urlscan.io logo urlscan.io
SecurityTrails logo

huntr.dev Open in urlscan Pro
2600:9000:206e:7800:14:bb32:5f00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Submission: On September 21 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 2 countries across 12 domains to perform 73 HTTP transactions. The main IP is 2600:9000:206e:7800:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon on January 26th 2022. Valid for: a year.
This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 29 2600:9000:206... 16509 (AMAZON-02)
4 2606:50c0:800... 54113 (FASTLY)
1 1 140.82.121.4 36459 (GITHUB)
9 18.66.115.169 16509 (AMAZON-02)
1 9 54.161.241.46 14618 (AMAZON-AES)
2 34.202.126.243 14618 (AMAZON-AES)
8 52.222.236.112 16509 (AMAZON-02)
4 2600:9000:230... 16509 (AMAZON-02)
1 13.225.78.63 16509 (AMAZON-02)
2 2a04:4e42:400... 54113 (FASTLY)
1 44.232.206.179 16509 (AMAZON-02)
1 18.66.2.62 16509 (AMAZON-02)
1 18.66.147.29 16509 (AMAZON-02)
1 54.229.35.143 16509 (AMAZON-02)
1 18.64.79.40 16509 (AMAZON-02)
1 52.217.161.97 16509 (AMAZON-02)
73 16
29    2600:9000:206e:7800:14:bb32:5f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
huntr.dev
4    2606:50c0:8003::154 (United States)

ASN54113 (FASTLY, US)
avatars.githubusercontent.com
1    140.82.121.4 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-4-fra.github.com
github.com
9    18.66.115.169 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-115-169.fra56.r.cloudfront.net
cdn.segment.com
9    54.161.241.46 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-241-46.compute-1.amazonaws.com
app.chatwoot.com
2    34.202.126.243 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-126-243.compute-1.amazonaws.com
app.posthog.com
8    52.222.236.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-112.fra56.r.cloudfront.net
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
4    2600:9000:2304:3000:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)
d3tq67kexc2w2i.cloudfront.net
1    13.225.78.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-63.fra2.r.cloudfront.net
static.hotjar.com
2    2a04:4e42:400::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    44.232.206.179 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-232-206-179.us-west-2.compute.amazonaws.com
api.segment.io
1    18.66.2.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-2-62.txl50.r.cloudfront.net
script.hotjar.com
1    18.66.147.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-29.fra60.r.cloudfront.net
vars.hotjar.com
1    54.229.35.143 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-35-143.eu-west-1.compute.amazonaws.com
in.hotjar.com
1    18.64.79.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-79-40.txl50.r.cloudfront.net
vc.hotjar.io
1    52.217.161.97 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
Apex Domain
Subdomains		 Transfer
29 huntr.dev
huntr.dev
1 MB
9 amazonaws.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com — Cisco Umbrella Rank: 913176
25 KB
9 chatwoot.com
app.chatwoot.com — Cisco Umbrella Rank: 277366
39 KB
9 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1475
86 KB
4 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 591
script.hotjar.com — Cisco Umbrella Rank: 779
vars.hotjar.com — Cisco Umbrella Rank: 852
in.hotjar.com — Cisco Umbrella Rank: 1671
ws14.hotjar.com Failed
70 KB
4 cloudfront.net
d3tq67kexc2w2i.cloudfront.net
189 KB
4 githubusercontent.com
avatars.githubusercontent.com — Cisco Umbrella Rank: 9005
123 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4241
19 KB
2 posthog.com
app.posthog.com — Cisco Umbrella Rank: 36555
745 B
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 2093
258 B
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1011
170 B
1 github.com
github.com — Cisco Umbrella Rank: 3033
3 KB
73 12
Domain Requested by
29 huntr.dev 1 redirects huntr.dev
9 app.chatwoot.com 1 redirects huntr.dev
app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
9 cdn.segment.com huntr.dev
cdn.segment.com
8 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.dev
browser.sentry-cdn.com
4 d3tq67kexc2w2i.cloudfront.net app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
4 avatars.githubusercontent.com huntr.dev
2 browser.sentry-cdn.com cdn.segment.com
2 app.posthog.com huntr.dev
browser.sentry-cdn.com
1 prod-chatwoot-assets.s3.amazonaws.com
1 vc.hotjar.io browser.sentry-cdn.com
1 in.hotjar.com browser.sentry-cdn.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 api.segment.io cdn.segment.com
1 static.hotjar.com cdn.segment.com
1 github.com 1 redirects
0 ws14.hotjar.com Failed browser.sentry-cdn.com
73 17
Subject Issuer Validity Valid
*.huntr.dev
Amazon		 2022-01-26 -
2023-02-23		 a year crt.sh
*.github.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-07 -
2023-04-07		 a year crt.sh
*.segment.com
Amazon		 2022-01-12 -
2023-02-10		 a year crt.sh
app.chatwoot.com
R3		 2022-09-11 -
2022-12-10		 3 months crt.sh
app.posthog.com
Amazon		 2021-11-04 -
2022-12-02		 a year crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon		 2022-01-06 -
2023-02-04		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
*.hotjar.com
Amazon		 2021-11-25 -
2022-12-23		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-11-26 -
2022-12-28		 a year crt.sh
*.segment.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh
*.hotjar.io
Amazon		 2022-07-18 -
2023-08-16		 a year crt.sh

This page contains 3 frames:

Primary Page: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Frame ID: 5DD25015DEF709FEBABD17807ACDB482
Requests: 57 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: E3DE8CE8D82868FCDCF30AA0A604BA3E
Requests: 12 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
Frame ID: 4CB2BD9877E507FBA6BB0939B380DCDD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Stored xss in "users name","functions name","storage buckets name" and in "database collections name" vulnerability found in appwrite

Page URL History Show full URLs

  1. https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc HTTP 301
    https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

73
Requests

96 %
HTTPS

25 %
IPv6

12
Domains

17
Subdomains

16
IPs

2
Countries

1866 kB
Transfer

5816 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc HTTP 301
    https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://github.com/appwrite.png HTTP 302
  • https://avatars.githubusercontent.com/u/25003669?v=4
Request Chain 69
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0d564/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--0ebc19c01420fe8a8c6a202fcf9e63947dea59fd/New%20Project%20(16).png HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220921%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220921T195817Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=24f6086e1c2743f05c8c6f1a907b32ea2cc114575cd238492605ddea3a759c9e

73 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Redirect Chain
  • https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc
  • https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
198 KB
36 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
54e3ca883f7e7be9d2602b06007e855319cc054dc38fea83ebf7c7f2a44a12b2
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=600
content-encoding
gzip
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-type
text/html
date
Wed, 21 Sep 2022 19:58:16 GMT
etag
W/"2bc50a03ca7540a3b58c83506ef3305a"
last-modified
Tue, 13 Sep 2022 20:43:10 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
x-amz-cf-id
rdwEaB8xrQRBbFwN2DWeb0M7yixNjphkJ6Wb0Zw8sElS47UtRygyqA==
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
application/xml
date
Wed, 21 Sep 2022 19:58:14 GMT
location
/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
server
AmazonS3
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
x-amz-cf-id
vMFZba6Ohankqz6ZAuLA5wSEmMNb2231LDrs7Xoqohi8ySu99CgvtQ==
x-amz-cf-pop
VIE50-C1
x-cache
Error from cloudfront
2c71194.js
huntr.dev/_nuxt/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/2c71194.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
56e3d9843ca444fd15ada7abb636eac771a4f1c88442215598042a2172eb2a64
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"372b3b9a0e4365f38110af9874f71f1f"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
RHQl6u6gjD-8k08FBe53-gOYnj6ugisn-_phfli0NhfxO4vUvBcCbA==
041d0e7.js
huntr.dev/_nuxt/ 		314 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/041d0e7.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f5ab0d45edae2aadc349fbaf547da2dd376e68c70edab2f778cfcbedd6b6b54c
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"cd63c57f3da40857fbf8940cd4981156"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
_tt7Ri7JGYTAvF4F33wOpRq0B4cm_vov2fSUDBYB-7jfOJG3mA6hLg==
06b2c2f.js
huntr.dev/_nuxt/ 		1 MB
302 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/06b2c2f.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c278fc2756f7d4a5d166505c54e0a6d7d825a969bd241e6454b60afdefe500e0
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"da9a8c7a1018617be05366f03bb76967"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
0SGiGCBIsVEtVHX0f2Wx4q8K-oPDfNNS3ouS4405ogroADtLkEK4Wg==
dd352c8.js
huntr.dev/_nuxt/ 		74 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/dd352c8.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b49647ca17935cfd8f4b81ace833d4ac41bed83aefa112a5f5e06dec1755f8ab
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"b1c08becba69db2d4e35e171d0fc665f"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
wBW9SBHR2OrPu4OR7IZdBxZyKOjt1KLjOphpBrrRwJ_66Ez26_r7lA==
202592b.js
huntr.dev/_nuxt/ 		419 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/202592b.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
740720449f552eee79a5599ce23d81cf4d0ba7d9f71941c65903fe21b82e1e0e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"8256d16bf6632b72365e35885f1d29e1"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
uL9wiYBhqaQSWgkrhQ68W64PV4UVkCi9c8BFeHOhPzV7z4mOWzDfeg==
bbb917f.js
huntr.dev/_nuxt/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/bbb917f.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"be4dba135aeb7cf8e26a4cdd1d35986c"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
BsNjxEU65dP3VQ2YwKyuU4V5O4mvn4vNtftUXm-FPPJgAJM4fjlBYg==
7d13b10.js
huntr.dev/_nuxt/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/7d13b10.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0c6cece955685c5ff23f4c7ffef013bef3313e5bd3b7938f8acc49e49e5dbcbd
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"f673a75cf5f54fd09f3c3102a4ad979c"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
MRWyfG2jj4sm9-1H5QcASLwmIwJyuCibf80Km32Oipuc85RhN2Lwmw==
faf5d44.js
huntr.dev/_nuxt/ 		863 KB
274 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/faf5d44.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fe53a0e8f9c1c6c61aee80e0605b431396992f57cc205d3f79eeff76dd2dbbb7
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"046845c1f4b3e08ec6c8030a12a0d5a9"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
5KpZVYmfv4-MMUe1IMxt7-zZ5DLnUG8k8jAi1brIheA6MtGuI2s2SA==
b7b49a3.js
huntr.dev/_nuxt/ 		54 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/b7b49a3.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
752691a5f3544604fa4e0c630d7bd1dd4077bc34d94ed60b1e17ca2c89f9d084
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"509c72d49b58c4c7d573dda79a3eba5b"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
bEZ8yx3hw6Xl_R5nz9Q0pcFbU0E0YnR6nKKkqYDii7cwzS1HehA1Aw==
state.js
huntr.dev/_nuxt/static/1663100578/bounties/a3b4148f-165f-4583-abed-5568696d99dc/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1663100578/bounties/a3b4148f-165f-4583-abed-5568696d99dc/state.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2efef30846c6400d5c73e2b2730a6d640c8556ff799f4b7b9194ce627761df24
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:52 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"5184605384c2cdf5d6676b9b6aee486c"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
7SiR_Ji1EI3gHMVC_aDZR9y0V5ljFY2tRKCHGLlab-2C7xgsnpbzQw==
payload.js
huntr.dev/_nuxt/static/1663100578/bounties/a3b4148f-165f-4583-abed-5568696d99dc/ 		259 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1663100578/bounties/a3b4148f-165f-4583-abed-5568696d99dc/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
90beda4edf32c6a81232f830f37209eb03fb7ba83bbdae23d627af332eabd174
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:16 GMT
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
259
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:52 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"63dacdba30129d0953f68d0b667fbd46"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
0lWUZfsoY3CVK_6WpuovP1oTjD2p0S-TIzspDJftmB1d6UWi-Bks9A==
manifest.js
huntr.dev/_nuxt/static/1663100578/ 		156 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1663100578/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cc5636ad148856af68c9939793223315481995597a8ed13b903367ff59973f80
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:56 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"028367d1e7ef51e8674b0812979d05ba"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
l_7QWXETDfJyMhbJt_saQLzdKepYN0X1FPolpNYftEj_mdIqC4rU1g==
Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 		240 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/ttf
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
8UbRnUvp8d075Sdx1844QOLNy-kjsre9yGxe6hIg0Qq_XPwleauG_A==
Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 		237 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"c8b6e083af3f94009801989c3739425e"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/ttf
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
Gt1PnYagefMUW2AYhcmXVxHhx1IdWCeMpBuNnTi5uOxxWbWbjU8CSA==
60552590
avatars.githubusercontent.com/u/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/60552590?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ccc4b23b59383b53410d11a2b9251e31e2cd2e8ba428c63674e86400d68355d1
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-fastly-request-id
c29410ad832481c8c4e3a0cb46ad2c5b8ce526f4
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
35858
x-xss-protection
1; mode=block
x-served-by
cache-fra19138-FRA
last-modified
Thu, 17 Feb 2022 15:52:36 GMT
x-github-request-id
0806:EDBD:3651CF:3CB6B9:63205192
x-timer
S1663790296.580180,VS0,VE4
x-frame-options
deny
date
Wed, 21 Sep 2022 19:58:15 GMT
source-age
727876
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"8a121ce6c5b4f853463dcea2728bbbcb5a54afe91006932a4bdf894b4c84c394"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 21 Sep 2022 20:03:15 GMT
5857008
avatars.githubusercontent.com/u/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/5857008?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
74380543ff37718c0d6cb3afba5905df1195ced4a036d451e0de48615d083618
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-fastly-request-id
b3cf9bc2bf9d446fc35a5656d48164ba9b58bce4
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
23602
x-xss-protection
1; mode=block
x-served-by
cache-fra19138-FRA
last-modified
Mon, 28 Jun 2021 08:53:08 GMT
x-github-request-id
080C:55A4:454BB9:48E77A:632A5704
x-timer
S1663790296.580154,VS0,VE1
x-frame-options
deny
date
Wed, 21 Sep 2022 19:58:15 GMT
source-age
71123
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"ad3b2628476fdcbc5cd504398a9d1060648795a5ced77a58d74041d50499832a"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 21 Sep 2022 20:03:15 GMT
55323451
avatars.githubusercontent.com/u/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/55323451?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
13d93c3869631680be7177c6f15caa6468bafeace6b72d736d004c95ea57c62d
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-fastly-request-id
27a8a521a0d43b1aa454af0ff9a98cec8b7ed795
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
17492
x-xss-protection
1; mode=block
x-served-by
cache-fra19138-FRA
last-modified
Fri, 05 Nov 2021 23:22:53 GMT
x-github-request-id
080D:11E45:28A47B:2D2CC9:631FC1ED
x-timer
S1663790296.580333,VS0,VE1
x-frame-options
deny
date
Wed, 21 Sep 2022 19:58:15 GMT
source-age
764650
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"70dd35c5b34af3111326bd6bb12a7108fd0eda1973d3e1caa0f478d601e808ae"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 21 Sep 2022 20:03:15 GMT
25003669
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/appwrite.png
  • https://avatars.githubusercontent.com/u/25003669?v=4
46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/25003669?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
740aeb27689f3eb2c82f701353a65b9a49bba8fe0322d0e5c18f4d914b204a91
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-fastly-request-id
eddb98466f8b370e955e353155ac22eab4610d02
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
47393
x-xss-protection
1; mode=block
x-served-by
cache-fra19138-FRA
last-modified
Tue, 13 Sep 2022 07:33:16 GMT
x-github-request-id
080E:E38C:21AF6B:234714:6329CDBC
x-timer
S1663790296.805476,VS0,VE33
x-frame-options
deny
date
Wed, 21 Sep 2022 19:58:15 GMT
source-age
106268
strict-transport-security
max-age=31557600
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
"8dd11dcac14c03531127c440b43222e439fc65c2301d88d7c4965204ef81bfbc"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 21 Sep 2022 20:03:15 GMT

Redirect headers

date
Wed, 21 Sep 2022 19:58:15 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
D53E:117A5:40BB472:4253045:632B6CD7
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/25003669?v=4
cache-control
no-cache
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-length
0
x-xss-protection
0
analytics.min.js
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		96 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/06b2c2f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.115.169 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-115-169.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a6a28dc168304608065bebf2920b473ceda58ce5e249087e4cfd00e37069617c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id
z5G0zO.X9skgR0hbh6ZsyI38vBDxN8GH
content-encoding
br
etag
W/"3eb96cbd10c2c37acf8cce92e84cb87e"
age
115
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Wed, 31 Aug 2022 20:58:47 GMT
server
AmazonS3
date
Wed, 21 Sep 2022 19:58:16 GMT
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
via
1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
LBsQrfHWhPrJlfp0OX9FjRjfqyxZEPetOdmYfhEx-SD2LXB88v409g==
sdk.js
app.chatwoot.com/packs/js/ 		81 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/packs/js/sdk.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/dd352c8.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
78420a011bbebafa356ef0a6d45fee785af8cc117f1c118953efe652edd4066c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 21 Sep 2022 19:58:15 GMT
Content-Encoding
br
Last-Modified
Wed, 21 Sep 2022 01:31:48 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Connection
keep-alive
Content-Type
application/javascript
Via
1.1 vegur
Cache-Control
public, max-age=31556952
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
25257
/
app.posthog.com/decide/ 		193 B
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/decide/?v=2&ip=1&_=1663790296003
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/06b2c2f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.126.243 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-202-126-243.compute-1.amazonaws.com
Software
/
Resource Hash
bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 21 Sep 2022 19:58:16 GMT
referrer-policy
same-origin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
x-content-type-options
nosniff
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-112.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 21 Sep 2022 19:58:16 GMT
via
1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
x-amz-cf-id
Ipr2Vs-bRgMWBlzgTk4d88-nC3omD_2OPzfWrgja-Y1mJtBs4Ub6jQ==
x-amz-cf-pop
FRA56-P4
x-amzn-requestid
d7028b1d-0701-4f7f-8513-4b9ca840cb72
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-112.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 21 Sep 2022 19:58:16 GMT
via
1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
x-amz-cf-id
LNjN1yTdX8p9DqXJnWE-yHXxUPlMwDjw4sDu2e2o2XUhrA1TdzGTIQ==
x-amz-cf-pop
FRA56-P4
x-amzn-requestid
5bb76bba-ef1b-4e81-81ee-4c308b74ab30
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		196 B
616 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/06b2c2f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-112.fra56.r.cloudfront.net
Software
/
Resource Hash
96aba8c0db904b1efc4e79beac97d4b1106c2029876d9b37a88f59d715e1ed32

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 21 Sep 2022 19:58:17 GMT
via
1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
x-amzn-requestid
6c717ef0-50f0-44eb-9cde-b6907ed39442
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
196
x-amz-cf-id
QeRr7_bDrzXosFXs1Ft_kov0uOOqUeTB4KhOLxKe-EA0rwjQbapmlQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/06b2c2f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-112.fra56.r.cloudfront.net
Software
/
Resource Hash
d0fd601b145274a24f098a345c595bd5544b66e057860ae92687241fa3bcc2ab

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 21 Sep 2022 19:58:17 GMT
via
1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
x-amzn-requestid
353fed06-290b-45f6-9b2e-757bf625e40a
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
4257
x-amz-cf-id
yH1iT-uc8nFEXSmDlMPl4KM_DajQP1IkE7fXzLHUdgxDuEY0ao2K-w==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		31 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/06b2c2f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-112.fra56.r.cloudfront.net
Software
/
Resource Hash
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 21 Sep 2022 19:58:17 GMT
via
1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
x-amzn-requestid
0106904f-3a19-4530-bbe3-923dd6bb8168
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
31
x-amz-cf-id
OKuWuKPk2-3uFpJ1Yt31GG_wwd1k_OtLfhFkNPVOAWX9QO0A9-ziDg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-112.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 21 Sep 2022 19:58:16 GMT
via
1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
x-amz-cf-id
nj_vL0uyctpT-ZXEMvvm3_3ijAx6kEjbAi_mlr7cJ4JooN4Bo3SjLQ==
x-amz-cf-pop
FRA56-P4
x-amzn-requestid
6630a48a-8023-4633-807f-73aa52c2f451
x-cache
Miss from cloudfront
Metropolis-Regular.67a1988.otf
huntr.dev/_nuxt/fonts/ 		23 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Metropolis-Regular.67a1988.otf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"f7b5e589f88206b4bd5cb1408c5362e6"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/otf
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
obmiFZGrejub8h0X02Jy7-twNpl2nSCzf1e1R_3tIRX-T6L7h0tAAw==
64789c0.js
huntr.dev/_nuxt/ 		33 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/64789c0.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2c71194.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2d3f0a59da3ade1b5ba72f112bd793ff7d874ad9450bebd3c2f4f8703474ebb
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"41af3c9ebe263d8f1d041bd90ae461f9"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
TH2R0s8wv4zSyBPUGSgT-RQe7q_P65NLJLDUzpMx5SURnbvfztsozg==
90ffc7c.js
huntr.dev/_nuxt/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/90ffc7c.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2c71194.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d589d1cfd1183c8d6cbc70d793d500f325a4e114b7362d9f7db65e090a120c7
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"d544167a2d1ef69df4029d965cb69931"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
u9XQ_VJvZ31-3i3zB3kSO6nZaJ2V8VensEJTK2PSQdwtAQiH2y2KJQ==
4dab567.js
huntr.dev/_nuxt/ 		68 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/4dab567.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2c71194.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f4982eb597ebc7e4f986223cfadd738dcb6c1c10b075d2b73e46e5c152f406d9
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"935320e2eb0905f96f3ebe658770f1b2"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
1vh7TeMrSa4ng634Zq7I8C-IzCBMkcKmLtP9Nd-MAhXKusZ6E2F_Ig==
payload.js
huntr.dev/_nuxt/static/1663100578/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1663100578/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/06b2c2f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:56 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"126dd630135f2a51a22e58e9f9dbb73b"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
gXiTiaYglZ5tVwR_OP3VsPHzv6fsQkv-4m-87QmEwpl16nQlTBwiMw==
payload.js
huntr.dev/_nuxt/static/1663100578/bounties/ 		70 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1663100578/bounties/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/06b2c2f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
70
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:56 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"ed9a10c88c5ac705aee93e7d26c4fc32"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
0PzbWs2RgsOmacqN5jRU8monJLljPemmMTZpgS40YCbU8nVSFvzUkQ==
settings
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.115.169 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-115-169.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c15d07f9d87fea851ff9306ff597b442e7ca8f6b306acaf6fe753ed259decee4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id
i9_qgm6tEM5rZut_i1KSuO6gKrVDsodO
content-encoding
gzip
etag
W/"749a45c0a89b0126d214cd63e5d896fb"
age
7030
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Thu, 16 Jun 2022 18:54:24 GMT
server
AmazonS3
date
Wed, 21 Sep 2022 18:01:07 GMT
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
via
1.1 cf2071a2896a4f71dbfdbc521d554362.cloudfront.net (CloudFront)
cache-control
public, max-age=10800
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
XOeT3Uce4EUgueh0t-TIEug4sNIPxFs4pA_QygoYoKo3FYRi0aKIjg==
widget
app.chatwoot.com/ Frame E3DE 		6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
6019eb4fdb08821574874b59a19e157ff643d30ad17e783eda36957ceaa50983
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, private, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Wed, 21 Sep 2022 19:58:16 GMT
Etag
W/"6019eb4fdb08821574874b59a19e157f"
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
9b88676b-b5a3-4d56-952c-02482ed7a573
X-Runtime
0.117180
X-Xss-Protection
1; mode=block
53eae28.js
huntr.dev/_nuxt/ 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/53eae28.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2c71194.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
22c9554b30b2d88619261c7ea4ed2c95db567cf3be83f5ea2cbb2087043e2c7b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"e03415387b7aa4d015980949900091f3"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
cKOA2IIapjAcgB217RaQKxkIfRCrKAxnkOAJdKSsojIXgdQzRv3mzQ==
4806a0f.js
huntr.dev/_nuxt/ 		56 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/4806a0f.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2c71194.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b1ca854fdcbbd22814f0b780910cadf03c63f6b86eddaca6e72aa3568c4988fd
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"0eab1fdbc9de4b9da2107683c400703b"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
TyYk09KCHbr8w8nIhTIkzOtQ2gaFe7uiXV36db05vsbg9xgfX0CJ5A==
d25e7cc.js
huntr.dev/_nuxt/ 		138 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/d25e7cc.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2c71194.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8c3baaff57a8d024482677afa23e73c21112b96e424fb538a569fc9928ea106c
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"a9d86bcbabb57e7712c7582d79d79063"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
oXgj4dWhTZN2VQgQH4C8Q0rjiC3HvnO_Q_lgiUrtzF0Mvu78wC_rQA==
payload.js
huntr.dev/_nuxt/static/1663100578/repos/appwrite/appwrite/ 		220 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1663100578/repos/appwrite/appwrite/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/06b2c2f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a1d50dc9d8791a20f8c56759deceead84efb236d3ed636e5456a30a511d30cde
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
220
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:56 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"eeafdaea2a1ff369be35e4ae8105698b"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
_XQxpdyr5zaH2f-7yWh1wq711cNbjKHGJ6_6Goc1eKBTP13zmPL8xA==
payload.js
huntr.dev/_nuxt/static/1663100578/bounties/disclose/ 		79 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1663100578/bounties/disclose/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/06b2c2f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:42:55 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
2fK3YUNLYzl6IiFr2FfYYs2FigFu76rcZLQsU8c2B-AajllxNG52bg==
870.bundle.323974846b6d45afb45e.js
cdn.segment.com/analytics-next/bundles/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/870.bundle.323974846b6d45afb45e.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.115.169 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-115-169.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
85fa85cbca5efaa81351f2e9b1e8e53916644bff91da6ffc762a151247501ebc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:38:35 GMT
content-encoding
br
vary
Accept-Encoding
age
2225982
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Fri, 26 Aug 2022 03:04:21 GMT
server
AmazonS3
etag
W/"d471f2a8b801a51bbc09c91b3f90b749"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
qltndKW7QqDrf8ZSZrei2HuGEvEC2x.O
via
1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA56-P5
content-type
application/javascript
x-amz-cf-id
xHAVf7zUQyHnUuTus3WfmRWcHik0zJeCNLVunKsEFWbyGVxaH-UxQw==
ajs-destination.bundle.35a8f6f19959bf2f455f.js
cdn.segment.com/analytics-next/bundles/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.35a8f6f19959bf2f455f.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.115.169 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-115-169.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9abdea148f6bb2fd5f4d3a947661b46f077584cfc3691deb29fa7cb25d2e00a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Thu, 01 Sep 2022 06:12:31 GMT
content-encoding
br
vary
Accept-Encoding
age
1777545
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Tue, 30 Aug 2022 21:47:48 GMT
server
AmazonS3
etag
W/"e0f89f667fb8d2b50aa8e29a86a4c9b1"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
1ps0Y.cQfeUJnD6vrqu.rtfMUGfr8v9x
via
1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA56-P5
content-type
application/javascript
x-amz-cf-id
g-cqB2pUIoZMWEiBPyP9ErbUebHqeUt111jDgxb-fzZJo6MsNGhT8A==
schemaFilter.bundle.debb169c1abb431faaa6.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.debb169c1abb431faaa6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.115.169 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-115-169.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sat, 30 Jul 2022 15:59:56 GMT
content-encoding
br
vary
Accept-Encoding
age
4593501
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Thu, 28 Jul 2022 21:17:25 GMT
server
AmazonS3
etag
W/"3e448afdfea355c0f19700d04431ce7d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
bdGJW00hoMEULfpND6wyp6DIUgkdrIDO
via
1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA56-P5
content-type
application/javascript
x-amz-cf-id
DO1h0QQi2V3qYOeP6YdnDlxQU100tqJJt248JvoYY3dhA7rYEWMOnQ==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.115.169 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-115-169.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 20:26:36 GMT
content-encoding
gzip
age
1035101
x-cache
Hit from cloudfront
content-length
1336
access-control-allow-origin
*
last-modified
Fri, 09 Sep 2022 18:41:03 GMT
server
AmazonS3
etag
"4cd7c93a55ce331d264d9a857bd044ed"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
eVmGj6lwXFsdEBGhKD9CJz2h_tWyzO1w
via
1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA56-P5
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
htIzFGr1RO-nYiTQX5BbyhYsJMw2TOFox1yCcRx9j2beWn0Z9s0SNg==
sentry.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.115.169 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-115-169.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c2256ca967e5343339a586843799f60c8b3d82c570d2dfba9838a1016d85debf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sun, 28 Aug 2022 01:57:26 GMT
content-encoding
gzip
age
2138451
x-cache
Hit from cloudfront
content-length
1637
access-control-allow-origin
*
last-modified
Mon, 08 Aug 2022 17:49:06 GMT
server
AmazonS3
etag
"3a460c80ebcb314cbb94b79eb9b5e168"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
QS31E9lnpaNZvgIYRxydBB7OTE15A06u
via
1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA56-P5
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
TIambreC9FSqaKpqEAQhLKtHhBar3jyn_uGl0EtijKFailA_O-W4wQ==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.115.169 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-115-169.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 23:07:20 GMT
content-encoding
gzip
age
1025458
x-cache
Hit from cloudfront
content-length
22177
access-control-allow-origin
*
last-modified
Fri, 09 Sep 2022 18:41:00 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
tXP_.JCtnIHvOWplpNdhbzU0oYjwn_PE
via
1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA56-P5
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
mc6yyfxCIf52PWfPkJI3lkC_yns719qnH45VmuNFDR9vtJvDnBLM-A==
commons.54701049fd6fb8497e9e.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.115.169 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-115-169.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sun, 11 Sep 2022 12:27:11 GMT
content-encoding
gzip
age
891067
x-cache
Hit from cloudfront
content-length
22174
access-control-allow-origin
*
last-modified
Wed, 07 Sep 2022 16:00:53 GMT
server
AmazonS3
etag
"7741fd16ad2418cd17ab981f8207b106"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
R2df6m5bWpTPlsiS_YedfUdpNutqbr9x
via
1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA56-P5
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Vntcm_vEiXJfYkniKo4_DyGmeUXKhzqhR9oA7Ks13XV6i-8pCSlPXg==
widget-021fd02ded895d1ff570.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame E3DE 		604 KB
168 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-021fd02ded895d1ff570.js
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:3000:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
78ee838ac4fcfc7978efd6ef8dff5bd0cbf96fba76b9c3e3a905ce4273d87bd4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 01:36:56 GMT
content-encoding
gzip
last-modified
Wed, 21 Sep 2022 01:31:48 GMT
server
Cowboy
age
66081
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
via
1.1 vegur, 1.1 6183f44271d091c21804d467f8a4ce20.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
VIE50-P1
content-length
171853
x-amz-cf-id
ceqafCt9-ns6oG6mnRnla4uLXxbYnu_45mEYzW6kaGf8zD9xw1XOVg==
widget-62de3f31.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame E3DE 		112 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-62de3f31.css
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:3000:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
56adfe951f03977fd032e10949aa48014ea7e01057d364b5af625c4d27e2a14d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 01:36:53 GMT
content-encoding
gzip
last-modified
Wed, 21 Sep 2022 01:31:48 GMT
server
Cowboy
age
66084
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
via
1.1 vegur, 1.1 6183f44271d091c21804d467f8a4ce20.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
VIE50-P1
content-length
15668
x-amz-cf-id
HK5k6F2bvZOgOtlsaBJDhi7cqZZ1k7-y5erUM_wQUBK6d-yPWlGpBQ==
hotjar-2380708.js
static.hotjar.com/c/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-63.fra2.r.cloudfront.net
Software
/
Resource Hash
f01cfc989119bf358354bd3789ec028284e9f9be6b5edcfd73fc3f5603e1c942
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
br
x-content-type-options
nosniff
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=604800; includeSubDomains
access-control-allow-origin
*
x-cache-hit
1
etag
W/1897ad059a52bf15fe67abf090cf56ec
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
x-generation-timing
0.99992752075195
cache-control
max-age=60
x-amz-cf-id
gtPXH-y385x-NjMPAr49wHw1Pqs7uhJAqe5XeRV-MGB8HgKmwJgdpA==
bundle.min.js
browser.sentry-cdn.com/5.12.1/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
16375176
etag
"1c5228c89d281d08aa0ce908f582609a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
17201
expires
Thu, 16 Mar 2023 07:18:39 GMT
p
api.segment.io/v1/ 		21 B
170 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.232.206.179 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-232-206-179.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://huntr.dev
date
Wed, 21 Sep 2022 19:58:17 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
rewriteframes.min.js
browser.sentry-cdn.com/5.12.1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
gzip
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
3064550
etag
"4e240097ab71acf709caa48e23cd6411"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
1807
expires
Mon, 22 Aug 2022 07:32:08 GMT
modules.f4179535429bf14e77ee.js
script.hotjar.com/ 		252 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.f4179535429bf14e77ee.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.2.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-2-62.txl50.r.cloudfront.net
Software
/
Resource Hash
54502058e97eaac693950652b3243bf71346305b1b3c5a2fa479c27dd8d5a73f
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 20 Sep 2022 16:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
100630
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=604800; includeSubDomains
content-length
65420
access-control-allow-origin
*
last-modified
Tue, 20 Sep 2022 16:00:26 GMT
etag
"4a99ec558aff503901b33da3d9b4ec1b"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 a7a57ed5dae93341c1cc3784ae7d9628.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
TXL50-P1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
CdCLwmPl4-iblywocQmCBtT52ppKa5A5YOv3nxQz73RxsCRWmpJ62Q==
box-69edcc3187336f9b0a3fbb4c73be9fe6.html
vars.hotjar.com/ Frame 4CB2 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-29.fra60.r.cloudfront.net
Software
/
Resource Hash
867b23a408fa99143955de5665345cda886857174c328d2828e5dcd33bd98cd1
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1248070
cache-control
max-age=31536000
content-encoding
br
content-length
1044
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 07 Sep 2022 09:17:07 GMT
etag
"f6a9ca04b0687ea3c0d98e8430c8c77b"
last-modified
Wed, 07 Sep 2022 09:16:57 GMT
strict-transport-security
max-age=604800; includeSubDomains
vary
Accept-Encoding
via
1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-id
n7YKwtujUPXWl-lN33TRKIrV2HXyrq_OkvK4A3jHzvf-Tl2-v01_iw==
x-amz-cf-pop
FRA60-P4
x-cache
Hit from cloudfront
x-robots-tag
none
hackerone-logo.svg
huntr.dev/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://huntr.dev/img/hackerone-logo.svg
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5343e2cd836bd5a2bb09cdcb03e20099184ed43e462025c949bbbf8456357167
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:43:15 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"c28e7833f24dbdd51f12c244b839e790"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/svg+xml
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
5ii63ZGvP_W1cOif01YlBvGLoodn0mcJY199Z9de9TD-aaLHSqWCWQ==
bugcrowd.png
huntr.dev/img/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://huntr.dev/img/bugcrowd.png
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:7800:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e5aa7902876feb8103ba59b12e5adb8214bbe0820279b5fbbb3e6773c366e402
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:18 GMT
via
1.1 7b574fc6db5d0840d90b97dd76cc56ec.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
17382
x-xss-protection
1; mode=block
last-modified
Tue, 13 Sep 2022 20:43:14 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"23ed59338c577f4b7ff6c2a704ba7f21"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
Px3FxtR7fRepVOhtw2mdMX6c4Xl6RiAcXNpwp2fD4-s-_d6kwXtJ9w==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
447 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-112.fra56.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 21 Sep 2022 19:58:17 GMT
via
1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
x-amzn-requestid
8ea23fb7-27f6-4816-a546-2f38b373f03e
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
8oEZBmUcEw-tDZzv39zC9rj7cV8EifV8FhaApPkUXvDd_rEqhyGAlQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-112.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 21 Sep 2022 19:58:17 GMT
via
1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
x-amz-cf-id
QTEiFrTVUeQtREM_k1D2FG1GmaSY8opV79DckTpwipoZPZaDcc-pIA==
x-amz-cf-pop
FRA56-P4
x-amzn-requestid
f60611a0-d771-4a01-a368-a91c126f8f26
x-cache
Miss from cloudfront
14-ed94cc2d.chunk.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame E3DE 		1 KB
862 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/14-ed94cc2d.chunk.css
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-021fd02ded895d1ff570.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:3000:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
30911cb2d9e297e499d784546c72d5ab1b4f01328a42a00079d0dace487819cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 01:37:00 GMT
content-encoding
gzip
last-modified
Wed, 21 Sep 2022 01:31:48 GMT
server
Cowboy
age
66076
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
via
1.1 vegur, 1.1 6183f44271d091c21804d467f8a4ce20.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
VIE50-P1
content-length
471
x-amz-cf-id
HPRt_myzldLap9RcETuTXEQQVJRmNNhVxl7iD09USVZ5GSexxoIK9w==
14-72f98a6bd97b0c30c82e.chunk.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame E3DE 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/14-72f98a6bd97b0c30c82e.chunk.js
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-021fd02ded895d1ff570.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:3000:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
7d1838e469bb1d69a5b0da7fced170da646738db8bc45532b09bc81998e27202
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 20 Sep 2022 05:05:22 GMT
content-encoding
gzip
last-modified
Tue, 20 Sep 2022 05:00:19 GMT
server
Cowboy
age
139975
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
via
1.1 vegur, 1.1 6183f44271d091c21804d467f8a4ce20.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
VIE50-P1
content-length
4040
x-amz-cf-id
cnn9jLxyNjscAGrp9IMdSKGAPxebbhX1joYlRy5bxKUsFTQdd1A2Pg==
conversations
app.chatwoot.com/api/v1/widget/ Frame E3DE 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-021fd02ded895d1ff570.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NzMxYTg3YS1kMzI0LTQxZjYtOTcyZi1hODM2OGZmNzdlODgiLCJpbmJveF9pZCI6MTQxMn0.MUCWujigH24fVmHenD8-84fchXeNaSIiLa-PHuSdLg8
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 21 Sep 2022 19:58:16 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
509273bf-7e46-41fb-a07f-320267b0e845
X-Runtime
0.014773
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
truncated
/ 		424 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/png
messages
app.chatwoot.com/api/v1/widget/ Frame E3DE 		14 B
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-021fd02ded895d1ff570.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NzMxYTg3YS1kMzI0LTQxZjYtOTcyZi1hODM2OGZmNzdlODgiLCJpbmJveF9pZCI6MTQxMn0.MUCWujigH24fVmHenD8-84fchXeNaSIiLa-PHuSdLg8
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 21 Sep 2022 19:58:16 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
be5659c5-ce25-4114-954e-f0f640aad852
X-Runtime
0.024531
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"258153158e38e3291e3d48162225fcdb"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
inbox_members
app.chatwoot.com/api/v1/widget/ Frame E3DE 		959 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-021fd02ded895d1ff570.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NzMxYTg3YS1kMzI0LTQxZjYtOTcyZi1hODM2OGZmNzdlODgiLCJpbmJveF9pZCI6MTQxMn0.MUCWujigH24fVmHenD8-84fchXeNaSIiLa-PHuSdLg8
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 21 Sep 2022 19:58:17 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
c086c794-b9b3-4917-bbed-b35a977891e1
X-Runtime
0.044302
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"76f1b39cfb3063a87ebc0b127fdedbf2"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
contact
app.chatwoot.com/api/v1/widget/ Frame E3DE 		75 B
720 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-021fd02ded895d1ff570.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
6884d513e322d141d5da4d2178f8723818d4c5a0e540f624ed66ebd4f9636b98
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NzMxYTg3YS1kMzI0LTQxZjYtOTcyZi1hODM2OGZmNzdlODgiLCJpbmJveF9pZCI6MTQxMn0.MUCWujigH24fVmHenD8-84fchXeNaSIiLa-PHuSdLg8
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 21 Sep 2022 19:58:17 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
cee5d5ef-63db-42e9-8eed-a7cc5a8580e5
X-Runtime
0.027963
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"6884d513e322d141d5da4d2178f87238"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
campaigns
app.chatwoot.com/api/v1/widget/ Frame E3DE 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-021fd02ded895d1ff570.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NzMxYTg3YS1kMzI0LTQxZjYtOTcyZi1hODM2OGZmNzdlODgiLCJpbmJveF9pZCI6MTQxMn0.MUCWujigH24fVmHenD8-84fchXeNaSIiLa-PHuSdLg8
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 21 Sep 2022 19:58:17 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
a0ce38c5-5256-4e83-be9b-6cb59e4461e3
X-Runtime
0.015352
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
visit-data
in.hotjar.com/api/v2/client/sites/2380708/ 		148 B
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://in.hotjar.com/api/v2/client/sites/2380708/visit-data?sv=6
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.35.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-35-143.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
46354f041f1d15b2ef3ae63228cb7116fa498f180ea9e49e442f1a561aedf7d2

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
content-encoding
br
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store
access-control-allow-credentials
true
2380708
vc.hotjar.io/sessions/ 		0
258 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/2380708?s=0.25&r=0.13534552322795657
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.79.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-79-40.txl50.r.cloudfront.net
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 19:58:17 GMT
via
1.1 6036a7a2fb095f4c9dc3eed21d4553d0.cloudfront.net (CloudFront)
server
Python/3.7 aiohttp/3.5.4
x-amz-cf-pop
TXL50-P2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
hhV-NoYgy9PVM-r9z-Qls5Jo4v2GxorW7k_t0dVSVhsPgvE4sZBlXw==
57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e
prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/ Frame E3DE
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filenam...
18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220921%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220921T195817Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=24f6086e1c2743f05c8c6f1a907b32ea2cc114575cd238492605ddea3a759c9e
Protocol
HTTP/1.1
Server
52.217.161.97 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Wed, 21 Sep 2022 19:58:19 GMT
Last-Modified
Wed, 30 Mar 2022 16:04:43 GMT
Server
AmazonS3
x-amz-request-id
6VGD54KTHNNS3883
ETag
"46905dbd95a052f59e14b7dec8b50a6a"
Content-Type
image/png
Content-Disposition
inline; filename="New Project %2816%29.png"; filename*=UTF-8''New%20Project%20%2816%29.png
Accept-Ranges
bytes
Content-Length
18903
x-amz-id-2
7Ca5XFgVtBhRFo8Pb5li0tRowO/q0Yb3zHBWHkDza9XyeX4UmjAN981O5hYkForqgpEYlSsg/b8=

Redirect headers

Date
Wed, 21 Sep 2022 19:58:17 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
1077dff8-bb8a-455f-846a-7d02e91d4c91
X-Runtime
0.033468
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220921%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220921T195817Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=24f6086e1c2743f05c8c6f1a907b32ea2cc114575cd238492605ddea3a759c9e
Cache-Control
max-age=300, private
logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame E3DE 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.chatwoot.com/brand-assets/logo_thumbnail.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 21 Sep 2022 19:58:17 GMT
Via
1.1 vegur
Last-Modified
Wed, 21 Sep 2022 01:23:28 GMT
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/svg+xml
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
916
content
ws14.hotjar.com/api/v2/sites/2380708/recordings/ 		0
0
/
app.posthog.com/e/ 		13 B
293 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1663790299041
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.126.243 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-202-126-243.compute-1.amazonaws.com
Software
/
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 21 Sep 2022 19:58:19 GMT
referrer-policy
same-origin
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
content-length
13
x-content-type-options
nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ws14.hotjar.com
URL
https://ws14.hotjar.com/api/v2/sites/2380708/recordings/content

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ function| MarkdownHeaderButtonElement function| MarkdownBoldButtonElement function| MarkdownItalicButtonElement function| MarkdownQuoteButtonElement function| MarkdownCodeButtonElement function| MarkdownLinkButtonElement function| MarkdownImageButtonElement function| MarkdownUnorderedListButtonElement function| MarkdownOrderedListButtonElement function| MarkdownTaskListButtonElement function| MarkdownMentionButtonElement function| MarkdownRefButtonElement function| MarkdownStrikethroughButtonElement function| MarkdownToolbarElement function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ function| _ object| analytics object| chatwootSettings object| $nuxt object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| chatwootSDK object| $chatwoot object| hotjarDeps function| hotjarLoader object| sentryDeps function| sentryLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| sentryIntegration object| Sentry object| __SENTRY__ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules function| playAudioAlert

10 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%2218361a12bc06aa-0c47a3e568384a-6b3f5152-1d4c00-18361a12bc17d3%22%2C%22%24device_id%22%3A%2218361a12bc06aa-0c47a3e568384a-6b3f5152-1d4c00-18361a12bc17d3%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1663790296023%2C%2218361a12bd8a9a-0cf4ae44348fec-6b3f5152-1d4c00-18361a12bd9761%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
.huntr.dev/ Name: ajs_anonymous_id
Value: 36029b76-805a-43fe-8530-75c11e709408
huntr.dev/ Name: cw_conversation
Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NzMxYTg3YS1kMzI0LTQxZjYtOTcyZi1hODM2OGZmNzdlODgiLCJpbmJveF9pZCI6MTQxMn0.MUCWujigH24fVmHenD8-84fchXeNaSIiLa-PHuSdLg8
.huntr.dev/ Name: _hjSessionUser_2380708
Value: eyJpZCI6ImFhNGYyYmZmLWE2ZjEtNWVlZS04MDdkLTNkMzQ4ZGFmMzJkNSIsImNyZWF0ZWQiOjE2NjM3OTAyOTc0NDgsImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/ Name: _hjFirstSeen
Value: 1
huntr.dev/ Name: _hjIncludedInSessionSample
Value: 1
.huntr.dev/ Name: _hjSession_2380708
Value: eyJpZCI6IjY2NGE5MDg1LWZjMDctNDUzNS1iZGEzLWJmNjNlMWI5YjMyMiIsImNyZWF0ZWQiOjE2NjM3OTAyOTc1MTksImluU2FtcGxlIjp0cnVlfQ==
huntr.dev/ Name: _hjIncludedInPageviewSample
Value: 1
.huntr.dev/ Name: _hjAbsoluteSessionInProgress
Value: 1

3 Console Messages

Source Level URL
Text
network error URL: https://script.hotjar.com/modules.f4179535429bf14e77ee.js(Line 1)
Message:
WebSocket connection to 'wss://ws14.hotjar.com/api/v2/client/ws' failed: Error during WebSocket handshake: Unexpected response code: 503
javascript error URL: https://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc/
Message:
Access to XMLHttpRequest at 'https://ws14.hotjar.com/api/v2/sites/2380708/recordings/content' from origin 'https://huntr.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://ws14.hotjar.com/api/v2/sites/2380708/recordings/content
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
github.com
huntr.dev
in.hotjar.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
vc.hotjar.io
ws14.hotjar.com
ws14.hotjar.com
13.225.78.63
140.82.121.4
18.64.79.40
18.66.115.169
18.66.147.29
18.66.2.62
2600:9000:206e:7800:14:bb32:5f00:93a1
2600:9000:2304:3000:7:dce7:b680:21
2606:50c0:8003::154
2a04:4e42:400::729
34.202.126.243
44.232.206.179
52.217.161.97
52.222.236.112
54.161.241.46
54.229.35.143
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
0c6cece955685c5ff23f4c7ffef013bef3313e5bd3b7938f8acc49e49e5dbcbd
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
13d93c3869631680be7177c6f15caa6468bafeace6b72d736d004c95ea57c62d
1d589d1cfd1183c8d6cbc70d793d500f325a4e114b7362d9f7db65e090a120c7
22c9554b30b2d88619261c7ea4ed2c95db567cf3be83f5ea2cbb2087043e2c7b
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
2efef30846c6400d5c73e2b2730a6d640c8556ff799f4b7b9194ce627761df24
30911cb2d9e297e499d784546c72d5ab1b4f01328a42a00079d0dace487819cd
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46354f041f1d15b2ef3ae63228cb7116fa498f180ea9e49e442f1a561aedf7d2
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5343e2cd836bd5a2bb09cdcb03e20099184ed43e462025c949bbbf8456357167
54502058e97eaac693950652b3243bf71346305b1b3c5a2fa479c27dd8d5a73f
54e3ca883f7e7be9d2602b06007e855319cc054dc38fea83ebf7c7f2a44a12b2
56adfe951f03977fd032e10949aa48014ea7e01057d364b5af625c4d27e2a14d
56e3d9843ca444fd15ada7abb636eac771a4f1c88442215598042a2172eb2a64
6019eb4fdb08821574874b59a19e157ff643d30ad17e783eda36957ceaa50983
6884d513e322d141d5da4d2178f8723818d4c5a0e540f624ed66ebd4f9636b98
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
740720449f552eee79a5599ce23d81cf4d0ba7d9f71941c65903fe21b82e1e0e
740aeb27689f3eb2c82f701353a65b9a49bba8fe0322d0e5c18f4d914b204a91
74380543ff37718c0d6cb3afba5905df1195ced4a036d451e0de48615d083618
752691a5f3544604fa4e0c630d7bd1dd4077bc34d94ed60b1e17ca2c89f9d084
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f
78420a011bbebafa356ef0a6d45fee785af8cc117f1c118953efe652edd4066c
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
78ee838ac4fcfc7978efd6ef8dff5bd0cbf96fba76b9c3e3a905ce4273d87bd4
7d1838e469bb1d69a5b0da7fced170da646738db8bc45532b09bc81998e27202
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
85fa85cbca5efaa81351f2e9b1e8e53916644bff91da6ffc762a151247501ebc
867b23a408fa99143955de5665345cda886857174c328d2828e5dcd33bd98cd1
8c3baaff57a8d024482677afa23e73c21112b96e424fb538a569fc9928ea106c
90beda4edf32c6a81232f830f37209eb03fb7ba83bbdae23d627af332eabd174
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
96aba8c0db904b1efc4e79beac97d4b1106c2029876d9b37a88f59d715e1ed32
9abdea148f6bb2fd5f4d3a947661b46f077584cfc3691deb29fa7cb25d2e00a6
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
a1d50dc9d8791a20f8c56759deceead84efb236d3ed636e5456a30a511d30cde
a2d3f0a59da3ade1b5ba72f112bd793ff7d874ad9450bebd3c2f4f8703474ebb
a6a28dc168304608065bebf2920b473ceda58ce5e249087e4cfd00e37069617c
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b1ca854fdcbbd22814f0b780910cadf03c63f6b86eddaca6e72aa3568c4988fd
b49647ca17935cfd8f4b81ace833d4ac41bed83aefa112a5f5e06dec1755f8ab
bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b
c15d07f9d87fea851ff9306ff597b442e7ca8f6b306acaf6fe753ed259decee4
c2256ca967e5343339a586843799f60c8b3d82c570d2dfba9838a1016d85debf
c278fc2756f7d4a5d166505c54e0a6d7d825a969bd241e6454b60afdefe500e0
cc5636ad148856af68c9939793223315481995597a8ed13b903367ff59973f80
ccc4b23b59383b53410d11a2b9251e31e2cd2e8ba428c63674e86400d68355d1
d0fd601b145274a24f098a345c595bd5544b66e057860ae92687241fa3bcc2ab
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5aa7902876feb8103ba59b12e5adb8214bbe0820279b5fbbb3e6773c366e402
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42
f01cfc989119bf358354bd3789ec028284e9f9be6b5edcfd73fc3f5603e1c942
f4982eb597ebc7e4f986223cfadd738dcb6c1c10b075d2b73e46e5c152f406d9
f5ab0d45edae2aadc349fbaf547da2dd376e68c70edab2f778cfcbedd6b6b54c
fe53a0e8f9c1c6c61aee80e0605b431396992f57cc205d3f79eeff76dd2dbbb7