Submitted URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Effective URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Submission: On December 17 via manual from DE — Scanned from DE

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 70 HTTP transactions. The main IP is 18.239.18.52, located in United States and belongs to AMAZON-02, US. The main domain is huntr.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on October 16th 2023. Valid for: a year.
This is the only time huntr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
18 2600:9000:223... 16509 (AMAZON-02)
8 2606:50c0:800... 54113 (FASTLY)
3 2600:9000:223... 16509 (AMAZON-02)
29 18.239.18.52 16509 (AMAZON-02)
12 99.86.4.55 16509 (AMAZON-02)
2 2 140.82.121.4 36459 (GITHUB)
70 5
Apex Domain
Subdomains
Transfer
29 huntr.com
huntr.com
1 MB
18 huntr.dev
huntr.dev
1 MB
12 amazonaws.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
7 KB
8 githubusercontent.com
avatars.githubusercontent.com — Cisco Umbrella Rank: 9343
292 KB
3 posthog.com
app.posthog.com — Cisco Umbrella Rank: 9352
2 KB
2 github.com
github.com — Cisco Umbrella Rank: 2967
6 KB
70 6
Domain Requested by
29 huntr.com huntr.dev
huntr.com
18 huntr.dev huntr.dev
12 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.com
8 avatars.githubusercontent.com huntr.dev
huntr.com
3 app.posthog.com huntr.dev
huntr.com
2 github.com 2 redirects
70 6
Subject Issuer Validity Valid
*.huntr.dev
Amazon RSA 2048 M03
2023-11-26 -
2024-12-24
a year crt.sh
*.github.io
DigiCert TLS RSA SHA256 2020 CA1
2023-02-21 -
2024-03-20
a year crt.sh
app.posthog.com
Amazon RSA 2048 M01
2023-05-02 -
2024-05-31
a year crt.sh
*.huntr.com
Amazon RSA 2048 M03
2023-10-16 -
2024-11-13
a year crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon RSA 2048 M03
2023-11-07 -
2024-12-05
a year crt.sh

This page contains 1 frames:

Primary Page: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Frame ID: 7F94AF1A17826AD23A3E61866CFD4748
Requests: 64 HTTP requests in this frame

Screenshot

Page Title

Server Side Template Injection vulnerability found in grav

Page URL History Show full URLs

  1. https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/ Page URL
  2. https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

70
Requests

97 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

3178 kB
Transfer

10241 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/ Page URL
  2. https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 63
  • https://github.com/mahagr.png HTTP 302
  • https://avatars.githubusercontent.com/u/854915?v=4
Request Chain 67
  • https://github.com/effectrenan.png HTTP 302
  • https://avatars.githubusercontent.com/u/13952792?v=4

70 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
236 KB
40 KB
Document
General
Full URL
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7a4284985787075ee48e5ceae8930c3329881788a3f3fe674ec3cb6782aefb0d
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=2
content-encoding
gzip
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-type
text/html
date
Sun, 17 Dec 2023 13:24:19 GMT
etag
W/"6a9878e431a9f8b87b31f07628005370"
last-modified
Fri, 15 Dec 2023 10:49:14 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-id
0IsJQYYH32Kn7DiWNNFQcIHhTdUIdI3QjRTR2ncJ6uepPUY8JzMmjw==
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
66d3e4c.js
huntr.dev/_nuxt/
3 KB
3 KB
Script
General
Full URL
https://huntr.dev/_nuxt/66d3e4c.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
58268cb7d66324a0c35db47cb4f0f628b15ccac232653a17b5a563a016e9414b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"127e3fc8449d18a5e820edd3fa28693f"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
p5-zfIEeAmaBID1Nngv7ZcEIRGmb1MlBSWkgLXVPmICh884c9iuXyw==
5259ebe.js
huntr.dev/_nuxt/
341 KB
119 KB
Script
General
Full URL
https://huntr.dev/_nuxt/5259ebe.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1317639f267ec4abb5ac5fd91c782300247ea8e0a8bcbce7492603a55cfd2fa0
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"771b6f7adc51309930a90c93c89ae5ca"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
U_nzYKaWn7YNhm6-s5-oDu3nbb8wM2a_GJmKexLLeLz7OLmopYrvdQ==
478f820.js
huntr.dev/_nuxt/
1 MB
311 KB
Script
General
Full URL
https://huntr.dev/_nuxt/478f820.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c06e9cd4aecd60e7fc554b51d67bc46797e995a29d8ee01dff127842e377fe2f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"e9792fe426ef836eaa4a00e147ca2bf0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
-hs7QCb_f6ENBpZ_qHWUbBdyIdJa908nfQhTI9i9lvGE9gUltBRjbQ==
fad53c9.js
huntr.dev/_nuxt/
224 KB
38 KB
Script
General
Full URL
https://huntr.dev/_nuxt/fad53c9.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
912f427fb77de25e875f0090746c3ccbb58f72365b54bb343a9860a23e35952f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"7be769335ee5c2b2d9f2b20e66207ae2"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
ifMkxp3d3Wm5rnwlPHz2eqm_ObaxvTO-PwRV2cgoao7tujdXFQVuQg==
517f17e.js
huntr.dev/_nuxt/
499 KB
121 KB
Script
General
Full URL
https://huntr.dev/_nuxt/517f17e.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
318f8ba355db5acc959e994cbdb293fdc1aa3c47c0e700365e7e5c07bef37f21
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"a9aef0d687ac20f27684fda2bf364e1b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
kRpt-vhiNwVkitelymVCrv5OiA5uMN2VmSYFEL3DxTXZXj9xqpBNKQ==
cca0020.js
huntr.dev/_nuxt/
14 KB
6 KB
Script
General
Full URL
https://huntr.dev/_nuxt/cca0020.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbbb83d8876dba4b2ab07262665eed8f7609e3bb44ea223087ed444e56cf6ea4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"c341ec17ef46defc7ff1afe027609a62"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
9m3uFE_x_4-n9NA1UBPSq5U_yUuiMtPsrlL-4AvFUogwmnn9XCIeog==
9b11602.js
huntr.dev/_nuxt/
66 KB
19 KB
Script
General
Full URL
https://huntr.dev/_nuxt/9b11602.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f71aa4fa9518d8765e730c9819bac935a93fe8572f33febd87f54754930751f3
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"20ae0e222bf8f4a77acc6a7d8c49aabf"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
0BK3Qiy6BYv2MZg4kp__TM6rOri9g-xYe7va0-gIo1pruzvWllXMUg==
23eec6a.js
huntr.dev/_nuxt/
76 KB
16 KB
Script
General
Full URL
https://huntr.dev/_nuxt/23eec6a.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
593cf9b1e464dcbc6791033d283bdfabffc0128ae0fd31a8e885ba3b7fbf0ea3
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"1deb9c07089603e73877ebe9af0ff2ed"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
yzzrPV3smDcj3ZQPZ5SDkQzqUrrDILCKBFzBsUnOu30YaocREvMQyg==
8fa45dc.js
huntr.dev/_nuxt/
863 KB
275 KB
Script
General
Full URL
https://huntr.dev/_nuxt/8fa45dc.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
04fb1017d16e085ddfdd02754dcdd399502ad04c4ca5ea3e8b1ef81a459d02b4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"30acbcfb6d3115fd0c4506aa0ad0ab50"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
XeVfUrgHWpHf0DVtbEHnNNT7T8GqHfGJqJjgp5j3zLWzgkaz3QBt9w==
state.js
huntr.dev/_nuxt/static/1702636770/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
19 KB
6 KB
Script
General
Full URL
https://huntr.dev/_nuxt/static/1702636770/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/state.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bda653aa55d5e0d72a285f5ce6eccdaec8d48b03d5d4dbdbf88367a399ccf861
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:52 GMT
server
AmazonS3
etag
W/"2355665f32a0e222c8cefa1f61d11a1e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
D8Yh1_9XFC6fR3eOD6Vrgz8AUSiQklGpq-rYQ170KMJZ2jNIePSPjQ==
payload.js
huntr.dev/_nuxt/static/1702636770/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
259 B
1 KB
Script
General
Full URL
https://huntr.dev/_nuxt/static/1702636770/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d8b11a46f80c47b3e190d91279647b7169d2109a037ddaf123cb91afa5cbcbf
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
259
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:52 GMT
server
AmazonS3
etag
"9bc9247f3273eed511c90b465c2ed896"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
sLuVjZ6Eugl-eu7PzYf5ewa1Bf4EixnpxKNzJunNFbDl9Qz918v4eA==
manifest.js
huntr.dev/_nuxt/static/1702636770/
221 KB
81 KB
Script
General
Full URL
https://huntr.dev/_nuxt/static/1702636770/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5cac43e2fe823181976dd79c4bd323f0dcaeec11dd886b6c830dd1f89ff3186
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:49:03 GMT
server
AmazonS3
etag
W/"066f2fc919866e015e902b6a6b88a5c1"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
_blmvTNhsW39u2qmXzC9ACdID62hi7MCeW8zkVMkwVZEZirFoCGjvg==
horizontal-logo-wh.svg
huntr.dev/
7 KB
4 KB
Image
General
Full URL
https://huntr.dev/horizontal-logo-wh.svg
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7c19b4b3d23dac866f03987aed9ac91b0f46f6135ccbb092fa4a6fca40387e74
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:49:33 GMT
server
AmazonS3
etag
W/"8b906c4e0a6f77a7595b633b8ffa0cb8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
WR1fXOHHHgPj2yb44TV0OBdFJKjGldqoVr8xGhlWBRMVkFraDQqDSw==
php_elephant.f4fa9b2.svg
huntr.dev/_nuxt/img/
3 KB
2 KB
Image
General
Full URL
https://huntr.dev/_nuxt/img/php_elephant.f4fa9b2.svg
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab513161359bcd805d8df2ae160b0064edcdc60f914ac3f0bac697f2979bfd1e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:45 GMT
server
AmazonS3
etag
W/"f4fa9b2257b2973619f471612924a977"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
9lU-DX_Pt9jQthQvrkN1QdpCNRcQCHEsDA9d-tZXJKPO9u6CgUYyHQ==
13952792
avatars.githubusercontent.com/u/
18 KB
19 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/13952792?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f7cc01b1dce314fba87b5243fa78a4c6504cd9bdd96415cc66743064ab2a95cb
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-fastly-request-id
85e13afd788fcfae8b5cd0b6d727763dce634fae
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Sun, 17 Dec 2023 13:24:18 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
18808
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230051-FRA
last-modified
Sat, 07 May 2022 02:44:34 GMT
x-github-tenant
x-github-request-id
37D8:26B05F:69A780:6E7E89:6579B01F
x-timer
S1702819458.221734,VS0,VE2
etag
"4c9ede3e8d2e48314fa8a01c24c6ef6607e6d9a0536c891fec7399cf21dd3375"
source-age
345697
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Sun, 17 Dec 2023 13:29:18 GMT
854915
avatars.githubusercontent.com/u/
64 KB
64 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/854915?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4fafdde157d7eab806ee7d16a626eb9223eaf1391f0b3a9b3c72e5b8771b5c72
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-fastly-request-id
459382355fd964d1076130952a691475483aa944
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Sun, 17 Dec 2023 13:24:18 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
65684
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230051-FRA
last-modified
Sat, 07 Mar 2015 07:59:44 GMT
x-github-tenant
x-github-request-id
859C:26A05B:18FAAD6:19FFD67:657B8B24
x-timer
S1702819458.221596,VS0,VE1
etag
"8a836809c838d600f517a2d5eca4de1ce9668e316921398783614238ca3f473a"
source-age
224094
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Sun, 17 Dec 2023 13:29:18 GMT
28673021
avatars.githubusercontent.com/u/
21 KB
22 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/28673021?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
369c8afb7b8131a11267f3eab30c7e3867e77ba3dbfd6dbff22dbbc8468807e7
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-fastly-request-id
bd3c32567270e5529e2f40901e81c6b74846d183
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Sun, 17 Dec 2023 13:24:18 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
21544
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230051-FRA
last-modified
Mon, 10 May 2021 07:33:08 GMT
x-github-tenant
x-github-request-id
14C8:E7125:1DFA923:1F403D4:657C31E9
x-timer
S1702819458.221522,VS0,VE1
etag
"7bf21d1bad1528b719fea73bc89f94d85f36afccbc15a1e598f808b62bc2060f"
source-age
181398
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Sun, 17 Dec 2023 13:29:18 GMT
Montserrat-Regular.ee65399.ttf
huntr.dev/_nuxt/fonts/
240 KB
111 KB
Font
General
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.ee65399.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:45 GMT
server
AmazonS3
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
qSsgf793V_Oqz9p50E7lchG-MSmGCTgYKSbg1767ApP1NeyTUrTCwg==
Montserrat-Medium.c8b6e08.ttf
huntr.dev/_nuxt/fonts/
237 KB
111 KB
Font
General
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.c8b6e08.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:45 GMT
server
AmazonS3
etag
W/"c8b6e083af3f94009801989c3739425e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
9Jxl-h3nOs9RpB_eORhvejniSvRexCM5IMfTKhaemr3o7qh6Q80ZDA==
WorkSans-Regular.7d761a6.ttf
huntr.dev/_nuxt/fonts/
187 KB
85 KB
Font
General
Full URL
https://huntr.dev/_nuxt/fonts/WorkSans-Regular.7d761a6.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:4c00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:45 GMT
server
AmazonS3
etag
W/"7d761a652f8e716f57f4352b0f4e6280"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
8gegGoR3ZNoxGfOPXc3W5hzoCVXhkum1V3kjT6JUt3mOFKDYDO3cew==
/
app.posthog.com/decide/
444 B
860 B
XHR
General
Full URL
https://app.posthog.com/decide/?v=3&ip=1&_=1702819458621&ver=1.77.0
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:2000:1d:be94:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 17 Dec 2023 13:24:18 GMT
via
1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
referrer-policy
same-origin
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
x-cache
Miss from cloudfront
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
x-amz-cf-id
kAf4YLxMyFR8iGJuXRbt6xMQL7L7dtoCXfKxmbDDxQIXo_6yLJylgA==
Primary Request /
huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
236 KB
40 KB
Document
General
Full URL
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/fad53c9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7a4284985787075ee48e5ceae8930c3329881788a3f3fe674ec3cb6782aefb0d
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=2
content-encoding
gzip
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-type
text/html
date
Sun, 17 Dec 2023 13:24:19 GMT
etag
W/"6a9878e431a9f8b87b31f07628005370"
last-modified
Fri, 15 Dec 2023 10:49:14 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-id
NL8oFXlpmioFDX73sSIJq3C5DFo0S_TrMmrMP-nCzFl7A0B22oGTWA==
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
66d3e4c.js
huntr.com/_nuxt/
3 KB
3 KB
Script
General
Full URL
https://huntr.com/_nuxt/66d3e4c.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
58268cb7d66324a0c35db47cb4f0f628b15ccac232653a17b5a563a016e9414b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"127e3fc8449d18a5e820edd3fa28693f"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
k8YJi9kMhi6VAPjh-ht3laZuvvGDI6EJ_4v6wB_OfCi6cNcUqW6tUg==
5259ebe.js
huntr.com/_nuxt/
341 KB
119 KB
Script
General
Full URL
https://huntr.com/_nuxt/5259ebe.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1317639f267ec4abb5ac5fd91c782300247ea8e0a8bcbce7492603a55cfd2fa0
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"771b6f7adc51309930a90c93c89ae5ca"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
THHImXaKqsMpSeW-hCXHSt6ltYwvsfT8np5cIg1clSkaP9qSVOYmYA==
478f820.js
huntr.com/_nuxt/
1 MB
311 KB
Script
General
Full URL
https://huntr.com/_nuxt/478f820.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c06e9cd4aecd60e7fc554b51d67bc46797e995a29d8ee01dff127842e377fe2f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"e9792fe426ef836eaa4a00e147ca2bf0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
TAg_vkJLm9CJm9Fhhr9yoUaVK4ADPs5gSxLA1n0Wpgaw_4K2uJqaBw==
fad53c9.js
huntr.com/_nuxt/
224 KB
38 KB
Script
General
Full URL
https://huntr.com/_nuxt/fad53c9.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
912f427fb77de25e875f0090746c3ccbb58f72365b54bb343a9860a23e35952f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"7be769335ee5c2b2d9f2b20e66207ae2"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
3F8GOj-Rf7jl4Kaj2QFTPl1s6MtBsEqDZYa8qz5gsdaDhwz_nzgA8Q==
517f17e.js
huntr.com/_nuxt/
499 KB
121 KB
Script
General
Full URL
https://huntr.com/_nuxt/517f17e.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
318f8ba355db5acc959e994cbdb293fdc1aa3c47c0e700365e7e5c07bef37f21
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"a9aef0d687ac20f27684fda2bf364e1b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
1W_I0QatgnxT9-vonwgViq7twcyczKsICovAZEUJXeZIX_IZp6Mrzw==
cca0020.js
huntr.com/_nuxt/
14 KB
6 KB
Script
General
Full URL
https://huntr.com/_nuxt/cca0020.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bbbb83d8876dba4b2ab07262665eed8f7609e3bb44ea223087ed444e56cf6ea4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"c341ec17ef46defc7ff1afe027609a62"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
2Y-gFjf0GJUkFBv4hHCZhhX9OwSsONIlDe9nta0z-1TXELvLvOfN4Q==
9b11602.js
huntr.com/_nuxt/
66 KB
19 KB
Script
General
Full URL
https://huntr.com/_nuxt/9b11602.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f71aa4fa9518d8765e730c9819bac935a93fe8572f33febd87f54754930751f3
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"20ae0e222bf8f4a77acc6a7d8c49aabf"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
Q1DvqPzCgbamHJGFWvje2Ws7JEohA3qvF--7ugioZ4XNZButAgsSpw==
23eec6a.js
huntr.com/_nuxt/
76 KB
16 KB
Script
General
Full URL
https://huntr.com/_nuxt/23eec6a.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
593cf9b1e464dcbc6791033d283bdfabffc0128ae0fd31a8e885ba3b7fbf0ea3
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"1deb9c07089603e73877ebe9af0ff2ed"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
1KrN3D7C18-ZvfTcGCnJV4m1n9y7my-wfawFEZt4zzJdQkCMBMSdHQ==
8fa45dc.js
huntr.com/_nuxt/
863 KB
275 KB
Script
General
Full URL
https://huntr.com/_nuxt/8fa45dc.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
04fb1017d16e085ddfdd02754dcdd399502ad04c4ca5ea3e8b1ef81a459d02b4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"30acbcfb6d3115fd0c4506aa0ad0ab50"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
em813SYLM8DXZush57w_PW_3KcBehACbFVubqjNAW-jMkgtLB87bVA==
state.js
huntr.com/_nuxt/static/1702636770/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
19 KB
6 KB
Script
General
Full URL
https://huntr.com/_nuxt/static/1702636770/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/state.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bda653aa55d5e0d72a285f5ce6eccdaec8d48b03d5d4dbdbf88367a399ccf861
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:52 GMT
server
AmazonS3
etag
W/"2355665f32a0e222c8cefa1f61d11a1e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
3suiy_QCyS6WMjlw7zAGUSHasr5ZJCugg8lKYQA5eF6wai62ghvdhg==
payload.js
huntr.com/_nuxt/static/1702636770/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
259 B
1 KB
Script
General
Full URL
https://huntr.com/_nuxt/static/1702636770/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/payload.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6d8b11a46f80c47b3e190d91279647b7169d2109a037ddaf123cb91afa5cbcbf
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
259
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:52 GMT
server
AmazonS3
etag
"9bc9247f3273eed511c90b465c2ed896"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
gJCYKKYikumNCnBDilvAB83_NPLud0mZY8Mg29tV8hi6D6h_JNFu8A==
manifest.js
huntr.com/_nuxt/static/1702636770/
221 KB
81 KB
Script
General
Full URL
https://huntr.com/_nuxt/static/1702636770/manifest.js
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d5cac43e2fe823181976dd79c4bd323f0dcaeec11dd886b6c830dd1f89ff3186
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:49:03 GMT
server
AmazonS3
etag
W/"066f2fc919866e015e902b6a6b88a5c1"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
TEozPQcSZoAn5LFqXQLZBVVThjsYN4r77fr8L_4cFQhtzmqKKQ-jcg==
horizontal-logo-wh.svg
huntr.com/
7 KB
4 KB
Image
General
Full URL
https://huntr.com/horizontal-logo-wh.svg
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7c19b4b3d23dac866f03987aed9ac91b0f46f6135ccbb092fa4a6fca40387e74
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:49:33 GMT
server
AmazonS3
etag
W/"8b906c4e0a6f77a7595b633b8ffa0cb8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
LCkX1LO7NMfXomnvmPPgPsRevThkSIC2FN7n8n1UDKv9hyuYJqV0gQ==
php_elephant.f4fa9b2.svg
huntr.com/_nuxt/img/
3 KB
2 KB
Image
General
Full URL
https://huntr.com/_nuxt/img/php_elephant.f4fa9b2.svg
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ab513161359bcd805d8df2ae160b0064edcdc60f914ac3f0bac697f2979bfd1e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:45 GMT
server
AmazonS3
etag
W/"f4fa9b2257b2973619f471612924a977"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
Ix_RsOz5-QntZUUJqOKcx-SaZ9GRzWdY-mmdryISAYPv58nb10IRPg==
13952792
avatars.githubusercontent.com/u/
18 KB
18 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/13952792?v=4
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f7cc01b1dce314fba87b5243fa78a4c6504cd9bdd96415cc66743064ab2a95cb
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-fastly-request-id
0ea3a2b6fae92329eb720e345b66c465f8fe907c
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Sun, 17 Dec 2023 13:24:18 GMT
via
1.1 varnish
x-cache-hits
2
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
18808
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230051-FRA
last-modified
Sat, 07 May 2022 02:44:34 GMT
x-github-tenant
x-github-request-id
37D8:26B05F:69A780:6E7E89:6579B01F
x-timer
S1702819459.836741,VS0,VE0
etag
"4c9ede3e8d2e48314fa8a01c24c6ef6607e6d9a0536c891fec7399cf21dd3375"
source-age
345698
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Sun, 17 Dec 2023 13:29:18 GMT
854915
avatars.githubusercontent.com/u/
64 KB
65 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/854915?v=4
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4fafdde157d7eab806ee7d16a626eb9223eaf1391f0b3a9b3c72e5b8771b5c72
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-fastly-request-id
0821e5ddf19460ea7e5f76c138b6776f6f920b97
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Sun, 17 Dec 2023 13:24:18 GMT
via
1.1 varnish
x-cache-hits
2
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
65684
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230051-FRA
last-modified
Sat, 07 Mar 2015 07:59:44 GMT
x-github-tenant
x-github-request-id
859C:26A05B:18FAAD6:19FFD67:657B8B24
x-timer
S1702819459.836709,VS0,VE0
etag
"8a836809c838d600f517a2d5eca4de1ce9668e316921398783614238ca3f473a"
source-age
224095
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Sun, 17 Dec 2023 13:29:18 GMT
Montserrat-Regular.ee65399.ttf
huntr.com/_nuxt/fonts/
240 KB
111 KB
Font
General
Full URL
https://huntr.com/_nuxt/fonts/Montserrat-Regular.ee65399.ttf
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Origin
https://huntr.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:45 GMT
server
AmazonS3
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
csXLsAWme4ixojfOsYkMpdV_i4Y99vrXNTWl3tADTSci2H3-A58Zqw==
Montserrat-Medium.c8b6e08.ttf
huntr.com/_nuxt/fonts/
237 KB
111 KB
Font
General
Full URL
https://huntr.com/_nuxt/fonts/Montserrat-Medium.c8b6e08.ttf
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Origin
https://huntr.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:45 GMT
server
AmazonS3
etag
W/"c8b6e083af3f94009801989c3739425e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
Nnpjxy-2nBHnk40YSqexiFYdfqyA4QXyrtE_r5na1XFMdgCzG8zrIQ==
28673021
avatars.githubusercontent.com/u/
21 KB
21 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/28673021?v=4
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
369c8afb7b8131a11267f3eab30c7e3867e77ba3dbfd6dbff22dbbc8468807e7
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-fastly-request-id
49325bdcefb980ed948a3388bb8708215cca946e
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Sun, 17 Dec 2023 13:24:18 GMT
via
1.1 varnish
x-cache-hits
2
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
21544
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230051-FRA
last-modified
Mon, 10 May 2021 07:33:08 GMT
x-github-tenant
x-github-request-id
14C8:E7125:1DFA923:1F403D4:657C31E9
x-timer
S1702819459.853400,VS0,VE0
etag
"7bf21d1bad1528b719fea73bc89f94d85f36afccbc15a1e598f808b62bc2060f"
source-age
181399
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Sun, 17 Dec 2023 13:29:18 GMT
WorkSans-Regular.7d761a6.ttf
huntr.com/_nuxt/fonts/
187 KB
85 KB
Font
General
Full URL
https://huntr.com/_nuxt/fonts/WorkSans-Regular.7d761a6.ttf
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b94e0d8ca23cc01c51de5d2d6a9e69704b95848c2143df8ee6cd421ac60decf
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Origin
https://huntr.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:45 GMT
server
AmazonS3
etag
W/"7d761a652f8e716f57f4352b0f4e6280"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
5c3zcvPec0qCFQApYWwgN1QoG3bWrl_r0o8Xxw1nhJ4EIaDF8bFIZw==
/
app.posthog.com/decide/
444 B
858 B
XHR
General
Full URL
https://app.posthog.com/decide/?v=3&ip=1&_=1702819459229&ver=1.77.0
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:2000:1d:be94:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a886dd7cebaba694929aa52c831814230430d460d4a844de9f094b223d5d63f7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 17 Dec 2023 13:24:19 GMT
via
1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
referrer-policy
same-origin
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.com
x-cache
Miss from cloudfront
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
x-amz-cf-id
rPVlNnQA6MSNigI6yKgWa4k3G0h6vGz6-tzgNpDSCdBhgRR9fvuSog==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
0
0
Preflight
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-id
A0sLPuGtPKU7lxawMXpGe_9FKs8qlILg9DnX_ryeweXhlq-VkjCetQ==
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
970f20e6-7cc3-48ae-918d-1162e8196805
x-cache
Miss from cloudfront
276c541.js
huntr.com/_nuxt/
23 KB
9 KB
Script
General
Full URL
https://huntr.com/_nuxt/276c541.js
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/66d3e4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f4db0102019fb33a148b506db80981f0a0845eac0dda888db47921d8dee21c3a
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"0d4bb8d6a68fec0d652d3ea052a8c5dd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
G1GCG-OE6gpolq5_bbkxcfWb88CLuXh02sclSo5mLDsipforlUDDYQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
250 B
670 B
XHR
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash
de3dd1fbb2c2c119b113cccf41a047b9df42daaf8bcc0b868c6e74ab9c1370dc

Request headers

accept
*/*
Referer
https://huntr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
x-api-key
da2-q65kehmbjzdz5kykbosarrb72a
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
3
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
fcdb5fce-7092-40c2-8431-f5cf81f5ef65
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
250
x-amz-cf-id
8lcjAqRBjq_FdBR9NQtJIcF6W1P6KSoQ6bGXnVgMfFLer4_Es2nCVw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
13 KB
3 KB
XHR
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash
eb18b7eb5563af38819ec957f9e50e01c21a6e9bfeaded0ee01abb1979e09c08

Request headers

accept
*/*
Referer
https://huntr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
x-api-key
da2-q65kehmbjzdz5kykbosarrb72a
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Sun, 17 Dec 2023 13:24:20 GMT
content-encoding
gzip
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
3c674b93-c454-45eb-a880-f8a0bc32b541
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id
p_O-8t2ryOrlISNClDX8-6PbUnDZvD0xVxWHOXLKcyFDwm_UGuz4fg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
2 KB
1 KB
XHR
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash
f2eb58ba2742ca0cf9b1381641fea00be9f708cb1a8daa8e8545b89c2e2755ff

Request headers

accept
*/*
Referer
https://huntr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
x-api-key
da2-q65kehmbjzdz5kykbosarrb72a
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Sun, 17 Dec 2023 13:24:20 GMT
content-encoding
gzip
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
41202cf4-a823-41f3-b2fd-b69e7aa46162
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id
J6R65E5GndbPC2UGJRDdvNm19EPT5C_SIWsSAKNMDugbHXJg-v90sQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
31 B
452 B
XHR
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6

Request headers

accept
*/*
Referer
https://huntr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
x-api-key
da2-q65kehmbjzdz5kykbosarrb72a
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
6
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
d5c98583-ed87-4c17-9742-8f3bef4a599b
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
31
x-amz-cf-id
tHU4eSbXBzKNSdiMIBAEVPwBttXa7gYvDpZ66xKAgxVE3WeTx9ivEQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
0
0
Preflight
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-id
StHolA7TyKPomeFAaiv2QtSA34d9U4A6RSNNIJ9ZvfjzYhpsIgPwkw==
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
731f9a2f-fc2f-4b42-98fe-d0ba448f02e8
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
0
0
Preflight
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-id
eAsTZE5XglkA-i6Y-DVL9VMoMOefWz9niPy--GJQfGRkzMw5d9-1gQ==
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
fa032569-9913-42d5-8860-28041efd0262
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
0
0
Preflight
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-id
CZsZHXse4ACOnw-0L6APJzeMuWB5kCR_0DaP2in44zwzFnNpZyczBw==
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
58247b59-65e2-4b0b-96a0-9ef7b5b0948a
x-cache
Miss from cloudfront
Metropolis-Regular.f7b5e58.otf
huntr.com/_nuxt/fonts/
23 KB
18 KB
Font
General
Full URL
https://huntr.com/_nuxt/fonts/Metropolis-Regular.f7b5e58.otf
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Origin
https://huntr.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:45 GMT
server
AmazonS3
etag
W/"f7b5e589f88206b4bd5cb1408c5362e6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
HTwQ4E_kFZYpi9gIKPJV78z8Iwlt170ScXtMwHHuBPqgaTae2-Mbcw==
IndustryTest-Bold.583c7e9.otf
huntr.com/_nuxt/fonts/
10 KB
8 KB
Font
General
Full URL
https://huntr.com/_nuxt/fonts/IndustryTest-Bold.583c7e9.otf
Requested by
Host: huntr.com
URL: https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
56e2d2609efc09d06a31ef9b82e71516287020ce3c0c5c2bb79841f95add1823
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Origin
https://huntr.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"583c7e9d9c20757dff0d18e94e11da8e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
46OtO3VA2K0PfNfR6eK6WZZD1pRIlKXgn3HKcBuLQozK_Vn5YceoTg==
fe7b6d7.js
huntr.com/_nuxt/
764 KB
41 KB
Script
General
Full URL
https://huntr.com/_nuxt/fe7b6d7.js
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/66d3e4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6710aeb89a1a773e829cad6d5639d554a28a52c180239a1ac1ee567a83d0affb
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"3aa68a05bf14675772cd1e5cb0934f8d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
50u6NS0324batUdjrIUQ3b7szX-RnUnYxeZeEfvGekVvBSVWlN2zkA==
9798407.js
huntr.com/_nuxt/
35 KB
9 KB
Script
General
Full URL
https://huntr.com/_nuxt/9798407.js
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/66d3e4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e7dd9fe37ef013e0d38204087f3eaad5a4abbc4fde074bf8577c44e2662d0129
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"f7db357e086df70cc47ee40a81a2c708"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
UPzHG67nHr3PttIcaihwLFM7qpLKNHHbPzKuNBayG1SHFnUV9E1kwQ==
payload.js
huntr.com/_nuxt/static/1702636770/
8 KB
3 KB
Script
General
Full URL
https://huntr.com/_nuxt/static/1702636770/payload.js
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f1f55d067ef18dc86bf9234eb045023b777f6410ff8edaf877330e15ce86c049
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:49:03 GMT
server
AmazonS3
etag
W/"43dd0d6a2adde6bb15e285c07a0daee3"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
g16teHWoUwovMPv2nJYe3jINy5j3C8VOw9nP-78In3mHiz9LWfqGVg==
7e21cd6.js
huntr.com/_nuxt/
73 KB
19 KB
Script
General
Full URL
https://huntr.com/_nuxt/7e21cd6.js
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/66d3e4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b8f65d31043314901e4968f61903ed873189c35381889b9060a9a48b609599
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"3e4423738bd7608d7ed0b0866345bba7"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
GNhDMnFiFd5TyhCgYupcRh2UqCwlGwlvkq-rtXfZx2jmXNikZMHuPA==
29de189.js
huntr.com/_nuxt/
58 KB
16 KB
Script
General
Full URL
https://huntr.com/_nuxt/29de189.js
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/66d3e4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
45d84e10dc3e7613e6fd23a08565c2363c3a8bcaf7f1fb811bb323e0e979ac5e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"ea96bc85850563439313950d099567d6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
QmUprwwOiN1ooDAk9lYHQKB4W1BGW62npKnU__XhdFAcsZJ6KHBSIg==
aef566e.js
huntr.com/_nuxt/
182 KB
48 KB
Script
General
Full URL
https://huntr.com/_nuxt/aef566e.js
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/66d3e4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2858bac54e2f134885bbf2a6c3d5385b7af6b18aaba8eb211941d1a5fe0eb38b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:48:44 GMT
server
AmazonS3
etag
W/"05338019e21a185a2c3e7f39d2c9819a"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
0MSlEms-iX0ZovbvmV1e8y3kgO3-0ikaW_3lwoZ6qq7bOzP47Y6qAQ==
payload.js
huntr.com/_nuxt/static/1702636770/bounties/disclose/
79 B
1 KB
Script
General
Full URL
https://huntr.com/_nuxt/static/1702636770/bounties/disclose/payload.js
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:49:02 GMT
server
AmazonS3
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
2mUIMncsf1FoPQGh-2Dn1ZOZgnHSIxP14_VzTvBYmAdkCQ7vCGWn7A==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
26 B
446 B
XHR
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
x-api-key
da2-q65kehmbjzdz5kykbosarrb72a
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
1971d407-8ec3-42d8-93a7-78f57e8cdd3f
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
6jFqFvf0E_PEY0RWIXZrErzaP05Gvl83YS1kkp-Xrp_RBbdF3Y6Hqw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
0
0
Preflight
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-id
rNJHftewQXpm_4jxGS7DDmKUibXda9tEwnB5eYo2Yk50sNoWzI9PnA==
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
f5dcab4c-63f8-4b87-9151-43158b3f8886
x-cache
Miss from cloudfront
854915
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/mahagr.png
  • https://avatars.githubusercontent.com/u/854915?v=4
64 KB
64 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/854915?v=4
Protocol
H2
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4fafdde157d7eab806ee7d16a626eb9223eaf1391f0b3a9b3c72e5b8771b5c72
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-fastly-request-id
484c35e049490307a27fd92b65db92e606e0271d
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 varnish
x-cache-hits
3
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
65684
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230051-FRA
last-modified
Sat, 07 Mar 2015 07:59:44 GMT
x-github-tenant
x-github-request-id
859C:26A05B:18FAAD6:19FFD67:657B8B24
x-timer
S1702819461.905852,VS0,VE0
etag
"8a836809c838d600f517a2d5eca4de1ce9668e316921398783614238ca3f473a"
source-age
224097
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Sun, 17 Dec 2023 13:29:20 GMT

Redirect headers

date
Sun, 17 Dec 2023 13:24:20 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com support.github.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id
A372:12B7F0:D17E253:D44C8D8:657EF684
x-frame-options
deny
vary
Accept-Encoding, Accept, X-Requested-With
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/854915?v=4
cache-control
no-cache
content-length
0
x-xss-protection
0
hackerone-logo.svg
huntr.com/img/
2 KB
2 KB
Image
General
Full URL
https://huntr.com/img/hackerone-logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-52.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5343e2cd836bd5a2bb09cdcb03e20099184ed43e462025c949bbbf8456357167
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 13:24:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 45f8047ab98fa87807d2f5362a7fb75c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 10:49:33 GMT
server
AmazonS3
etag
W/"c28e7833f24dbdd51f12c244b839e790"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
2BcBIOfiC-45Um0Al4va8eR1g5P9B1ogJZm8Zmd32jalPUdXgRblZw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
26 B
446 B
XHR
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
x-api-key
da2-q65kehmbjzdz5kykbosarrb72a
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Sun, 17 Dec 2023 13:24:21 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
04f2aaab-9219-4f35-89c8-b2075ca24fd0
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
uSZN-fE5O6ovywQq_fqyrQyjbZBwCy8QQW-xsTJlFv6DXZshqlod6A==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/
0
0
Preflight
General
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-55.fra6.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Sun, 17 Dec 2023 13:24:20 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
x-amz-cf-id
JbQmBlOO0PfWkHyzhMzoh2Gg0WgOA0i8gUIV9gcYxMc-pMC6MA7Biw==
x-amz-cf-pop
FRA6-C1
x-amzn-requestid
014498a2-4583-4911-96e2-306fa45408d4
x-cache
Miss from cloudfront
13952792
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/effectrenan.png
  • https://avatars.githubusercontent.com/u/13952792?v=4
18 KB
19 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/13952792?v=4
Protocol
H2
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f7cc01b1dce314fba87b5243fa78a4c6504cd9bdd96415cc66743064ab2a95cb
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-fastly-request-id
a7fb5dc8b14ef645f40c2d70168b85315cdaf4a1
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Sun, 17 Dec 2023 13:24:21 GMT
via
1.1 varnish
x-cache-hits
3
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
18808
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230051-FRA
last-modified
Sat, 07 May 2022 02:44:34 GMT
x-github-tenant
x-github-request-id
37D8:26B05F:69A780:6E7E89:6579B01F
x-timer
S1702819461.032895,VS0,VE0
etag
"4c9ede3e8d2e48314fa8a01c24c6ef6607e6d9a0536c891fec7399cf21dd3375"
source-age
345700
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Sun, 17 Dec 2023 13:29:21 GMT

Redirect headers

date
Sun, 17 Dec 2023 13:24:20 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com support.github.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id
A372:12B7F0:D17E2F5:D44C973:657EF684
x-frame-options
deny
vary
Accept-Encoding, Accept, X-Requested-With
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/13952792?v=4
cache-control
no-cache
content-length
0
x-xss-protection
0
/
app.posthog.com/e/
13 B
428 B
XHR
General
Full URL
https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1702819462250&ver=1.77.0
Requested by
Host: huntr.com
URL: https://huntr.com/_nuxt/478f820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:2000:1d:be94:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 17 Dec 2023 13:24:22 GMT
via
1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
referrer-policy
same-origin
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.com
x-cache
Miss from cloudfront
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
x-amz-cf-id
dG9K2o4-Ld0fYW80jfjupL9QZAGjWyDvNCLZiKwS-3a4xPCoEz4NAw==

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ function| MarkdownHeaderButtonElement function| MarkdownBoldButtonElement function| MarkdownItalicButtonElement function| MarkdownQuoteButtonElement function| MarkdownCodeButtonElement function| MarkdownLinkButtonElement function| MarkdownImageButtonElement function| MarkdownUnorderedListButtonElement function| MarkdownOrderedListButtonElement function| MarkdownTaskListButtonElement function| MarkdownMentionButtonElement function| MarkdownRefButtonElement function| MarkdownStrikethroughButtonElement function| MarkdownToolbarElement function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ function| Cvss function| _ object| analytics object| $nuxt

4 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%22018c77f2-ee3c-7972-98c5-6df8edcd0abe%22%2C%22%24device_id%22%3A%22018c77f2-ee3c-7972-98c5-6df8edcd0abe%22%2C%22%24user_state%22%3A%22anonymous%22%2C%22%24session_recording_enabled_server_side%22%3Afalse%2C%22%24autocapture_disabled_server_side%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%2C%22%24feature_flag_payloads%22%3A%7B%7D%7D
huntr.com/ Name: auth.strategy
Value: cognito
.huntr.com/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%22018c77f2-f09b-7329-887d-dbd0a7b50c73%22%2C%22%24device_id%22%3A%22018c77f2-f09b-7329-887d-dbd0a7b50c73%22%2C%22%24user_state%22%3A%22anonymous%22%2C%22%24sesid%22%3A%5B1702819459241%2C%22018c77f2-f0aa-71d6-bd03-e27a2c2a30cf%22%2C1702819459241%5D%2C%22%24session_recording_enabled_server_side%22%3Afalse%2C%22%24autocapture_disabled_server_side%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%2C%22%24feature_flag_payloads%22%3A%7B%7D%7D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.posthog.com
avatars.githubusercontent.com
github.com
huntr.com
huntr.dev
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
140.82.121.4
18.239.18.52
2600:9000:223d:4c00:14:bb32:5f00:93a1
2600:9000:223f:2000:1d:be94:4b80:93a1
2606:50c0:8003::154
99.86.4.55
04fb1017d16e085ddfdd02754dcdd399502ad04c4ca5ea3e8b1ef81a459d02b4
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
1317639f267ec4abb5ac5fd91c782300247ea8e0a8bcbce7492603a55cfd2fa0
1b94e0d8ca23cc01c51de5d2d6a9e69704b95848c2143df8ee6cd421ac60decf
2858bac54e2f134885bbf2a6c3d5385b7af6b18aaba8eb211941d1a5fe0eb38b
318f8ba355db5acc959e994cbdb293fdc1aa3c47c0e700365e7e5c07bef37f21
369c8afb7b8131a11267f3eab30c7e3867e77ba3dbfd6dbff22dbbc8468807e7
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
45d84e10dc3e7613e6fd23a08565c2363c3a8bcaf7f1fb811bb323e0e979ac5e
4fafdde157d7eab806ee7d16a626eb9223eaf1391f0b3a9b3c72e5b8771b5c72
5343e2cd836bd5a2bb09cdcb03e20099184ed43e462025c949bbbf8456357167
56e2d2609efc09d06a31ef9b82e71516287020ce3c0c5c2bb79841f95add1823
58268cb7d66324a0c35db47cb4f0f628b15ccac232653a17b5a563a016e9414b
593cf9b1e464dcbc6791033d283bdfabffc0128ae0fd31a8e885ba3b7fbf0ea3
6710aeb89a1a773e829cad6d5639d554a28a52c180239a1ac1ee567a83d0affb
6d8b11a46f80c47b3e190d91279647b7169d2109a037ddaf123cb91afa5cbcbf
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
7a4284985787075ee48e5ceae8930c3329881788a3f3fe674ec3cb6782aefb0d
7c19b4b3d23dac866f03987aed9ac91b0f46f6135ccbb092fa4a6fca40387e74
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
912f427fb77de25e875f0090746c3ccbb58f72365b54bb343a9860a23e35952f
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6
a886dd7cebaba694929aa52c831814230430d460d4a844de9f094b223d5d63f7
ab513161359bcd805d8df2ae160b0064edcdc60f914ac3f0bac697f2979bfd1e
bbbb83d8876dba4b2ab07262665eed8f7609e3bb44ea223087ed444e56cf6ea4
bda653aa55d5e0d72a285f5ce6eccdaec8d48b03d5d4dbdbf88367a399ccf861
c06e9cd4aecd60e7fc554b51d67bc46797e995a29d8ee01dff127842e377fe2f
d5cac43e2fe823181976dd79c4bd323f0dcaeec11dd886b6c830dd1f89ff3186
de3dd1fbb2c2c119b113cccf41a047b9df42daaf8bcc0b868c6e74ab9c1370dc
e3b8f65d31043314901e4968f61903ed873189c35381889b9060a9a48b609599
e7dd9fe37ef013e0d38204087f3eaad5a4abbc4fde074bf8577c44e2662d0129
eb18b7eb5563af38819ec957f9e50e01c21a6e9bfeaded0ee01abb1979e09c08
f1f55d067ef18dc86bf9234eb045023b777f6410ff8edaf877330e15ce86c049
f2eb58ba2742ca0cf9b1381641fea00be9f708cb1a8daa8e8545b89c2e2755ff
f4db0102019fb33a148b506db80981f0a0845eac0dda888db47921d8dee21c3a
f71aa4fa9518d8765e730c9819bac935a93fe8572f33febd87f54754930751f3
f7cc01b1dce314fba87b5243fa78a4c6504cd9bdd96415cc66743064ab2a95cb