urlscan.io logo urlscan.io
SecurityTrails logo

huntr.dev Open in urlscan Pro
2600:9000:201a:400:14:bb32:5f00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Submission: On February 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 11 domains to perform 68 HTTP transactions. The main IP is 2600:9000:201a:400:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon on December 26th 2022. Valid for: a year.
This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 26 2600:9000:201... 16509 (AMAZON-02)
1 1 140.82.121.3 36459 (GITHUB)
3 2606:50c0:800... 54113 (FASTLY)
7 13.224.192.183 16509 (AMAZON-02)
1 9 54.161.241.46 14618 (AMAZON-AES)
2 34.231.195.90 14618 (AMAZON-AES)
12 13.225.78.45 16509 (AMAZON-02)
1 13.225.78.63 16509 (AMAZON-02)
2 2a04:4e42:200... 54113 (FASTLY)
1 52.25.245.106 16509 (AMAZON-02)
1 13.32.27.107 16509 (AMAZON-02)
1 13.224.189.80 16509 (AMAZON-02)
4 2600:9000:20e... 16509 (AMAZON-02)
1 54.231.73.11 16509 (AMAZON-02)
68 13
26    2600:9000:201a:400:14:bb32:5f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
huntr.dev
1    140.82.121.3 (Frankfurt am Main, Germany)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-3-fra.github.com
github.com
3    2606:50c0:8001::154 (United States)

ASN54113 (FASTLY, US)
avatars.githubusercontent.com
7    13.224.192.183 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-183.fra2.r.cloudfront.net
cdn.segment.com
9    54.161.241.46 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-241-46.compute-1.amazonaws.com
app.chatwoot.com
2    34.231.195.90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-195-90.compute-1.amazonaws.com
app.posthog.com
12    13.225.78.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-45.fra2.r.cloudfront.net
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
1    13.225.78.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-63.fra2.r.cloudfront.net
static.hotjar.com
2    2a04:4e42:200::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    52.25.245.106 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-245-106.us-west-2.compute.amazonaws.com
api.segment.io
1    13.32.27.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-107.fra56.r.cloudfront.net
script.hotjar.com
1    13.224.189.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-80.fra2.r.cloudfront.net
vars.hotjar.com
4    2600:9000:20eb:f800:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)
d3tq67kexc2w2i.cloudfront.net
1    54.231.73.11 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
Apex Domain
Subdomains		 Transfer
26 huntr.dev
huntr.dev
1 MB
13 amazonaws.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com — Cisco Umbrella Rank: 727238
23 KB
9 chatwoot.com
app.chatwoot.com — Cisco Umbrella Rank: 234012
43 KB
7 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1471
60 KB
4 cloudfront.net
d3tq67kexc2w2i.cloudfront.net
212 KB
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 671
script.hotjar.com — Cisco Umbrella Rank: 836
vars.hotjar.com — Cisco Umbrella Rank: 1036
74 KB
3 githubusercontent.com
avatars.githubusercontent.com — Cisco Umbrella Rank: 9589
298 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4426
19 KB
2 posthog.com
app.posthog.com — Cisco Umbrella Rank: 27929
769 B
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1104
170 B
1 github.com
github.com — Cisco Umbrella Rank: 2697
3 KB
68 11
Domain Requested by
26 huntr.dev 1 redirects huntr.dev
12 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.dev
browser.sentry-cdn.com
9 app.chatwoot.com 1 redirects huntr.dev
app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
7 cdn.segment.com huntr.dev
cdn.segment.com
4 d3tq67kexc2w2i.cloudfront.net app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
3 avatars.githubusercontent.com huntr.dev
2 browser.sentry-cdn.com cdn.segment.com
2 app.posthog.com huntr.dev
browser.sentry-cdn.com
1 prod-chatwoot-assets.s3.amazonaws.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 api.segment.io cdn.segment.com
1 static.hotjar.com cdn.segment.com
1 github.com 1 redirects
68 14
Subject Issuer Validity Valid
*.huntr.dev
Amazon		 2022-12-26 -
2024-01-24		 a year crt.sh
*.github.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-07 -
2023-04-07		 a year crt.sh
*.segment.com
Amazon		 2022-12-13 -
2024-01-12		 a year crt.sh
app.chatwoot.com
R3		 2023-01-11 -
2023-04-11		 3 months crt.sh
app.posthog.com
Amazon		 2022-06-01 -
2023-06-30		 a year crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon		 2022-12-07 -
2024-01-05		 a year crt.sh
*.hotjar.com
Amazon		 2022-10-25 -
2023-11-23		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2022 Q3		 2022-09-28 -
2023-10-30		 a year crt.sh
*.segment.io
Amazon RSA 2048 M01		 2023-02-10 -
2024-02-10		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh

This page contains 3 frames:

Primary Page: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Frame ID: F94B2A203F42ED87325843E4E2535C1A
Requests: 49 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: 75C7BD8D67CC567E654C240AA35E6016
Requests: 12 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html
Frame ID: 0FDFEDB58C44C9E00DF14563621176A9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Stored Cross Site Scripting in the username vulnerability found in wallabag

Page URL History Show full URLs

  1. https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e HTTP 301
    https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

68
Requests

97 %
HTTPS

29 %
IPv6

11
Domains

14
Subdomains

13
IPs

2
Countries

2039 kB
Transfer

6067 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e HTTP 301
    https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://github.com/wallabag.png HTTP 302
  • https://avatars.githubusercontent.com/u/4143872?v=4
Request Chain 64
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0d564/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--0ebc19c01420fe8a8c6a202fcf9e63947dea59fd/New%20Project%20(16).png HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230214%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230214T210430Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=59853b457f7d66f71537f39a2531e103b64d18d16e2deb5375144a65b3b4f41e

68 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Redirect Chain
  • https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e
  • https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
183 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8388917b16b511e0b18a48ced1f1f96b581e9ad738394ee6fe78eddce1a65ab5
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=600
content-encoding
gzip
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-type
text/html
date
Tue, 14 Feb 2023 21:04:28 GMT
etag
W/"d6bb3a72f6a2ae26e85f33170f581d49"
last-modified
Fri, 10 Feb 2023 02:38:21 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-id
RYpeBA6gjOwmKW3GNefvFB7BaOzGxLyAotI-xMlrxsOngS5GdOW6Gw==
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
application/xml
date
Tue, 14 Feb 2023 21:04:27 GMT
location
/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
server
AmazonS3
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-id
XCDUIM0txnJZpbynT7lKWoyvk-p4ALtaRWw8_xG-dTFB3ZI36MG2cw==
x-amz-cf-pop
FCO50-C2
x-cache
Miss from cloudfront
b8d5b9d.js
huntr.dev/_nuxt/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/b8d5b9d.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e23f546ba9dcdb6b8ae002ed8ae4afd24f75311cf865c55ec5b4b5171e7c63af
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"b9673cfeefa8436e23aaeb9cc76b8c86"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
WiNtpzLZPkfbwdk8HTbqxhNcAjj_0YjozsxGtw_lGgnFsz-ga-hXKw==
2640148.js
huntr.dev/_nuxt/ 		314 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/2640148.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bba8395e3ff6cd593db373542600d1dfbba93d682b869fd62d5447beec5418e2
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"9557c1a88c9c4ce02e84083918b28dd8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
lrFvt0XRj7601lFbCWcNcJGlTTsU8mQvqGuc_Z5KsXUEAMjwLNvudQ==
67dce39.js
huntr.dev/_nuxt/ 		1 MB
304 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/67dce39.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1f1fe8d46c542e0999ef6ef7cd6b102ca58dc1d6828623eb05ce6a5a6e8050b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"b95addda2ca6c0461a366048d15f0b59"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
yZQHz_t_9BGU3zF8lOrIf06RB6OwE6RJWP6uR4T-q_aUBYUYB-Y3aw==
52a5048.js
huntr.dev/_nuxt/ 		87 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/52a5048.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a5a227e09482d6f8d659e38cde62deb3b7e5f0a5e3fe5aaadb2475e204d301a2
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"c3d7af5efdb1ce61850f54ca36798109"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
Ced_P3hcsXJZlBm24SlBWCMOccPw_B3t4XyesGzE7WKhro2UVL-33g==
bbc0171.js
huntr.dev/_nuxt/ 		433 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/bbc0171.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0c96d915c0b82409934249392c59e4c12b8a4f5c15407796b6d1de4d8f4a9f69
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"4a690a0f13c3ff0b03f32b8620fee2cb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
vceACMT0tHCfdh9PM-QevQNv5ABWNWpbBWlCEFnYXb93D5XlhkRxHg==
bbb917f.js
huntr.dev/_nuxt/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/bbb917f.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"be4dba135aeb7cf8e26a4cdd1d35986c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
aR7FP0rIgPhU3L_ea3OSTGoDAZt1VtPSCnpOoTP7C9bO_pilCo8mng==
85fe928.js
huntr.dev/_nuxt/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/85fe928.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8fc41ef264ddccfe94db0a654e22d99217e98cb5a79e2a50f2f6a339c40194dc
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"4186abd74bcb67e4852866536c42245c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
lHfukJKzGsnw7RQRO2oySfROnMHwpiI-yl494zylUHyfDAuhrJXqww==
dcd51fa.js
huntr.dev/_nuxt/ 		863 KB
273 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/dcd51fa.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7123c9d31dbf4fbadf10ab3fec13ac98b4a9566d2c010278fc3c6b630ff133dd
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"6e7beefe5ce3ccfac8ba96b604ee18a2"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
FG7OpWUaHGAssWZ9jM1aSeaJkT1VixkqdD4e2ymoRoc-vVAuqvMxZQ==
6d5cbc8.js
huntr.dev/_nuxt/ 		74 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/6d5cbc8.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cb3227b6083c8f08881e7d37c6ad8e309453f16a69490c8d9b8a7af526114742
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"22fd22d2cf20d80129e0028a2d61cc30"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
KCr3m3e22MzVjcObYxK5SmoL9eI9x_FNFns50Xw5ay2Z7vJfmDdVPg==
state.js
huntr.dev/_nuxt/static/1675995477/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1675995477/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/state.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0122ceada19ac72b0360798fee2a67c0786a6f058eb517e7f26053c4dd59e61f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:38:07 GMT
server
AmazonS3
etag
W/"3497cfb1161ee148f14a6c66998b3bd1"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
5hAmH2ObKTGQTPlOg-qslAva7mEuCqS4B0Sm7wUk-PuadMI_73enKA==
payload.js
huntr.dev/_nuxt/static/1675995477/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/ 		259 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1675995477/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
94dc3e6ff765ac4a6aa5685d2cfbed483477efc69b766e99fa8e549648175c2f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
259
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:38:07 GMT
server
AmazonS3
etag
"72eaf04e038a7809ac0318154d0b2b9c"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
wkjP7rAS_6rspSfg8meKxqjAMQnH5ufopMUF1RDHx4XEUHOlPChVbw==
manifest.js
huntr.dev/_nuxt/static/1675995477/ 		180 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1675995477/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
154096db14e14bfacb70e3479e183dcf53de62ebb2e1be727a3b4eefe5b3e7d8
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:38:12 GMT
server
AmazonS3
etag
W/"15d926e585362f7dbaea82952345eafe"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
M2LB1QULXz4NOY6DbRGezEBHzpdQ3WB1-mDY7dHi6xQbNFwwAiCOEw==
Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 		240 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
VeabOV5RLGE2W3AEYoAuB7xKoaOmoaRQZoLLmat1KB1E3Yba7NB8ng==
Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 		237 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
age
65
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"c8b6e083af3f94009801989c3739425e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
xGszzXgOFVy3UUyDdXYsQ19zg1E6Tqf8xHmlzjfSXVnB0CbDHpi9GQ==
4143872
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/wallabag.png
  • https://avatars.githubusercontent.com/u/4143872?v=4
11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/4143872?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ff14ffef1a1a0adc15787b24e736e4b60361a1bd658eca92917b9ade2437c209
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-fastly-request-id
86e8a89893bbd68da403c9fa7e89ceb8a48ce270
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Tue, 14 Feb 2023 21:04:28 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
content-length
11615
x-xss-protection
1; mode=block
x-served-by
cache-hhn-etou8220057-HHN
last-modified
Sat, 15 Aug 2015 06:35:13 GMT
x-github-request-id
E1E4:1761:5DE36C:9AB402:63C62946
x-timer
S1676408668.237430,VS0,VE1
etag
"50da22d789ef65020e4c94ece877f58a1efd8bd3d872de3778c9d4e128584d93"
source-age
2477590
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 14 Feb 2023 21:09:28 GMT

Redirect headers

date
Tue, 14 Feb 2023 21:03:24 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id
88C4:1B0C:4DF308C:506CD30:63EBF75C
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/4143872?v=4
cache-control
no-cache
content-length
0
x-xss-protection
0
62333
avatars.githubusercontent.com/u/ 		270 KB
270 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/62333?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca6efa4e435e81a871833ab7b23214574d7bdcde94e1d95768542beaf5b936f5
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-fastly-request-id
3b6a07457dd2744066defba67cbb72b740793fc0
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Tue, 14 Feb 2023 21:04:28 GMT
via
1.1 varnish
x-cache-hits
0
x-cache
MISS
content-length
276097
x-xss-protection
1; mode=block
x-served-by
cache-hhn-etou8220057-HHN
last-modified
Mon, 04 Jul 2011 08:17:20 GMT
x-github-request-id
1F8A:8801:EF286:161177:63EBF75C
x-timer
S1676408668.202100,VS0,VE100
source-age
0
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 14 Feb 2023 21:09:28 GMT
53917092
avatars.githubusercontent.com/u/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/53917092?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1e4ec3c3f52c0c321669a27bf0b574634e9617d2b12a9ffee906baf963ee623e
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-fastly-request-id
0f82f345edade0a53ef57729f6127f1f0a6ea86b
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Tue, 14 Feb 2023 21:04:28 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
content-length
16241
x-xss-protection
1; mode=block
x-served-by
cache-hhn-etou8220057-HHN
last-modified
Sat, 05 Jun 2021 19:33:01 GMT
x-github-request-id
FD98:0A67:67706D:851DAA:63DC5036
x-timer
S1676408668.202094,VS0,VE5
etag
"754f69075cd98c090171165799422fcf523fb52ea2497c342a24a30d537a55eb"
source-age
1025830
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 14 Feb 2023 21:09:28 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		103 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/67dce39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.192.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-192-183.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
10fec930c098c01da40b61441ce4679014fa7adbbaa6cf3f5e09101f90227c2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-amz-version-id
G_1DMyYqVsmCePV85Iei2fhASPc1JgKD
content-encoding
br
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
date
Tue, 14 Feb 2023 21:04:18 GMT
x-amz-cf-pop
FRA2-C1
age
11
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 25 Jan 2023 11:36:40 GMT
server
AmazonS3
etag
W/"2cf433ab6068a7fc47fa9fed7df0935d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
8IC35wnQ8cKdyRdZ2bjUPD-kq-LC0QvOTb9ESxxmZGcTAAaMPpkGqw==
sdk.js
app.chatwoot.com/packs/js/ 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/packs/js/sdk.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/52a5048.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4ab40fa57b763f378e00bd54688d1ff01d6968b467e885bc133cf60877c88c71
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Tue, 14 Feb 2023 21:04:28 GMT
Content-Encoding
br
Via
1.1 vegur
Strict-Transport-Security
max-age=63072000; includeSubDomains
Last-Modified
Mon, 13 Feb 2023 08:44:22 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Content-Type
application/javascript
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
29315
/
app.posthog.com/decide/ 		239 B
498 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/decide/?v=2&ip=1&_=1676408668596
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/67dce39.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.195.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-231-195-90.compute-1.amazonaws.com
Software
/
Resource Hash
e39e46684de1d904f143b7e5598c153b851a70188e0d720cc5c288a447dffcaa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 14 Feb 2023 21:04:28 GMT
x-content-type-options
nosniff
referrer-policy
same-origin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 14 Feb 2023 21:04:28 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-id
UDWbotEDoMANnLIxK6yPMYImGqZiZYLn_aga7GiPBBM3gLSsMoLV0w==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
cf76661d-266e-45cc-b68e-ec4ef207c7d2
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 14 Feb 2023 21:04:28 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-id
fZR8agysbHq7pPVVwQRf7oM5oAoM2t4wmLhDWxOd2nd6AHgLV0NdKg==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
c0a229a0-7e70-47d4-b21b-b7513301a6dd
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 14 Feb 2023 21:04:28 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-id
IF5OKIS5lqMZhLpJ-c7g8Ds0WDoJAPNsSeRMu3QTXBZuEltcHhi9tQ==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
13547635-94f3-4ae4-944b-5a930bd7b069
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		213 B
634 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/67dce39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
ee4811054910e7c124efb8f914812b82e28025c9d049aef3109fb823744c2b53

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Tue, 14 Feb 2023 21:04:29 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
bbdbab8f-34ea-4155-953c-3c7c4d4123dd
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
213
x-amz-cf-id
SQhzcKRKsEGEBr-FdRyLZ-NtyNkCCMpBPUi0kwOkKIRcraY2V4q2yA==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		495 B
916 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/67dce39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
a503442b075f9ea05639378d3330f346d66bdf958862f4d7a8a9035ebc9678ec

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Tue, 14 Feb 2023 21:04:29 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
38f547dd-2dec-4435-960b-89eabf2b542b
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
495
x-amz-cf-id
jw2RF5bzaFwPq6hJLv69TjByKq5FsqGXq4YeLZp68MFU9C53AN6Pcg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		776 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/67dce39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
264a35bb5859aeee09ad325157ebb8f63ccbbcb220957aaa43042f568e9f552f

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Tue, 14 Feb 2023 21:04:29 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
ddb717fa-727d-433f-8e66-ebd1d282dd06
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
776
x-amz-cf-id
RhlUV68agBwPKamBN0FND0TowC8wrcNc0Fb-LMtdLhd3Rza9qWdWrQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		31 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/67dce39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Tue, 14 Feb 2023 21:04:31 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
c0e903f1-e8b2-400e-b5d3-dcd2428f6643
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
31
x-amz-cf-id
ORajBw2kBujpPaQOdnQaIABhWx4E41YVrxzedUPTTdsWDo6CD68vsw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 14 Feb 2023 21:04:28 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-id
o-d9HOFO0EtCzlGAmcXqsbKhidMv6Fduj66K9XJTXMk4RXnjCng9Dw==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
bee62087-a9a7-4b0f-a920-ef843ddfe1e5
x-cache
Miss from cloudfront
Metropolis-Regular.67a1988.otf
huntr.dev/_nuxt/fonts/ 		23 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Metropolis-Regular.67a1988.otf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"f7b5e589f88206b4bd5cb1408c5362e6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
-bOxJzpmyIay7fmIK6xsfhwMcQdfh1-TwNbGlQUSZd9KOkHx7R6_zQ==
23bb7db.js
huntr.dev/_nuxt/ 		33 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/23bb7db.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8d5b9d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
79d6ed1c44cfe10cfb5a46c332f1c8e32d9b27a4133706e29b9976fc05460568
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"d28e76cdee5b22335249eb9399ebd312"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
pZdmUMfHBlY-mDGxTJAB-WqA-_4Y6yPO0AsnNWF4qLN4iF_BA-R-ow==
payload.js
huntr.dev/_nuxt/static/1675995477/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1675995477/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/67dce39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:38:12 GMT
server
AmazonS3
etag
W/"126dd630135f2a51a22e58e9f9dbb73b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
CE2BgDyz30tQ36JMFHRciSx4Kw1TTgijoDf98WmBSEtd4M_EyVW7oA==
settings
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.192.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-192-183.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c15d07f9d87fea851ff9306ff597b442e7ca8f6b306acaf6fe753ed259decee4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-amz-version-id
i9_qgm6tEM5rZut_i1KSuO6gKrVDsodO
content-encoding
gzip
via
1.1 1d67a4c00b06651cb6daa95ec3f21f9a.cloudfront.net (CloudFront)
date
Tue, 14 Feb 2023 18:13:18 GMT
x-amz-cf-pop
FRA2-C1
age
10270
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 16 Jun 2022 18:54:24 GMT
server
AmazonS3
etag
W/"749a45c0a89b0126d214cd63e5d896fb"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
Y6xL3CJhxKMtk_45Et1ZZ7KbT8pm4j2KnCA2xTs2oWO0YM8llY457Q==
5d379f2.js
huntr.dev/_nuxt/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/5d379f2.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8d5b9d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ae77f381094d32a36c816fcd042a1b113015627a7aa39058216d63f14f5c4160
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"89b5c7ff7fda3925a6ff054875121f27"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
w8QakqsffjaAJOgS1RqhFeTgQRjmAoqAJ9WsaUFNiNE0mDrjWB2vOA==
70fc20c.js
huntr.dev/_nuxt/ 		70 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/70fc20c.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8d5b9d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
82a13857512e4c63a04aec1ee6b06b824fccef03d02fb8ea2a18a52cf9f29de4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"7d927bd9814d852e8642a0ff0e6c708d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
DmgX1z1bY8cX4B53N0c3Q330BMyFJiMrhBe0qQDxYXIisStfDxsslw==
7867c21.js
huntr.dev/_nuxt/ 		69 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/7867c21.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8d5b9d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b5faae3cc0bb7f37d914a590ab70602d1f5ccc3ef8c1bb192bc326c096de4c6d
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"12f633e682eb737a5d8a9d7fb8c53da7"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
lcp-rXuLM5hchIk0sJo-VPGUGdzSr9dnvEr-Um-bHPGMYv_FAZDvrQ==
81c62f7.js
huntr.dev/_nuxt/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/81c62f7.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8d5b9d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bf3495e21feccb0a640c669cf7678e24261d5415f36b763aa2dc4e9fe917f43e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"0d2a4649dfc10ac44bd7dcf1d944c2c7"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
l6XASV_7WRbhxLrpnZGpY3bWCqvsyMrtUSrxms5WIxhF6qDCFnqVmg==
f235325.js
huntr.dev/_nuxt/ 		120 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f235325.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8d5b9d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c11ec2992bbd688fe07472b5c95c480835e55bcb4e1464043d110d30c13f249c
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:37:48 GMT
server
AmazonS3
etag
W/"8449d2567512637a16af9cd73851c2dc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
bJk97XLBZLLguhQNFT-Et9VJ2vW_BRCyW33VaLl2zMERTzn9WwijhA==
payload.js
huntr.dev/_nuxt/static/1675995477/repos/wallabag/wallabag/ 		224 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1675995477/repos/wallabag/wallabag/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/67dce39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fb61039f3abc86c15b1fca407f47b7377611402ee061ffce3d280e1b94bf2c61
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
224
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:38:13 GMT
server
AmazonS3
etag
"d3d3506ebe7babc46b70e9c97fa04d8b"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
3SxiSHabfn-sHqMhhmJGTtwRzo3QzLtKOipkgg3oLkYPouCwqdzHSw==
payload.js
huntr.dev/_nuxt/static/1675995477/bounties/disclose/ 		79 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1675995477/bounties/disclose/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/67dce39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201a:400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 85eaf521fb3addf5bad482182b4c6b26.cloudfront.net (CloudFront)
x-amz-cf-pop
FCO50-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Fri, 10 Feb 2023 02:38:11 GMT
server
AmazonS3
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
OqB5sM-GkElesBeA0tsQngVrRK32jrzDUO-1pfvcIIhqvkkRertWHQ==
ajs-destination.bundle.2cd9e450202b69d545a3.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.2cd9e450202b69d545a3.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.192.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-192-183.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
27cf59f2f5b8446bbf81f4ed9bbea4fcbbece316e3655ade51da075cdc9962d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Fri, 27 Jan 2023 02:13:11 GMT
x-amz-version-id
jZ2L92raJDMf08tukXqdJ6aGBdPFzdTy
content-encoding
br
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
1623078
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 26 Jan 2023 20:14:52 GMT
server
AmazonS3
etag
W/"cc39e85781964199cd0d9501c897e385"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
bDnmaSxBSbXwcJv97o-Jub-40yzYod_CKrauUpWbY1aYvrKuwZ-ppA==
schemaFilter.bundle.d0fc84c62e956d168cce.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.d0fc84c62e956d168cce.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.192.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-192-183.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ac404a65bffee85a15718f669a44f5a034c94116661e6e0e48b1609f4a8617a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 02:25:35 GMT
x-amz-version-id
VLQuST3Rg1zoSyN.SWag4b2R93Pv7oyc
content-encoding
br
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
2572734
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 16 Jan 2023 00:06:36 GMT
server
AmazonS3
etag
W/"d6985af1d6ad9e8c2f97f24f7b27306e"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
HZzs6nL-ukn2MjEWj_gT87uLLfAdyCofgCQzUWejIArdw4hmCj6Etw==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.192.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-192-183.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Fri, 03 Feb 2023 15:19:22 GMT
content-encoding
gzip
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
x-amz-version-id
efsR21h2tjGhp12UjNCTjXr2VuS_FdaJ
x-amz-cf-pop
FRA2-C1
age
971107
x-cache
Hit from cloudfront
content-length
1336
last-modified
Tue, 10 Jan 2023 21:20:19 GMT
server
AmazonS3
etag
"4cd7c93a55ce331d264d9a857bd044ed"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
lWrt1hEGWTxh40CwDB_57CTkJNaDGLzv5wKbsa53_lstcRvdf8vm6A==
sentry.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.192.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-192-183.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bb918e4772434c8678a69a4d9c1683e0ccf4bc2498f5240d1465b8287d2387cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 31 Jan 2023 07:59:15 GMT
content-encoding
gzip
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
x-amz-version-id
f3S7skWYF3_ils8jApGDdhkAIY1FmS8R
x-amz-cf-pop
FRA2-C1
age
1256714
x-cache
Hit from cloudfront
content-length
1635
last-modified
Tue, 10 Jan 2023 21:20:19 GMT
server
AmazonS3
etag
"ddd169ee2d3b58407ac01df09d8dbdc7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
NWq8Y66fswIWqwL7S4uaWl3vWq7wcsJtqhrb94US__g2YKAtLOn7ow==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.192.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-192-183.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Sat, 04 Feb 2023 18:46:36 GMT
content-encoding
gzip
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
x-amz-version-id
XSryTsiM6vN7xj.wuhafUdfSpr8DWfV5
x-amz-cf-pop
FRA2-C1
age
872273
x-cache
Hit from cloudfront
content-length
22177
last-modified
Tue, 10 Jan 2023 21:20:17 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
T9RuJrxASji7V7igL1W1epD8W6TaAxkNbI_aTlnT3eSS1SyGuo2ibg==
hotjar-2380708.js
static.hotjar.com/c/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-63.fra2.r.cloudfront.net
Software
/
Resource Hash
e2f9be4dff3ad9b7d23d98a60ce3890c2a8a14682b928c5a2e7dcdfb6a29ae8c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Tue, 14 Feb 2023 21:04:20 GMT
via
1.1 cc0ab20766d57035422a2c4c69fe0620.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
age
9
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/a135eaa51f28ed16a115a5c3faa8fe2f
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
cpSsfwzc27a8UWWBQysp6952nOsDXsKH5m4diKaY0JGnuwHa-t1BOg==
bundle.min.js
browser.sentry-cdn.com/5.12.1/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
6012100
etag
"1c5228c89d281d08aa0ce908f582609a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
17201
expires
Thu, 07 Dec 2023 07:02:48 GMT
p
api.segment.io/v1/ 		21 B
170 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.25.245.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-25-245-106.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://huntr.dev
date
Tue, 14 Feb 2023 21:04:29 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
rewriteframes.min.js
browser.sentry-cdn.com/5.12.1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:04:29 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
13426098
etag
"4e240097ab71acf709caa48e23cd6411"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
1807
expires
Tue, 12 Sep 2023 11:36:11 GMT
widget
app.chatwoot.com/ Frame 75C7 		6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
7c7cfedb1e0bba77506ac14156fb4573f6451b89ad0c6f36fd1856b7d61930a4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, private, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Tue, 14 Feb 2023 21:04:28 GMT
Etag
W/"7c7cfedb1e0bba77506ac14156fb4573"
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
fa0d4c9f-28ff-4cc0-a168-1bb1f068fb0d
X-Runtime
0.124016
X-Xss-Protection
1; mode=block
modules.5dca1694a4338dade13b.js
script.hotjar.com/ 		261 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.5dca1694a4338dade13b.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-107.fra56.r.cloudfront.net
Software
/
Resource Hash
68212c3281ce75ccacc67cad7cc209eda658306c66dddd4875340aa65e3639e3
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 08:49:05 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
44124
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
68080
last-modified
Tue, 14 Feb 2023 08:48:49 GMT
etag
"902c7d4a043c8419d7d05fb340da4f92"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
dUnZSZcp8SqpYUe6jMT4PUYLIHQc4TkKkjNz-Mdxp3i9l_SwzLt90Q==
box-e031119f9e9e307a08fa610f85dbfb52.html
vars.hotjar.com/ Frame 0FDF 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-80.fra2.r.cloudfront.net
Software
/
Resource Hash
f92333a45b532bdb5248178674b041b1c35edfd33a55df48192256f0bfe49e4e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
978863
cache-control
max-age=31536000
content-encoding
br
content-length
1034
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 03 Feb 2023 13:10:06 GMT
etag
"112fdf47cdb80b9ce3d033ed09717460"
last-modified
Fri, 03 Feb 2023 13:09:45 GMT
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
via
1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-id
f2Ffr5bqGUdRSG5NliYw2E0c7DXSI3p51DTf9H4fdf3KhlnJm8UtJw==
x-amz-cf-pop
FRA2-C1
x-cache
Hit from cloudfront
x-robots-tag
none
widget-5ba8c01656afb0668dd2.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 75C7 		693 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-5ba8c01656afb0668dd2.js
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:f800:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
4edd5e1cdc992fc28aaa87c3e1705d284aafa1b57822ae21caf0d12e74c5219b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Mon, 13 Feb 2023 08:49:06 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 13 Feb 2023 08:44:22 GMT
server
Cowboy
x-amz-cf-pop
FRA2-C1
age
130523
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
194736
x-amz-cf-id
1B1LOm5H6vBAJrfHJAQWoIqyp1MBzzTz3fCo00zLPQZsZHT2fMVyXg==
widget-18df4e30.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 75C7 		114 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-18df4e30.css
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:f800:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
366ee2bd48f5356ddcfe38aa922933bc895a12ff1b8adeccd871ebcb7dca7f6d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Mon, 13 Feb 2023 08:49:06 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 13 Feb 2023 08:44:22 GMT
server
Cowboy
x-amz-cf-pop
FRA2-C1
age
130523
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
16511
x-amz-cf-id
k2iEjz1VczBN_1Zyoj9HnVDIt_e4TaFx9Rp8AZiVR2ULEW9tNZqNjA==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
445 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Tue, 14 Feb 2023 21:04:29 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
7637f697-cbcb-4441-92d1-60f84ecf7788
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
_pvcw9Su5H0mSR_EzDOJ7IzBHm_4Wa7GwuFfb1YABgRG7pM1FIW7rw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		57 B
476 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash
9598895b9a2350bbbac4724ba8ceede4cb32c905319c6bf6e48ae70746e153cf

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Tue, 14 Feb 2023 21:04:29 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
304ad3f5-978e-422c-98e0-a71356715090
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
57
x-amz-cf-id
PVuU4Fm019qeaY12JMN8VMnurnSIJ7BlATA78X7QjuOCH7qzltHtgA==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 14 Feb 2023 21:04:29 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-id
uGRAUpY5ahWf3HXkgr-gc-VwsRoFpNvVcKw5QR0v0yl6CPdcslqgvw==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
9ce72593-bbff-4de5-b829-9b1fbbf23244
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-45.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 14 Feb 2023 21:04:29 GMT
via
1.1 d9bf8acc1da383db4531789bbb03ac06.cloudfront.net (CloudFront)
x-amz-cf-id
ZGtIjzAwaueIGnKbzdZ7d2WmGUMqvdVfQ25JQajAy4PHaKClMUlutw==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
0b7cda27-30f7-4fa5-9a28-2ca0d75123b5
x-cache
Miss from cloudfront
24-e0029491.chunk.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 75C7 		1 KB
901 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/24-e0029491.chunk.css
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-5ba8c01656afb0668dd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:f800:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Mon, 13 Feb 2023 08:49:26 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 13 Feb 2023 08:44:22 GMT
server
Cowboy
x-amz-cf-pop
FRA2-C1
age
130502
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
512
x-amz-cf-id
IfVh4mbCdQYno_J7egm-RQfB9KSQ1vqGvnz7KIKBcGfzcAi5BZuuvA==
24-dc3e975dc9bb2e786c8b.chunk.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 75C7 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/24-dc3e975dc9bb2e786c8b.chunk.js
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-5ba8c01656afb0668dd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:f800:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
0bc92861add5cc5dd0ee92411e870f7f55fb4a7709a6c6635e1af30d9af642b5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Thu, 09 Feb 2023 12:02:24 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Thu, 09 Feb 2023 11:56:27 GMT
server
Cowboy
x-amz-cf-pop
FRA2-C1
age
464525
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
3987
x-amz-cf-id
6bG1Rc7DB580KFpUUcPGaZoSTlFPHQLlLjCJILcsrknIHkB3wQ5x8A==
conversations
app.chatwoot.com/api/v1/widget/ Frame 75C7 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-5ba8c01656afb0668dd2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NzAwYjJlNC01NzkzLTQ5NTMtYTI0My02ZjgzNzlmYzliOGIiLCJpbmJveF9pZCI6MTQxMn0.KcJpaoN4ljwC5eAA7b9O2L_WHXQRcGRg58d2_DmC4L0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Tue, 14 Feb 2023 21:04:29 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
f0e2a5a8-f46a-4f10-a119-1f90c4fd7538
X-Runtime
0.015882
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
messages
app.chatwoot.com/api/v1/widget/ Frame 75C7 		14 B
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-5ba8c01656afb0668dd2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NzAwYjJlNC01NzkzLTQ5NTMtYTI0My02ZjgzNzlmYzliOGIiLCJpbmJveF9pZCI6MTQxMn0.KcJpaoN4ljwC5eAA7b9O2L_WHXQRcGRg58d2_DmC4L0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Tue, 14 Feb 2023 21:04:29 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
f9ae4c36-b0d5-4802-a9c4-b2911f376537
X-Runtime
0.015266
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"258153158e38e3291e3d48162225fcdb"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
inbox_members
app.chatwoot.com/api/v1/widget/ Frame 75C7 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-5ba8c01656afb0668dd2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
539f3907b1df190e365f7fb14702edf6b43cc1c253e5b768f884951c6801c992
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NzAwYjJlNC01NzkzLTQ5NTMtYTI0My02ZjgzNzlmYzliOGIiLCJpbmJveF9pZCI6MTQxMn0.KcJpaoN4ljwC5eAA7b9O2L_WHXQRcGRg58d2_DmC4L0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Tue, 14 Feb 2023 21:04:29 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
d49fa306-3209-4107-b926-f594c0ff9908
X-Runtime
0.076146
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"539f3907b1df190e365f7fb14702edf6"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
contact
app.chatwoot.com/api/v1/widget/ Frame 75C7 		93 B
738 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-5ba8c01656afb0668dd2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
fb35b8859e13680ef50269ba640f5edee1ee2d768deb2ef57f60ef4a9eab2c4c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NzAwYjJlNC01NzkzLTQ5NTMtYTI0My02ZjgzNzlmYzliOGIiLCJpbmJveF9pZCI6MTQxMn0.KcJpaoN4ljwC5eAA7b9O2L_WHXQRcGRg58d2_DmC4L0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Tue, 14 Feb 2023 21:04:29 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
9ead3fae-d70c-4a6a-8cff-12d748d40896
X-Runtime
0.038250
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"fb35b8859e13680ef50269ba640f5ede"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
campaigns
app.chatwoot.com/api/v1/widget/ Frame 75C7 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-5ba8c01656afb0668dd2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NzAwYjJlNC01NzkzLTQ5NTMtYTI0My02ZjgzNzlmYzliOGIiLCJpbmJveF9pZCI6MTQxMn0.KcJpaoN4ljwC5eAA7b9O2L_WHXQRcGRg58d2_DmC4L0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Tue, 14 Feb 2023 21:04:29 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
3f9f1a16-dcb0-4244-a654-68819490d0ef
X-Runtime
0.026536
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e
prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/ Frame 75C7
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filenam...
18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230214%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230214T210430Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=59853b457f7d66f71537f39a2531e103b64d18d16e2deb5375144a65b3b4f41e
Protocol
HTTP/1.1
Server
54.231.73.11 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Tue, 14 Feb 2023 21:04:31 GMT
Last-Modified
Wed, 30 Mar 2022 16:04:43 GMT
Server
AmazonS3
x-amz-request-id
AJXMZ55W3RCNVWJQ
ETag
"46905dbd95a052f59e14b7dec8b50a6a"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Content-Disposition
inline; filename="New Project %2816%29.png"; filename*=UTF-8''New%20Project%20%2816%29.png
Accept-Ranges
bytes
Content-Length
18903
x-amz-id-2
8cm7lnpTWxUdDz/Wqm8fDZl5bPRT/x5c2Ju3rBW8chnC7sdLK+ehYoZb0BlWUbHqxGVLS1ZTps4=

Redirect headers

Date
Tue, 14 Feb 2023 21:04:30 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
224a5419-412f-410c-b752-aeedf1492680
X-Runtime
0.042492
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230214%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230214T210430Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=59853b457f7d66f71537f39a2531e103b64d18d16e2deb5375144a65b3b4f41e
Cache-Control
max-age=300, private
logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame 75C7 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.chatwoot.com/brand-assets/logo_thumbnail.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Tue, 14 Feb 2023 21:04:29 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Via
1.1 vegur
Last-Modified
Mon, 13 Feb 2023 08:30:52 GMT
Server
Cowboy
Content-Type
image/svg+xml
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
916
/
app.posthog.com/e/ 		13 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1676408671627
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.195.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-231-195-90.compute-1.amazonaws.com
Software
/
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 14 Feb 2023 21:04:31 GMT
x-content-type-options
nosniff
referrer-policy
same-origin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 boolean| credentialless object| oncontentvisibilityautostatechange object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ function| MarkdownHeaderButtonElement function| MarkdownBoldButtonElement function| MarkdownItalicButtonElement function| MarkdownQuoteButtonElement function| MarkdownCodeButtonElement function| MarkdownLinkButtonElement function| MarkdownImageButtonElement function| MarkdownUnorderedListButtonElement function| MarkdownOrderedListButtonElement function| MarkdownTaskListButtonElement function| MarkdownMentionButtonElement function| MarkdownRefButtonElement function| MarkdownStrikethroughButtonElement function| MarkdownToolbarElement function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ function| Cvss function| _ object| analytics object| chatwootSettings object| $nuxt object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| hotjarDeps function| hotjarLoader object| sentryDeps function| sentryLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| sentryIntegration object| Sentry object| __SENTRY__ object| chatwootSDK object| $chatwoot object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules function| playAudioAlert

9 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ajs_anonymous_id
Value: 7df38f22-890b-4323-81d5-f4916ad07ad8
.huntr.dev/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%2218651be41b193a-0ab9264e9fc88d-18323272-1d4c00-18651be41b21010%22%2C%22%24device_id%22%3A%2218651be41b193a-0ab9264e9fc88d-18323272-1d4c00-18651be41b21010%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1676408668612%2C%2218651be41c424a-04524cf5a75e03-18323272-1d4c00-18651be41c5478%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
.huntr.dev/ Name: _hjSessionUser_2380708
Value: eyJpZCI6IjU0ZjJiNDZjLTc5NmMtNWViMS1hMzc2LTJkODgyZDdlNWFlNSIsImNyZWF0ZWQiOjE2NzY0MDg2NjkyNzcsImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/ Name: _hjFirstSeen
Value: 1
.huntr.dev/ Name: _hjIncludedInSessionSample_2380708
Value: 0
.huntr.dev/ Name: _hjSession_2380708
Value: eyJpZCI6Ijg2MzhhNjQ4LTEzMTktNDBjZC04ZTE0LTg0YjQ0Y2JkMDhmYSIsImNyZWF0ZWQiOjE2NzY0MDg2NjkzODksImluU2FtcGxlIjpmYWxzZX0=
.huntr.dev/ Name: _hjAbsoluteSessionInProgress
Value: 0
huntr.dev/ Name: cw_conversation
Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NzAwYjJlNC01NzkzLTQ5NTMtYTI0My02ZjgzNzlmYzliOGIiLCJpbmJveF9pZCI6MTQxMn0.KcJpaoN4ljwC5eAA7b9O2L_WHXQRcGRg58d2_DmC4L0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
github.com
huntr.dev
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
13.224.189.80
13.224.192.183
13.225.78.45
13.225.78.63
13.32.27.107
140.82.121.3
2600:9000:201a:400:14:bb32:5f00:93a1
2600:9000:20eb:f800:7:dce7:b680:21
2606:50c0:8001::154
2a04:4e42:200::729
34.231.195.90
52.25.245.106
54.161.241.46
54.231.73.11
0122ceada19ac72b0360798fee2a67c0786a6f058eb517e7f26053c4dd59e61f
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
0bc92861add5cc5dd0ee92411e870f7f55fb4a7709a6c6635e1af30d9af642b5
0c96d915c0b82409934249392c59e4c12b8a4f5c15407796b6d1de4d8f4a9f69
10fec930c098c01da40b61441ce4679014fa7adbbaa6cf3f5e09101f90227c2d
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
154096db14e14bfacb70e3479e183dcf53de62ebb2e1be727a3b4eefe5b3e7d8
1e4ec3c3f52c0c321669a27bf0b574634e9617d2b12a9ffee906baf963ee623e
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
264a35bb5859aeee09ad325157ebb8f63ccbbcb220957aaa43042f568e9f552f
27cf59f2f5b8446bbf81f4ed9bbea4fcbbece316e3655ade51da075cdc9962d4
366ee2bd48f5356ddcfe38aa922933bc895a12ff1b8adeccd871ebcb7dca7f6d
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4ab40fa57b763f378e00bd54688d1ff01d6968b467e885bc133cf60877c88c71
4edd5e1cdc992fc28aaa87c3e1705d284aafa1b57822ae21caf0d12e74c5219b
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
539f3907b1df190e365f7fb14702edf6b43cc1c253e5b768f884951c6801c992
68212c3281ce75ccacc67cad7cc209eda658306c66dddd4875340aa65e3639e3
6ac404a65bffee85a15718f669a44f5a034c94116661e6e0e48b1609f4a8617a
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
7123c9d31dbf4fbadf10ab3fec13ac98b4a9566d2c010278fc3c6b630ff133dd
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
79d6ed1c44cfe10cfb5a46c332f1c8e32d9b27a4133706e29b9976fc05460568
7c7cfedb1e0bba77506ac14156fb4573f6451b89ad0c6f36fd1856b7d61930a4
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
82a13857512e4c63a04aec1ee6b06b824fccef03d02fb8ea2a18a52cf9f29de4
8388917b16b511e0b18a48ced1f1f96b581e9ad738394ee6fe78eddce1a65ab5
8fc41ef264ddccfe94db0a654e22d99217e98cb5a79e2a50f2f6a339c40194dc
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
94dc3e6ff765ac4a6aa5685d2cfbed483477efc69b766e99fa8e549648175c2f
9598895b9a2350bbbac4724ba8ceede4cb32c905319c6bf6e48ae70746e153cf
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
a503442b075f9ea05639378d3330f346d66bdf958862f4d7a8a9035ebc9678ec
a5a227e09482d6f8d659e38cde62deb3b7e5f0a5e3fe5aaadb2475e204d301a2
ae77f381094d32a36c816fcd042a1b113015627a7aa39058216d63f14f5c4160
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b5faae3cc0bb7f37d914a590ab70602d1f5ccc3ef8c1bb192bc326c096de4c6d
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
bb918e4772434c8678a69a4d9c1683e0ccf4bc2498f5240d1465b8287d2387cb
bba8395e3ff6cd593db373542600d1dfbba93d682b869fd62d5447beec5418e2
bf3495e21feccb0a640c669cf7678e24261d5415f36b763aa2dc4e9fe917f43e
c11ec2992bbd688fe07472b5c95c480835e55bcb4e1464043d110d30c13f249c
c15d07f9d87fea851ff9306ff597b442e7ca8f6b306acaf6fe753ed259decee4
ca6efa4e435e81a871833ab7b23214574d7bdcde94e1d95768542beaf5b936f5
cb3227b6083c8f08881e7d37c6ad8e309453f16a69490c8d9b8a7af526114742
d1f1fe8d46c542e0999ef6ef7cd6b102ca58dc1d6828623eb05ce6a5a6e8050b
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53
e23f546ba9dcdb6b8ae002ed8ae4afd24f75311cf865c55ec5b4b5171e7c63af
e2f9be4dff3ad9b7d23d98a60ce3890c2a8a14682b928c5a2e7dcdfb6a29ae8c
e39e46684de1d904f143b7e5598c153b851a70188e0d720cc5c288a447dffcaa
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
ee4811054910e7c124efb8f914812b82e28025c9d049aef3109fb823744c2b53
f92333a45b532bdb5248178674b041b1c35edfd33a55df48192256f0bfe49e4e
fb35b8859e13680ef50269ba640f5edee1ee2d768deb2ef57f60ef4a9eab2c4c
fb61039f3abc86c15b1fca407f47b7377611402ee061ffce3d280e1b94bf2c61
ff14ffef1a1a0adc15787b24e736e4b60361a1bd658eca92917b9ade2437c209