMISHTTZBhNfw9DtV5Ciyrw==
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
application/xml
date
Wed, 04 Jan 2023 16:59:49 GMT
location
/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
server
AmazonS3
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-id
3hwVyPMS9cal7GrBmub1NdxXGN69M6QjxZrB821b9tT5w6d6wf9yDw==
x-amz-cf-pop
VIE50-C1
x-cache
Miss from cloudfront
9d4d7f8.js
huntr.dev/_nuxt/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/9d4d7f8.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6637c8a98d1b27fffe196e599827d09e10b8bd909582495a0c94bec0b9af1471
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"ccc87ab99e8edb9504117ee8db44f7b8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
zeP6b8tVYAaH5PG7ROC1K3iFCE0ZCSGFdwqxFO1GQYI_6fSLUh3Kxg==
7ce187e.js
huntr.dev/_nuxt/ 		314 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/7ce187e.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
636af199f0183c4956a666cf3d40f8a9f8ef99f1e65fd2ba41090cfaa2157e83
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:50 GMT
server
AmazonS3
etag
W/"08e91c420a9cfd17e4d5adb2f57b2000"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
Tn3Na8S0Zakk9O97GYzW5Qiy7NoSPsrKirDUyuF0IzSFY2n7Jr66xA==
f8ec18f.js
huntr.dev/_nuxt/ 		1 MB
304 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f8ec18f.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fa19b13f5bb6fb6f303913048fbf081ca94040bc7d866188778e892f85db691a
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:50 GMT
server
AmazonS3
etag
W/"8584f0fc05e7abdc73eb75dc81310eb4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
Py8lbTOAxVwUUDXNa90TgNhe2YqQVfBdl9mKSLjH41m7Or_kRrjziw==
9a0016a.js
huntr.dev/_nuxt/ 		85 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/9a0016a.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
142f643d551bab659a9a69f80ec278ff408f6759817e5170e3cf74f05dbb4eaa
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"8b262083963c6ccee7123bebba3925bd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
wxv-6LjmBuoTweVv2SeWfkf3YPEmnu6qHJ3zvcZV5JotRp1UnW0mMw==
aa0e147.js
huntr.dev/_nuxt/ 		421 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/aa0e147.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d37dbf311f4632806cd15133def5877b5d4ed94f238f50a494c4ef4ec9580c39
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:50 GMT
server
AmazonS3
etag
W/"6ccaa7c10f0a6ee7a8c0a26f4d781211"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
XVuYAp1uv1zrEuzg90ClABgeGzVeV0wbXYQv8yqS9e36GrpAeWW-3w==
a1c16fd.js
huntr.dev/_nuxt/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/a1c16fd.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7eaced6d29ad8d3a5ff3d9e3fab5954a5e0151f96ef3414b11c51a146de2338e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"67eabd045d50056750f5aa530f5d23cb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
ULBoc6HYzwwU6mFDOoRpE4ofvfMAQ0W9rxmMFwbltuP3ay_wm3faGA==
9b27162.js
huntr.dev/_nuxt/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/9b27162.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3fb97a5c888523c4ca99afd89e26d4f66dcb628dd07761a9a2d4375491f014d3
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"e960e0cae18b7ff5fc3ff18a19ec3abb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
Rzo5FCzN9avicS4eqXhfReWS1pb6izqpekO0DdK80TyXSHdMfwGq4A==
62654c0.js
huntr.dev/_nuxt/ 		863 KB
274 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/62654c0.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
950ab7a5a05be0ed0355fd1d2f4dfd19e8ddb78b9d1ea1fa215e0ce55292bfc1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:50 GMT
server
AmazonS3
etag
W/"77695ad79d8014e144aa17ac38d29bf1"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
8ZCWq3KdEliIRWKUkbHwZmQ9Kpi0J5lHo1ypyaGZyvuq3KECpPibIw==
eb58845.js
huntr.dev/_nuxt/ 		54 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/eb58845.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
806d6a8e04192985e14419ee52e77d809fd4c3d4a3803811c13c6df2e1bc4691
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"7746b45fa305bf39f9a762139039cb2b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
21ejq3uvIgUZtv4tWg-LkrlcV8wH-Hyqq-MItA3-yvA-fLVFIIX0xw==
state.js
huntr.dev/_nuxt/static/1672365014/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1672365014/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/state.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ea7ddbc9fd95362e3d7dd41adbf9d65db157f5fa331f4cadbd584c1fe8740f37
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:09:03 GMT
server
AmazonS3
etag
W/"33abd23dd6ccaa829a23f9fb923f9df8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
jeXqShNHeVfuyHqF2-aq7c8IIa3ZLRGEornvAGutss8Rou-y3uMoxA==
payload.js
huntr.dev/_nuxt/static/1672365014/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/ 		259 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1672365014/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
797435cca7c1f7a2082260d423f35cef15c80eeda287bfa902c5c48e3eb19c4a
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
259
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:09:03 GMT
server
AmazonS3
etag
"e59ae6e202940aa0fbc2aa49eea81b3b"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
FESnJxim_rEk4g1RY_8Y-iSWeFYqbAtbTdxlMlXqw4EvpKZ3skLx8g==
manifest.js
huntr.dev/_nuxt/static/1672365014/ 		173 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1672365014/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
35caa56f5ef449c71d6b048c505034f7b58dbe3e1a1ea4be6fb04f675d0af0e3
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:09:13 GMT
server
AmazonS3
etag
W/"d3699a4df3adc0dfa0cae6ef75ec0913"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
LjHHy0LEXicICvhNWQFBpxln8iOydMTOots0QR8ntsCs55LWD4pYYQ==
Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 		240 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
GKYo9LvkxzZWJNRM3Zvs4-2oNPS_ARfcTROewnLuknG-_Dv600W6fw==
Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 		237 KB
110 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"c8b6e083af3f94009801989c3739425e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
iMnNnaUo9vfECs4EIPVZtUuGw61-8HqXX21HU5FTp-gxSyghkag4gw==
file.83b6270.svg
huntr.dev/_nuxt/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://huntr.dev/_nuxt/img/file.83b6270.svg
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2dfc3666af220b4db71c2dbb69b23f0ba0dcb20761a98e8a770d4f68731f0a7a
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:09:00 GMT
server
AmazonS3
etag
W/"c4baa48b7d062183232766e6a41d8d04"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
qVCG-Rw7S777Q40XdhONhHTfZT911jP90X58qbsVKI4FI_gBKUApDg==
24653555
avatars.githubusercontent.com/u/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/24653555?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ce46da21e33a921ed3cb7083f6c8f21ac55b9d54524aa124e320bbf8e44bb7c3
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-fastly-request-id
0916410ef14b3c7ecf26f67564262defd7922357
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Wed, 04 Jan 2023 16:59:49 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
content-length
29512
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230063-FRA
last-modified
Tue, 27 Dec 2022 08:23:47 GMT
x-github-request-id
6F1C:88F9:1D81C8:208D53:63B52FE8
x-timer
S1672851590.504262,VS0,VE1
etag
"616180faf3034850d096f531b5c65859f44300a00f538a56a06473d101cbf753"
source-age
32925
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 04 Jan 2023 17:04:49 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		100 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f8ec18f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0c796cd2178da32b5c1dec2054a1abb5be5f48d826e0e8dc01fc60e4b74bedf6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id
0LQPDjVSd9sBiMWf2dGzh1jmSns4w.0f
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
date
Wed, 04 Jan 2023 16:59:49 GMT
x-amz-cf-pop
FRA6-C1
age
45
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 14 Dec 2022 01:07:10 GMT
server
AmazonS3
etag
W/"ce91874fd979208240e2c739da83e107"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
aMVFM-fJaO-RfhLh1dPyvjGhl1jhb9zcnNWmw7jkp4JTNhmFxiOsSA==
sdk.js
app.chatwoot.com/packs/js/ 		93 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/packs/js/sdk.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/9a0016a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
ab6fec6aa0a1339d79384f4918aa6f72994cfb90d9e432a81cdc33fd64ef8aa7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:49 GMT
Content-Encoding
br
Via
1.1 vegur
Strict-Transport-Security
max-age=63072000; includeSubDomains
Last-Modified
Wed, 04 Jan 2023 10:03:13 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Content-Type
application/javascript
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
29101
/
app.posthog.com/decide/ 		239 B
498 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/decide/?v=2&ip=1&_=1672851589774
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f8ec18f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.45.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-45-55.compute-1.amazonaws.com
Software
/
Resource Hash
e39e46684de1d904f143b7e5598c153b851a70188e0d720cc5c288a447dffcaa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
x-content-type-options
nosniff
referrer-policy
same-origin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 04 Jan 2023 16:59:50 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-id
9QJ0kE-fNU_g2pcSEM8c9xy5SivvAiekPvHNBcjZnGW7qlUSUkGllg==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
008a82e2-23f3-4d8a-80e6-78ed92ac936c
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 04 Jan 2023 16:59:50 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-id
yn1Qgm7sUT4zvZ-g1s9neWP_GVi_ZQbwUJDz-oVTvmC_PDzcUbnUSQ==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
5b12149d-1417-4a35-b944-b7bf3b3229ed
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		213 B
633 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f8ec18f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
3e63671abe2a40e7f34b01ce797c34086692dd5476213a9d5296200e1dfaa570

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 04 Jan 2023 16:59:50 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
5a4538f7-de87-4612-8ad9-3111d3c9bb7b
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
213
x-amz-cf-id
Azsd7RJmoK8bSfR7OeHDRoD3MzMNN1s2jlwW96FeEn2_U_vG8ZlPwQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		3 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f8ec18f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
1988bbde7fd83c9b55005f9fb882dab9eb07b992843ac44d033cae89379f4059

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 04 Jan 2023 16:59:50 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
37e618fe-4dc1-4d4a-a12b-dae485f77fe7
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
3466
x-amz-cf-id
zjPK5bdGTNg1ULTg1HLGm25mg-bBPgbYEe0LEtFuQRmI5zOLvCGing==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f8ec18f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
210037445d42916faf0c3d3f8c7cddcebaeacd2808dabade8eaa6079542eed93

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
10
date
Wed, 04 Jan 2023 16:59:51 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
20196344-462c-44e5-b162-71c779d88202
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
3639
x-amz-cf-id
RgndX-sMsxbaUsZ1TM4I2iVA8BupQQA7qAqACg_llJ40caHWqHF9-g==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		31 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f8ec18f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
5
date
Wed, 04 Jan 2023 16:59:50 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
db743637-1c2c-4c48-987d-d744e61ae7e5
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
31
x-amz-cf-id
cBUAN0X-OuyHzIOKRxVMP9iY03IItjX0ld8Mw7h8QvC3SEQ_m2iVkA==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 04 Jan 2023 16:59:50 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-id
yzyqjWJHHmlwhuslWWEflCRMEdpsrKxMGNMfACeSvpIo6iAL8WC0wg==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
62f7932e-f9b7-4167-819e-02559a5a128a
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 04 Jan 2023 16:59:50 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-id
3FvQnIAhbHRiA4rRdgHZUJkEXNSgtN_0-Ot_oseoJcfIOBikTPWnRg==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
bee2213c-8642-4cc3-9da0-9d1d293a1478
x-cache
Miss from cloudfront
Metropolis-Regular.67a1988.otf
huntr.dev/_nuxt/fonts/ 		23 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Metropolis-Regular.67a1988.otf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"f7b5e589f88206b4bd5cb1408c5362e6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
ZRtfaQFA4m9dZGVLSTSKhv-xEDPXKxvO3f0-DTp4dDUUsA9DXFUzjQ==
settings
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c15d07f9d87fea851ff9306ff597b442e7ca8f6b306acaf6fe753ed259decee4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id
i9_qgm6tEM5rZut_i1KSuO6gKrVDsodO
content-encoding
gzip
via
1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
date
Wed, 04 Jan 2023 16:52:34 GMT
x-amz-cf-pop
FRA6-C1
age
512
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 16 Jun 2022 18:54:24 GMT
server
AmazonS3
etag
W/"749a45c0a89b0126d214cd63e5d896fb"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
1i2Wqpr612n5qSHK-K6KYWL0u_9O7vf1k1iUN_WcHCC58IHme9fJdQ==
widget
app.chatwoot.com/ Frame E594 		6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
907ab587faa9b27e2e16ba439338c3c4cdc922bb42e27d9d3a7c98ec9110a5a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, private, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Wed, 04 Jan 2023 16:59:50 GMT
Etag
W/"907ab587faa9b27e2e16ba439338c3c4"
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
e74e205a-997c-4245-883f-49031ca20a7f
X-Runtime
0.104629
X-Xss-Protection
1; mode=block
9a4a58b.js
huntr.dev/_nuxt/ 		33 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/9a4a58b.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/9d4d7f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7ac80529d1894e0ac371c35fed8f36b9154f3683d9aa0d1c7a19d88fd367d409
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"4609dd7bc7aebbc0e038e7423e110b80"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
nHMjrI73BEqxN-qWs3KESxxdg0DZzVbiA2mcPEzh5jO1GmTG9pLxxg==
cf5a3b8.js
huntr.dev/_nuxt/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/cf5a3b8.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/9d4d7f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a45450bf4194bb2e540238f12c314bceec9d3b0af51bff8045b1f4e616b3c312
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"4790ecccd8368d82f8602fde5bd8c659"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
qqATfvGs_b5AWCrhnl4WHsickGBlrSryi1efxlcPNtIdek_pirxu_g==
7f8b786.js
huntr.dev/_nuxt/ 		70 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/7f8b786.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/9d4d7f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
646a990d75d875349efaa347477b40a671d5d5a141161e65aa15778aea4487f8
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"d1900ffcd09fc7ec94650b9f06852efb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
6MJhZyc9fqZx78cxiczCQ0701KPD61XMt1r0ypZdLOBI4YFIpyND2g==
c0f7632.js
huntr.dev/_nuxt/ 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/c0f7632.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/9d4d7f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f2722a03680b88ba5f3cb87b946c91f3fe3d8c74a69cc498b607b60e39594f84
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"531fb2b24adb608b4c6c308ac236b3dc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
7k6_sAiYPhpYD33Syt-oyRyyG_S0sgb9OnS0OiTQ_2z6gSmTjlFPtw==
29ad23d.js
huntr.dev/_nuxt/ 		141 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/29ad23d.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/9d4d7f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
284362d5bdbca37370e5220ddc47c59897ec830d3df976b8f3384c932bdc46cd
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"c67191f04ca5cae4ceef2ce384ff164a"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
tCS_0mL9R6QmONc80cf8BcKCwdQGZP64ub47EbxteS25ZeKaczhaWw==
payload.js
huntr.dev/_nuxt/static/1672365014/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1672365014/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f8ec18f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:09:13 GMT
server
AmazonS3
etag
W/"126dd630135f2a51a22e58e9f9dbb73b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
TGE4IuMtsz7WfCiQDSMwpA_2ChtnIZi_-Tn4nnArBhmqzagiq5E-kw==
payload.js
huntr.dev/_nuxt/static/1672365014/repos/usememos/memos/ 		188 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1672365014/repos/usememos/memos/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f8ec18f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78ddca3f4ebbe6947c932cb070f07494921817ffbf8d25798023d077014b86d4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
188
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:09:14 GMT
server
AmazonS3
etag
"9c7dd827791b7bdea8500fc2d4ba13e2"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
6QBZnMdxA1oRNOEgYVMEd2BxGkl01yiszZPXa_aJ8sD-t56RIWYLew==
payload.js
huntr.dev/_nuxt/static/1672365014/bounties/disclose/ 		79 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1672365014/bounties/disclose/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f8ec18f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:09:12 GMT
server
AmazonS3
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
CFsN8TMG87L62_LRqjB5Vqim8twaNqlMJeq5iGUJmUhui2ulRYXCEg==
ajs-destination.bundle.1466bb14223e695495e6.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.1466bb14223e695495e6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1aab3c7efa1174866dc81b505ba5bc940bec1200e2b11758484cce9cf8f2cd43

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 03:00:42 GMT
x-amz-version-id
laxW76Utysumpt4PGNIVrD2EkpEC_Vx5
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
2383148
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 08 Dec 2022 00:52:27 GMT
server
AmazonS3
etag
W/"238b8357fd89fec8e05754f2e8550aa2"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
oF0qbkC5H9W9fJvHm6lUUh6E_j-morCF52O5yL8VXqVjMQfD6JoF3g==
schemaFilter.bundle.debb169c1abb431faaa6.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.debb169c1abb431faaa6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 05 Nov 2022 02:10:35 GMT
x-amz-version-id
PLd.pUpm7LMRbNOoL15lZ8ocuYHxqnzt
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
5237356
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Sat, 05 Nov 2022 01:03:42 GMT
server
AmazonS3
etag
W/"3e448afdfea355c0f19700d04431ce7d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
gVEPORkD24MJ9eGmD1LtH9-6fhEUmndldr-Is2oWaACfD0_uQ8__ag==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 06:12:22 GMT
content-encoding
gzip
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-version-id
R6v7Rav2fIv7JQ1i01i0y66kvJrOoQeo
x-amz-cf-pop
FRA6-C1
age
7123649
x-cache
Hit from cloudfront
content-length
1336
last-modified
Mon, 19 Sep 2022 21:38:20 GMT
server
AmazonS3
etag
"4cd7c93a55ce331d264d9a857bd044ed"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
Xq3mjCnxrpld25bHT9GyA-csestnR534iPj1EonjmsIjvDbs6etrvg==
sentry.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bb918e4772434c8678a69a4d9c1683e0ccf4bc2498f5240d1465b8287d2387cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 23 Sep 2022 21:54:10 GMT
content-encoding
gzip
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-version-id
Kgthu952sDjlOw4YRz7glXURsBtRFUU8
x-amz-cf-pop
FRA6-C1
age
8881541
x-cache
Hit from cloudfront
content-length
1635
last-modified
Mon, 19 Sep 2022 21:38:20 GMT
server
AmazonS3
etag
"ddd169ee2d3b58407ac01df09d8dbdc7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
nvP4S68PAek2bbOjTamOwgK4h3Y4IWDKwn1YDRxbNWAJ1hj_-t_2rQ==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 26 Nov 2022 20:18:01 GMT
content-encoding
gzip
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-version-id
t.HHEvUZUgxzLKa1tzzXBbRzWu6jUMd.
x-amz-cf-pop
FRA6-C1
age
3357710
x-cache
Hit from cloudfront
content-length
22177
last-modified
Mon, 24 Oct 2022 18:47:58 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
NBIsK9ZTKNj05hqYd0Prw6vGWYTWEG6ADpPhhjx845rEwqypDr7kpA==
hotjar-2380708.js
static.hotjar.com/c/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-7.fra56.r.cloudfront.net
Software
/
Resource Hash
23abbcef90d60cf62e7fa0079c1097e68e8613f49650de71169bb6ef23ca7fc1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Jan 2023 16:59:09 GMT
via
1.1 f891d17fa862cc74a05434e03fa58dca.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
41
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/7b3db740429c15240a3ee22cce287312
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
Kc-jAg-vvKJ0P6gu2QRpe2E1Y7ZN9lWTM4YA1p-DdnaD42XniVBT0w==
bundle.min.js
browser.sentry-cdn.com/5.12.1/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
2455022
etag
"1c5228c89d281d08aa0ce908f582609a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
17201
expires
Thu, 07 Dec 2023 07:02:48 GMT
p
api.segment.io/v1/ 		21 B
170 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.70.150.187 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-70-150-187.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://huntr.dev
date
Wed, 04 Jan 2023 16:59:50 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
rewriteframes.min.js
browser.sentry-cdn.com/5.12.1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:50 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
9869019
etag
"4e240097ab71acf709caa48e23cd6411"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
1807
expires
Tue, 12 Sep 2023 11:36:11 GMT
modules.352fddba5b21bbfc3a08.js
script.hotjar.com/ 		264 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.352fddba5b21bbfc3a08.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-19.fra56.r.cloudfront.net
Software
/
Resource Hash
6c8b822ba2fa788a754e0a94055060c9c897dfb29538d92e04fd3f83d407bcb7
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 22 Dec 2022 08:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 a4af9b42c2ec29f616825af32712c204.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
1155165
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
68894
last-modified
Thu, 22 Dec 2022 08:06:23 GMT
etag
"3256c76707175033b83ffe82f89b32ec"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
DHRcAdqyxB11R4-OXzUjRXU4a5KMZO_IdlUlxJVehu5klQSKhOF5yw==
widget-a08a29bf124ff646e9b5.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame E594 		672 KB
186 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a08a29bf124ff646e9b5.js
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:6c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
f158d740eaa978f5198f39c18661cb92ea89ce5a01ef0e71f1cc4e81a6f941b7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 10:09:05 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Wed, 04 Jan 2023 10:03:13 GMT
server
Cowboy
x-amz-cf-pop
FRA53-C1
age
24644
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
190240
x-amz-cf-id
VXrwRYMYrcIVmPBQYe0y6y5vOoF6nWADmvikWuR-QYa8agEmTzmnIw==
widget-9874d905.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame E594 		114 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-9874d905.css
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:6c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
a1fd5c3c6fb3f4a5a3cc41ea8b955b982e6b3fb5f62e55d81cb697eb4e22cb9f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 10:09:04 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Wed, 04 Jan 2023 10:03:13 GMT
server
Cowboy
x-amz-cf-pop
FRA53-C1
age
24646
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
16478
x-amz-cf-id
ryY0pkq_aGZhzlLkkZxW6Ha4zgdCB0SsVf3zwD-eVmT9fsaRidejdw==
box-5e66f98b4ee957db209dc6f63e3d59dd.html
vars.hotjar.com/ Frame DEBC 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.15.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-15-82.vie50.r.cloudfront.net
Software
/
Resource Hash
cbffce6f8642619af7ed7335e32750f7f2933765d32c113115da0710aa7deadc
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3642584
cache-control
max-age=31536000
content-encoding
br
content-length
1035
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 23 Nov 2022 13:10:06 GMT
etag
"e0652b84b7b3b650769c759fc520c3f8"
last-modified
Wed, 23 Nov 2022 13:09:18 GMT
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
via
1.1 92835d2f5794bba6bff3a83645bbf4c4.cloudfront.net (CloudFront)
x-amz-cf-id
SS4DrLsyd-8WHsYcwzCp0k9fjppDOA50s8N0OIIuMBQkSQ7_p0E2bA==
x-amz-cf-pop
VIE50-P1
x-cache
Hit from cloudfront
x-robots-tag
none
25-5d31496a.chunk.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame E594 		1 KB
903 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/25-5d31496a.chunk.css
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a08a29bf124ff646e9b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:6c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 10:09:07 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Wed, 04 Jan 2023 10:03:13 GMT
server
Cowboy
x-amz-cf-pop
FRA53-C1
age
24642
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
512
x-amz-cf-id
E2RzPAFT2j3DuCE2YyqyMRyxihoMxMz73ixxRS-VO8amqqYiL_SrKQ==
25-0c22d3709640088c9d70.chunk.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame E594 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/25-0c22d3709640088c9d70.chunk.js
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a08a29bf124ff646e9b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:6c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
e4ec288eb4d4c03e005aea18f975dd08c8b9bbceb9dc648573ab518c5d3dbf77
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 30 Dec 2022 17:13:42 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Fri, 30 Dec 2022 17:08:06 GMT
server
Cowboy
x-amz-cf-pop
FRA53-C1
age
431167
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
3983
x-amz-cf-id
Y4olMQIyHEq0lPAdehBBrptuhvDk_wz9THs_lGPj6R6765G8Z687MQ==
conversations
app.chatwoot.com/api/v1/widget/ Frame E594 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a08a29bf124ff646e9b5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0MmRhODM0OC0wZjNkLTQ4MjctYTFiOC01ZjI1ZDMxMjE2NzMiLCJpbmJveF9pZCI6MTQxMn0.Cl4srmQF5jvi-f8Lvh5INv56oj5PvAGTMBMh88TnxRI
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
cb375243-744d-4d68-88ea-90ef56e9c8bf
X-Runtime
0.015958
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
messages
app.chatwoot.com/api/v1/widget/ Frame E594 		14 B
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a08a29bf124ff646e9b5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0MmRhODM0OC0wZjNkLTQ4MjctYTFiOC01ZjI1ZDMxMjE2NzMiLCJpbmJveF9pZCI6MTQxMn0.Cl4srmQF5jvi-f8Lvh5INv56oj5PvAGTMBMh88TnxRI
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
38f4982a-4cac-4981-8cf7-e3c1e0465610
X-Runtime
0.021653
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"258153158e38e3291e3d48162225fcdb"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
inbox_members
app.chatwoot.com/api/v1/widget/ Frame E594 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a08a29bf124ff646e9b5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
539f3907b1df190e365f7fb14702edf6b43cc1c253e5b768f884951c6801c992
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0MmRhODM0OC0wZjNkLTQ4MjctYTFiOC01ZjI1ZDMxMjE2NzMiLCJpbmJveF9pZCI6MTQxMn0.Cl4srmQF5jvi-f8Lvh5INv56oj5PvAGTMBMh88TnxRI
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
b77f9852-16bb-47db-9458-218ca05cb7a3
X-Runtime
0.025943
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"539f3907b1df190e365f7fb14702edf6"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
contact
app.chatwoot.com/api/v1/widget/ Frame E594 		90 B
735 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a08a29bf124ff646e9b5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
33c71bd0f7e16c840667545814b0acbd8fd078de603e472154cc57716d82ff07
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0MmRhODM0OC0wZjNkLTQ4MjctYTFiOC01ZjI1ZDMxMjE2NzMiLCJpbmJveF9pZCI6MTQxMn0.Cl4srmQF5jvi-f8Lvh5INv56oj5PvAGTMBMh88TnxRI
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
ce166e96-80e7-471d-820f-109062598d7c
X-Runtime
0.028997
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"33c71bd0f7e16c840667545814b0acbd"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
campaigns
app.chatwoot.com/api/v1/widget/ Frame E594 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a08a29bf124ff646e9b5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0MmRhODM0OC0wZjNkLTQ4MjctYTFiOC01ZjI1ZDMxMjE2NzMiLCJpbmJveF9pZCI6MTQxMn0.Cl4srmQF5jvi-f8Lvh5INv56oj5PvAGTMBMh88TnxRI
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
7de64bd4-5158-42fb-b553-308a6c456203
X-Runtime
0.017414
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
hackerone-logo.svg
huntr.dev/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://huntr.dev/img/hackerone-logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5343e2cd836bd5a2bb09cdcb03e20099184ed43e462025c949bbbf8456357167
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:09:27 GMT
server
AmazonS3
etag
W/"c28e7833f24dbdd51f12c244b839e790"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
LikcbvPuhJEDHVSKAtZ_tGlhsUcetJcZJi_GAo8JcKMdiB9j76oQMw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
444 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 04 Jan 2023 16:59:51 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
6734d3c4-326d-4d9d-8fce-1eb8c98ed9c0
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
htcngaxcyuffas6TKrD8eJ0M7YXSj8l3Qn9b5anICU1BHBPxAPt02g==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 04 Jan 2023 16:59:51 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-id
Pyt9-nRhsRMA4043OMurHbcoMbhH9MWgXuIFJJx_MJA0wrHXHxxHXg==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
eec12b95-078a-419b-b9fe-c8a223ccae1f
x-cache
Miss from cloudfront
70251231
avatars.githubusercontent.com/u/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/70251231?v=4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b21c6871f0e6fd74ddcbc8195f12df40d26539135b07aa17900cd1af9ebffc52
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-fastly-request-id
153b15708c1754edcc620df3844144c57d59111a
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Wed, 04 Jan 2023 16:59:51 GMT
via
1.1 varnish
x-cache-hits
691
x-cache
HIT
content-length
31347
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230063-FRA
last-modified
Thu, 22 Sep 2022 18:25:48 GMT
x-github-request-id
CFB2:DF7D:11EA3A:185484:6374D15A
x-timer
S1672851591.036425,VS0,VE0
etag
"639c606b9efb08fb590b31fe6ede4e18f83bf5c439a4e7f56173754cf7af936a"
source-age
4251437
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 04 Jan 2023 17:04:51 GMT
57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e
prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/ Frame E594
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filenam...
18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T165951Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=9e610927b708703c4fbd95bc499c44e332aba07f56d892822388312fab88de3d
Protocol
HTTP/1.1
Server
52.216.63.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:52 GMT
Last-Modified
Wed, 30 Mar 2022 16:04:43 GMT
Server
AmazonS3
x-amz-request-id
40YH6C5TPQD6WKMA
ETag
"46905dbd95a052f59e14b7dec8b50a6a"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Content-Disposition
inline; filename="New Project %2816%29.png"; filename*=UTF-8''New%20Project%20%2816%29.png
Accept-Ranges
bytes
Content-Length
18903
x-amz-id-2
8DlUZWUQ3F2RL+4AGG+sVaQ88igjfnnlqVZNKtBQDA9XMOoG5cYADj7M5D5lFo9lllHbrNCJwBc=

Redirect headers

Date
Wed, 04 Jan 2023 16:59:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
5f60dbef-21bd-4f70-ad9f-9a8a9d37df07
X-Runtime
0.030216
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T165951Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=9e610927b708703c4fbd95bc499c44e332aba07f56d892822388312fab88de3d
Cache-Control
max-age=300, private
logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame E594 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.chatwoot.com/brand-assets/logo_thumbnail.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:50 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Via
1.1 vegur
Last-Modified
Wed, 04 Jan 2023 09:05:57 GMT
Server
Cowboy
Content-Type
image/svg+xml
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
916
f51a283.js
huntr.dev/_nuxt/ 		56 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f51a283.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/9d4d7f8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:3e00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3d9aa32cef2ce0cb1da4be9543202b8ac4e90e874f2a0e6cdb883445bf08a10
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 16:59:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e2fae56164d235b42cd2d6ea7e62d0ae.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 30 Dec 2022 02:08:49 GMT
server
AmazonS3
etag
W/"de7a95453813e8ed553ad8cfdf32fb1a"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
na9BUSWYjctJb2_WZ0LytmCVxsbeMr7PwvaiqfBi5j7CzauuVmrg9g==
40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68
prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/ Frame E594
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBMFpJUVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--a71f54fcf98f35989ed7806e9b39afabf2d5...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68?response-content-disposition=inline%3B%20filenam...
22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68?response-content-disposition=inline%3B%20filename%3D%2271952212_10157104405428183_1114828348736929792_n.jpeg%22%3B%20filename%2A%3DUTF-8%27%2771952212_10157104405428183_1114828348736929792_n.jpeg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T165951Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=802494908ab78de860e2934215267c4790bf306a6ba08c633c4893852747734d
Protocol
HTTP/1.1
Server
52.216.63.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
292d919908dde83af15abd15c6fd4d3571cbaaacd139e754fd67debe512dfbe2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:52 GMT
Last-Modified
Fri, 21 Oct 2022 13:41:45 GMT
Server
AmazonS3
x-amz-request-id
40YQDMWFGCMWP67R
ETag
"6acfa9b8e9de7d7830f5f0a29993ce87"
x-amz-server-side-encryption
AES256
Content-Type
image/jpeg
Content-Disposition
inline; filename="71952212_10157104405428183_1114828348736929792_n.jpeg"; filename*=UTF-8''71952212_10157104405428183_1114828348736929792_n.jpeg
Accept-Ranges
bytes
Content-Length
22102
x-amz-id-2
47F9+qjOJu42I8HHX30jnkLm6p1goGgN3AXJttChYnCX7X1L9BHp/+yYiUK/brAyRJQOTzUgdB8=

Redirect headers

Date
Wed, 04 Jan 2023 16:59:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
26a1a197-0410-41f1-ba59-17c4cc7545d4
X-Runtime
0.040840
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68?response-content-disposition=inline%3B%20filename%3D%2271952212_10157104405428183_1114828348736929792_n.jpeg%22%3B%20filename%2A%3DUTF-8%27%2771952212_10157104405428183_1114828348736929792_n.jpeg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T165951Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=802494908ab78de860e2934215267c4790bf306a6ba08c633c4893852747734d
Cache-Control
max-age=300, private
367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7
prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/ Frame E594
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBcEJZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--587b3538cac76a48501a212e82a5f6b107c07bc3/eyJ...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filenam...
52 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T165951Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=cae12826750a3da66d1eacc30df89e886f8b593e63129c7e704cb25270327fed
Protocol
HTTP/1.1
Server
52.216.63.25 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
ab04f9631d2c18b852526378ebd3975d23ddef2919b766bc1569c21801e9fe3b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 16:59:52 GMT
Last-Modified
Fri, 06 Aug 2021 10:13:19 GMT
Server
AmazonS3
x-amz-request-id
40YG1A0R4R83F24K
ETag
"32049a0dc1749f286748e5b6cf7bfa5e"
x-amz-server-side-encryption
AES256
Content-Type
image/jpeg
Content-Disposition
inline; filename="headshot.jpg"; filename*=UTF-8''headshot.jpg
Accept-Ranges
bytes
Content-Length
53344
x-amz-id-2
xzcI/d36mydB7Yu9szHQuvFxf8PdvBw6tWIwEMPG4XofT/8vfI5nkc4X8UQKDon0JMx8HWMxWyA=

Redirect headers

Date
Wed, 04 Jan 2023 16:59:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
54a8e410-0b96-488d-aa39-192713554c22
X-Runtime
0.023492
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230104%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230104T165951Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=cae12826750a3da66d1eacc30df89e886f8b593e63129c7e704cb25270327fed
Cache-Control
max-age=300, private
24653555
avatars.githubusercontent.com/u/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/24653555?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/7ce187e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ce46da21e33a921ed3cb7083f6c8f21ac55b9d54524aa124e320bbf8e44bb7c3
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-fastly-request-id
6310c52502629d5b0d085e692df8d070f94d643b
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Wed, 04 Jan 2023 16:59:51 GMT
via
1.1 varnish
x-cache-hits
2
x-cache
HIT
content-length
29512
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230063-FRA
last-modified
Tue, 27 Dec 2022 08:23:47 GMT
x-github-request-id
6F1C:88F9:1D81C8:208D53:63B52FE8
x-timer
S1672851591.224440,VS0,VE0
etag
"616180faf3034850d096f531b5c65859f44300a00f538a56a06473d101cbf753"
source-age
32927
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 04 Jan 2023 17:04:51 GMT
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
445 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 04 Jan 2023 16:59:51 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
a5f09f17-a90d-45ee-8259-c8eca6044944
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
YuA9-zqKeo0RF_F7PnkQpZpHUlpT7yRbZ61fOf7lKTg9izuqHX5Xaw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 04 Jan 2023 16:59:51 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-id
-tO3V9Am8LUfQJ8hLScDb-umTVgyxgC0daYEyjmoMBgeFDQUagA4FQ==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
1230c48d-dfbc-47e7-9a9d-6731f164dcd6
x-cache
Miss from cloudfront
/
app.posthog.com/e/ 		13 B
293 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1672851592800
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.45.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-45-55.compute-1.amazonaws.com
Software
/
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 04 Jan 2023 16:59:52 GMT
x-content-type-options
nosniff
referrer-policy
same-origin
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
content-length
13

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| oncontentvisibilityautostatechange object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ function| MarkdownHeaderButtonElement function| MarkdownBoldButtonElement function| MarkdownItalicButtonElement function| MarkdownQuoteButtonElement function| MarkdownCodeButtonElement function| MarkdownLinkButtonElement function| MarkdownImageButtonElement function| MarkdownUnorderedListButtonElement function| MarkdownOrderedListButtonElement function| MarkdownTaskListButtonElement function| MarkdownMentionButtonElement function| MarkdownRefButtonElement function| MarkdownStrikethroughButtonElement function| MarkdownToolbarElement function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ function| _ object| analytics object| chatwootSettings object| $nuxt object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| chatwootSDK object| $chatwoot object| hotjarDeps function| hotjarLoader object| sentryDeps function| sentryLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| sentryIntegration object| Sentry object| __SENTRY__ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules function| playAudioAlert

9 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%221857db98a8b1484-01e767fe75e86a-67325c50-1d4c00-1857db98a8cee3%22%2C%22%24device_id%22%3A%221857db98a8b1484-01e767fe75e86a-67325c50-1d4c00-1857db98a8cee3%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1672851589789%2C%221857db98a9ec58-01d49556c996ec-67325c50-1d4c00-1857db98a9f13d6%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
.huntr.dev/ Name: ajs_anonymous_id
Value: ddd8d9fc-ab6a-44cd-86e3-6b1e746ddb91
.huntr.dev/ Name: _hjSessionUser_2380708
Value: eyJpZCI6ImViMGFmODYyLWZhNmYtNTc2ZC1hZjNhLTNjZjQ1OWEzMjYxNCIsImNyZWF0ZWQiOjE2NzI4NTE1OTA2NzksImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/ Name: _hjFirstSeen
Value: 1
huntr.dev/ Name: _hjIncludedInSessionSample
Value: 0
.huntr.dev/ Name: _hjSession_2380708
Value: eyJpZCI6IjdmODNhMjU0LTJjMTEtNGZiZS1hMTU3LWM0NjZkNTA0YTA2NiIsImNyZWF0ZWQiOjE2NzI4NTE1OTA3NzEsImluU2FtcGxlIjpmYWxzZX0=
.huntr.dev/ Name: _hjAbsoluteSessionInProgress
Value: 0
huntr.dev/ Name: cw_conversation
Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0MmRhODM0OC0wZjNkLTQ4MjctYTFiOC01ZjI1ZDMxMjE2NzMiLCJpbmJveF9pZCI6MTQxMn0.Cl4srmQF5jvi-f8Lvh5INv56oj5PvAGTMBMh88TnxRI

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
huntr.dev
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
13.225.78.45
13.32.27.19
13.32.27.7
18.66.15.82
2600:9000:206e:3e00:14:bb32:5f00:93a1
2600:9000:214f:6c00:7:dce7:b680:21
2606:50c0:8002::154
2a04:4e42::729
52.216.63.25
54.205.45.55
54.237.133.81
54.70.150.187
99.86.8.175
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
0c796cd2178da32b5c1dec2054a1abb5be5f48d826e0e8dc01fc60e4b74bedf6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
142f643d551bab659a9a69f80ec278ff408f6759817e5170e3cf74f05dbb4eaa
1988bbde7fd83c9b55005f9fb882dab9eb07b992843ac44d033cae89379f4059
1aab3c7efa1174866dc81b505ba5bc940bec1200e2b11758484cce9cf8f2cd43
210037445d42916faf0c3d3f8c7cddcebaeacd2808dabade8eaa6079542eed93
23abbcef90d60cf62e7fa0079c1097e68e8613f49650de71169bb6ef23ca7fc1
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
284362d5bdbca37370e5220ddc47c59897ec830d3df976b8f3384c932bdc46cd
292d919908dde83af15abd15c6fd4d3571cbaaacd139e754fd67debe512dfbe2
2dfc3666af220b4db71c2dbb69b23f0ba0dcb20761a98e8a770d4f68731f0a7a
33c71bd0f7e16c840667545814b0acbd8fd078de603e472154cc57716d82ff07
35caa56f5ef449c71d6b048c505034f7b58dbe3e1a1ea4be6fb04f675d0af0e3
3e63671abe2a40e7f34b01ce797c34086692dd5476213a9d5296200e1dfaa570
3fb97a5c888523c4ca99afd89e26d4f66dcb628dd07761a9a2d4375491f014d3
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5343e2cd836bd5a2bb09cdcb03e20099184ed43e462025c949bbbf8456357167
539f3907b1df190e365f7fb14702edf6b43cc1c253e5b768f884951c6801c992
636af199f0183c4956a666cf3d40f8a9f8ef99f1e65fd2ba41090cfaa2157e83
646a990d75d875349efaa347477b40a671d5d5a141161e65aa15778aea4487f8
6637c8a98d1b27fffe196e599827d09e10b8bd909582495a0c94bec0b9af1471
6c8b822ba2fa788a754e0a94055060c9c897dfb29538d92e04fd3f83d407bcb7
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
78ddca3f4ebbe6947c932cb070f07494921817ffbf8d25798023d077014b86d4
797435cca7c1f7a2082260d423f35cef15c80eeda287bfa902c5c48e3eb19c4a
7ac80529d1894e0ac371c35fed8f36b9154f3683d9aa0d1c7a19d88fd367d409
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
7eaced6d29ad8d3a5ff3d9e3fab5954a5e0151f96ef3414b11c51a146de2338e
806d6a8e04192985e14419ee52e77d809fd4c3d4a3803811c13c6df2e1bc4691
907ab587faa9b27e2e16ba439338c3c4cdc922bb42e27d9d3a7c98ec9110a5a3
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
950ab7a5a05be0ed0355fd1d2f4dfd19e8ddb78b9d1ea1fa215e0ce55292bfc1
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
a1fd5c3c6fb3f4a5a3cc41ea8b955b982e6b3fb5f62e55d81cb697eb4e22cb9f
a45450bf4194bb2e540238f12c314bceec9d3b0af51bff8045b1f4e616b3c312
ab04f9631d2c18b852526378ebd3975d23ddef2919b766bc1569c21801e9fe3b
ab6fec6aa0a1339d79384f4918aa6f72994cfb90d9e432a81cdc33fd64ef8aa7
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b21c6871f0e6fd74ddcbc8195f12df40d26539135b07aa17900cd1af9ebffc52
b581dbda003d928d5c486c7a9720bac3b82a22e9641fdcf64ded23b3cefe5a59
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
bb918e4772434c8678a69a4d9c1683e0ccf4bc2498f5240d1465b8287d2387cb
c15d07f9d87fea851ff9306ff597b442e7ca8f6b306acaf6fe753ed259decee4
cbffce6f8642619af7ed7335e32750f7f2933765d32c113115da0710aa7deadc
ce46da21e33a921ed3cb7083f6c8f21ac55b9d54524aa124e320bbf8e44bb7c3
d37dbf311f4632806cd15133def5877b5d4ed94f238f50a494c4ef4ec9580c39
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53
e39e46684de1d904f143b7e5598c153b851a70188e0d720cc5c288a447dffcaa
e4ec288eb4d4c03e005aea18f975dd08c8b9bbceb9dc648573ab518c5d3dbf77
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42
ea7ddbc9fd95362e3d7dd41adbf9d65db157f5fa331f4cadbd584c1fe8740f37
f158d740eaa978f5198f39c18661cb92ea89ce5a01ef0e71f1cc4e81a6f941b7
f2722a03680b88ba5f3cb87b946c91f3fe3d8c74a69cc498b607b60e39594f84
f3d9aa32cef2ce0cb1da4be9543202b8ac4e90e874f2a0e6cdb883445bf08a10
fa19b13f5bb6fb6f303913048fbf081ca94040bc7d866188778e892f85db691a