urlscan.io logo urlscan.io
SecurityTrails logo

huntr.dev Open in urlscan Pro
2600:9000:223d:e600:14:bb32:5f00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Submission: On February 23 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 11 domains to perform 77 HTTP transactions. The main IP is 2600:9000:223d:e600:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 22nd 2023. Valid for: a year.
This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 33 2600:9000:223... 16509 (AMAZON-02)
2 2 140.82.121.4 36459 (GITHUB)
3 2606:50c0:800... 54113 (FASTLY)
7 18.66.91.228 16509 (AMAZON-02)
3 11 18.205.222.128 14618 (AMAZON-AES)
2 54.158.113.10 14618 (AMAZON-AES)
12 65.9.86.76 16509 (AMAZON-02)
1 18.66.97.10 16509 (AMAZON-02)
2 2a04:4e42:200... 54113 (FASTLY)
1 54.200.85.230 16509 (AMAZON-02)
1 13.32.110.74 16509 (AMAZON-02)
1 52.18.149.243 16509 (AMAZON-02)
4 2600:9000:211... 16509 (AMAZON-02)
3 52.216.132.171 16509 (AMAZON-02)
77 13
33    2600:9000:223d:e600:14:bb32:5f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
huntr.dev
2    140.82.121.4 (Frankfurt am Main, Germany)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-4-fra.github.com
github.com
3    2606:50c0:8002::154 (United States)

ASN54113 (FASTLY, US)
avatars.githubusercontent.com
7    18.66.91.228 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-91-228.fra56.r.cloudfront.net
cdn.segment.com
11    18.205.222.128 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-222-128.compute-1.amazonaws.com
app.chatwoot.com
2    54.158.113.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-158-113-10.compute-1.amazonaws.com
app.posthog.com
12    65.9.86.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-86-76.ams1.r.cloudfront.net
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
1    18.66.97.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-10.fra56.r.cloudfront.net
static.hotjar.com
2    2a04:4e42:200::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    54.200.85.230 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-200-85-230.us-west-2.compute.amazonaws.com
api.segment.io
1    13.32.110.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-74.vie50.r.cloudfront.net
script.hotjar.com
1    52.18.149.243 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-149-243.eu-west-1.compute.amazonaws.com
in.hotjar.com
4    2600:9000:211a:5c00:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)
d3tq67kexc2w2i.cloudfront.net
3    52.216.132.171 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
Apex Domain
Subdomains		 Transfer
33 huntr.dev
huntr.dev
1 MB
15 amazonaws.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com — Cisco Umbrella Rank: 702886
106 KB
11 chatwoot.com
app.chatwoot.com — Cisco Umbrella Rank: 209380
45 KB
7 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1368
60 KB
4 cloudfront.net
d3tq67kexc2w2i.cloudfront.net
213 KB
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 619
script.hotjar.com — Cisco Umbrella Rank: 769
in.hotjar.com — Cisco Umbrella Rank: 1659
73 KB
3 githubusercontent.com
avatars.githubusercontent.com — Cisco Umbrella Rank: 8711
740 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4041
19 KB
2 posthog.com
app.posthog.com — Cisco Umbrella Rank: 24589
769 B
2 github.com
github.com — Cisco Umbrella Rank: 2883
6 KB
1 segment.io
api.segment.io — Cisco Umbrella Rank: 997
170 B
77 11
Domain Requested by
33 huntr.dev 1 redirects huntr.dev
12 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.dev
browser.sentry-cdn.com
11 app.chatwoot.com 3 redirects huntr.dev
app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
7 cdn.segment.com huntr.dev
cdn.segment.com
4 d3tq67kexc2w2i.cloudfront.net app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
3 prod-chatwoot-assets.s3.amazonaws.com
3 avatars.githubusercontent.com huntr.dev
2 browser.sentry-cdn.com cdn.segment.com
2 app.posthog.com huntr.dev
browser.sentry-cdn.com
2 github.com 2 redirects
1 in.hotjar.com browser.sentry-cdn.com
1 script.hotjar.com static.hotjar.com
1 api.segment.io cdn.segment.com
1 static.hotjar.com cdn.segment.com
77 14
Subject Issuer Validity Valid
*.huntr.dev
Amazon RSA 2048 M01		 2023-02-22 -
2024-01-24		 a year crt.sh
*.segment.com
Amazon		 2022-12-13 -
2024-01-12		 a year crt.sh
app.chatwoot.com
R3		 2023-01-11 -
2023-04-11		 3 months crt.sh
app.posthog.com
Amazon RSA 2048 M01		 2023-02-21 -
2023-06-30		 4 months crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon		 2022-12-07 -
2024-01-05		 a year crt.sh
*.hotjar.com
Amazon		 2022-10-25 -
2023-11-23		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2022 Q3		 2022-09-28 -
2023-10-30		 a year crt.sh
*.segment.io
Amazon RSA 2048 M01		 2023-02-10 -
2024-02-10		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
*.github.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-07 -
2023-04-07		 a year crt.sh

This page contains 2 frames:

Primary Page: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Frame ID: 1807900B91A64F591FF2A7DC0755D7C6
Requests: 57 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: 2647A9C8131C30B4B2A651E22E039518
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Email enumeration via reset password functionality vulnerability found in pixelfed

Page URL History Show full URLs

  1. https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010 HTTP 301
    https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

77
Requests

94 %
HTTPS

29 %
IPv6

11
Domains

14
Subdomains

13
IPs

3
Countries

2613 kB
Transfer

6844 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010 HTTP 301
    https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://github.com/pixelfed.png HTTP 302
  • https://avatars.githubusercontent.com/u/38410642?v=4
Request Chain 66
  • https://github.com/pixelfed.png HTTP 302
  • https://avatars.githubusercontent.com/u/38410642?v=4
Request Chain 71
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0d564/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--0ebc19c01420fe8a8c6a202fcf9e63947dea59fd/New%20Project%20(16).png HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230223T154611Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=559474b4f2934e2e482f8430e04c0e249cd1a5d83b2c72cb4233b958c0001910
Request Chain 73
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBMFpJUVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--a71f54fcf98f35989ed7806e9b39afabf2d5e8cc/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lKYW5CbFp3WTZCa1ZVT2d0eVpYTnBlbVZKSWd3eU5UQjRNalV3QmpzR1ZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--65970b4fc496e138b1a127af54d1d34df55993de/71952212_10157104405428183_1114828348736929792_n.jpeg HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68?response-content-disposition=inline%3B%20filename%3D%2271952212_10157104405428183_1114828348736929792_n.jpeg%22%3B%20filename%2A%3DUTF-8%27%2771952212_10157104405428183_1114828348736929792_n.jpeg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230223T154611Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=108b89e402ae0a4976774372b031bceea360da2d2de23018a6e383f7446fb7e7
Request Chain 74
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBcEJZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--587b3538cac76a48501a212e82a5f6b107c07bc3/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJYW5CbkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--d5bd8600745fd77201f6159b61f8b9f6f6f54b0a/headshot.jpg HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230223T154611Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=d6c45ae432a42be4435164d2350a1824d5e56cb4e3b98c847b105610b5b94d07

77 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Redirect Chain
  • https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010
  • https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
184 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
231223f1b338feea86db25f9627f3ee805de2affb1b89f0da632d9c6358f7d28
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=600
content-encoding
gzip
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-type
text/html
date
Thu, 23 Feb 2023 15:46:10 GMT
etag
W/"eed0bf01652ab209116ef4c63b1eb462"
last-modified
Sun, 19 Feb 2023 10:57:22 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-id
8P2C0KR_Mih_dRBNaab24JCd_Fz67ZAFm48_LbtIM3DE2nS0_FqeMA==
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
application/xml
date
Thu, 23 Feb 2023 15:46:09 GMT
location
/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
server
AmazonS3
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-id
mizriAF_kRMsKPXV3i3clRo_-OcZ_4N3VoXSBVOoOoEHzZVMWWVCDg==
x-amz-cf-pop
FRA56-P3
x-cache
Error from cloudfront
c121ad5.js
huntr.dev/_nuxt/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/c121ad5.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
83726405900cd34c4ec484d6f0154698afff44e15432aa54203fa43799efb995
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"4fdabcc776fca33e70ebac6a6c9b9175"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
gIuM_PSIezeK5a7r894eM-n7NmNyJLSna0Fsx3cjZeMzqomUpTko6w==
16f0ea9.js
huntr.dev/_nuxt/ 		314 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/16f0ea9.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ea4f85c464e4e9730de224e46bacacd1bac402db19569c116ec1d0ddfba3ecba
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"bd834b785878a917af84255cfb35344c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
D3jUFmPm8lhcYZEyj_7v8xsomdgm8aKt7j-dfX0I57P5WefPwGWQLA==
41b1b79.js
huntr.dev/_nuxt/ 		1 MB
304 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/41b1b79.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
80b81f5286385e56dace31c7c19e73cbdfe65170c171484a356844090f0806b2
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"a971d6a0f007704597795f96b9906bff"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
kUJ724h2DoCvNAO0zw-PG0T7uJ3KXRdpEFDRgrKzrDBfdJ5M7Bh8HQ==
8213b61.js
huntr.dev/_nuxt/ 		215 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/8213b61.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5b10b96fcde2aaf35a0cc7b24c9d8e664181b2ddf6f6d12db2a83c18eb816dcd
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"af5cfe84e62975e34f98d5c82c8a7c62"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
WClM-zUI8m7AbtCBSMH6TmQrvVAwZUgVUGEsSQ08xj4cN99l-8l2Vg==
b35364a.js
huntr.dev/_nuxt/ 		433 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/b35364a.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9a7e6f77d78bb3cc55b14ea9fe6750b9d8d0998fd6831f0b3c873f29c4b5d54a
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"341d69f6b28fe8b1d5c360f3d0b9744d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
DPyurenu2nzHfZLMNVp4kLUefZgDRnC4_5vjr0XGdqNuQJWa7VbRWg==
bbb917f.js
huntr.dev/_nuxt/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/bbb917f.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"be4dba135aeb7cf8e26a4cdd1d35986c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
HUa339_Qg39IVzLkyVLE8kW1kRjZ_x-5yCwQfvkdW_mVOcyWbYIVLQ==
586cb03.js
huntr.dev/_nuxt/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/586cb03.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f77160d01495a3a0057ff5199cff92bcb0e4ebed6fb6141db0489e1d98fac359
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"ee4162f0e25467989647df79f01d93af"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
kmo7eSnTGV8Xg2LREAlkJeuBxSxpIFdxNLp89OSPKR8wSnwMNBR1tg==
d8e6409.js
huntr.dev/_nuxt/ 		864 KB
274 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/d8e6409.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a357226eece8f0bde8907fe1462cfadbbf11d33dc98eb597b7f4d87a47c5ce69
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"84d1c62920fb95aee0c2b6c7a0f02ad9"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
-V_Jvm-gPA7kw-XZojBILxsiQ4wQk1OyWgY7mMjTRfVyIWnEaqFYLg==
6d5cbc8.js
huntr.dev/_nuxt/ 		74 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/6d5cbc8.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cb3227b6083c8f08881e7d37c6ad8e309453f16a69490c8d9b8a7af526114742
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"22fd22d2cf20d80129e0028a2d61cc30"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
ZG-aIf7bfrprm4xmv72QPl8OYqvPPp_33iu-9e-St1EHBipZoqzT4Q==
state.js
huntr.dev/_nuxt/static/1676803317/bounties/0327b1b2-6e7c-4154-a307-15f236571010/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1676803317/bounties/0327b1b2-6e7c-4154-a307-15f236571010/state.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
439dd0e5945a0731c1dfb526d6ca89c6c61dd470079c4c6898a300e945fcf204
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:57:05 GMT
server
AmazonS3
etag
W/"e3d704f100b464e4b9b46baa5b555b3d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
cDK4FEuuXLjxq9h5dzh8I8x_lEfSH1BaTTxS9h7NSrfN0_fv4tNt1Q==
payload.js
huntr.dev/_nuxt/static/1676803317/bounties/0327b1b2-6e7c-4154-a307-15f236571010/ 		259 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1676803317/bounties/0327b1b2-6e7c-4154-a307-15f236571010/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4a09242a88d63f0c235f91b4efa4efbf34e7fe3b5d9171155639942da7108cd1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
259
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:57:05 GMT
server
AmazonS3
etag
"262345ac6537cf40aebc0ff2cb2b3fc8"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
F6BTQgKTkKGWSae4yO01KjHzSWCFHdYNvNG4vgJaq6HVoOwjSGHamQ==
manifest.js
huntr.dev/_nuxt/static/1676803317/ 		183 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1676803317/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3c31a56e7dc0f496a52a6972c7e79efb46dfc7502935034e25884602bdfde147
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:57:20 GMT
server
AmazonS3
etag
W/"743c72409be311f8760fb5f1181fa8e6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
utFWmsX9eqxbsH7UhKIcXku12A6NNls9SIopmFh3UEKvHYuy9MmvNQ==
Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 		240 KB
110 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
ETUUN7h1MNOjYLt_EtkvXK46F6IX1TwspA5Jh5XZuT289wWELFCBUw==
Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 		237 KB
110 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"c8b6e083af3f94009801989c3739425e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
ddBCmBCCBk92ozuu5FJxU_KXAuSFYuwOp_u89h-Dt3XYKyzUS0fsdA==
38410642
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/pixelfed.png
  • https://avatars.githubusercontent.com/u/38410642?v=4
124 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/38410642?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Server
2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cb9461b2222bcc154ae685fc967897cc67968014e28871bc8511becb2421127d
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-fastly-request-id
c3015fdcc7b389a4a09acef183cbf5cf4c2f6ec4
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Thu, 23 Feb 2023 15:46:10 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
content-length
127420
x-xss-protection
1; mode=block
x-served-by
cache-hhn-etou8220037-HHN
last-modified
Wed, 19 Sep 2018 00:30:41 GMT
x-github-request-id
D732:5DFA:1E450:2EB21:63D19429
x-timer
S1677167170.396636,VS0,VE2
etag
"97395143c0ffb97ebe85da7eae98ad37161a8b59f8536ec79e23b29bff0f438a"
source-age
2487832
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 23 Feb 2023 15:51:10 GMT

Redirect headers

date
Thu, 23 Feb 2023 15:46:10 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id
D0A2:FF4A:BFD12CA:C59E267:63F78A41
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/38410642?v=4
cache-control
no-cache
content-length
0
x-xss-protection
0
analytics.min.js
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		103 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/41b1b79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.91.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-91-228.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
10fec930c098c01da40b61441ce4679014fa7adbbaa6cf3f5e09101f90227c2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-amz-version-id
G_1DMyYqVsmCePV85Iei2fhASPc1JgKD
content-encoding
br
via
1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
date
Thu, 23 Feb 2023 15:46:11 GMT
x-amz-cf-pop
FRA56-P2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 25 Jan 2023 11:36:40 GMT
server
AmazonS3
etag
W/"2cf433ab6068a7fc47fa9fed7df0935d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
GyyybJ2NtnrYn5s1jyZvN8Z6j8yTkChvLXdVuU1GDen9BiV0_2AKOQ==
sdk.js
app.chatwoot.com/packs/js/ 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/packs/js/sdk.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/8213b61.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
727a3db5bbc554e4db1765f8b78a2e8c4a2a5935aae44b77a024e2e2cffa0a9e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:10 GMT
Content-Encoding
br
Via
1.1 vegur
Strict-Transport-Security
max-age=63072000; includeSubDomains
Last-Modified
Wed, 22 Feb 2023 10:23:11 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Content-Type
application/javascript
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
29331
/
app.posthog.com/decide/ 		239 B
498 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/decide/?v=2&ip=1&_=1677167170284
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/41b1b79.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.158.113.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-113-10.compute-1.amazonaws.com
Software
/
Resource Hash
e39e46684de1d904f143b7e5598c153b851a70188e0d720cc5c288a447dffcaa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
x-content-type-options
nosniff
referrer-policy
same-origin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/41b1b79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash
ce4891d624c3167a1305ef52955443ae411de632464da5e91da165ea3ee77b63

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Thu, 23 Feb 2023 15:46:10 GMT
content-encoding
gzip
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
4b6c5d97-fd02-43d2-ade8-2ad97594edfb
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id
cyM4RYpAwaJ8uEdRWpMVOKQJ7jAuXJrAodD_Yvft3V1gDFKfrWpWNQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 23 Feb 2023 15:46:10 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-id
HephhRj2l2EKBdVY4p_P25fYCKM69DVmKJAfJtFaE8tGEByJRhN9Tw==
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
35442efa-43ed-41c0-a89c-8f0cdd2a9096
x-cache
Miss from cloudfront
0d4f74e.js
huntr.dev/_nuxt/ 		33 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/0d4f74e.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2f7026fb7f5e77cee52363ce1816b048560246cc8589e6f8a43ce463187600b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"0728dc65b482833ae42ed8857e098e97"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
snf_AhQCyFl4lpRdwGV78xCG94Knq5cyYOB_Rd3fvE45mnouFFGxmQ==
8348b83.js
huntr.dev/_nuxt/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/8348b83.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c39207d82d732237f89a6def9e19eae5dcf1aa7ef844b8e348a383b1ce9d98d7
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"e5816426e217ed9c0560bdf0f490acf0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
vexsk3_phonOJycqALeOBpS07Z1CRYHTIG7I5NvfMNPowJdQdNyPQw==
c39b2b4.js
huntr.dev/_nuxt/ 		101 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/c39b2b4.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
936fc5f7d3b8fe2458e3c5307d9af6ea0a901b2a5beda7c8d6fb8d5921804aeb
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"07429afa6d8925faaf0b070cf65d5d6e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
diEBFsu69pwaUTcGk_Bj1Vf0JU7EPjvo8I0BY_gMY5e0k_gq33HhAA==
505142d.js
huntr.dev/_nuxt/ 		120 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/505142d.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ebce1c4c75fa68ddfa10cea31ba3e9c70fa4093777a69f8f130442b9e9904453
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"b5f1aee0145873863d92fa44c8354d7f"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
UzP6Q_BMktrLFzxwOJBdmw2Wv0r8r8rIRyUZ1urqkFtDm56OLUxd_A==
payload.js
huntr.dev/_nuxt/static/1676803317/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1676803317/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/41b1b79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:57:20 GMT
server
AmazonS3
etag
W/"126dd630135f2a51a22e58e9f9dbb73b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
FaLPkmcm6c-IM0eq_EoMPsfPOZqWb0RbDMooxHsL0NVu_7PB2YdHRA==
payload.js
huntr.dev/_nuxt/static/1676803317/bounties/disclose/ 		79 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1676803317/bounties/disclose/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/41b1b79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:57:18 GMT
server
AmazonS3
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
8Zaqctr5OSAeNSev_kHMQSCl42Hv9EStEGnV8DAynMU8E-yadomSPg==
settings
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.91.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-91-228.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c15d07f9d87fea851ff9306ff597b442e7ca8f6b306acaf6fe753ed259decee4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-amz-version-id
i9_qgm6tEM5rZut_i1KSuO6gKrVDsodO
content-encoding
br
via
1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
date
Thu, 23 Feb 2023 13:09:09 GMT
x-amz-cf-pop
FRA56-P2
age
9422
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 16 Jun 2022 18:54:24 GMT
server
AmazonS3
etag
W/"749a45c0a89b0126d214cd63e5d896fb"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
R3LI6O_hkxOQ1P7pdLwLjPiJdXXsPO0kbign5mNYNA6T0Gv9aPsShQ==
ajs-destination.bundle.2cd9e450202b69d545a3.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.2cd9e450202b69d545a3.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.91.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-91-228.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
27cf59f2f5b8446bbf81f4ed9bbea4fcbbece316e3655ade51da075cdc9962d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Fri, 27 Jan 2023 02:13:11 GMT
x-amz-version-id
jZ2L92raJDMf08tukXqdJ6aGBdPFzdTy
content-encoding
br
via
1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
2381580
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 26 Jan 2023 20:14:52 GMT
server
AmazonS3
etag
W/"cc39e85781964199cd0d9501c897e385"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
L3U1uFRKzqqZA4nAflZ-mLM4mIrHWJx8bnVY3Ah29ckke75kYn18TQ==
schemaFilter.bundle.d0fc84c62e956d168cce.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.d0fc84c62e956d168cce.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.91.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-91-228.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ac404a65bffee85a15718f669a44f5a034c94116661e6e0e48b1609f4a8617a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 02:25:35 GMT
x-amz-version-id
VLQuST3Rg1zoSyN.SWag4b2R93Pv7oyc
content-encoding
br
via
1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
3331236
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 16 Jan 2023 00:06:36 GMT
server
AmazonS3
etag
W/"d6985af1d6ad9e8c2f97f24f7b27306e"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
4W7eGFKblBGuSJ_uQ53XMzqQXiwbnnYItVZSIE9e00AGoYPo8gtkMw==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.91.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-91-228.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 16 Feb 2023 16:21:52 GMT
content-encoding
gzip
via
1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
x-amz-version-id
ucyhb2BcwkoU12h2Hmy86F2WsbF_G3YJ
x-amz-cf-pop
FRA56-P2
age
602659
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1336
last-modified
Wed, 08 Feb 2023 17:50:06 GMT
server
AmazonS3
etag
"4cd7c93a55ce331d264d9a857bd044ed"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
baAdSl0gwBOsVAyu9atXbAgO2lnX4V00GBrXPCfDjLGQtSiYmRRRFA==
sentry.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.91.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-91-228.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bb918e4772434c8678a69a4d9c1683e0ccf4bc2498f5240d1465b8287d2387cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Sun, 12 Feb 2023 02:50:44 GMT
content-encoding
gzip
via
1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
x-amz-version-id
h61UNO2aKsnleNSFKaEh_NDDKWUGs7AF
x-amz-cf-pop
FRA56-P2
age
996927
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1635
last-modified
Wed, 08 Feb 2023 17:50:06 GMT
server
AmazonS3
etag
"ddd169ee2d3b58407ac01df09d8dbdc7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
Xy2xB5IAWa18hk8QOA3sEZeRlm4eeHIIHlelkc_GBWtr-6YZSpLEKA==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.91.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-91-228.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Sun, 19 Feb 2023 07:56:03 GMT
content-encoding
gzip
via
1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
x-amz-version-id
lJtmCXSyB5Fd94udMEaQ3Fg4j3ghWk62
x-amz-cf-pop
FRA56-P2
age
373808
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22177
last-modified
Wed, 08 Feb 2023 17:50:04 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
7rTJDnjDdF24iUNFny6M8hbuw9sm1RQEiiEDkKa_ZYnx--5iafoclg==
hotjar-2380708.js
static.hotjar.com/c/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-10.fra56.r.cloudfront.net
Software
/
Resource Hash
891c98fb196524fe1e2766f0de56dbdc9f2c9820b572ae0d3903e093ff575d6f
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/14b6c34cd1e38e287ed088cc4bd8d39c
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
r9cuwpxsScp8hkY4vJJEYBfwoGwjDWYkTaSA0IVKQIUzRT_y7tMCHA==
bundle.min.js
browser.sentry-cdn.com/5.12.1/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
6770601
etag
"1c5228c89d281d08aa0ce908f582609a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
17201
expires
Thu, 07 Dec 2023 07:02:48 GMT
p
api.segment.io/v1/ 		21 B
170 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.200.85.230 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-200-85-230.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://huntr.dev
date
Thu, 23 Feb 2023 15:46:11 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
rewriteframes.min.js
browser.sentry-cdn.com/5.12.1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
14184600
etag
"4e240097ab71acf709caa48e23cd6411"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
1807
expires
Tue, 12 Sep 2023 11:36:11 GMT
modules.7cafb00353603cadd6c4.js
script.hotjar.com/ 		263 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.7cafb00353603cadd6c4.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-74.vie50.r.cloudfront.net
Software
/
Resource Hash
253bfa7c968b5859efe9fd412e9aec2177575574e639e88eee4ba599bea06be4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 15:55:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 659e81bfffb15e4b314a9b12d4db8946.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
age
85864
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
68446
last-modified
Wed, 22 Feb 2023 15:54:32 GMT
etag
"75f1519020fb26b2d79428053cef7ce8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
7qVDy71Iwo9iULwSl6iwtN2-DyHbgkjg0MFmw7PLvSRt2NNAEFK5wA==
widget
app.chatwoot.com/ Frame 2647 		6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
fa60062203da2517fee1b0836d5d515d83c16082c0bf65139e1b2d6435cfa42f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, private, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Thu, 23 Feb 2023 15:46:10 GMT
Etag
W/"fa60062203da2517fee1b0836d5d515d"
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
9989d09a-acb0-4ee3-9563-16d92ae2347e
X-Runtime
0.115737
X-Xss-Protection
1; mode=block
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-id
fhXb44pkEIrfy7NIvqnOX8KYsE0oUxR_7dRSplGLFjkykUjVVCVnWw==
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
40786405-d4e8-4004-8c86-56e427f2ad13
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-id
kdo75aBxUcDXRVjj2jkhTOK7rvb_7RzHmOhnQ1NfUE4XXYn8GUfj4A==
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
45ff91d3-c970-4f67-95be-b720391df396
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-id
8DbCOMjZ5Ji3Bb_2aQMnbc5bAYAEcJnfE_qW4SkBIhEtsP9FTrVcDg==
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
52663b07-9148-4d9e-a97d-316ead91fb01
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		196 B
615 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash
7ee87b4efb74d3ac39b577dc929eff90c5a88bf4807638f72b6cc8841965c139

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
3
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
114d2bb5-fc87-4a1b-a923-2ab72f78bd11
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
196
x-amz-cf-id
u6_dJ_dZasiJsL9nm0xNC35Je7qBAdlTiBnZ79kZsyvJLkSz9H9ksg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash
334cdd14a65a4c39fb73b7819e19f6a085d96efd9a2f66a8d1d11490051b2bf6

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
5
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
896c8caa-71eb-40ca-819a-5055652d7ec8
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
5109
x-amz-cf-id
k3yACl26yQakrH5IpghHw0gHJl4VbkPr3n2CFPGe3Hc7DnVDdBr3Gg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash
52a57e38843336265aa491722194c92aebe868b8b011e5f87f423f965d259fba

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
6
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
e2670582-8e6c-46ee-8c16-21891acda8ce
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
2867
x-amz-cf-id
DTBRCNQvNgzRFjVl3oTsVCHxTQtI350p9POLg4K0yM2r1XNzygooOw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		31 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
6
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
6c32b2c1-d30c-42c4-8eb2-80fe16ef210e
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
31
x-amz-cf-id
AE4tNeFEnpIUmHWN8xZMKhYPppcn9j-sfbr6UG38mubL9liB4G9pqQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-id
mJ_n7cWAoyLWCTMua04iGxKhMCO58ekt_r1S9_EtSDOEql3EmIKaQA==
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
2dc8978a-c92c-4183-b171-f281f1c840c6
x-cache
Miss from cloudfront
Metropolis-Regular.67a1988.otf
huntr.dev/_nuxt/fonts/ 		23 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Metropolis-Regular.67a1988.otf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"f7b5e589f88206b4bd5cb1408c5362e6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
0AQUk7dj53ehDQGbHrcTkC2_GK2rCkKRMkSl4sriZJQkILm2HXSMng==
82d08fb.js
huntr.dev/_nuxt/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/82d08fb.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1e922018bb7bf88d050575d4cd33b4c74fe410751ffd2bf11980fc564fa257de
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"4b7ed54a0c257e9573edb02b5cfe2499"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
uOn6sRiJpjd7LfDzLaszzrYxmpT83FiAAW5w-VY86EAQBAdv5W6hiw==
ffeae56.js
huntr.dev/_nuxt/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/ffeae56.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f56183812a5422dffe2b32c733ea1931039f5cdcfe6319fbdb53fe730103d411
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"bdab8ec8e4e7c3a3645657913db08c74"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
ez38aIs3rBk1vPcW_-HXI7d8rOX2D5P31g76a0kj-KWH8qiZ7yu2eQ==
51d8158.js
huntr.dev/_nuxt/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/51d8158.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
23701595d14eccacdd499554110b1cbc2a5321f34e57ad8992f35176cf328078
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"194e06da1495cc2a6b04a5cab8c9ef4b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
SUuOonRZioPRJIYrWuGliWLcBqm5pGhD1i7fp1L7gbIxIn1lGLGSTA==
6703c36.js
huntr.dev/_nuxt/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/6703c36.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fcf7f3f65bea9af22300e09e2bb516becfe20787df55b042a4ec092fb7e7d0cc
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"7ed7008aa1cc0f695646dd1c4ca73801"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
-jE6Hm54jj74-cbMlVXwebRpe-CGWCMe0aBTHUeFFRKrYFifrrdRxw==
99e80c0.js
huntr.dev/_nuxt/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/99e80c0.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1eec93135b74395f6e3554dced68111365cf11e9c670367ab5bbbcf5ae2bfdce
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"4ba874a471f2d2491b6e2aac8e187901"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
r6NPyQwAR2_iohWQrCUu8MXMvsFgMYW2XVmxtdQ1GUu8TAYrYqmT_g==
payload.js
huntr.dev/_nuxt/static/1676803317/bounties/hacktivity/ 		81 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1676803317/bounties/hacktivity/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/41b1b79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9a279a8cfe3eb891b1a7a5458606ae20be74304c60e05b985f3bea0f6815e96b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
81
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:57:20 GMT
server
AmazonS3
etag
"fc04d064f666e6c3a67bfdf89f4b2801"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
Lb4pn0TPNt7QVLUu6c5aW25D5IK6pCLPOROhPmOwDVezMZ2wj-IVpQ==
payload.js
huntr.dev/_nuxt/static/1676803317/leaderboard/ 		73 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1676803317/leaderboard/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/41b1b79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9de1041297927941b9c0d2104c967e3a17544dc79c5c9d49d3500af6397a9f7f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
73
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:57:20 GMT
server
AmazonS3
etag
"7dcde85f209c9e271f0e80211fb29626"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
accept-ranges
bytes
x-amz-cf-id
lRCBURNbmN_wjIkPn8VkhoPQ1co5OoSuBYTYkRGVzaddcZ87GEWKbw==
payload.js
huntr.dev/_nuxt/static/1676803317/faq/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1676803317/faq/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/41b1b79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7af81e89ce17183a68c2cb7b58368dc5e4294b2c314cca432e78b433228c837b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:57:20 GMT
server
AmazonS3
etag
W/"596358812e67e12f363286c647d834aa"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
BMdrG9amDkajTWxA5Lx1qffeoFHPnsBE9HS2d5oCswpxH-RtdVb8JQ==
visit-data
in.hotjar.com/api/v2/client/sites/2380708/ 		148 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://in.hotjar.com/api/v2/client/sites/2380708/visit-data?sv=6
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.149.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-149-243.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b8a169e23c2ba4328eed7c91773d6be70514ede65b80e4569fc95472aa26bd86

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Thu, 23 Feb 2023 15:46:11 GMT
content-encoding
br
vary
Accept-Encoding
access-control-max-age
86400
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
563e254.js
huntr.dev/_nuxt/ 		69 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/563e254.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ac45d78e09cfe5b622e1e3ae9feaeb7f661e45574c3be880f87b4c857f78c603
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"a879b1b48e697c1963213d8ed04b9717"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
bvx-yKb4CO_sWAglm0fR7VABHRA_6dO6nLdJRAU7mLT7YQPtuNUROw==
widget-3aeef96a67381611b383.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 2647 		693 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-3aeef96a67381611b383.js
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
823b6513d669b504649cece5886352e15a27dc9bf00c70a5b32866aa78f6d0ed
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 10:30:34 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 3cf68d8be617999c7beade955cf69ddc.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Wed, 22 Feb 2023 10:23:10 GMT
server
Cowboy
x-amz-cf-pop
VIE50-C2
age
105336
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
195019
x-amz-cf-id
KuHioBiZqFhcOvcGDY6E-o_Xw0usMD-D78LUrgHI2femOOGlWJ6vtQ==
widget-dbc3b0b7.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 2647 		114 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-dbc3b0b7.css
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
366ee2bd48f5356ddcfe38aa922933bc895a12ff1b8adeccd871ebcb7dca7f6d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 10:30:34 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 3cf68d8be617999c7beade955cf69ddc.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Wed, 22 Feb 2023 10:23:10 GMT
server
Cowboy
x-amz-cf-pop
VIE50-C2
age
105336
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
16511
x-amz-cf-id
stSYL6_IkXtvTpp4iolmtTZSaBP7V_fglyhjeZdCxYzQJp7g48cQEA==
24-2cfb8e24.chunk.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 2647 		1 KB
902 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/24-2cfb8e24.chunk.css
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-3aeef96a67381611b383.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 10:30:49 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 3cf68d8be617999c7beade955cf69ddc.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Wed, 22 Feb 2023 10:23:10 GMT
server
Cowboy
x-amz-cf-pop
VIE50-C2
age
105321
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
512
x-amz-cf-id
xz7rwzVLA7KVqRCjy56be424ed9Nuez2Iq6vzLIm_qPQlhHnwW2p0w==
24-9c9315c33640ac47cb4a.chunk.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 2647 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/24-9c9315c33640ac47cb4a.chunk.js
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-3aeef96a67381611b383.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
6212de194d3469fe98f17c90e0a985836f71ba2507ed8aeac43aa41b61c4495d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 22 Feb 2023 10:31:26 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 3cf68d8be617999c7beade955cf69ddc.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Wed, 22 Feb 2023 10:23:10 GMT
server
Cowboy
x-amz-cf-pop
VIE50-C2
age
105284
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
4038
x-amz-cf-id
ur4Bi6_kOzYg4-498y_vgWpgsBZ-wpzzzoQ8AgMuPI_Kze5qoUEbpA==
conversations
app.chatwoot.com/api/v1/widget/ Frame 2647 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-3aeef96a67381611b383.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NGE2ZjZlYy0yNmM4LTQxNmMtYWVkMi1hZGNiMTgxYWU5Y2MiLCJpbmJveF9pZCI6MTQxMn0.m4X6kCzdSzCdql6y5H46xKopd5c9DwfTcEVaRSV_Akg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
d288cb8f-e0b8-465d-8451-e8a9c3200e7a
X-Runtime
0.026430
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
messages
app.chatwoot.com/api/v1/widget/ Frame 2647 		14 B
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-3aeef96a67381611b383.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NGE2ZjZlYy0yNmM4LTQxNmMtYWVkMi1hZGNiMTgxYWU5Y2MiLCJpbmJveF9pZCI6MTQxMn0.m4X6kCzdSzCdql6y5H46xKopd5c9DwfTcEVaRSV_Akg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
603b856d-44ea-4655-858a-e437d303fd77
X-Runtime
0.030418
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"258153158e38e3291e3d48162225fcdb"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
inbox_members
app.chatwoot.com/api/v1/widget/ Frame 2647 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-3aeef96a67381611b383.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
539f3907b1df190e365f7fb14702edf6b43cc1c253e5b768f884951c6801c992
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NGE2ZjZlYy0yNmM4LTQxNmMtYWVkMi1hZGNiMTgxYWU5Y2MiLCJpbmJveF9pZCI6MTQxMn0.m4X6kCzdSzCdql6y5H46xKopd5c9DwfTcEVaRSV_Akg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
eff2a689-902c-49a2-b72c-72e18291dd33
X-Runtime
0.052126
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"539f3907b1df190e365f7fb14702edf6"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
contact
app.chatwoot.com/api/v1/widget/ Frame 2647 		90 B
735 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-3aeef96a67381611b383.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
466910000509e7c499d870fe80359e3ac1e9ce159a29b5231ef3c766e6f7fcb3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NGE2ZjZlYy0yNmM4LTQxNmMtYWVkMi1hZGNiMTgxYWU5Y2MiLCJpbmJveF9pZCI6MTQxMn0.m4X6kCzdSzCdql6y5H46xKopd5c9DwfTcEVaRSV_Akg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
acd6539a-e278-4c16-a309-8fba23945664
X-Runtime
0.019543
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"466910000509e7c499d870fe80359e3a"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
campaigns
app.chatwoot.com/api/v1/widget/ Frame 2647 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-3aeef96a67381611b383.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NGE2ZjZlYy0yNmM4LTQxNmMtYWVkMi1hZGNiMTgxYWU5Y2MiLCJpbmJveF9pZCI6MTQxMn0.m4X6kCzdSzCdql6y5H46xKopd5c9DwfTcEVaRSV_Akg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
ec51c710-6f61-4dbf-851a-6de470eeae63
X-Runtime
0.019959
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
38410642
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/pixelfed.png
  • https://avatars.githubusercontent.com/u/38410642?v=4
124 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/38410642?v=4
Protocol
H2
Server
2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cb9461b2222bcc154ae685fc967897cc67968014e28871bc8511becb2421127d
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-fastly-request-id
7950af95bba249b5ea3d6dd2854ce4f237a2425f
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 varnish
x-cache-hits
2
x-cache
HIT
content-length
127420
x-xss-protection
1; mode=block
x-served-by
cache-hhn-etou8220037-HHN
last-modified
Wed, 19 Sep 2018 00:30:41 GMT
x-github-request-id
D732:5DFA:1E450:2EB21:63D19429
x-timer
S1677167172.615860,VS0,VE0
etag
"97395143c0ffb97ebe85da7eae98ad37161a8b59f8536ec79e23b29bff0f438a"
source-age
2487833
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 23 Feb 2023 15:51:11 GMT

Redirect headers

date
Thu, 23 Feb 2023 15:46:11 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id
D0A2:FF4A:BFD1B9D:C59EB80:63F78A41
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/38410642?v=4
cache-control
no-cache
content-length
0
x-xss-protection
0
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
445 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
d43e1e8b-b1cd-4566-a7a2-d3e88f4940bf
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
zg-PXt6GbVL8UD2aRQYAOH9ZnK8Y3FCFajgp5-h8XznX_VLkgD5-sA==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-76.ams1.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
x-amz-cf-id
Wjzwy0r-kB7FlYR44Vz-o66J2cztHPWjPgmhgR09YdCge4l66qeq7w==
x-amz-cf-pop
AMS1-C1
x-amzn-requestid
cea2f0a0-079a-4c68-9240-a9b45b9914b6
x-cache
Miss from cloudfront
15223611
avatars.githubusercontent.com/u/ 		490 KB
490 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/15223611?v=4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5afabc3fa7accd1e8fd1ac97f5c15ad22a655ffc1708ca1ef32f7099821576b4
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-fastly-request-id
3cb17f5b93df208f1dd3b098d5f16293f3bcc4b5
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Thu, 23 Feb 2023 15:46:11 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
content-length
501297
x-xss-protection
1; mode=block
x-served-by
cache-hhn-etou8220037-HHN
last-modified
Fri, 13 Aug 2021 04:43:31 GMT
x-github-request-id
A47E:4C6C:268A01:31D8BA:63EC7330
x-timer
S1677167172.569652,VS0,VE3
etag
"dfeb3de7c5d4f8cc8940a7dc7e6772c923a7e69dfaf23d4aa2fff86e9097f49e"
source-age
726803
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 23 Feb 2023 15:51:11 GMT
897b14c.js
huntr.dev/_nuxt/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/897b14c.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c121ad5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:e600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f30580dc23070b947d2fff35b4ea296d6a41511a15a7696841c1bb4dc84e9c58
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 15:46:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e45d812d65a0d0336b945e28b9381462.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Sun, 19 Feb 2023 10:56:49 GMT
server
AmazonS3
etag
W/"9f4094869d870627d9cd573c1e2d155b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
x-amz-cf-id
4n50tRipSAOWgMeMU3EMpB9c9BL4EMCJmif479M2_l_Em-3Gn6FxMA==
57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e
prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/ Frame 2647
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filenam...
18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230223T154611Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=559474b4f2934e2e482f8430e04c0e249cd1a5d83b2c72cb4233b958c0001910
Protocol
HTTP/1.1
Server
52.216.132.171 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:13 GMT
Last-Modified
Wed, 30 Mar 2022 16:04:43 GMT
Server
AmazonS3
x-amz-request-id
SAW5B9J9V48MJ5AP
ETag
"46905dbd95a052f59e14b7dec8b50a6a"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Content-Disposition
inline; filename="New Project %2816%29.png"; filename*=UTF-8''New%20Project%20%2816%29.png
Accept-Ranges
bytes
Content-Length
18903
x-amz-id-2
9MSelWCd33TNloGWgl8qnSaoEUASGLBYRlYeA7rA0c5qvqK1ypexX3UOpzvKz4fWryvn46w0Wb0=

Redirect headers

Date
Thu, 23 Feb 2023 15:46:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
50586c3e-8a3a-4d12-bb70-81f0579321f0
X-Runtime
0.043782
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230223T154611Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=559474b4f2934e2e482f8430e04c0e249cd1a5d83b2c72cb4233b958c0001910
Cache-Control
max-age=300, private
logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame 2647 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.chatwoot.com/brand-assets/logo_thumbnail.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Via
1.1 vegur
Last-Modified
Wed, 22 Feb 2023 10:10:48 GMT
Server
Cowboy
Content-Type
image/svg+xml
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
916
40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68
prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/ Frame 2647
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBMFpJUVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--a71f54fcf98f35989ed7806e9b39afabf2d5...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68?response-content-disposition=inline%3B%20filenam...
22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68?response-content-disposition=inline%3B%20filename%3D%2271952212_10157104405428183_1114828348736929792_n.jpeg%22%3B%20filename%2A%3DUTF-8%27%2771952212_10157104405428183_1114828348736929792_n.jpeg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230223T154611Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=108b89e402ae0a4976774372b031bceea360da2d2de23018a6e383f7446fb7e7
Protocol
HTTP/1.1
Server
52.216.132.171 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
292d919908dde83af15abd15c6fd4d3571cbaaacd139e754fd67debe512dfbe2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:13 GMT
Last-Modified
Fri, 21 Oct 2022 13:41:45 GMT
Server
AmazonS3
x-amz-request-id
SAW49F6CRVTHB5WA
ETag
"6acfa9b8e9de7d7830f5f0a29993ce87"
x-amz-server-side-encryption
AES256
Content-Type
image/jpeg
Content-Disposition
inline; filename="71952212_10157104405428183_1114828348736929792_n.jpeg"; filename*=UTF-8''71952212_10157104405428183_1114828348736929792_n.jpeg
Accept-Ranges
bytes
Content-Length
22102
x-amz-id-2
TZnv+T5uQji3KYAmf/QkiZKzuuDDri96ehx0LbHvoXa++iTgAvE9Onq0TLzb4+1XF+kAdqBzdn0=

Redirect headers

Date
Thu, 23 Feb 2023 15:46:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
c1c98058-51f8-4f07-b8f9-253c009f60b9
X-Runtime
0.026061
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/zo0o00fwop15qvl86sfq6ypxpmnk/40c130cb5c76c9de107878f26833db3fa065340a89e9368b89d704f077929d68?response-content-disposition=inline%3B%20filename%3D%2271952212_10157104405428183_1114828348736929792_n.jpeg%22%3B%20filename%2A%3DUTF-8%27%2771952212_10157104405428183_1114828348736929792_n.jpeg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230223T154611Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=108b89e402ae0a4976774372b031bceea360da2d2de23018a6e383f7446fb7e7
Cache-Control
max-age=300, private
367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7
prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/ Frame 2647
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBcEJZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--587b3538cac76a48501a212e82a5f6b107c07bc3/eyJ...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filenam...
52 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230223T154611Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=d6c45ae432a42be4435164d2350a1824d5e56cb4e3b98c847b105610b5b94d07
Protocol
HTTP/1.1
Server
52.216.132.171 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
ab04f9631d2c18b852526378ebd3975d23ddef2919b766bc1569c21801e9fe3b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 15:46:13 GMT
Last-Modified
Fri, 06 Aug 2021 10:13:19 GMT
Server
AmazonS3
x-amz-request-id
SAWDZVS0Q09DQCT0
ETag
"32049a0dc1749f286748e5b6cf7bfa5e"
x-amz-server-side-encryption
AES256
Content-Type
image/jpeg
Content-Disposition
inline; filename="headshot.jpg"; filename*=UTF-8''headshot.jpg
Accept-Ranges
bytes
Content-Length
53344
x-amz-id-2
/kpo6b91SntbPHuOFIXffxymcdBsowhmagnofdtd7EXeQBXR9XUFkC5I60A+My87HxFl0Klt/E0=

Redirect headers

Date
Thu, 23 Feb 2023 15:46:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
4204d3fb-9a6a-4322-bea4-bbc63e0233d8
X-Runtime
0.023626
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gxiu1xd1nygmlb28t9sh1esz4b6y/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230223T154611Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=d6c45ae432a42be4435164d2350a1824d5e56cb4e3b98c847b105610b5b94d07
Cache-Control
max-age=300, private
/
app.posthog.com/e/ 		13 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1677167173315
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.158.113.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-113-10.compute-1.amazonaws.com
Software
/
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 23 Feb 2023 15:46:13 GMT
x-content-type-options
nosniff
referrer-policy
same-origin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ function| MarkdownHeaderButtonElement function| MarkdownBoldButtonElement function| MarkdownItalicButtonElement function| MarkdownQuoteButtonElement function| MarkdownCodeButtonElement function| MarkdownLinkButtonElement function| MarkdownImageButtonElement function| MarkdownUnorderedListButtonElement function| MarkdownOrderedListButtonElement function| MarkdownTaskListButtonElement function| MarkdownMentionButtonElement function| MarkdownRefButtonElement function| MarkdownStrikethroughButtonElement function| MarkdownToolbarElement function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ function| Cvss function| _ object| analytics object| chatwootSettings object| $nuxt object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| hotjarDeps function| hotjarLoader object| sentryDeps function| sentryLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| sentryIntegration object| Sentry object| __SENTRY__ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| chatwootSDK object| $chatwoot function| playAudioAlert

10 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ajs_anonymous_id
Value: 7029d12a-8bb6-494e-aabb-5e35ad16ac8c
.huntr.dev/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%221867ef412e92b1-0eb5753e01280a-6f385457-1d4c00-1867ef412ea903%22%2C%22%24device_id%22%3A%221867ef412e92b1-0eb5753e01280a-6f385457-1d4c00-1867ef412ea903%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1677167170302%2C%221867ef412ff287-0903c4acecdfee-6f385457-1d4c00-1867ef4130065c%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
.huntr.dev/ Name: _hjSessionUser_2380708
Value: eyJpZCI6ImVkZmJjN2U2LTIwOTEtNTY5My1hODU5LTZlNjI1YThhNjIzNCIsImNyZWF0ZWQiOjE2NzcxNjcxNzEwNjIsImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/ Name: _hjFirstSeen
Value: 1
.huntr.dev/ Name: _hjIncludedInSessionSample_2380708
Value: 0
.huntr.dev/ Name: _hjSession_2380708
Value: eyJpZCI6IjVlZDcyYjMwLWM2MGYtNGI2Ny04MTA3LTNiNzAyNDQ0NjNiNCIsImNyZWF0ZWQiOjE2NzcxNjcxNzEwNzQsImluU2FtcGxlIjpmYWxzZX0=
huntr.dev/ Name: _hjIncludedInPageviewSample
Value: 1
.huntr.dev/ Name: _hjAbsoluteSessionInProgress
Value: 0
huntr.dev/ Name: cw_conversation
Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI1NGE2ZjZlYy0yNmM4LTQxNmMtYWVkMi1hZGNiMTgxYWU5Y2MiLCJpbmJveF9pZCI6MTQxMn0.m4X6kCzdSzCdql6y5H46xKopd5c9DwfTcEVaRSV_Akg

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
github.com
huntr.dev
in.hotjar.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
13.32.110.74
140.82.121.4
18.205.222.128
18.66.91.228
18.66.97.10
2600:9000:211a:5c00:7:dce7:b680:21
2600:9000:223d:e600:14:bb32:5f00:93a1
2606:50c0:8002::154
2a04:4e42:200::729
52.18.149.243
52.216.132.171
54.158.113.10
54.200.85.230
65.9.86.76
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
10fec930c098c01da40b61441ce4679014fa7adbbaa6cf3f5e09101f90227c2d
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1e922018bb7bf88d050575d4cd33b4c74fe410751ffd2bf11980fc564fa257de
1eec93135b74395f6e3554dced68111365cf11e9c670367ab5bbbcf5ae2bfdce
231223f1b338feea86db25f9627f3ee805de2affb1b89f0da632d9c6358f7d28
23701595d14eccacdd499554110b1cbc2a5321f34e57ad8992f35176cf328078
253bfa7c968b5859efe9fd412e9aec2177575574e639e88eee4ba599bea06be4
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
27cf59f2f5b8446bbf81f4ed9bbea4fcbbece316e3655ade51da075cdc9962d4
292d919908dde83af15abd15c6fd4d3571cbaaacd139e754fd67debe512dfbe2
2f7026fb7f5e77cee52363ce1816b048560246cc8589e6f8a43ce463187600b1
334cdd14a65a4c39fb73b7819e19f6a085d96efd9a2f66a8d1d11490051b2bf6
366ee2bd48f5356ddcfe38aa922933bc895a12ff1b8adeccd871ebcb7dca7f6d
3c31a56e7dc0f496a52a6972c7e79efb46dfc7502935034e25884602bdfde147
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
439dd0e5945a0731c1dfb526d6ca89c6c61dd470079c4c6898a300e945fcf204
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
466910000509e7c499d870fe80359e3ac1e9ce159a29b5231ef3c766e6f7fcb3
4a09242a88d63f0c235f91b4efa4efbf34e7fe3b5d9171155639942da7108cd1
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
52a57e38843336265aa491722194c92aebe868b8b011e5f87f423f965d259fba
539f3907b1df190e365f7fb14702edf6b43cc1c253e5b768f884951c6801c992
5afabc3fa7accd1e8fd1ac97f5c15ad22a655ffc1708ca1ef32f7099821576b4
5b10b96fcde2aaf35a0cc7b24c9d8e664181b2ddf6f6d12db2a83c18eb816dcd
6212de194d3469fe98f17c90e0a985836f71ba2507ed8aeac43aa41b61c4495d
6ac404a65bffee85a15718f669a44f5a034c94116661e6e0e48b1609f4a8617a
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
727a3db5bbc554e4db1765f8b78a2e8c4a2a5935aae44b77a024e2e2cffa0a9e
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
7af81e89ce17183a68c2cb7b58368dc5e4294b2c314cca432e78b433228c837b
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
7ee87b4efb74d3ac39b577dc929eff90c5a88bf4807638f72b6cc8841965c139
80b81f5286385e56dace31c7c19e73cbdfe65170c171484a356844090f0806b2
823b6513d669b504649cece5886352e15a27dc9bf00c70a5b32866aa78f6d0ed
83726405900cd34c4ec484d6f0154698afff44e15432aa54203fa43799efb995
891c98fb196524fe1e2766f0de56dbdc9f2c9820b572ae0d3903e093ff575d6f
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6
936fc5f7d3b8fe2458e3c5307d9af6ea0a901b2a5beda7c8d6fb8d5921804aeb
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
9a279a8cfe3eb891b1a7a5458606ae20be74304c60e05b985f3bea0f6815e96b
9a7e6f77d78bb3cc55b14ea9fe6750b9d8d0998fd6831f0b3c873f29c4b5d54a
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
9de1041297927941b9c0d2104c967e3a17544dc79c5c9d49d3500af6397a9f7f
a357226eece8f0bde8907fe1462cfadbbf11d33dc98eb597b7f4d87a47c5ce69
ab04f9631d2c18b852526378ebd3975d23ddef2919b766bc1569c21801e9fe3b
ac45d78e09cfe5b622e1e3ae9feaeb7f661e45574c3be880f87b4c857f78c603
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
b8a169e23c2ba4328eed7c91773d6be70514ede65b80e4569fc95472aa26bd86
bb918e4772434c8678a69a4d9c1683e0ccf4bc2498f5240d1465b8287d2387cb
c15d07f9d87fea851ff9306ff597b442e7ca8f6b306acaf6fe753ed259decee4
c39207d82d732237f89a6def9e19eae5dcf1aa7ef844b8e348a383b1ce9d98d7
cb3227b6083c8f08881e7d37c6ad8e309453f16a69490c8d9b8a7af526114742
cb9461b2222bcc154ae685fc967897cc67968014e28871bc8511becb2421127d
ce4891d624c3167a1305ef52955443ae411de632464da5e91da165ea3ee77b63
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53
e39e46684de1d904f143b7e5598c153b851a70188e0d720cc5c288a447dffcaa
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
ea4f85c464e4e9730de224e46bacacd1bac402db19569c116ec1d0ddfba3ecba
ebce1c4c75fa68ddfa10cea31ba3e9c70fa4093777a69f8f130442b9e9904453
f30580dc23070b947d2fff35b4ea296d6a41511a15a7696841c1bb4dc84e9c58
f56183812a5422dffe2b32c733ea1931039f5cdcfe6319fbdb53fe730103d411
f77160d01495a3a0057ff5199cff92bcb0e4ebed6fb6141db0489e1d98fac359
fa60062203da2517fee1b0836d5d515d83c16082c0bf65139e1b2d6435cfa42f
fcf7f3f65bea9af22300e09e2bb516becfe20787df55b042a4ec092fb7e7d0cc