huntr.com Open in urlscan Pro
13.32.99.42 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
Submission: On January 29 via api (January 29th 2024, 2:40:39 am UTC) from US — Scanned from DE

Summary HTTP 41 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 41 HTTP transactions. The main IP is 13.32.99.42, located in United States and belongs to AMAZON-02, US. The main domain is huntr.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on October 16th 2023. Valid for: a year.

This is the only time huntr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	13.32.99.42 13.32.99.42	16509 (AMAZON-02) (AMAZON-02)
4	2606:50c0:800... 2606:50c0:8001::154	54113 (FASTLY) (FASTLY)
2 2	140.82.121.4 140.82.121.4	36459 (GITHUB) (GITHUB)
2	2600:9000:223... 2600:9000:223f:c000:1d:be94:4b80:93a1	16509 (AMAZON-02) (AMAZON-02)
8	99.86.4.97 99.86.4.97	16509 (AMAZON-02) (AMAZON-02)
41	5

27 13.32.99.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-42.fra60.r.cloudfront.net

huntr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:50c0:8001::154 (United States)

ASN54113 (FASTLY, US)

avatars.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 140.82.121.4 (Frankfurt am Main, Germany) 2 redirects

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-4-fra.github.com

github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:c000:1d:be94:4b80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.posthog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 99.86.4.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-97.fra6.r.cloudfront.net

mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	huntr.com huntr.com	1 MB
8	amazonaws.com mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com	3 KB
4	githubusercontent.com avatars.githubusercontent.com — Cisco Umbrella Rank: 9049	63 KB
2	posthog.com app.posthog.com — Cisco Umbrella Rank: 8524	1 KB
2	github.com 2 redirects github.com — Cisco Umbrella Rank: 2840	6 KB
41	5

	Domain	Requested by
27	huntr.com	huntr.com
8	mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com	huntr.com
4	avatars.githubusercontent.com	huntr.com
2	app.posthog.com	huntr.com
2	github.com	2 redirects
41	5

This site contains links to these domains. Also see Links.

Domain
discord.gg
datatracker.ietf.org
github.com
hackerone.com
snyk.io
www.github.com
nvd.nist.gov
cwe.mitre.org
cvss.js.org
twitter.com
protectai.com
infosec.exchange
mlsecops.com
www.linkedin.com

Subject Issuer	Validity	Valid
*.huntr.com Amazon RSA 2048 M03	`2023-10-16` - `2024-11-13`	a year	crt.sh
*.github.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-21` - `2024-03-20`	a year	crt.sh
*.posthog.com Amazon RSA 2048 M02	`2023-12-17` - `2025-01-14`	a year	crt.sh
*.appsync-api.eu-west-1.amazonaws.com Amazon RSA 2048 M03	`2023-11-07` - `2024-12-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
Frame ID: 88C1D2766F5E56EE2FB9F19C986E1F43
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HTTP Request Smuggling vulnerability found in waitress

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

41
Requests

95 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

1588 kB
Transfer

5654 kB
Size

2
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://discord.gg/GBmmty82CM
Title: Discord

Search URL Search Domain Scan URL

URL: https://datatracker.ietf.org/doc/html/rfc7230
Title: RFC7230

Search URL Search Domain Scan URL

URL: https://github.com/Pylons/waitress/blob/4b6b5832f3a30d82dc8cb359cf04d2a8edf6712b/src/waitress/receiver.py#L142-L143
Title: receiver.py L142-L143

Search URL Search Domain Scan URL

URL: https://hackerone.com/reports/1238099
Title: CVE-2021-22960 HTTP Request Smuggling when parsing the body

Search URL Search Domain Scan URL

URL: https://github.com/Pylons/waitress/blob/84cfc2b8ac81b55a7223f51f6d807f634d98c0f9/src/waitress/parser.py#L319-L325
Title: parser.py L319-L325

Search URL Search Domain Scan URL

URL: https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c
Title: CVE-2021-32715 Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

Search URL Search Domain Scan URL

URL: https://github.com/Pylons/waitress/blob/4b6b5832f3a30d82dc8cb359cf04d2a8edf6712b/src/waitress/receiver.py#L146-L149
Title: receiver.py L146-L149

Search URL Search Domain Scan URL

URL: https://snyk.io/blog/demystifying-http-request-smuggling/
Title: More information on HTTP request smuggling

Search URL Search Domain Scan URL

URL: https://github.com/pylons/waitress
Title: pylons/waitress

Search URL Search Domain Scan URL

URL: https://github.com/pylons/waitress/issues/366
Title: GitHub Issue

Search URL Search Domain Scan URL

URL: https://www.github.com/pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0
Title: 9e0b8c

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-24761
Title: CVE-2022-24761

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/444.html
Title: CWE-444: HTTP Request Smuggling

Search URL Search Domain Scan URL

URL: https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Title: Open in visual CVSS calculator

Search URL Search Domain Scan URL

URL: https://github.com/zeyu2001

Search URL Search Domain Scan URL

URL: https://twitter.com/zeyu2001

Search URL Search Domain Scan URL

URL: https://protectai.com/
Title: Protect AI

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@huntr_ai

Search URL Search Domain Scan URL

URL: https://mlsecops.com/podcast

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/huntrai/

Search URL Search Domain Scan URL

URL: https://twitter.com/huntr_ai

Search URL Search Domain Scan URL

URL: https://mlsecops.com/
Title: The MLSecOps Community

Search URL Search Domain Scan URL

URL: https://mlsecops.com/how-can-mlsecops-help-you.-contact-us
Title: Contact Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://github.com/pylons.png HTTP 302
https://avatars.githubusercontent.com/u/452227?v=4

Request Chain 38

https://github.com/zeyu2001.png HTTP 302
https://avatars.githubusercontent.com/u/39144422?v=4

41 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/ 243 KB
42 KB 181ms
120ms Document
text/html 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3169361ea68c0e68e9b34371a49f40508427773af58183975c74c7d0afc10a49

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, s-maxage=2
content-encoding: gzip
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-type: text/html
date: Mon, 29 Jan 2024 02:40:33 GMT
etag: W/"887dc14d4a39d5b793337a2288c68a38"
last-modified: Sat, 27 Jan 2024 11:09:10 GMT
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-id: BDZy95H6YpHBkIbtpinDeRUkaploIDXVNPR_hlwCjH5r0YwepQP7og==
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 89967c8.js Show response
huntr.com/_nuxt/ 3 KB
3 KB 103ms
101ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/89967c8.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ad1daa27395fe38198370307e3ae02a3cf7bfae0b241726963d6bba19220881b

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"a82a5ac55b5ce43bad346f81e1ec3070"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: xq5m8s7qiYYMDy5CohdNaTHh0mkYiXhUAJqExVbpPkv9pf4c5WjkGg==

GET
H2 200 5259ebe.js Show response
huntr.com/_nuxt/ 341 KB
119 KB 99ms
98ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/5259ebe.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1317639f267ec4abb5ac5fd91c782300247ea8e0a8bcbce7492603a55cfd2fa0

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"771b6f7adc51309930a90c93c89ae5ca"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: q4S1YzrasuhHdeMtf0hDt-6ixIojI8SheBUVky4W0DQzvVUYEuKZtw==

GET
H2 200 c306dd9.js Show response
huntr.com/_nuxt/ 1 MB
311 KB 107ms
106ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/c306dd9.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b7295167204ea2cd314790141afa14537ef1261b3474077cd277d4c5f2a49925

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"c86db735f8671bc412712d4bdc8306a3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: PR5Hda_cyqNG4QTMFiYIXM8MIMFKfi69PWe43LHmGoMlGTT_Yh7vsg==

GET
H2 200 4bd0e19.js Show response
huntr.com/_nuxt/ 236 KB
39 KB 117ms
115ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/4bd0e19.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0c49627a08c15f9c843af53d237b5d03e3534c55b428db924cb04b4cab033fa6

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"fbf42ee20f2f59f020ff3554703314d3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: 9IFhUmiSjmPid03XwVD3xZv-G2RXnCx-4QTB3TSF6Be506sMSf-heg==

GET
H2 200 cb526a9.js Show response
huntr.com/_nuxt/ 519 KB
122 KB 108ms
106ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/cb526a9.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

66bff6cad1270322ee51994c6b3bd6439a77494384cbc4b3159238ecc1e4802e

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"cd0e4710087b5b777a2cb43a0ef80b9f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: dLHqxZuH4O7QfLVLfH9BB-A6DOreTmZ_vloa0izbgBvFYYFB9efvzQ==

GET
H2 200 56c0430.js Show response
huntr.com/_nuxt/ 14 KB
6 KB 106ms
105ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/56c0430.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b14355470236893e5bf49043ed872922dcf8b027a254b0e3b29560da9fd27243

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"1bf25c4a34f5af93804761eb5f102d6c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: XjC4GKTLv4pdsOC_g5VaX8GHHFeDq2R4MwdVb3b-04oqPdCF2ww4_Q==

GET
H2 200 9b11602.js Show response
huntr.com/_nuxt/ 66 KB
19 KB 106ms
105ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/9b11602.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f71aa4fa9518d8765e730c9819bac935a93fe8572f33febd87f54754930751f3

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"20ae0e222bf8f4a77acc6a7d8c49aabf"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: NFC2gYoTnwI7FPqTN2j66_NlmqsywrEiAyhaDQ-vtLaa_msQsBXsvQ==

GET
H2 200 3bf22a0.js Show response
huntr.com/_nuxt/ 76 KB
16 KB 136ms
135ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/3bf22a0.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

565900b77c775479304e5704bf14d601fe7d6aaa51c51399d58016772f294a6b

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"c1e15b75b9c732906d0a997898d95c9a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: pmlvxRsJlNmKb31c-lgS6irUwFPpqmUb9DYzWgYTLEUSwPitVUKlaQ==

GET
H2 200 4179acf.js Show response
huntr.com/_nuxt/ 863 KB
274 KB 105ms
104ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/4179acf.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

dbb064dacf2838d27014f19b86b26d74f84f6a34995a7c9f023522ff32238745

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"85fff12f2678732bcfc55bab7f0585c4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: KcFWOsFXcng_nIUgFIyU2lFGvv62IWLTlr1pGieOHvJs8-uNGAyCWA==

GET
H3 200 state.js Show response
huntr.com/_nuxt/static/1706353219/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/ 21 KB
7 KB 125ms
125ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/static/1706353219/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/state.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

dad05d9d6ff4a82206e78d46afc0821586ee845d79ef6182e7950ec7df865684

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:53 GMT
server: AmazonS3
etag: W/"d1f65bccfb263c7f5dc55ceb599b5991"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: L5vb58-yCgOqnuke-c6Oow3OWmDAwZMn2OnVeRKD8duQHHOw-zkOuw==

GET
H3 200 payload.js Show response
huntr.com/_nuxt/static/1706353219/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/ 259 B
1 KB 99ms
98ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/static/1706353219/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/payload.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

92da40efc6173dac0215257fe166963f4f948b6ef7120e6ae983fa2e060f9bec

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 259
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:53 GMT
server: AmazonS3
etag: "bacd3d2f44a79ad2b223d9e634e2dc66"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
accept-ranges: bytes
x-amz-cf-id: VnqfVn9QtUylf-uXgRshR7aeSsD96jyGbxaV3DjosUN9eS6t-1nQag==

GET
H3 200 manifest.js Show response
huntr.com/_nuxt/static/1706353219/ 218 KB
79 KB 99ms
99ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/static/1706353219/manifest.js

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2132c43be36b88d24a0694a159e2a68b2513e6bc83580c47df350804a06f7276

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:09:09 GMT
server: AmazonS3
etag: W/"226c2b22085a1cc462d1b74f8476199f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: XJyM3DdRWk9KHNuHPzLrRZvqBJpCAnmtgyQJt_fWCfDoqhmPCJSHvA==

GET
H3 200 horizontal-logo-wh.svg
huntr.com/ 7 KB
4 KB 102ms
101ms Image
image/svg+xml 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://huntr.com/horizontal-logo-wh.svg

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7c19b4b3d23dac866f03987aed9ac91b0f46f6135ccbb092fa4a6fca40387e74

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:09:36 GMT
server: AmazonS3
etag: W/"8b906c4e0a6f77a7595b633b8ffa0cb8"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: FhUWUV7J18pRfmpBSbPPtooQrhdbYShH5XeGl7kwfGCBLBV0peZbcg==

GET
DATA 200
OK truncated
/ 797 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 290e83843452b6bcf9b0b729aaa560ec93f002483f031b68e8fbb204a6a81c32

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 39144422
avatars.githubusercontent.com/u/ 12 KB
12 KB 167ms
150ms Image
image/png 2606:50c0:8001::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/39144422?v=4

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

63c9e83eb8efadb2e925160cddb43bcd5f9a86c958bc5641cf6f1c115c13cd20

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-fastly-request-id: dd00e74aa7112de8e013176f52537674f2844091
content-security-policy: default-src 'none'
strict-transport-security: max-age=31557600
x-content-type-options: nosniff
date: Mon, 29 Jan 2024 02:40:34 GMT
via: 1.1 varnish
x-cache-hits: 0
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 11934
x-xss-protection: 1; mode=block
x-served-by: cache-fra-eddf8230069-FRA
last-modified: Thu, 17 Jan 2019 00:27:25 GMT
x-github-tenant
x-github-request-id: EDB2:3ED7D1:2A131D0:2BD90C0:65B71021
x-timer: S1706496034.080301,VS0,VE143
etag: "c4299a11ef4db7479bd83bc17f323c5e5adcab8f1dbdcc7b034537bdd5d64eb3"
source-age: 0
x-frame-options: deny
vary: Authorization,Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Mon, 29 Jan 2024 02:45:34 GMT

GET
H2 200 55323451
avatars.githubusercontent.com/u/ 17 KB
18 KB 26ms
10ms Image
image/jpeg 2606:50c0:8001::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/55323451?v=4

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

13d93c3869631680be7177c6f15caa6468bafeace6b72d736d004c95ea57c62d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-fastly-request-id: fcb85649bc649846d35101a5bfe7e4a29b2f7acc
content-security-policy: default-src 'none'
strict-transport-security: max-age=31557600
x-content-type-options: nosniff
date: Mon, 29 Jan 2024 02:40:34 GMT
via: 1.1 varnish
x-cache-hits: 1
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 17492
x-xss-protection: 1; mode=block
x-served-by: cache-fra-eddf8230069-FRA
last-modified: Fri, 05 Nov 2021 23:22:53 GMT
x-github-tenant
x-github-request-id: 4F5E:2FFC17:35B8A1B:37E8355:65AA08B5
x-timer: S1706496034.080726,VS0,VE1
etag: "70dd35c5b34af3111326bd6bb12a7108fd0eda1973d3e1caa0f478d601e808ae"
source-age: 853868
x-frame-options: deny
vary: Authorization,Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Mon, 29 Jan 2024 02:45:34 GMT

GET
H2

200

452227
avatars.githubusercontent.com/u/
Redirect Chain

https://github.com/pylons.png
https://avatars.githubusercontent.com/u/452227?v=4

21 KB
22 KB

9ms
9ms

Image
image/png

2606:50c0:8001::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/452227?v=4

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Server

2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

03caaaa0e52dee8a3619d1a199921043cf5d0199d0214d8f8fece6f8270764aa

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-fastly-request-id: 1a806ff553c7ee944ec681e79e918694892f35c2
content-security-policy: default-src 'none'
strict-transport-security: max-age=31557600
x-content-type-options: nosniff
date: Mon, 29 Jan 2024 02:40:34 GMT
via: 1.1 varnish
x-cache-hits: 1
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 22002
x-xss-protection: 1; mode=block
x-served-by: cache-fra-eddf8230069-FRA
last-modified: Tue, 29 Apr 2014 19:25:48 GMT
x-github-tenant
x-github-request-id: 4C96:1777AC:1778971:1877712:65B50E2A
x-timer: S1706496034.219938,VS0,VE2
etag: "0c728b2a635baebcc367d7ffa00c0a3e011d299b64b458239010fd5024981334"
source-age: 131575
x-frame-options: deny
vary: Authorization,Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Mon, 29 Jan 2024 02:45:34 GMT

Redirect headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id: E1B2:B6220:2D0CFF:2DE00C:65B71022
x-frame-options: deny
vary: Accept-Encoding, Accept, X-Requested-With
content-type: text/html; charset=utf-8
location: https://avatars.githubusercontent.com/u/452227?v=4
cache-control: no-cache
content-length: 0
x-xss-protection: 0

GET
H3 200 Montserrat-Regular.ee65399.ttf
huntr.com/_nuxt/fonts/ 240 KB
111 KB 114ms
113ms Font
font/ttf 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/fonts/Montserrat-Regular.ee65399.ttf

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
Origin: https://huntr.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:52 GMT
server: AmazonS3
etag: W/"ee6539921d713482b8ccd4d0d23961bb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: wofMiuviyCArtZp9Ox3ot-cHKhoprCRROPMfO3gGfYk6feLaUfrwFA==

GET
H3 200 Montserrat-Medium.c8b6e08.ttf
huntr.com/_nuxt/fonts/ 237 KB
110 KB 112ms
111ms Font
font/ttf 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/fonts/Montserrat-Medium.c8b6e08.ttf

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
Origin: https://huntr.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:52 GMT
server: AmazonS3
etag: W/"c8b6e083af3f94009801989c3739425e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: eTalh_ApESsGhBAnuZKq5iwtr4mYNwYhZGJEvMshpkRhOqfbs2mDBw==

GET
H3 200 WorkSans-Regular.7d761a6.ttf
huntr.com/_nuxt/fonts/ 187 KB
85 KB 101ms
100ms Font
font/ttf 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/fonts/WorkSans-Regular.7d761a6.ttf

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1b94e0d8ca23cc01c51de5d2d6a9e69704b95848c2143df8ee6cd421ac60decf

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
Origin: https://huntr.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:52 GMT
server: AmazonS3
etag: W/"7d761a652f8e716f57f4352b0f4e6280"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: cmI9XussVF-7C-CAEhKM6WjgPGriKdO4olcbNuUAh5SfdYMsexbRNg==

POST
H2 200 / Show response
app.posthog.com/decide/ 444 B
858 B 157ms
109ms XHR
application/json 2600:9000:223f:c000:1d:be94:4b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.posthog.com/decide/?v=3&ip=1&_=1706496034460&ver=1.77.0

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/c306dd9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1d:be94:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a886dd7cebaba694929aa52c831814230430d460d4a844de9f094b223d5d63f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://huntr.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 29 Jan 2024 02:40:34 GMT
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
referrer-policy: same-origin
x-amz-cf-pop: FRA56-P5
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://huntr.com
x-cache: Miss from cloudfront
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type
x-amz-cf-id: JZH-v_oQ5-cPJrnGWlMzJY6sK5_nLnEBUh0nsRhAKqE1-51bNvTPVg==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 0
0 130ms
85ms Preflight 99.86.4.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-97.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://huntr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
content-length: 0
date: Mon, 29 Jan 2024 02:40:35 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-id: NrGPkT2h8BTmxiYp9k7xFubGedSIdc5iwolk1hrPL6sdQeAiioSdDQ==
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 1f0bb887-8f48-4263-b83a-219fd393b853
x-cache: Miss from cloudfront

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 0
0 123ms
80ms Preflight 99.86.4.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-97.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://huntr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
content-length: 0
date: Mon, 29 Jan 2024 02:40:35 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-id: VWZ8d99iPmQOAg2rxBrMLlLTJ3QBtb9UiiT18GBzb5IUhm0lvsmqqw==
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: c1a8596f-9592-4147-9b81-d3371dfe15bd
x-cache: Miss from cloudfront

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 0
0 122ms
79ms Preflight 99.86.4.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-97.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://huntr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
content-length: 0
date: Mon, 29 Jan 2024 02:40:35 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-id: QXLaA6X9wg-0LVywjrQjKkT2PLCtj0TvPiE_V67_PYFh_B91cQiBJA==
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 19174360-4b13-4ff8-a7ed-568df6d09edd
x-cache: Miss from cloudfront

GET
H3 200 1628ea1.js Show response
huntr.com/_nuxt/ 23 KB
9 KB 98ms
97ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/1628ea1.js

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/89967c8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

017f78991c72e5ddd7c5f86e658ac4f13cbe3848ae3b86d32ceb26ca8b8e25f4

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"b571264c33bf561bf6224a35d6093563"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: 3ZckBna4bqiFmem4DzdzdQrc8MA4llf6UY7rnmmGaaocxJSggWig7Q==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 196 B
613 B 261ms
261ms XHR
application/json 99.86.4.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.com
URL: https://huntr.com/_nuxt/c306dd9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-97.fra6.r.cloudfront.net
Software: /
Resource Hash: 44bad409b1393fddca1ef91c78456b49cc7d9dadcadf0ffacb97aefdb9066d69

Request headers

accept: */*
Referer: https://huntr.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
x-api-key: da2-q65kehmbjzdz5kykbosarrb72a
content-type: application/json

Response headers

x-amzn-appsync-tokensconsumed: 4
date: Mon, 29 Jan 2024 02:40:35 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 42669087-0f7e-4d7a-89a7-917c34fcbae7
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 196
x-amz-cf-id: 16iaM4n20x9sA1jKBfZS8neiFabfBJLq8FnaLte264tbloZECdL-aA==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 2 KB
1 KB 1406ms
1406ms XHR
application/json 99.86.4.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.com
URL: https://huntr.com/_nuxt/c306dd9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-97.fra6.r.cloudfront.net
Software: /
Resource Hash: eb70c06d0d023c4a6229de3360e6a97928f4a03c1b108bc4cfb043f2af762f45

Request headers

accept: */*
Referer: https://huntr.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
x-api-key: da2-q65kehmbjzdz5kykbosarrb72a
content-type: application/json

Response headers

x-amzn-appsync-tokensconsumed: 2
date: Mon, 29 Jan 2024 02:40:36 GMT
content-encoding: gzip
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: ff23d9a3-e8f2-47dd-a2f6-f25d9c25dbdd
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id: 2zeEXdsEFh1CLwE6FedLi2VE9lMlnd7yuklSI8vkgvZs_PsuxnLQ8w==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 31 B
450 B 413ms
412ms XHR
application/json 99.86.4.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.com
URL: https://huntr.com/_nuxt/c306dd9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-97.fra6.r.cloudfront.net
Software: /
Resource Hash: 917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6

Request headers

accept: */*
Referer: https://huntr.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
x-api-key: da2-q65kehmbjzdz5kykbosarrb72a
content-type: application/json

Response headers

x-amzn-appsync-tokensconsumed: 8
date: Mon, 29 Jan 2024 02:40:35 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 5954516c-cc65-4898-bd79-a658cc5bec05
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 31
x-amz-cf-id: ouVvTtj5BCaKOIUDv8QHFA9SxmIkCQMjw0ME61WUu_MnWpr4WaXJBA==

GET
H3 200 Metropolis-Regular.f7b5e58.otf
huntr.com/_nuxt/fonts/ 23 KB
18 KB 108ms
108ms Font
font/otf 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/fonts/Metropolis-Regular.f7b5e58.otf

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
Origin: https://huntr.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:52 GMT
server: AmazonS3
etag: W/"f7b5e589f88206b4bd5cb1408c5362e6"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/otf
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: AKoR8hDcNk-sBdDFRqeGCKILhbYQ2I9ww8z8A86urdcwSwZWyH-wFg==

GET
H3 200 IndustryTest-Bold.583c7e9.otf
huntr.com/_nuxt/fonts/ 10 KB
8 KB 137ms
137ms Font
font/otf 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/fonts/IndustryTest-Bold.583c7e9.otf

Requested by

Host: huntr.com
URL: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

56e2d2609efc09d06a31ef9b82e71516287020ce3c0c5c2bb79841f95add1823

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
Origin: https://huntr.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"583c7e9d9c20757dff0d18e94e11da8e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/otf
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: fwGRPI8hwTjuWXkC3-oxFZR72Emjgd0DuOjBf8q6Q76Nc2k8_8fqnA==

GET
H3 200 de37575.js Show response
huntr.com/_nuxt/ 764 KB
41 KB 99ms
99ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/de37575.js

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/89967c8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ca74e316c66f36da8b8da50ca70427ab485caea6df5c44145425eb808d6319b0

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"d37ba914302ad9dbdc93cd24d3de62e7"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: AQUc9b4Jp-gfAOpqDtpJRRgCJht2SHYxW9ifCgqHOuom-rxhDYTkqQ==

GET
H3 200 30f6018.js Show response
huntr.com/_nuxt/ 35 KB
9 KB 101ms
101ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/30f6018.js

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/89967c8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

03e0345123464ebcb4d9cd6c4d34b0c1ccd8d6ad275f46054b3bae9f4fcb8d55

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"5255c4b8836ef5513a6524fb141f75dd"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: m-uJW2VKbS3yz5YJiDKk92wXVgvwPG15iZRb8VX7B5ZhBTgLzPvd1Q==

GET
H3 200 payload.js Show response
huntr.com/_nuxt/static/1706353219/ 7 KB
3 KB 100ms
100ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/static/1706353219/payload.js

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/c306dd9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a7ff7293ae409bd94708ed8a5b128370b45c1768db5d3b8dcbc860175904395c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:09:09 GMT
server: AmazonS3
etag: W/"a0a719bd76934320daa2fe42076b5216"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: uoPDDkdGghDbUsPBgk2bfTKlfb4BcGJQ3kdnM9X43z71G4bIcbNv9w==

GET
H3 200 c16c1d7.js Show response
huntr.com/_nuxt/ 73 KB
19 KB 100ms
99ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/c16c1d7.js

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/89967c8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a10aea39990639a04b30f21435e21f638449dbcddf95682c8701fc358b9eb2dc

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"a18323f2e9cee9c7b9dfa74ed2b62825"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: fKX-3C4ASP0GnlN0mg31YRMhllJS89ruJG_ce_Ys_RIrcYs26P9D7g==

GET
H3 200 552358d.js Show response
huntr.com/_nuxt/ 182 KB
48 KB 103ms
103ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/552358d.js

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/89967c8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a5ce34e93428a90dec4a7f2e393810af76b60b907f9f342a58d9fcc55b3c9399

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"86ab214a3e2c3e970f53d7080768c3f4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: sKKExj6Fse7VCkT7AQR5ePuZ4am0y7DApICV2WQG3wyeX6t2BIOhUg==

GET
H3 200 payload.js Show response
huntr.com/_nuxt/static/1706353219/bounties/disclose/ 79 B
1 KB 91ms
91ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/static/1706353219/bounties/disclose/payload.js

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/c306dd9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 79
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:09:07 GMT
server: AmazonS3
etag: "11e86df8ac1d9c85f55c418a4fbf5255"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
accept-ranges: bytes
x-amz-cf-id: AhSX2aUHOyMlEx8OHk7adae-ZU8ME0wVdVlD-t4Vtz9f1J8kWAdXHg==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 26 B
445 B 177ms
177ms XHR
application/json 99.86.4.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.com
URL: https://huntr.com/_nuxt/c306dd9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-97.fra6.r.cloudfront.net
Software: /
Resource Hash: 6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept: */*
Referer: https://huntr.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
x-api-key: da2-q65kehmbjzdz5kykbosarrb72a
content-type: application/json

Response headers

x-amzn-appsync-tokensconsumed: 2
date: Mon, 29 Jan 2024 02:40:36 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 540ec0b5-6415-4f6b-a52b-7a1e98373bb9
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 26
x-amz-cf-id: H-m8FkVvESeb6mgSxFlB6xhavKJTHb8VRppA0xRACgIFl0w2cXZuzQ==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 0
0 77ms
77ms Preflight 99.86.4.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-97.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://huntr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
content-length: 0
date: Mon, 29 Jan 2024 02:40:36 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-id: vTS7dZhlTS9qeM4wcziJZMYhE3ygzrxRpAgv_QlZP74SCTX4UJWKnA==
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 9408e53f-848c-48a1-af17-447247569925
x-cache: Miss from cloudfront

GET
H2

200

39144422
avatars.githubusercontent.com/u/
Redirect Chain

https://github.com/zeyu2001.png
https://avatars.githubusercontent.com/u/39144422?v=4

12 KB
12 KB

7ms
7ms

Image
image/png

2606:50c0:8001::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/39144422?v=4

Protocol

Server

2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

63c9e83eb8efadb2e925160cddb43bcd5f9a86c958bc5641cf6f1c115c13cd20

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-fastly-request-id: a45788583577c9fe683fa7b0cd2eb471bff32d60
content-security-policy: default-src 'none'
strict-transport-security: max-age=31557600
x-content-type-options: nosniff
date: Mon, 29 Jan 2024 02:40:36 GMT
via: 1.1 varnish
x-cache-hits: 1
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 11934
x-xss-protection: 1; mode=block
x-served-by: cache-fra-eddf8230069-FRA
last-modified: Thu, 17 Jan 2019 00:27:25 GMT
x-github-tenant
x-github-request-id: EDB2:3ED7D1:2A131D0:2BD90C0:65B71021
x-timer: S1706496037.688232,VS0,VE0
etag: "c4299a11ef4db7479bd83bc17f323c5e5adcab8f1dbdcc7b034537bdd5d64eb3"
source-age: 2
x-frame-options: deny
vary: Authorization,Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Mon, 29 Jan 2024 02:45:36 GMT

Redirect headers

date: Mon, 29 Jan 2024 02:40:36 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id: E1B2:B6220:2D1574:2DE8CD:65B71022
x-frame-options: deny
vary: Accept-Encoding, Accept, X-Requested-With
content-type: text/html; charset=utf-8
location: https://avatars.githubusercontent.com/u/39144422?v=4
cache-control: no-cache
content-length: 0
x-xss-protection: 0

GET
H3 200 c175b96.js Show response
huntr.com/_nuxt/ 58 KB
16 KB 96ms
96ms Script
application/javascript 13.32.99.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.com/_nuxt/c175b96.js

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/89967c8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

13.32.99.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-42.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

069725436429873aa8185e4bed4a7ec5202103b1497364ea059ef792583c57b2

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://huntr.com/bounties/01f878c5-af66-469f-9d05-da7f24ddeb1a/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 02:40:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.com https://*.amazonaws.com https://*.amazoncognito.com https://api.github.com https://api.bloggify.net wss://*.hotjar.com https://*.posthog.com https://app.chatwoot.com https://*.hubspot.com https://forms.hscollectedforms.net https://*.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://*.posthog.com https://js.hs-analytics.net https://*.hs-scripts.com https://js.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 27 Jan 2024 11:08:51 GMT
server: AmazonS3
etag: W/"4316281185249327be8a860fecf654d6"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: j4G43TsImhrHWBYwnPcj38WT0ayU8UbX4ZvCQvc-7DcuTFTDDXTZXg==

POST
H2 200 / Show response
app.posthog.com/e/ 13 B
427 B 109ms
108ms XHR
application/json 2600:9000:223f:c000:1d:be94:4b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1706496037478&ver=1.77.0

Requested by

Host: huntr.com
URL: https://huntr.com/_nuxt/c306dd9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:c000:1d:be94:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://huntr.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 29 Jan 2024 02:40:37 GMT
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
referrer-policy: same-origin
x-amz-cf-pop: FRA56-P5
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://huntr.com
x-cache: Miss from cloudfront
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type
x-amz-cf-id: IASORF2qIcev0H6_LYD473G6YNNybDUN61mRhkZE-ROSfFOTMl1AJg==

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			huntr.com/	1969-12-31 23:59:59	Name: auth.strategy Value: cognito
			.huntr.com/	1970-01-21 02:47:12	Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog Value: %7B%22distinct_id%22%3A%22018d5317-069a-73b6-b54d-e717dc819a19%22%2C%22%24device_id%22%3A%22018d5317-069a-73b6-b54d-e717dc819a19%22%2C%22%24user_state%22%3A%22anonymous%22%2C%22%24sesid%22%3A%5B1706496034471%2C%22018d5317-06a7-73c6-a545-cef647d9a268%22%2C1706496034471%5D%2C%22%24session_recording_enabled_server_side%22%3Afalse%2C%22%24autocapture_disabled_server_side%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%2C%22%24feature_flag_payloads%22%3A%7B%7D%7D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://cdn.segment.com https://api.segment.io https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.com https://.amazonaws.com https://.amazoncognito.com https://api.github.com https://api.bloggify.net wss://.hotjar.com https://.posthog.com https://app.chatwoot.com https://.hubspot.com https://forms.hscollectedforms.net https://.google-analytics.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://.hotjar.com https://app.chatwoot.com https://cdn.segment.com https://api.segment.io https://.posthog.com https://js.hs-analytics.net https://.hs-scripts.com https://js.hs-banner.com https://.hscollectedforms.net https://js.hubspot.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.posthog.com
avatars.githubusercontent.com
github.com
huntr.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
13.32.99.42
140.82.121.4
2600:9000:223f:c000:1d:be94:4b80:93a1
2606:50c0:8001::154
99.86.4.97
017f78991c72e5ddd7c5f86e658ac4f13cbe3848ae3b86d32ceb26ca8b8e25f4
03caaaa0e52dee8a3619d1a199921043cf5d0199d0214d8f8fece6f8270764aa
03e0345123464ebcb4d9cd6c4d34b0c1ccd8d6ad275f46054b3bae9f4fcb8d55
069725436429873aa8185e4bed4a7ec5202103b1497364ea059ef792583c57b2
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
0c49627a08c15f9c843af53d237b5d03e3534c55b428db924cb04b4cab033fa6
1317639f267ec4abb5ac5fd91c782300247ea8e0a8bcbce7492603a55cfd2fa0
13d93c3869631680be7177c6f15caa6468bafeace6b72d736d004c95ea57c62d
1b94e0d8ca23cc01c51de5d2d6a9e69704b95848c2143df8ee6cd421ac60decf
2132c43be36b88d24a0694a159e2a68b2513e6bc83580c47df350804a06f7276
290e83843452b6bcf9b0b729aaa560ec93f002483f031b68e8fbb204a6a81c32
3169361ea68c0e68e9b34371a49f40508427773af58183975c74c7d0afc10a49
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
44bad409b1393fddca1ef91c78456b49cc7d9dadcadf0ffacb97aefdb9066d69
565900b77c775479304e5704bf14d601fe7d6aaa51c51399d58016772f294a6b
56e2d2609efc09d06a31ef9b82e71516287020ce3c0c5c2bb79841f95add1823
63c9e83eb8efadb2e925160cddb43bcd5f9a86c958bc5641cf6f1c115c13cd20
66bff6cad1270322ee51994c6b3bd6439a77494384cbc4b3159238ecc1e4802e
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
7c19b4b3d23dac866f03987aed9ac91b0f46f6135ccbb092fa4a6fca40387e74
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6
92da40efc6173dac0215257fe166963f4f948b6ef7120e6ae983fa2e060f9bec
a10aea39990639a04b30f21435e21f638449dbcddf95682c8701fc358b9eb2dc
a5ce34e93428a90dec4a7f2e393810af76b60b907f9f342a58d9fcc55b3c9399
a7ff7293ae409bd94708ed8a5b128370b45c1768db5d3b8dcbc860175904395c
a886dd7cebaba694929aa52c831814230430d460d4a844de9f094b223d5d63f7
ad1daa27395fe38198370307e3ae02a3cf7bfae0b241726963d6bba19220881b
b14355470236893e5bf49043ed872922dcf8b027a254b0e3b29560da9fd27243
b7295167204ea2cd314790141afa14537ef1261b3474077cd277d4c5f2a49925
ca74e316c66f36da8b8da50ca70427ab485caea6df5c44145425eb808d6319b0
dad05d9d6ff4a82206e78d46afc0821586ee845d79ef6182e7950ec7df865684
dbb064dacf2838d27014f19b86b26d74f84f6a34995a7c9f023522ff32238745
eb70c06d0d023c4a6229de3360e6a97928f4a03c1b108bc4cfb043f2af762f45
f71aa4fa9518d8765e730c9819bac935a93fe8572f33febd87f54754930751f3

huntr.com Open in urlscan Pro 13.32.99.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

41 Requests

95 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

1588 kBTransfer

5654 kBSize

2 Cookies

23 Outgoing links

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

huntr.com Open in urlscan Pro
13.32.99.42 Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

95 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

1588 kB
Transfer

5654 kB
Size

2
Cookies

41 HTTP transactions
1 data transactions