urlscan.io logo urlscan.io
SecurityTrails logo

huntr.dev Open in urlscan Pro
2600:9000:2269:7600:14:bb32:5f00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Submission: On June 27 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 1 countries across 10 domains to perform 84 HTTP transactions. The main IP is 2600:9000:2269:7600:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 22nd 2023. Valid for: a year.
This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 37 2600:9000:226... 16509 (AMAZON-02)
8 13.225.223.151 16509 (AMAZON-02)
1 9 18.205.222.128 14618 (AMAZON-AES)
2 2600:9000:251... 16509 (AMAZON-02)
16 18.164.96.80 16509 (AMAZON-02)
4 2600:9000:21d... 16509 (AMAZON-02)
1 108.138.106.49 16509 (AMAZON-02)
2 2a04:4e42::729 54113 (FASTLY)
1 52.217.120.33 16509 (AMAZON-02)
1 18.164.96.90 16509 (AMAZON-02)
1 1 140.82.113.3 36459 (GITHUB)
5 2606:50c0:800... 54113 (FASTLY)
84 11
37    2600:9000:2269:7600:14:bb32:5f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
huntr.dev
8    13.225.223.151 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-151.jfk51.r.cloudfront.net
cdn.segment.com
9    18.205.222.128 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-222-128.compute-1.amazonaws.com
app.chatwoot.com
2    2600:9000:2512:3000:1d:be94:4b80:93a1 (United States)

ASN16509 (AMAZON-02, US)
app.posthog.com
16    18.164.96.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-80.jfk50.r.cloudfront.net
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
4    2600:9000:21da:bc00:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)
d3tq67kexc2w2i.cloudfront.net
1    108.138.106.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-49.jfk50.r.cloudfront.net
static.hotjar.com
2    2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    52.217.120.33 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
1    18.164.96.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-90.jfk50.r.cloudfront.net
script.hotjar.com
1    140.82.113.3 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-113-3-iad.github.com
github.com
5    2606:50c0:8001::154 (United States)

ASN54113 (FASTLY, US)
avatars.githubusercontent.com
Apex Domain
Subdomains		 Transfer
37 huntr.dev
huntr.dev
1 MB
17 amazonaws.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com — Cisco Umbrella Rank: 671833
38 KB
9 chatwoot.com
app.chatwoot.com — Cisco Umbrella Rank: 192184
44 KB
8 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1616
83 KB
5 githubusercontent.com
avatars.githubusercontent.com — Cisco Umbrella Rank: 9457
95 KB
4 cloudfront.net
d3tq67kexc2w2i.cloudfront.net
221 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4934
21 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 753
script.hotjar.com — Cisco Umbrella Rank: 1081
75 KB
2 posthog.com
app.posthog.com — Cisco Umbrella Rank: 21614
1 KB
1 github.com
github.com — Cisco Umbrella Rank: 2445
3 KB
84 10
Domain Requested by
37 huntr.dev 1 redirects huntr.dev
16 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.dev
browser.sentry-cdn.com
9 app.chatwoot.com 1 redirects huntr.dev
app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
8 cdn.segment.com huntr.dev
cdn.segment.com
5 avatars.githubusercontent.com huntr.dev
4 d3tq67kexc2w2i.cloudfront.net huntr.dev
d3tq67kexc2w2i.cloudfront.net
2 browser.sentry-cdn.com cdn.segment.com
2 app.posthog.com huntr.dev
browser.sentry-cdn.com
1 github.com 1 redirects
1 script.hotjar.com static.hotjar.com
1 prod-chatwoot-assets.s3.amazonaws.com huntr.dev
1 static.hotjar.com cdn.segment.com
84 12
Subject Issuer Validity Valid
*.huntr.dev
Amazon RSA 2048 M01		 2023-02-22 -
2024-01-24		 a year crt.sh
*.segment.com
Amazon RSA 2048 M01		 2023-02-24 -
2024-01-12		 a year crt.sh
app.chatwoot.com
R3		 2023-05-13 -
2023-08-11		 3 months crt.sh
app.posthog.com
Amazon RSA 2048 M01		 2023-05-02 -
2024-05-31		 a year crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon RSA 2048 M02		 2023-02-24 -
2024-01-05		 10 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2022 Q3		 2022-09-28 -
2023-10-30		 a year crt.sh
*.github.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-21 -
2024-03-20		 a year crt.sh

This page contains 2 frames:

Primary Page: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Frame ID: 62069851DF1AF65ADD745EB7C1453529
Requests: 64 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: E997E85465AB056FB34E39327A8B2F49
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Formula Injection vulnerability in CSV export feature vulnerability found in admidio

Page URL History Show full URLs

  1. https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a HTTP 301
    https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

84
Requests

98 %
HTTPS

42 %
IPv6

10
Domains

12
Subdomains

11
IPs

1
Countries

1932 kB
Transfer

6122 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a HTTP 301
    https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--dd0afdd7a9805f8d4463fe96514a85e76612a13c/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2RTNKbGMybDZaVjkwYjE5bWFXeHNXd2RwQWZvdyIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--624b3ceb3fdf42c4b07c7818563fe60603b6095b/New%20Project%20(16).png HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/wveuf5mscswvl5nci26yt5jui4jf?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230627T213710Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=f4ffddb391257f067405d1e8704f6fb885edd4453867ea61bba19301c0ca716a
Request Chain 72
  • https://github.com/admidio.png HTTP 302
  • https://avatars.githubusercontent.com/u/9728353?v=4

84 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Redirect Chain
  • https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a
  • https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3ea8d78f7db0340979261556cdfee7a6183ad04a612e5b176073d04da72f4dac

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html
date
Tue, 27 Jun 2023 21:37:08 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-id
7-zJPsr9wxhdRYMeB-3aYCmCg40UT4pxstl7Tf8NOXmMBryo-tqp8A==
x-amz-cf-pop
IAD89-P1
x-cache
Error from cloudfront

Redirect headers

content-length
0
content-type
application/xml
date
Tue, 27 Jun 2023 21:37:07 GMT
location
/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
server
AmazonS3
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-id
icPnykceQ-yOGrKdx4Zsv6iM9DRY1H3T1TyeD7cJIXADXOXPlUveEw==
x-amz-cf-pop
IAD89-P1
x-cache
Miss from cloudfront
d9f1a90.js
huntr.dev/_nuxt/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/d9f1a90.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e25cd9fcb26c4e98d904d6f1cf5004e2cd6b674cdad9bf3a23351b770ff47b4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"abb9d8d03253ab6c08785db85c418195"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
rym4Dmss7-5W5QMXnDQyxiUBkVyhgwXd4T-uuQM91vtMZzxMhHREPg==
0db1603.js
huntr.dev/_nuxt/ 		314 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/0db1603.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a07de7ccf11f7c30e58172ba0c458d73d8c188a4308fa49916d76386a073cb26
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"81cbc4645b3040f3d6fa6cac387ae732"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
bFSgVeI2LPVO1EfFpC2p8aA3dJTVs7i6LflcEWdOoZTMwiyRQosk9A==
a939187.js
huntr.dev/_nuxt/ 		1 MB
304 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/a939187.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e6b077eb2a150d094b10b5433d025dd5ef01a5fdd980e20216059d3b3c308fc0
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:31 GMT
server
AmazonS3
etag
W/"53a4a291b7fdeebc489fbef938b34cdc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
IWEXOSzRPZQfMBlIlsBv2iDwGU5xyzfiier02CttouZ6MXBb0_edng==
d40c2e7.js
huntr.dev/_nuxt/ 		215 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/d40c2e7.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
818e86b7387edf30a09923f0129f489070297f7ecdb9c892dd61b800aada4a47
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"c9c3a8b98f7256ddc20ffa9a09d2f5dc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
t-SLzXxK-yULZC5wKq65kd89NTE03vxV6f4xvT1xxei3ydlPo8P8yw==
bbb917f.js
huntr.dev/_nuxt/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/bbb917f.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"be4dba135aeb7cf8e26a4cdd1d35986c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
XN9Nf-BLKe5a0nL5lOVZXfrB6cctieEcQVSCjbocdyNXwsuMRs1iTw==
3786b1c.js
huntr.dev/_nuxt/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/3786b1c.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e157475410165a42f7d87fc4eef0ce39c3c52bddfb366dd4ed7227899ebdae61
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"e2ec6f778e62e4251d3a7928731e1396"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
OSlMx8tHpKe55URoL2gdAV2s_mwyNjMUCt7aeVZDopcs5la1rDKq-Q==
cc2b3db.js
huntr.dev/_nuxt/ 		864 KB
274 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/cc2b3db.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
36a002cd5d74b4708ba35d4a438409b51792eab3cd85452d8aab926c02c61fe4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:31 GMT
server
AmazonS3
etag
W/"0c95873e18e9f1d4b043ff978d45a281"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
9uzmj-_7zdOWKpCd25J1wQ9gCzwsdC25-rNuL6CZzxbU7gSg8fD8aw==
a16bd5b.js
huntr.dev/_nuxt/ 		74 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/a16bd5b.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ada4bd8c8021353ebb011cf098080b175e011d7ba40bea92cdb341dda5eebf8c
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"c570366cc0b00cf2513ff56b45f70596"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
WR0CCkW02otAL3m2mxSxr-8bPt9f5SUxCMNNEyGZMDRM2dWRG3FgYQ==
1d41ebe.js
huntr.dev/_nuxt/ 		430 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/1d41ebe.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
20a715f096b93c3332dc39be54823e0fda8d9b939a8d8fbd5be0136043aa89a9
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"2b6ecf2fc76ba3ea22b81905d2ce90ab"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
bHi3ObsfIIHDJnYv_5IAgUHP5y2l9KYfBUpSdIgdT-gUsfKNrSiKLg==
analytics.min.js
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		105 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.151 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-151.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0101f73217dd574dd30deb66ef55e17e6c28ccb887f1d0e36bd809c5cf73cfb0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id
BoWfzAj98Dv60pllXcdllqEFKDS5eOVk
content-encoding
br
via
1.1 442b92844f344782438a7e0f5132c124.cloudfront.net (CloudFront)
date
Tue, 27 Jun 2023 21:37:10 GMT
x-amz-cf-pop
JFK51-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 08 Jun 2023 04:50:00 GMT
server
AmazonS3
etag
W/"dacf31da4cecdc9b09f96ef969dfac00"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
nJDp4_wdQNVlRTAJ9y8eE7k6DDtWYGf95G-sHo-sAWn4iy3aazOZqg==
sdk.js
app.chatwoot.com/packs/js/ 		100 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/packs/js/sdk.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d40c2e7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
ad90720758532fbf5fdc1ed9a12607a6cd8abafab7062069a45180f75e4c6e6a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 27 Jun 2023 21:37:08 GMT
Content-Encoding
br
Via
1.1 vegur
Strict-Transport-Security
max-age=63072000; includeSubDomains
Last-Modified
Mon, 26 Jun 2023 18:38:14 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Content-Type
application/javascript
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
30608
/
app.posthog.com/decide/ 		293 B
708 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/decide/?v=2&ip=1&_=1687901829429
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2512:3000:1d:be94:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2d68ea73045c567769056c309497d9ce08947e0e50007e83d54c52c0b012441c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 27 Jun 2023 21:37:09 GMT
via
1.1 eef964f7ded2584b0acfd4f410d14ff2.cloudfront.net (CloudFront)
x-content-type-options
nosniff
referrer-policy
same-origin
x-amz-cf-pop
JFK50-P7
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
x-cache
Miss from cloudfront
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
x-amz-cf-id
qTgP6Jo-cn6gKxKzxqg5PueilhCgvd29yH_1AIG6-EM1Rix4MI4Ozw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash
e898157fbcbc0cb2c593055459c8cf78bf022d6502fc9ce00f9ebd041fae5c36

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Tue, 27 Jun 2023 21:37:10 GMT
content-encoding
gzip
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
b4be2e80-b036-4ed1-a4e7-6b47c38e0604
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id
3w0MLSFFk1YzFeABLgxmAZUU4LqgF4_GFjlv9B88s3HNRVF9YDz8vw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 27 Jun 2023 21:37:09 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-id
LwTi1_MIwh9GqOqrtsHbrGPB-pYP7cGa0I4Qqi88EJaE4-PgY8gqeQ==
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
e2abd711-083f-42a0-8f91-d16041cf5242
x-cache
Miss from cloudfront
Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 		240 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Origin
https://huntr.dev
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
ImPKBUWy6cFI7zuxYcUNsOtBu0bXl5-UZ-qzp0d6S96LMy8PnilCKw==
Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 		237 KB
110 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Origin
https://huntr.dev
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"c8b6e083af3f94009801989c3739425e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
uwP9t2SdtVQbe6WtKIxx4yOcH4kSteup7210ikNJU5YxlgGDzJg8GQ==
widget
app.chatwoot.com/ Frame E997 		6 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
2103b174834e262eb73f5fa054fb81eb214dbab541ee9e0a72e54eae4628c767
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, private, must-revalidate
Connection
keep-alive
Content-Length
6558
Content-Type
text/html; charset=utf-8
Date
Tue, 27 Jun 2023 21:37:09 GMT
Etag
W/"2103b174834e262eb73f5fa054fb81eb"
Link
<https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-de35d715ddc8df8162f3.js>; rel=preload; as=script; nopush,<https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d62567f7.css>; rel=preload; as=style; nopush
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
5dc82f39-89ab-4aa4-a598-754a9556c5b2
X-Runtime
0.062543
X-Xss-Protection
0
settings
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.151 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-151.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d115f2da2d8b15e1bd94ac2fd51421df52c94fcd42fbbcc0fbb07d68db7c4d37

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id
gV79Vv2hwWOcDLQSQJv1Q3slZEchk8Sj
content-encoding
gzip
via
1.1 f800b68f44c427976fe7546b255b6206.cloudfront.net (CloudFront)
date
Tue, 27 Jun 2023 20:45:56 GMT
x-amz-cf-pop
JFK51-C1
age
3152
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 11 May 2023 06:43:26 GMT
server
AmazonS3
etag
W/"850f9709d16422be8d080f3ed61da799"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
K0fHpM6lPrlvhQwFnCzT7h_N4BwCqOqmJHlZFqTtku_mmFas3mqA8g==
1c38207.js
huntr.dev/_nuxt/ 		33 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/1c38207.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31ecd6f0ee1ec93d53e3430f9c730034d86bb802b9fa8af1233d60b6e32ae9d4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"5618e899514de835d7f38399d4645fc9"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
Y_yjNlr8Tbb8Hcfgq6DPQ6sPxzMt7exvF6TO1VgzY6ZJ9pRME2-3IQ==
manifest.js
huntr.dev/_nuxt/static/1687880460/ 		203 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687880460/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a80da90e0bb6e17475cf833f193d11bb4a79a361e2ed78f3e7d1d85a2975684f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:53:02 GMT
server
AmazonS3
etag
W/"213b7fdd1ab737bc51d5685824673209"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
pBqjZLSu_U5aDWiNHW0UQxbGl760kWPPUQH-WT7QCfyTp6ANZPHNNw==
f3f42fa.js
huntr.dev/_nuxt/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f3f42fa.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
20d79f58a5fee064733df88b065b82d7939ff7afad34bb938babce88a4683033
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"66d57a3195ab69aa4ecdc2deb98fb12e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
OS0IRDAFykGH6YSx5uKPASor75Y4okW08fArLByJCX_pi0acG_gfPg==
f1f78fe.js
huntr.dev/_nuxt/ 		103 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f1f78fe.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d334c8d9d0c9f5b92fe6d1b691e83b5d582868413dfb275f384bfaddefebbf8
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"a8568e6eaa36388ad32e706b9025efb3"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
Tid8mNgO1xiLBUOSbbTLOIDrQBVf3XkvF92Bn29LDW0ssBWz-rEukA==
6a708e6.js
huntr.dev/_nuxt/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/6a708e6.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
020ed5deee82fa8ede22c8f9b4c7544ced88213c9588e9c014190dada98294ca
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"876d83809d5948c00d77118a7192f7fa"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
NSbX3q05UD4f4eysJ3L0XrmhP-HSa7yFaOLIDobvTrauSyOkSunB8A==
d6dde96.js
huntr.dev/_nuxt/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/d6dde96.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5625012eed17b3d7da33f1afe00dd652ccb6f6d0403a95f10f5f2aff033f765e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"8093bde48fe383c103f919470b106d13"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
G52sVU3DH6My91Leto6CZCMhd2SsL41XVTILHpcUk_CP9H3RzUXeEQ==
78332cf.js
huntr.dev/_nuxt/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/78332cf.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ebe0f2930b22511823fa951441e4daf836f82b8d6bc8d867dcea1d3d4d7f8539
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"c5b3f04d2a95e6a074c0e9f90da8e3a8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
bl-WbIYl-lFs2m3ATCEGPar3Lejs-rfZ0H4Uw07s3jbI9w-ksqpV6w==
350e021.js
huntr.dev/_nuxt/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/350e021.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b035eb1cdf2862385d04e61fa0cb5e97fdf6da0ad839d0b3b8be603b81a325
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"ab3b041be886b3ec35e93f20c2b69918"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
WNc09N9KeTiJp5BgvEe_IMZOVuzkWx2UadvMvgBR9cX9PrLspgc5-w==
77383b4.js
huntr.dev/_nuxt/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/77383b4.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
db14e1c5540b5949aac9d0be41b4a65354666720664db650c40abed7974f27e2
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"1b8ef1026ea8653cb9aa593b5739fb0c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
QTC5sc_KUfPTzxmf3yvIg_-BwcwNU7gGuv4BV0k6BJXjJvlXUgs7GQ==
faf8228.js
huntr.dev/_nuxt/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/faf8228.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
75bdacd3c949e24bef3f7963991edff780d170869247ac39b2b1faaedc5f8484
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"569cd724443915d893210b5ffc41b48f"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
asyj0iTZrhkMoOzUBpWgO31IGoame3M9Kt7nkJxbNJ9LrUAgITLY7A==
f9c662a.js
huntr.dev/_nuxt/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f9c662a.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
217d309b71e94def32ddf9efb0648383f33ffb875014a3394ba51617199b5c97
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"320d7f7f03514c45d7f10c3ef1adb654"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
dL7KYNT1HB-O2-NKbtK1OI1UKtGiVsHDOs6gZ4RKfG8pk4MOMf1WoQ==
9bffa14.js
huntr.dev/_nuxt/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/9bffa14.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
435977c65e0bc15ed439dc445795d22ca25dac9f7c757c560adc692826298292
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"39088194a5c842c55895c5bf673cbd74"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
H71qeNogWByBN31dip5pMBMkBwOJepCTfGPNsseN7oDj8sCjkdWIAQ==
4cb6bc3.js
huntr.dev/_nuxt/ 		122 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/4cb6bc3.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4113709c843bbfa5bc82c222b9b3e1429bb0f1b187000579679e57e3983951e4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"f89077546e50819da35bbc786716c80b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
LlDucbL9klrK99NIyoQdH7VR8yIgNoR2dwUKfyOQFCbuYAALw5Yz5Q==
ajs-destination.bundle.0f003b5e4b03680982b4.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.0f003b5e4b03680982b4.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.151 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-151.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3e2bce089186ecc5310b103ce3056fce92ce32e1db3d5e2db4c1dab4fa87c175

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 22:36:12 GMT
x-amz-version-id
RsGKQvvF9Yt9j0mZ1IGFuFjuWHMd3XFe
content-encoding
br
via
1.1 442b92844f344782438a7e0f5132c124.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK51-C1
age
2242858
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 01 Jun 2023 20:07:54 GMT
server
AmazonS3
etag
W/"5c08e208387787e375df16faad0e6cd2"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
vBbLRSAvweOgBJJMCkRNsoE7nyFG44G9feVrMygFf5FgLpUdT8eBCw==
widget-de35d715ddc8df8162f3.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame E997 		754 KB
205 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-de35d715ddc8df8162f3.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:bc00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
f5552a714ce116ac3da23b47d5519e8a54fa9fb6534522c5c6b5045c07341c72
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 26 Jun 2023 18:40:47 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 876e92db01d9014c2ee242623ecd97ee.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 26 Jun 2023 18:38:14 GMT
server
Cowboy
x-amz-cf-pop
EWR53-C1
age
96983
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
209452
x-amz-cf-id
NTWxTJFZ4Oq3fWnLMkgDODqcjSYWGtnWO8RqnEHwi8vJb_LAmbqHvw==
widget-d62567f7.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame E997 		49 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d62567f7.css
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:bc00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
f55a120c517c78c9e123c347e607436ab4577c715884c0410ee7bddc85f776e6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 26 Jun 2023 18:40:40 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 876e92db01d9014c2ee242623ecd97ee.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 26 Jun 2023 18:38:14 GMT
server
Cowboy
x-amz-cf-pop
EWR53-C1
age
96989
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
9815
x-amz-cf-id
Sk5iPJuGdqE_YYu0sQl7qljF0OE09t3MJal0tGaeIn6-iN0Anx5kkA==
schemaFilter.bundle.f63551a29dc1697f71b6.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.f63551a29dc1697f71b6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.151 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-151.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 21 May 2023 10:13:19 GMT
x-amz-version-id
h3K108trORsXxC6CMRDM7kc_6pEEYtq5
content-encoding
br
via
1.1 442b92844f344782438a7e0f5132c124.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK51-C1
age
3237831
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Sun, 21 May 2023 08:04:35 GMT
server
AmazonS3
etag
W/"2a359f6227308e4ee31623f9381ae1d7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
SKxPyaDUMlRNvpNF2nwkhC9hoUm8T2rYvvByfhFspVpCPm57a7xMzg==
payload.js
huntr.dev/_nuxt/static/1687880460/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687880460/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:53:02 GMT
server
AmazonS3
etag
W/"126dd630135f2a51a22e58e9f9dbb73b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
hGw_mydU-HzUzzN233K2PrPnMdYkRLlkroqMWFCkUFjHp-ydkj0luw==
payload.js
huntr.dev/_nuxt/static/1687880460/bounties/hacktivity/ 		81 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687880460/bounties/hacktivity/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9a279a8cfe3eb891b1a7a5458606ae20be74304c60e05b985f3bea0f6815e96b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
81
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:53:02 GMT
server
AmazonS3
etag
"fc04d064f666e6c3a67bfdf89f4b2801"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
HukiiXBhPq4OYvSLPDcRVjFkF-xS-Ld7BSuhWucG_DTTTlFFGFPQ3Q==
payload.js
huntr.dev/_nuxt/static/1687880460/leaderboard/ 		73 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687880460/leaderboard/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9de1041297927941b9c0d2104c967e3a17544dc79c5c9d49d3500af6397a9f7f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
73
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:53:02 GMT
server
AmazonS3
etag
"7dcde85f209c9e271f0e80211fb29626"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
rL3wBts-GnPlWFnbPMATeZp2XAq3ncZUDzfPFdtDvuUMqrDWsNra3A==
payload.js
huntr.dev/_nuxt/static/1687880460/faq/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687880460/faq/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a387035b5b4f02b095ce582f84f8afe61cc35ee4f07f45b093bc6a1a22198b25
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:53:02 GMT
server
AmazonS3
etag
W/"58e0620f9dab4999fc1c61003a2f0a91"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
gDZKkAwsdvReH5L6KM8N3e6J8faH99oSvUCkOgnrcbBefv-VoYd7lg==
payload.js
huntr.dev/_nuxt/static/1687880460/contact-us/ 		72 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687880460/contact-us/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
72
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:53:02 GMT
server
AmazonS3
etag
"366dc6ea76591bc89566ac85b90aec65"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
DJa3d-wF2a0kWqR7pOmcscP97mQUVycVGPN1sgsfKHfBZUyysDRLeA==
payload.js
huntr.dev/_nuxt/static/1687880460/terms/ 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687880460/terms/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
843ada98c214fb67386b65631da14da64deb3924a27872f0edb37a95cf587a4b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:53:02 GMT
server
AmazonS3
etag
W/"c339dcb0436bba573ac3f6039f015c8d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
Rug8eoRs41Ky9f7CoE97UEdKlZzLrPwZ4PAUy55CGkhn8sPVhr9Vcw==
payload.js
huntr.dev/_nuxt/static/1687880460/privacy/ 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687880460/privacy/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b2ebfecbfeb1546df00333a396571d38762e87602332a048eac24889631e5d4e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:53:02 GMT
server
AmazonS3
etag
W/"36e0c92c1c743073a8b1edb64cf92dd2"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
K3QSrZ6eSOr7NhPRFNRaUGMBT2o7iA2A4wPQjTTaC9acy6AP86V2Dw==
payload.js
huntr.dev/_nuxt/static/1687880460/bounties/disclose/ 		79 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687880460/bounties/disclose/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:53:00 GMT
server
AmazonS3
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
RfmYOhFmNhVwRlfbEQD2BYBBaLiFcrE2c6A_e84jw9Cw9kGiFic-QA==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.151 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-151.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b621abafb3c7c45f23855b2752e4d1c7b87d7a028a87f9d53581cc27b97d9920

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 20 Apr 2023 06:41:53 GMT
content-encoding
gzip
via
1.1 442b92844f344782438a7e0f5132c124.cloudfront.net (CloudFront)
x-amz-version-id
VwJSKL4TkNuu61I7MjDKvR38OOFA.VTy
x-amz-cf-pop
JFK51-C1
age
5928918
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1335
last-modified
Wed, 19 Apr 2023 09:48:13 GMT
server
AmazonS3
etag
"5d4809288181be1fa7ee6010b0ec85a5"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
SJIR-6yQNCel0T-H4r2Fd4EinYig1LusZ6EIb5q7v9Tg0RLVIpNWXA==
sentry.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/sentry/4.0.0/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/sentry/4.0.0/sentry.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.151 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-151.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a45596c2087026ebad9fe6991aa7c6d4b55bb4ceeab5ec99f5e5f1b73c5cbc32

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 09 May 2023 10:26:42 GMT
content-encoding
gzip
via
1.1 442b92844f344782438a7e0f5132c124.cloudfront.net (CloudFront)
x-amz-version-id
2vezJ.GrCC1b.P6opCF2.LahamyxF100
x-amz-cf-pop
JFK51-C1
age
4273829
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1674
last-modified
Wed, 03 May 2023 11:04:45 GMT
server
AmazonS3
etag
"2404d84a05081bd5da596a06fce0a77e"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
g-cQxIFKL5r8eVcXNhQ2iLKlU7IRYnoFQ9NtS8odBlqM2rqK-_sARw==
commons.568acceb1c0f167d77bb.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.568acceb1c0f167d77bb.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.151 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-151.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d4f96c128bce5e606e056a4ef23a17cad7a9bb0775713a62587f9f038501ce15

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Fri, 21 Apr 2023 08:36:35 GMT
content-encoding
gzip
via
1.1 442b92844f344782438a7e0f5132c124.cloudfront.net (CloudFront)
x-amz-version-id
FbGdocEoWUpqKqPOxCWiE3PgBsiq0HkD
x-amz-cf-pop
JFK51-C1
age
5835636
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22236
last-modified
Wed, 19 Apr 2023 09:48:11 GMT
server
AmazonS3
etag
"5cc5b9bd3e22776a89fc7636504eae5e"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
8WKEKdt1grIU6yeL1YgB-5BA_bzNbChsGMFPUBtGQgVbU8nXsIdh6w==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.151 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-151.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 23 May 2023 02:56:45 GMT
content-encoding
gzip
via
1.1 442b92844f344782438a7e0f5132c124.cloudfront.net (CloudFront)
x-amz-version-id
1x6q_MsAdAkmPosImHjKsztmTTUAb2Vd
x-amz-cf-pop
JFK51-C1
age
3091226
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22177
last-modified
Wed, 03 May 2023 11:04:43 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
adysNSCEXSunsyB3z4LqGdNBjO2YZxEwezP2F87CHsvzdmP5KZwbUQ==
23-429b67ec.chunk.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame E997 		1 KB
902 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/23-429b67ec.chunk.css
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-de35d715ddc8df8162f3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:bc00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 26 Jun 2023 18:41:03 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 876e92db01d9014c2ee242623ecd97ee.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 26 Jun 2023 18:38:14 GMT
server
Cowboy
x-amz-cf-pop
EWR53-C1
age
96966
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
512
x-amz-cf-id
G5CES3_ZVO_jghOhzDXs3u_ItaXvInMCTmuEqWmFKbLVRhWap_SvGw==
23-fa8e55e432803540c1d4.chunk.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame E997 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/23-fa8e55e432803540c1d4.chunk.js
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-de35d715ddc8df8162f3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:bc00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
0d8975c3893db1a78749e3cc9b65c7650bb99f6c112978330f5c8ea49b5b44dd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 26 Jun 2023 18:40:58 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 876e92db01d9014c2ee242623ecd97ee.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Mon, 26 Jun 2023 18:38:14 GMT
server
Cowboy
x-amz-cf-pop
EWR53-C1
age
96971
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
4520
x-amz-cf-id
2yTBcT5W0uZYW8PWEiHuCOryUexPjXylOQSE6jUR8Qas3CCuTi4ADw==
conversations
app.chatwoot.com/api/v1/widget/ Frame E997 		2 B
615 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-de35d715ddc8df8162f3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI4ZjA1N2RiZC1kYjJjLTRiOTMtYjMyOS04MzljN2UwNmVkMmQiLCJpbmJveF9pZCI6MTQxMn0.kjaqAOVSwnSTcoKmCf8RD2LNx4BP3SWh0DUZ7I4zqp4
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 27 Jun 2023 21:37:09 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
2
X-Xss-Protection
0
X-Request-Id
7488d07f-c162-46f6-8fa7-2493ebe701cd
X-Runtime
0.107406
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
hotjar-2380708.js
static.hotjar.com/c/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-49.jfk50.r.cloudfront.net
Software
/
Resource Hash
f93ed52da6cefabb8eca1a85a775a74ba1bc87c7741029aeae9e686a64657086
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Tue, 27 Jun 2023 21:37:10 GMT
via
1.1 d33ed2107293e32734a96656b820e092.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
etag
W/d86298d781784779efae7f494ad3ba35
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
QtjvsVk9N8eARTPikdip_C6IT1Ur9-DI4dNThe0MzsApNNr9nMrTQw==
messages
app.chatwoot.com/api/v1/widget/ Frame E997 		14 B
628 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-de35d715ddc8df8162f3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI4ZjA1N2RiZC1kYjJjLTRiOTMtYjMyOS04MzljN2UwNmVkMmQiLCJpbmJveF9pZCI6MTQxMn0.kjaqAOVSwnSTcoKmCf8RD2LNx4BP3SWh0DUZ7I4zqp4
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 27 Jun 2023 21:37:10 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
14
X-Xss-Protection
0
X-Request-Id
ae371188-e346-4d11-9035-a123bc6cb1d8
X-Runtime
0.019288
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"258153158e38e3291e3d48162225fcdb"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
inbox_members
app.chatwoot.com/api/v1/widget/ Frame E997 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-de35d715ddc8df8162f3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
f5ad190a2e36ff513d2020ce0a3db80843b10bf677465807047d8925b4f2835d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI4ZjA1N2RiZC1kYjJjLTRiOTMtYjMyOS04MzljN2UwNmVkMmQiLCJpbmJveF9pZCI6MTQxMn0.kjaqAOVSwnSTcoKmCf8RD2LNx4BP3SWh0DUZ7I4zqp4
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 27 Jun 2023 21:37:10 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
1024
X-Xss-Protection
0
X-Request-Id
0a5ca8fe-552d-43f7-bfe8-022030cdcc42
X-Runtime
0.037433
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"f5ad190a2e36ff513d2020ce0a3db808"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
contact
app.chatwoot.com/api/v1/widget/ Frame E997 		89 B
703 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-de35d715ddc8df8162f3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
bbe51ae2704b1d2dee8f66d36172b6b01b633c87a269245fac974c590fe93a16
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI4ZjA1N2RiZC1kYjJjLTRiOTMtYjMyOS04MzljN2UwNmVkMmQiLCJpbmJveF9pZCI6MTQxMn0.kjaqAOVSwnSTcoKmCf8RD2LNx4BP3SWh0DUZ7I4zqp4
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 27 Jun 2023 21:37:09 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
89
X-Xss-Protection
0
X-Request-Id
0a3d79d8-ff44-4c8f-9b1b-cb28e8b19d82
X-Runtime
0.013419
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"bbe51ae2704b1d2dee8f66d36172b6b0"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
campaigns
app.chatwoot.com/api/v1/widget/ Frame E997 		2 B
615 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-de35d715ddc8df8162f3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI4ZjA1N2RiZC1kYjJjLTRiOTMtYjMyOS04MzljN2UwNmVkMmQiLCJpbmJveF9pZCI6MTQxMn0.kjaqAOVSwnSTcoKmCf8RD2LNx4BP3SWh0DUZ7I4zqp4
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 27 Jun 2023 21:37:09 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
2
X-Xss-Protection
0
X-Request-Id
0e375ad4-9a3c-4560-bd39-25f1e494b01d
X-Runtime
0.104868
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
bundle.min.js
browser.sentry-cdn.com/7.45.0/ 		57 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/7.45.0/bundle.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
05bcbc540206cd609115e7b8e685959e641b5e058f209a504e838676477574ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 24 Mar 2023 09:06:27 GMT
server
Fastly
age
7215486
etag
"f6c15f63eee05d140bbee54d82c0199f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
19827
expires
Thu, 04 Apr 2024 09:19:03 GMT
wveuf5mscswvl5nci26yt5jui4jf
prod-chatwoot-assets.s3.amazonaws.com/ Frame E997
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--dd0afdd7a9805f8d4463fe96514a85e76612...
  • https://prod-chatwoot-assets.s3.amazonaws.com/wveuf5mscswvl5nci26yt5jui4jf?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27N...
18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/wveuf5mscswvl5nci26yt5jui4jf?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230627T213710Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=f4ffddb391257f067405d1e8704f6fb885edd4453867ea61bba19301c0ca716a
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
HTTP/1.1
Server
52.217.120.33 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d51c3c1fbbce96c8fb2a89cb6d5097372f1cfcb6dc8e54fa5d3abe1e063a2ba1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 27 Jun 2023 21:37:11 GMT
Last-Modified
Fri, 05 May 2023 09:24:19 GMT
Server
AmazonS3
x-amz-request-id
WYB7G395972HM22B
ETag
"b351e229320c5501912c91056af34bf3"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Content-Disposition
inline; filename="New Project %2816%29.png"; filename*=UTF-8''New%20Project%20%2816%29.png
Accept-Ranges
bytes
Content-Length
17995
x-amz-id-2
aXeMMEr7KZHdTTZLaW6SIrzP+suwA0J2Q8Si94jqQHrQSTeZXoZv+D/GmlCEILcXLSvCWd4CLBc=

Redirect headers

Date
Tue, 27 Jun 2023 21:37:10 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
0
X-Request-Id
d059f3fd-e58c-4381-b271-e0c32cb6cc5c
X-Runtime
0.121435
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/wveuf5mscswvl5nci26yt5jui4jf?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230627T213710Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=f4ffddb391257f067405d1e8704f6fb885edd4453867ea61bba19301c0ca716a
Cache-Control
max-age=300, private
logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame E997 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.chatwoot.com/brand-assets/logo_thumbnail.svg
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 27 Jun 2023 21:37:10 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Via
1.1 vegur
Last-Modified
Mon, 26 Jun 2023 18:27:16 GMT
Server
Cowboy
Content-Type
image/svg+xml
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
916
rewriteframes.min.js
browser.sentry-cdn.com/7.45.0/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/7.45.0/rewriteframes.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
d57e040bae754a4dc9a076f4a185b05f7c3a78aa2510b0a2622da91925581cce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 24 Mar 2023 09:06:27 GMT
server
Fastly
age
4906489
etag
"d6d99482c2dca6d5889a60f82bc3a795"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
1138
expires
Wed, 01 May 2024 02:42:20 GMT
modules.710fa773759992ae5199.js
script.hotjar.com/ 		270 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.710fa773759992ae5199.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-90.jfk50.r.cloudfront.net
Software
/
Resource Hash
8e4eb2fbe2428b73be6461073a48b2059abde0936219b8c1b2cc4b7dfbd85d83
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Fri, 23 Jun 2023 13:19:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 f8b0654d6e6bbf12f54a635de5db7ee4.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
age
375483
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
70212
last-modified
Fri, 23 Jun 2023 13:18:24 GMT
etag
"c0d8da1fc28983e2914d2514d6175f9a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
E2gsh9EG3cdeFyu0SDu2GPqTrjP7KVKQUw-CfAXl06vGGCrkkp6SSg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 27 Jun 2023 21:37:10 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-id
V-W9DVnP_U_xzLeKmNpuoLJofe-Zz93X3k1NmuxaPDD16RO9LuWzJA==
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
8610a0e1-be21-4f5f-96ff-97a23ded9a94
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 27 Jun 2023 21:37:10 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-id
ngvygUaXrbI7DBG_Xi15RxitTKRhpIpfb4B_xaAc53KSFMnO8XpFyA==
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
df17fa7c-c049-4708-8e55-07620b62f18b
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 27 Jun 2023 21:37:10 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-id
3HovUGeGONXd8TS6C1155IioyAIuf-rerAbQP84EmKenUjvCAanpzA==
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
417d7764-6393-4d5d-bd02-6b56fa4f4f3d
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		231 B
651 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash
9bfd5a1be3b1842b4a61b7dca235904856a9cb7f14b6ef7f8510afc03b885a1b

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
2
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
e3eb7462-d409-4f04-a306-b6416ecd194d
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
231
x-amz-cf-id
tU06x2PpUwk-6RoTZoWdYMZsCshrSfq432Ohd3qe-yhkM08YOqV8vA==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 27 Jun 2023 21:37:10 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-id
rPpzMeeqnSq_Ok3qhVau53iDenjJAsLC9Hfh0w8lQn6GPPvibX6Ejg==
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
1a8d61d5-4bdb-4734-a85e-996cec6eec4b
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		6 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash
46c62d14fa9fc543d5d486eb5dfe5c3029ae8b95228b53942e10055510683ec9

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
5
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
e0f9e457-18b2-4f05-8c26-f854ab46bb86
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
6096
x-amz-cf-id
_tfZzW91DUfBBUCmDoUcuGQHvA04TzjBDnlPzuhgNF1TpAmEKGqDIw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash
2d795bcd86140e462fb65e453fb22bf0f4a2bd5732216f7fdebc48fd382b6e15

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
12
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
f77f9959-305a-4fed-8290-576683c44548
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
1367
x-amz-cf-id
G6nZJks1UvtOgn3rAAvVEEZiEsTEt8IsPdbnvlIj_nw2U494A3Yzgg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash
10b4cdea23b6452581e9423c47e15814261e44b815258f85cd678b05d24202a8

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
b6131176-3900-4da0-b4c2-f5c7eb8e0b70
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
6994
x-amz-cf-id
iO3bTA0nFvduLutrcSi4I-93J4iv9rriWArs3PS7xqfuBinMU2WF6w==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		31 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/a939187.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
ecb95524-ea62-4fad-af35-3cabba15f404
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
31
x-amz-cf-id
U7kKcloc332Cqm0SjPTrMGfcIOAnhEFhW9H3JppfNJD9HfGDoOur9w==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 27 Jun 2023 21:37:10 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-id
pwBmn-bscsyZ9csCNIvb6GBtf2tXwOpGfwrkF8w12rmTmZlx4wtK0g==
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
7afc8d7d-efae-4b31-91bf-2ee38f485148
x-cache
Miss from cloudfront
Metropolis-Regular.67a1988.otf
huntr.dev/_nuxt/fonts/ 		23 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Metropolis-Regular.67a1988.otf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Origin
https://huntr.dev
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"f7b5e589f88206b4bd5cb1408c5362e6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
zAS_gYNs3B6gDC5lfdwAAassXwLtGLwsPPsUVPX2DWCZ0cFZKtJOng==
e379928.js
huntr.dev/_nuxt/ 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/e379928.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
67de16a48fd4de7d559f3a983c7f4c9ef88972b0a5c436bd22f16030968ab49b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"e590b0f16b4b157c1719995dca4dca2d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
dnTU0blhOesXdNb3Vy7ei3Qoc7pHWoiKtjlPzZzM_aOZpXSpIcZnfA==
9728353
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/admidio.png
  • https://avatars.githubusercontent.com/u/9728353?v=4
7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/9728353?v=4
Protocol
H2
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
000c7da64110f17fe86d780f4b7cd51fed7e4a298964617d3f4bb0440b596839
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id
e900843dd77e12599b7058cb2a1d53b7b300e25b
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 varnish
x-cache-hits
3
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
7132
x-xss-protection
1; mode=block
x-served-by
cache-yul12823-YUL
last-modified
Sat, 08 Oct 2016 18:45:02 GMT
x-github-tenant
x-github-request-id
F502:79ED:42AD6:4E9B0:6491B23F
x-timer
S1687901832.548863,VS0,VE0
etag
"68190f8a8ad098e9bfb883b3b3aaef7b315b395eda87ab0067afeb66b4c7323c"
source-age
631880
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 27 Jun 2023 21:42:11 GMT

Redirect headers

date
Tue, 27 Jun 2023 21:37:11 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id
E430:3065:3D2ECF:58765C:649B5687
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/9728353?v=4
cache-control
no-cache
content-length
0
x-xss-protection
0
7038017
avatars.githubusercontent.com/u/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/7038017?v=4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c3c683fc92afcbd1390d7c013a50f75f404aac4283e273ecbaf02a94cf4e93fe
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id
cb4bba213d8ed84c7b3e1c9a03e59c6095f99b57
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
42592
x-xss-protection
1; mode=block
x-served-by
cache-yul12823-YUL
last-modified
Thu, 05 Mar 2015 21:49:04 GMT
x-github-tenant
x-github-request-id
2842:072B:86A73:9C87F:649B07B1
x-timer
S1687901831.439807,VS0,VE2
etag
"522b708e10cf5135d0880c85d35d777b6761c70e7bb1d720e652e076135b638e"
source-age
20182
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 27 Jun 2023 21:42:11 GMT
86677431
avatars.githubusercontent.com/u/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/86677431?v=4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
20320805a608661e713d9ec7987ac2a80df171c17ee9462ced1ae17cb003aa9b
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id
cbe1d7762a0d480bad8412dfdfd26c1e6c763fb8
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
1558
x-xss-protection
1; mode=block
x-served-by
cache-yul12823-YUL
last-modified
Sat, 15 Jun 2013 01:49:45 GMT
x-github-tenant
x-github-request-id
F118:4AAC:1ECCC6C:24A5F1F:64894832
x-timer
S1687901831.439794,VS0,VE2
etag
"20320805a608661e713d9ec7987ac2a80df171c17ee9462ced1ae17cb003aa9b"
source-age
1183317
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 27 Jun 2023 21:42:11 GMT
7038017
avatars.githubusercontent.com/u/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/7038017?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/0db1603.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c3c683fc92afcbd1390d7c013a50f75f404aac4283e273ecbaf02a94cf4e93fe
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id
222604d6efd889bbd35c9874782414d6656142ac
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 varnish
x-cache-hits
2
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
42592
x-xss-protection
1; mode=block
x-served-by
cache-yul12823-YUL
last-modified
Thu, 05 Mar 2015 21:49:04 GMT
x-github-tenant
x-github-request-id
2842:072B:86A73:9C87F:649B07B1
x-timer
S1687901832.657639,VS0,VE0
etag
"522b708e10cf5135d0880c85d35d777b6761c70e7bb1d720e652e076135b638e"
source-age
20182
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 27 Jun 2023 21:42:11 GMT
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.45.0/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
2
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
a78c0fe9-bc92-456e-adb2-7af8bc2c80cf
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
AOITXJGNnKxdw2KuG6JOuBMf1OEPYeZjCRqsy-hRPe484Ab_9jgedw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-id
iJxQM57dHlYI4QVG_c8n4fjgVcaBVxeYfX-XMgmCOjK7Vk1--HIzXw==
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
779c5e7c-aa88-4b99-954d-ca29cfe5f143
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-id
qAALMIZ9hAvPs_tngQHLi1Q4NF73iRTMNh9BAhS3JUNejQ0hVV2IHQ==
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
d4a35d69-8374-45f2-ae55-b63cc4611c7c
x-cache
Miss from cloudfront
86677431
avatars.githubusercontent.com/u/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/86677431?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/0db1603.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
20320805a608661e713d9ec7987ac2a80df171c17ee9462ced1ae17cb003aa9b
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id
c53c8766e58b2fdfce2e6ba6a8ae607effff345f
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 varnish
x-cache-hits
2
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
1558
x-xss-protection
1; mode=block
x-served-by
cache-yul12823-YUL
last-modified
Sat, 15 Jun 2013 01:49:45 GMT
x-github-tenant
x-github-request-id
F118:4AAC:1ECCC6C:24A5F1F:64894832
x-timer
S1687901832.703032,VS0,VE0
etag
"20320805a608661e713d9ec7987ac2a80df171c17ee9462ced1ae17cb003aa9b"
source-age
1183317
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 27 Jun 2023 21:42:11 GMT
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
445 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.45.0/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
2
date
Tue, 27 Jun 2023 21:37:11 GMT
via
1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
x-amzn-requestid
17dc514a-cc2a-4a26-b6e1-35a55ca04e9a
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
3STgqXLEsV0WoZ2GwVz24dYnG4Yd18FH7KlUMKHTXnpmmZ4HrPfk-Q==
ebc8e9b.js
huntr.dev/_nuxt/ 		44 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/ebc8e9b.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d9f1a90.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2269:7600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f8d0b4869d2080031f5e46e895dd444ad49724db855e3d263dc6bcbb656e0aed
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 27 Jun 2023 21:37:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 27 Jun 2023 15:52:30 GMT
server
AmazonS3
etag
W/"c106afd2ca9bdec08bab32cee795580e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
SNIbupHIywqjeLbPs00gHM4C7UpVZJs0vU9yZrPyiJAXz36nLYapzg==
/
app.posthog.com/e/ 		13 B
427 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1687901832432
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.45.0/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2512:3000:1d:be94:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 27 Jun 2023 21:37:12 GMT
via
1.1 eef964f7ded2584b0acfd4f410d14ff2.cloudfront.net (CloudFront)
x-content-type-options
nosniff
referrer-policy
same-origin
x-amz-cf-pop
JFK50-P7
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
x-cache
Miss from cloudfront
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
x-amz-cf-id
knVF77ObbrKCvHNrrd7TTBdcTAgonh7OqGcxpwBUIDK640TlBF3sqw==

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless object| onbeforetoggle object| onscrollend object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ function| MarkdownHeaderButtonElement function| MarkdownBoldButtonElement function| MarkdownItalicButtonElement function| MarkdownQuoteButtonElement function| MarkdownCodeButtonElement function| MarkdownLinkButtonElement function| MarkdownImageButtonElement function| MarkdownUnorderedListButtonElement function| MarkdownOrderedListButtonElement function| MarkdownTaskListButtonElement function| MarkdownMentionButtonElement function| MarkdownRefButtonElement function| MarkdownStrikethroughButtonElement function| MarkdownToolbarElement function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ function| Cvss function| _ object| analytics object| chatwootSettings object| $nuxt object| chatwootSDK object| $chatwoot object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| hotjarDeps function| hotjarLoader object| sentryDeps function| sentryLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| playAudioAlert function| sentryIntegration object| Sentry object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| __SENTRY__

8 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%22188fec9f93037e-0314a27d942a47-6a335054-1d4c00-188fec9f9318da%22%2C%22%24device_id%22%3A%22188fec9f93037e-0314a27d942a47-6a335054-1d4c00-188fec9f9318da%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1687901829451%2C%22188fec9f94cc1e-09d50c90fd6291-6a335054-1d4c00-188fec9f94da68%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
huntr.dev/ Name: cw_conversation
Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI4ZjA1N2RiZC1kYjJjLTRiOTMtYjMyOS04MzljN2UwNmVkMmQiLCJpbmJveF9pZCI6MTQxMn0.kjaqAOVSwnSTcoKmCf8RD2LNx4BP3SWh0DUZ7I4zqp4
.huntr.dev/ Name: _hjSessionUser_2380708
Value: eyJpZCI6IjM1NDFlNWFkLWI4ZWUtNThjNS04OGFkLTFmYjNkYjkyYjBkOSIsImNyZWF0ZWQiOjE2ODc5MDE4MzA4NjAsImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/ Name: _hjFirstSeen
Value: 1
.huntr.dev/ Name: _hjIncludedInSessionSample_2380708
Value: 0
.huntr.dev/ Name: _hjSession_2380708
Value: eyJpZCI6ImZjMzVhYTFlLWFmZmEtNDE4OC04MjViLThiMzVmZjJkYTRlNyIsImNyZWF0ZWQiOjE2ODc5MDE4MzA4NzgsImluU2FtcGxlIjpmYWxzZX0=
.huntr.dev/ Name: _hjAbsoluteSessionInProgress
Value: 0

1 Console Messages

Source Level URL
Text
network error URL: https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
github.com
huntr.dev
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
108.138.106.49
13.225.223.151
140.82.113.3
18.164.96.80
18.164.96.90
18.205.222.128
2600:9000:21da:bc00:7:dce7:b680:21
2600:9000:2269:7600:14:bb32:5f00:93a1
2600:9000:2512:3000:1d:be94:4b80:93a1
2606:50c0:8001::154
2a04:4e42::729
52.217.120.33
000c7da64110f17fe86d780f4b7cd51fed7e4a298964617d3f4bb0440b596839
0101f73217dd574dd30deb66ef55e17e6c28ccb887f1d0e36bd809c5cf73cfb0
020ed5deee82fa8ede22c8f9b4c7544ced88213c9588e9c014190dada98294ca
05bcbc540206cd609115e7b8e685959e641b5e058f209a504e838676477574ec
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
0d8975c3893db1a78749e3cc9b65c7650bb99f6c112978330f5c8ea49b5b44dd
10b4cdea23b6452581e9423c47e15814261e44b815258f85cd678b05d24202a8
1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7
1d334c8d9d0c9f5b92fe6d1b691e83b5d582868413dfb275f384bfaddefebbf8
20320805a608661e713d9ec7987ac2a80df171c17ee9462ced1ae17cb003aa9b
20a715f096b93c3332dc39be54823e0fda8d9b939a8d8fbd5be0136043aa89a9
20d79f58a5fee064733df88b065b82d7939ff7afad34bb938babce88a4683033
2103b174834e262eb73f5fa054fb81eb214dbab541ee9e0a72e54eae4628c767
217d309b71e94def32ddf9efb0648383f33ffb875014a3394ba51617199b5c97
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
2d68ea73045c567769056c309497d9ce08947e0e50007e83d54c52c0b012441c
2d795bcd86140e462fb65e453fb22bf0f4a2bd5732216f7fdebc48fd382b6e15
31ecd6f0ee1ec93d53e3430f9c730034d86bb802b9fa8af1233d60b6e32ae9d4
36a002cd5d74b4708ba35d4a438409b51792eab3cd85452d8aab926c02c61fe4
3e2bce089186ecc5310b103ce3056fce92ce32e1db3d5e2db4c1dab4fa87c175
3ea8d78f7db0340979261556cdfee7a6183ad04a612e5b176073d04da72f4dac
4113709c843bbfa5bc82c222b9b3e1429bb0f1b187000579679e57e3983951e4
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
435977c65e0bc15ed439dc445795d22ca25dac9f7c757c560adc692826298292
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46c62d14fa9fc543d5d486eb5dfe5c3029ae8b95228b53942e10055510683ec9
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5625012eed17b3d7da33f1afe00dd652ccb6f6d0403a95f10f5f2aff033f765e
67de16a48fd4de7d559f3a983c7f4c9ef88972b0a5c436bd22f16030968ab49b
6e25cd9fcb26c4e98d904d6f1cf5004e2cd6b674cdad9bf3a23351b770ff47b4
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
75bdacd3c949e24bef3f7963991edff780d170869247ac39b2b1faaedc5f8484
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
818e86b7387edf30a09923f0129f489070297f7ecdb9c892dd61b800aada4a47
843ada98c214fb67386b65631da14da64deb3924a27872f0edb37a95cf587a4b
8e4eb2fbe2428b73be6461073a48b2059abde0936219b8c1b2cc4b7dfbd85d83
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6
9a279a8cfe3eb891b1a7a5458606ae20be74304c60e05b985f3bea0f6815e96b
9bfd5a1be3b1842b4a61b7dca235904856a9cb7f14b6ef7f8510afc03b885a1b
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
9de1041297927941b9c0d2104c967e3a17544dc79c5c9d49d3500af6397a9f7f
a07de7ccf11f7c30e58172ba0c458d73d8c188a4308fa49916d76386a073cb26
a387035b5b4f02b095ce582f84f8afe61cc35ee4f07f45b093bc6a1a22198b25
a45596c2087026ebad9fe6991aa7c6d4b55bb4ceeab5ec99f5e5f1b73c5cbc32
a80da90e0bb6e17475cf833f193d11bb4a79a361e2ed78f3e7d1d85a2975684f
ad90720758532fbf5fdc1ed9a12607a6cd8abafab7062069a45180f75e4c6e6a
ada4bd8c8021353ebb011cf098080b175e011d7ba40bea92cdb341dda5eebf8c
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b2ebfecbfeb1546df00333a396571d38762e87602332a048eac24889631e5d4e
b621abafb3c7c45f23855b2752e4d1c7b87d7a028a87f9d53581cc27b97d9920
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83
bbe51ae2704b1d2dee8f66d36172b6b01b633c87a269245fac974c590fe93a16
c3c683fc92afcbd1390d7c013a50f75f404aac4283e273ecbaf02a94cf4e93fe
d115f2da2d8b15e1bd94ac2fd51421df52c94fcd42fbbcc0fbb07d68db7c4d37
d4f96c128bce5e606e056a4ef23a17cad7a9bb0775713a62587f9f038501ce15
d51c3c1fbbce96c8fb2a89cb6d5097372f1cfcb6dc8e54fa5d3abe1e063a2ba1
d57e040bae754a4dc9a076f4a185b05f7c3a78aa2510b0a2622da91925581cce
db14e1c5540b5949aac9d0be41b4a65354666720664db650c40abed7974f27e2
e157475410165a42f7d87fc4eef0ce39c3c52bddfb366dd4ed7227899ebdae61
e3b035eb1cdf2862385d04e61fa0cb5e97fdf6da0ad839d0b3b8be603b81a325
e6b077eb2a150d094b10b5433d025dd5ef01a5fdd980e20216059d3b3c308fc0
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
e898157fbcbc0cb2c593055459c8cf78bf022d6502fc9ce00f9ebd041fae5c36
ebe0f2930b22511823fa951441e4daf836f82b8d6bc8d867dcea1d3d4d7f8539
f5552a714ce116ac3da23b47d5519e8a54fa9fb6534522c5c6b5045c07341c72
f55a120c517c78c9e123c347e607436ab4577c715884c0410ee7bddc85f776e6
f5ad190a2e36ff513d2020ce0a3db80843b10bf677465807047d8925b4f2835d
f8d0b4869d2080031f5e46e895dd444ad49724db855e3d263dc6bcbb656e0aed
f93ed52da6cefabb8eca1a85a775a74ba1bc87c7741029aeae9e686a64657086