urlscan.io logo urlscan.io
SecurityTrails logo

huntr.dev Open in urlscan Pro
2600:9000:2260:d600:14:bb32:5f00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Submission: On April 06 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 3 countries across 12 domains to perform 80 HTTP transactions. The main IP is 2600:9000:2260:d600:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon on January 26th 2022. Valid for: a year.
This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 25 2600:9000:226... 16509 (AMAZON-02)
6 141.94.130.128 16276 (OVH)
2 2 140.82.121.3 36459 (GITHUB)
7 2606:50c0:800... 54113 (FASTLY)
8 99.86.8.175 16509 (AMAZON-02)
2 10 54.237.133.81 14618 (AMAZON-AES)
2 3.93.102.238 14618 (AMAZON-AES)
12 18.66.248.56 16509 (AMAZON-02)
4 2600:9000:225... 16509 (AMAZON-02)
1 65.9.66.34 16509 (AMAZON-02)
2 2a04:4e42::729 54113 (FASTLY)
1 54.149.50.128 16509 (AMAZON-02)
1 99.86.4.22 16509 (AMAZON-02)
1 143.204.215.95 16509 (AMAZON-02)
1 54.73.183.234 16509 (AMAZON-02)
2 52.217.49.180 16509 (AMAZON-02)
80 16
25    2600:9000:2260:d600:14:bb32:5f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
huntr.dev
6    141.94.130.128 (France)

ASN16276 (OVH, FR)
PTR: ns31442138.ip-141-94-130.eu
i.postimg.cc
2    140.82.121.3 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-3-fra.github.com
github.com
7    2606:50c0:8000::154 (United States)

ASN54113 (FASTLY, US)
avatars.githubusercontent.com
8    99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net
cdn.segment.com
10    54.237.133.81 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-237-133-81.compute-1.amazonaws.com
app.chatwoot.com
2    3.93.102.238 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-93-102-238.compute-1.amazonaws.com
app.posthog.com
12    18.66.248.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-56.dus51.r.cloudfront.net
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
4    2600:9000:225a:b400:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)
d3tq67kexc2w2i.cloudfront.net
1    65.9.66.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-34.fra56.r.cloudfront.net
static.hotjar.com
2    2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    54.149.50.128 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-149-50-128.us-west-2.compute.amazonaws.com
api.segment.io
1    99.86.4.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-22.fra6.r.cloudfront.net
script.hotjar.com
1    143.204.215.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-95.fra53.r.cloudfront.net
vars.hotjar.com
1    54.73.183.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-73-183-234.eu-west-1.compute.amazonaws.com
in.hotjar.com
2    52.217.49.180 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
Apex Domain
Subdomains		 Transfer
25 huntr.dev
huntr.dev
1 MB
14 amazonaws.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
120 KB
10 chatwoot.com
app.chatwoot.com — Cisco Umbrella Rank: 486178
39 KB
8 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1624
62 KB
7 githubusercontent.com
avatars.githubusercontent.com — Cisco Umbrella Rank: 10008
144 KB
6 postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 23720
679 KB
4 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 624
script.hotjar.com — Cisco Umbrella Rank: 958
vars.hotjar.com — Cisco Umbrella Rank: 1008
in.hotjar.com — Cisco Umbrella Rank: 1743
68 KB
4 cloudfront.net
d3tq67kexc2w2i.cloudfront.net
150 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4278
19 KB
2 posthog.com
app.posthog.com — Cisco Umbrella Rank: 61209
776 B
2 github.com
github.com — Cisco Umbrella Rank: 2896
5 KB
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1081
170 B
80 12
Domain Requested by
25 huntr.dev 1 redirects huntr.dev
12 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.dev
10 app.chatwoot.com 2 redirects huntr.dev
app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
8 cdn.segment.com huntr.dev
cdn.segment.com
7 avatars.githubusercontent.com huntr.dev
6 i.postimg.cc huntr.dev
4 d3tq67kexc2w2i.cloudfront.net app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
2 prod-chatwoot-assets.s3.amazonaws.com
2 browser.sentry-cdn.com cdn.segment.com
2 app.posthog.com huntr.dev
browser.sentry-cdn.com
2 github.com 2 redirects
1 in.hotjar.com browser.sentry-cdn.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 api.segment.io cdn.segment.com
1 static.hotjar.com cdn.segment.com
80 16
Subject Issuer Validity Valid
*.huntr.dev
Amazon		 2022-01-26 -
2023-02-23		 a year crt.sh
postimg.cc
R3		 2022-02-05 -
2022-05-06		 3 months crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA		 2020-05-06 -
2022-04-14		 2 years crt.sh
*.segment.com
Amazon		 2022-01-12 -
2023-02-10		 a year crt.sh
app.chatwoot.com
R3		 2022-03-21 -
2022-06-19		 3 months crt.sh
app.posthog.com
Amazon		 2021-11-04 -
2022-12-02		 a year crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon		 2022-01-06 -
2023-02-04		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
*.hotjar.com
Amazon		 2021-11-25 -
2022-12-23		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-11-26 -
2022-12-28		 a year crt.sh
*.segment.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh

This page contains 3 frames:

Primary Page: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Frame ID: 817D3D7A6A96B379DFDCC4193939619C
Requests: 61 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: C210A5783A172A6897904881FCDDF055
Requests: 13 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: FFEBE7BC9FF0686FBAD2EC7AAA93F5CC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Stored Cross Site Scripting vulnerability found in openemr

Page URL History Show full URLs

  1. https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60 HTTP 301
    https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

80
Requests

95 %
HTTPS

25 %
IPv6

12
Domains

16
Subdomains

16
IPs

3
Countries

2766 kB
Transfer

6839 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60 HTTP 301
    https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20
  • https://github.com/openemr.png HTTP 302
  • https://avatars.githubusercontent.com/u/283089?v=4
Request Chain 74
  • https://github.com/openemr.png HTTP 302
  • https://avatars.githubusercontent.com/u/283089?v=4
Request Chain 76
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0d564/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--0ebc19c01420fe8a8c6a202fcf9e63947dea59fd/New%20Project%20(16).png HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220406%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220406T171150Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=641877d6738737924cf3e5360609199809f4ae21ad5dde2bf4933cc9c47eea34
Request Chain 78
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBclZUIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--31ae538bf9d04000e44a5bbe8feed382c0892b6f/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--0ebc19c01420fe8a8c6a202fcf9e63947dea59fd/profile.png HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220406%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220406T171150Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=5275c2e92384d7221b97093f66b4732e4af93289509ec0cff8382c7ddcd5a190

80 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Redirect Chain
  • https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60
  • https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
165 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ec1f39dfa709dbfd54f64eb0ee10e903370f413ee64a6d003a2ca96e8a753731
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control
public, max-age=0, s-maxage=600
content-encoding
gzip
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-type
text/html
date
Wed, 06 Apr 2022 17:11:49 GMT
etag
W/"7dea1394d13643d3f48b4a34f2599e7e"
last-modified
Wed, 06 Apr 2022 13:35:18 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
x-amz-cf-id
600_Ox__ql8GalQs8BhZhMOzhh0IqtM0k5lZW_YsXpxH5ojDgwyUcw==
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
application/xml
date
Wed, 06 Apr 2022 17:11:48 GMT
location
/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
server
AmazonS3
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
x-amz-cf-id
QU_b7fv44Z3ivzwsFdm9_LvKuUyFxPgAc7RZTZepMJ1BUq460Wt5kA==
x-amz-cf-pop
TXL50-P3
x-cache
Error from cloudfront
5cca8a0.js
huntr.dev/_nuxt/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/5cca8a0.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5ee19f2716685d9b8c858d2a2473f809edcdda30e6edd687399a95e09e22cc00
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"6b88dc4c2a0d2ad2f74a08acf261b60c"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
2vIIlMtS5iJJ2RIn3kaqX4JGdZ11dTN__8yhaMiF6zG5ebpMNrykJQ==
3f02194.js
huntr.dev/_nuxt/ 		299 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/3f02194.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fde18e667f959d5e3b8c8a21e9bd0e44d945b7210b94d3897b0ae8491b4738ab
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"8476ab670ef7a7c45f28e58c7a32e21f"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
qdiTCWL_22wi_e8exhHt1Gh6F8iAU8I5hB4qgAk-io69EMeQ96WKXw==
5260be2.js
huntr.dev/_nuxt/ 		1 MB
311 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/5260be2.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0a98c9b99d2f4d0b88db1b5b89c1f4e0ce56c4e13aa03e17bee3767b55355f6b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ff41b4234f0c2f7de5ca51b3b1f358a4"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
PXMDH7PIe0kiquWkUf1xhi6QUXw3-vHW_ZiPqkfiEvO7omNC2TOWiQ==
d2ebafb.js
huntr.dev/_nuxt/ 		62 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/d2ebafb.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
22423e113628c1028d7bee4e3de3733132aed0f532d89c0b59cdeac7e1af6784
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"791c955d6ecd5126187f23a9ff730ffc"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
i6Dzn0d8Pmtldbux0kjOr4FCNGqivt-tpt4nWWFqar-zghQC8z5mJQ==
b6e6118.js
huntr.dev/_nuxt/ 		253 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/b6e6118.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dd9d80dc11454327eae7f0f516326281e8d1c30d432878d104a01cdca84840ca
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"5e3e18ec5e36a4fb5e9b402e3d589031"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
Rax3BNKmtcwPG_y3UuydnqMHaCsTQ47Y4AAWc5dhuLH_dzdc3IwyXA==
d2e00e8.js
huntr.dev/_nuxt/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/d2e00e8.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2ff43deebbb2369ffbcc02032717514475c2eac63c9757e3ca56df59d905e450
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"7bb8068632534ddf887fa7cd5290df4c"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
TQVZwMRoL9ICPh9INqJEMGmwo5pOWz_zJ6LDTnVhIDA_bSKu2RV48A==
5e59872.js
huntr.dev/_nuxt/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/5e59872.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bfc862ec13fd01b0aec439c46f58891d874e396025c9c5974ea2c05435cdb7b9
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"9c803b8f19abd33d47184670c4ecb800"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
401mActmQPUzTGkagLI06r16HMqevwpV9egScypuimz7HMo4UD-H-w==
82b1ed9.js
huntr.dev/_nuxt/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/82b1ed9.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b085a4ae94b45ea034aa52973063b0e2dbaa20c655ff70b3158f0c820ba99209
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"50b6ba5935f8fcb21cf744fd67dfa159"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
tqBWvjeqHxcGIoKjvqan5bB-Mg7U9ifONwKCxLnNttOJ5yuq6Srs0A==
29c0d47.js
huntr.dev/_nuxt/ 		863 KB
273 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/29c0d47.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5bf0ee89c2d026d01f458d22854446273a94ad0a5e746db50c06cc73a8e2e20e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"88662ba9efb430372dafadfe6922b4a2"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
0NL5hchqEPBMitiSkJafUtru1-hnkI0U-tQObSe3T5eDdWB6E3lXeA==
state.js
huntr.dev/_nuxt/static/1649251406/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1649251406/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/state.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6a74e26636816c23aefe287ec9758b5ed2d33c2b6bbf783c1fff8ebadfb03812
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:35:09 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"10cbf18ec857d0e096f38fa35cee8a4b"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
fwMR4JNCTj2obL_HTjKmC7Y-LSttZbUXhaQd8s5_xuTXcSoww1htRQ==
payload.js
huntr.dev/_nuxt/static/1649251406/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/ 		259 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1649251406/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
207348661d8104d3737a3c267c6a55b8858a78d7fdf1987ba7dcf65bf0f56731
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:49 GMT
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
259
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:35:09 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"743bc30cf2cffd31cb17b30b9ad8ddfd"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
GCq32s3Gm1FIhF59KhoKN9XX9KQTEIPUjVGu7eQSPf5BGwp_burEoQ==
manifest.js
huntr.dev/_nuxt/static/1649251406/ 		111 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1649251406/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
044a7784699f2d122661f43bb4a8441bf7c8e85c78693fc8090b36c7c82044a0
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:35:15 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ba569a4010ea79381da59aede143c14f"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
QO3sTUIWuWZOZd8HkD-U_dDtVB7H9xR9uTiqxmrlVxoBJA9-iM2TLw==
Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 		240 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
56
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/ttf
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
48_mu_DlGOkxB5J6YXeb-seyXwbjAfm_Vt42BkeYJNm2YnSG1rT4lA==
Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 		237 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:10:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
56
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"c8b6e083af3f94009801989c3739425e"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/ttf
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-pop
TXL50-P3
x-amz-cf-id
A5kNCOGG1C2NWjmvG9tV_Sws3WLPjaX-dUSIn3Mg41-beNfCGhaAEA==
1.png
i.postimg.cc/tJFSW43G/ 		137 KB
137 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/tJFSW43G/1.png
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.94.130.128 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31442138.ip-141-94-130.eu
Software
nginx /
Resource Hash
f0161f2f91dd7e0f48e97bff0536f3bc0a8e45996a43fd50ece88f8c1df2d744

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:48 GMT
last-modified
Mon, 21 Mar 2022 05:28:10 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
139992
expires
Thu, 31 Dec 2037 23:55:55 GMT
2.png
i.postimg.cc/wxNbS0S4/ 		106 KB
107 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/wxNbS0S4/2.png
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.94.130.128 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31442138.ip-141-94-130.eu
Software
nginx /
Resource Hash
d40d0716597be50d78489f55e6b7ad167672f72c916612f6daa31563ad64e5f0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:48 GMT
last-modified
Mon, 21 Mar 2022 05:28:24 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
108965
expires
Thu, 31 Dec 2037 23:55:55 GMT
3.png
i.postimg.cc/28fXmnYk/ 		135 KB
135 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/28fXmnYk/3.png
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.94.130.128 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31442138.ip-141-94-130.eu
Software
nginx /
Resource Hash
a26078177a61e9ea9135d66f6669d2dba7629e7ba3c8a1439d915bab77148243

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:48 GMT
last-modified
Mon, 21 Mar 2022 05:28:36 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
138141
expires
Thu, 31 Dec 2037 23:55:55 GMT
4.png
i.postimg.cc/gkqt0rcv/ 		97 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/gkqt0rcv/4.png
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.94.130.128 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31442138.ip-141-94-130.eu
Software
nginx /
Resource Hash
db404b06b88b317d780f295d5af2f1b5a1a8dae8a71d2a03687e9864263b73a0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:48 GMT
last-modified
Mon, 21 Mar 2022 05:28:48 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
99439
expires
Thu, 31 Dec 2037 23:55:55 GMT
5.png
i.postimg.cc/BvyMzKNG/ 		114 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/BvyMzKNG/5.png
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.94.130.128 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31442138.ip-141-94-130.eu
Software
nginx /
Resource Hash
2332fc9e9a9c2f3231ac212f6fd84af0a0c65edecf2cbbd744df1fbb263583db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:48 GMT
last-modified
Mon, 21 Mar 2022 05:29:00 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
117013
expires
Thu, 31 Dec 2037 23:55:55 GMT
6.png
i.postimg.cc/W3kXc1fq/ 		87 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/W3kXc1fq/6.png
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.94.130.128 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31442138.ip-141-94-130.eu
Software
nginx /
Resource Hash
325c7d6e6f19c0dd13d27af57965881b19d410df75ac2f99c01473726a1dd3cd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:48 GMT
last-modified
Mon, 21 Mar 2022 05:29:12 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
89157
expires
Thu, 31 Dec 2037 23:55:55 GMT
283089
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/openemr.png
  • https://avatars.githubusercontent.com/u/283089?v=4
11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/283089?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3bdb58ab93f3a3768080520a107a92c0fec278a395253dc6678d710867fcff5d
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-fastly-request-id
4fde976ad40c2d5756efb143d304a0557f616533
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
11346
x-xss-protection
1; mode=block
x-served-by
cache-mxp6950-MXP
last-modified
Sun, 03 Dec 2017 23:01:02 GMT
x-github-request-id
F828:D51B:C158B0:D26E40:6242B845
x-timer
S1649265109.240532,VS0,VE1
x-frame-options
deny
date
Wed, 06 Apr 2022 17:11:49 GMT
source-age
725392
strict-transport-security
max-age=31557600
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
"aacedf05eb9121a4573e72e01665bfaccf045e6109831c60c8165f500ee3e735"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 06 Apr 2022 17:16:49 GMT

Redirect headers

date
Wed, 06 Apr 2022 17:11:48 GMT
x-content-type-options
nosniff
vary
X-PJAX, X-PJAX-Container, Accept-Encoding, Accept, X-Requested-With
content-length
116
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
E692:13649:665EA0:6B129A:624DC9D4
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/283089?v=4
cache-control
no-cache
permissions-policy
interest-cohort=()
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
29351179
avatars.githubusercontent.com/u/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/29351179?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
18924f0b6f17ae819efedecbb28e8a355ae52f4a4f1ab9e7b04b0f7647351acf
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-fastly-request-id
686dedbac2c15e3298a210931c4f50a813a155ee
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
29179
x-xss-protection
1; mode=block
x-served-by
cache-mxp6950-MXP
last-modified
Sun, 11 Jun 2017 13:28:35 GMT
x-github-request-id
0819:2DD5:62414C:667648:624C0D03
x-timer
S1649265109.940093,VS0,VE1
x-frame-options
deny
date
Wed, 06 Apr 2022 17:11:48 GMT
source-age
113873
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"8b120dbf01db4a99f80024b503d8c902d1299db8b22f19a26279ee39a2ccba1a"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 06 Apr 2022 17:16:48 GMT
55323451
avatars.githubusercontent.com/u/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/55323451?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
13d93c3869631680be7177c6f15caa6468bafeace6b72d736d004c95ea57c62d
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-fastly-request-id
22ab653ea8e84a0028ccf8ee3dbdfb1a876962d8
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
17492
x-xss-protection
1; mode=block
x-served-by
cache-mxp6950-MXP
last-modified
Fri, 05 Nov 2021 23:22:53 GMT
x-github-request-id
7FA0:2B72:24E2B9A:26C2AA4:62398126
x-timer
S1649265109.940197,VS0,VE1
x-frame-options
deny
date
Wed, 06 Apr 2022 17:11:48 GMT
source-age
1329327
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"70dd35c5b34af3111326bd6bb12a7108fd0eda1973d3e1caa0f478d601e808ae"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 06 Apr 2022 17:16:48 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		90 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
98d263d94a0353d93a51556e3cd5918ce20055f32cc6e1dd7257da423d817269

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id
1SWv.PCEc4CUHKywA4JQOS534tOYk6gZ
content-encoding
br
etag
W/"c2479785acf20e071b32517ee358d26b"
x-amz-cf-pop
FRA6-C1
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Sat, 02 Apr 2022 03:49:03 GMT
server
AmazonS3
date
Wed, 06 Apr 2022 17:11:50 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-id
nDjBe4wLXlGeER5z9Iynr9My6laGTOZDb5hCEZWkrR8N34p6-mF2OQ==
sdk.js
app.chatwoot.com/packs/js/ 		80 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/packs/js/sdk.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/d2ebafb.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
d98b7fc9c04389caaa48c773f707038efbfadcb84aaf68868e27a8392461ec32
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 06 Apr 2022 17:11:48 GMT
Content-Encoding
br
Last-Modified
Wed, 06 Apr 2022 09:02:53 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Connection
keep-alive
Content-Type
application/javascript
Via
1.1 vegur
Cache-Control
public, max-age=31556952
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
24977
/
app.posthog.com/decide/ 		193 B
479 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/decide/?v=2&ip=1&_=1649265109127
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.93.102.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-93-102-238.compute-1.amazonaws.com
Software
gunicorn /
Resource Hash
bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 06 Apr 2022 17:11:49 GMT
referrer-policy
same-origin
server
gunicorn
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With
content-length
193
x-content-type-options
nosniff
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash
6ff6c2ae10d61435f42ea14161a5e1c1bc70b4aba6d3e44b1aa73acdf6ab4291

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
3
date
Wed, 06 Apr 2022 17:11:49 GMT
content-encoding
gzip
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
cfc46e7b-a924-4ce5-a97b-fb448c245d48
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id
2rCWUj2VOCfbd0JqZ_7lOEqELvebH6AHy3lmfj9l_HwHrKcK5hAiCg==
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 06 Apr 2022 17:11:49 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-id
nx8XdYbmhgzmTuWKRwJpphjbLWZJ6ZcCvvHbF5LsdN44bzm6kFWvUQ==
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
75adfed6-7a63-4774-9927-3498976881bf
x-cache
Miss from cloudfront
56eca65.js
huntr.dev/_nuxt/ 		33 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/56eca65.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5cca8a0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
30c86e29c13e3bd7400cee0c063214bd035ac7fdfa011ae4bb8fb9d0036981ca
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"a4367970a9692846054462eca4f5becb"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
HZbb0-_XudN48uZc6-seRQTAraE2uKaIiN7XsIpzbK1Kvmlx9fLFvw==
dfe00bd.js
huntr.dev/_nuxt/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/dfe00bd.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5cca8a0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3832eeeb9a9d4fc14a16351445d09fe4470cabefbe41ae1a2a60fc60a60fd585
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"0aa71eb977273d38a35817eab670efa2"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
shr8mx0d0bgbwyJEnuqm_y2HuFw-OQmiIC5znf1ROaHDYCBuGicT6Q==
2a81b56.js
huntr.dev/_nuxt/ 		929 KB
290 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/2a81b56.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5cca8a0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d37353d6da8d33066205d762078967b78a0faae3859aff1953e9a9e7107e660a
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"1387cbf363aeb7670eb16f9d4faa8def"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
wEBtgoq8c4CVo6CsFO7aVdKby_52s8SJzRLcjfj6_pVl_914EeKbKQ==
7954cdb.js
huntr.dev/_nuxt/ 		197 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/7954cdb.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5cca8a0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e5ce5fd7f2342018d02fc36ec0cbd00118577fa48d4fe579a65eb0b02abef0d2
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"4875f7ceb1f3b28e13f55c41c7800ec8"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
unZfBceV2nAbvst95d1f9xS3H1MMzKmcChoVq3Sbs_vJH7Y5gR5sOQ==
payload.js
huntr.dev/_nuxt/static/1649251406/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1649251406/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:35:15 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"126dd630135f2a51a22e58e9f9dbb73b"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
vyOSFf13o3Lp1WRh8SZTKYE1Zpf62nZ0LvCuabTk7b6wlZSg0yg7Hw==
payload.js
huntr.dev/_nuxt/static/1649251406/bounties/ 		70 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1649251406/bounties/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
70
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:35:15 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"ed9a10c88c5ac705aee93e7d26c4fc32"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
2lLTh8Iu8r5Z2-mK48SNB9n7nxaVOm5zVKBCXTZCZ2AWOAdsFYEQ1w==
payload.js
huntr.dev/_nuxt/static/1649251406/bounties/disclose/ 		79 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1649251406/bounties/disclose/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:35:14 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
YivDpV4_ljkrY_5GN8K22iUAkV9rVThqVzJWsHJVdecyJPLdWy2qgg==
widget
app.chatwoot.com/ Frame C210 		6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
0040cc1a846be01f5f56dcd02327ca88de7613dacf9018bfad5f4df64b125a9c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control
max-age=0, private, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Wed, 06 Apr 2022 17:11:48 GMT
Etag
W/"0040cc1a846be01f5f56dcd02327ca88"
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
3d7426c1-4692-4cce-8830-a2dff1d203b4
X-Runtime
0.112003
X-Xss-Protection
1; mode=block
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-id
Y_IxAKRmg5-eXqcLxQJ_uNTHeCPEeepynewRRU9G7Hwi3LYALmVclA==
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
294d1694-0d9e-4c22-abf8-51c6045a29f5
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-id
F89B7JRUsvewXwyGKlc4fqjLkY1CXJXBbAs_fegQt-pkguQZQkswYg==
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
49dd98e6-09e5-48ec-8260-caefbd4d4787
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-id
_APS11Rb2h-VfCsedY_H3hZoYE9J3yPMz0_GXRwLbF7CJIkjaFjiFg==
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
a5fa69d1-12af-4472-80d0-44bbb948a5e5
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		196 B
617 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash
b0265949bac0ef564e6bd6e54f6f1dec4f184e0bdbc3c1546005c94c3e819495

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
9f65fdf1-d54a-48e2-953c-466a58f3c744
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
196
x-amz-cf-id
hZGYpsjYxrPH-NGm-SqlI9jPPHt0oAbs4NqGFCSGR0_TS5vGb1Trpg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash
e349c5a94ac4582a91eeba90a10c4c2aad4568169f75138231a04c263a2ffc9b

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
6c28558b-756f-47e5-9dc6-b6c542e63c70
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
4246
x-amz-cf-id
eP1pnZ69Zfc_0_EFMEhwCxQNLfhgU8eyhvgc0WAB4K_p4g3y9eMCrw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		331 B
751 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash
198bcb3f4f57f4828d23e402e42c7fe805a57d167e17c5eb81b1851bff1c6ee0

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
e2ab2011-d486-45bc-ad47-79ae20b4dbe4
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
331
x-amz-cf-id
AkQV8LQ9pjO7Kit8BeiEKTQzVWPH0ifg98qGSbgYsUN29__375byuA==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		31 B
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
15
date
Wed, 06 Apr 2022 17:11:51 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
c29139a0-30bc-44e4-94f5-68ab869d2716
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
31
x-amz-cf-id
RkzzKBm8DIPiAWrL3kGOmL2wUefWqi32Bo_V5jSLfIXgUMRfjnkC0A==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-id
Alq423VkVnZ6YMAG7_BGsWEz1aZ544iCmL7byUOjk8JVq8e9Ax0NCA==
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
93e1ffe9-ea0d-42f6-82eb-3a67299fe61a
x-cache
Miss from cloudfront
Metropolis-Regular.67a1988.otf
huntr.dev/_nuxt/fonts/ 		23 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Metropolis-Regular.67a1988.otf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"f7b5e589f88206b4bd5cb1408c5362e6"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/otf
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
TXcHAT85D5RwB-cKzU6_PIrvSqoxVoy_oiOcmbp7m9i8JbHqzVuG4w==
widget-a8327266e408285236ee.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame C210 		475 KB
139 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a8327266e408285236ee.js
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225a:b400:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
a86b41247e36b3ff3a7300d11dcde765c229eb90d85604e9b04d1dd657a3d39c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 09:07:35 GMT
content-encoding
gzip
last-modified
Wed, 06 Apr 2022 09:02:53 GMT
server
Cowboy
age
29054
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
via
1.1 vegur, 1.1 a2255db944717fedb0da0026622f7e7a.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
TXL50-P1
content-length
141369
x-amz-cf-id
FM_jGBHSk_zudCyASyfprrR_NraYPjiEVUu3jlRMu2lX3IIRizZM-A==
widget-e06dd2f8.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame C210 		25 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-e06dd2f8.css
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225a:b400:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
9ba90947696a0ab28573382ca2ce75b5dc664e4d49d231246f08b6e589dd09fc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 09:07:35 GMT
content-encoding
gzip
last-modified
Wed, 06 Apr 2022 09:02:53 GMT
server
Cowboy
age
29054
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
via
1.1 vegur, 1.1 a2255db944717fedb0da0026622f7e7a.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
TXL50-P1
content-length
6108
x-amz-cf-id
rDTdMAGZgaplJ8HVxDden5us54HvUeRTrSwPpCh-ubMVijydUBHBXg==
settings
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
04e927aedd7e61c330b08636fb4a8ed48f53a74b6f804838d58d40f4a1631f4b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id
DHvEOCsShXD.tvnWLWX7POZ6OKNUVGhu
content-encoding
gzip
etag
W/"441c711770a14e48ac8c7bf30078ca2b"
age
5490
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Wed, 23 Feb 2022 17:53:19 GMT
server
AmazonS3
date
Wed, 06 Apr 2022 15:40:21 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
cache-control
public, max-age=10800
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
7ZRQ0hb30H4NqPwbFdeE7QPD8O6GppCKo9_DXL7JvBfvuMwFdyEZAA==
130.bundle.d084dbba667083833ad9.js
cdn.segment.com/analytics-next/bundles/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/130.bundle.d084dbba667083833ad9.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6cc91b88a0e4b6ceb9c85e5388d8a52e4983ae06a623c945c539874f59e0931

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Tue, 22 Feb 2022 18:39:32 GMT
content-encoding
br
vary
Accept-Encoding
age
3709939
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Fri, 18 Feb 2022 23:29:32 GMT
server
AmazonS3
etag
W/"df620a8d52b38219b01cc610c8489e6a"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
DxiEFF4r6s6__T2Gs.HIC3YcQ3vwsINF
via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA6-C1
content-type
application/javascript
x-amz-cf-id
yAnskSMg4dk1HMVhCUSRqiaTRJYYYVUIvOlGitbEAVfegWt0hFxq0g==
ajs-destination.bundle.8bdbf69f93041db8d8a9.js
cdn.segment.com/analytics-next/bundles/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.8bdbf69f93041db8d8a9.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ec7c17f32f88526fbf474b9830ffe7620c82e250d4540ec8d3a98ae328238815

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Tue, 22 Feb 2022 18:39:32 GMT
content-encoding
br
vary
Accept-Encoding
age
3709939
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Fri, 18 Feb 2022 23:29:32 GMT
server
AmazonS3
etag
W/"f1623318201f2d99b38da608a9060db8"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
9kO..BJZIgVmu0dsZOhJcsMKdq4mvogg
via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA6-C1
content-type
application/javascript
x-amz-cf-id
3Lj4Dxtzporn53p7ZlQvFloZh8J4Uj9G92NBGV9C6ztKt24YZSUflw==
schemaFilter.bundle.c7078f16bc63f13b58ad.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.c7078f16bc63f13b58ad.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
83c69a85ae5ce23e12728f8f0c6aa480d7e4c587489899e07abbc7ceb58c3111

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Tue, 22 Feb 2022 18:39:33 GMT
content-encoding
br
vary
Accept-Encoding
age
3709938
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Fri, 18 Feb 2022 23:29:32 GMT
server
AmazonS3
etag
W/"a31a84c48f8617b8d0fccb41af179b20"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
UDMZvkUZpbSZFn5zwksonnddbd8a.YMd
via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA6-C1
content-type
application/javascript
x-amz-cf-id
aEDX_wsR9VD8PQZJN2Ts9IJc_-OWMAk1AOBihzGMpszT9E7sokO4lg==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Sun, 13 Feb 2022 13:19:56 GMT
content-encoding
gzip
age
4506715
x-cache
Hit from cloudfront
content-length
1342
access-control-allow-origin
*
last-modified
Wed, 09 Feb 2022 22:20:43 GMT
server
AmazonS3
etag
"8efb1862102ff23cb16241a0b8ff3c9b"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
7B3FWZil7MmBXZJ_HBsoptiMlYf1StYS
via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
rFyAwwrgcdb0bjiTlGLABxauYeOLxQR1xZoMlNXH7AsXgCGOKv7Fog==
sentry.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c2256ca967e5343339a586843799f60c8b3d82c570d2dfba9838a1016d85debf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 00:21:12 GMT
content-encoding
gzip
age
3603039
x-cache
Hit from cloudfront
content-length
1637
access-control-allow-origin
*
last-modified
Wed, 23 Feb 2022 17:32:05 GMT
server
AmazonS3
etag
"3a460c80ebcb314cbb94b79eb9b5e168"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
dO0Fwdi0Ykc0FcDOqGfirFUkB_hb6Npw
via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
0kCl1wbjapj1uBT5idRarPRLHT38F-nVn0degbCZ0qv7ENFX9quiqQ==
commons.54701049fd6fb8497e9e.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 21:15:50 GMT
content-encoding
gzip
age
417361
x-cache
Hit from cloudfront
content-length
22174
access-control-allow-origin
*
last-modified
Fri, 04 Mar 2022 22:04:55 GMT
server
AmazonS3
etag
"7741fd16ad2418cd17ab981f8207b106"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
qY1XkjB6D03pre9o8HvW7GJ61NjQ0_Ys
via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
YjkASYgAB_ScWJeWWdPiUKfCpZRQA2pmbTSt46CJNOBGzTJQoPM6wQ==
hotjar-2380708.js
static.hotjar.com/c/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-34.fra56.r.cloudfront.net
Software
/
Resource Hash
fe8881595794eedbecfec508bbdc2821659ae7d30cc11be96d687ab1b2d61986
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:23 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
age
27
etag
W/cbe014de92ce136cc183470d3b40a892
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
Gg6OdUYhMrwirjpzVoYCd-sl9IN13DfvXmNpwd3AvqzYzDE7gwjTXg==
via
1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
bundle.min.js
browser.sentry-cdn.com/5.12.1/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
content-encoding
gzip
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
19642946
etag
"1c5228c89d281d08aa0ce908f582609a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
17201
expires
Mon, 22 Aug 2022 08:49:23 GMT
p
api.segment.io/v1/ 		21 B
170 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.50.128 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-149-50-128.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://huntr.dev
date
Wed, 06 Apr 2022 17:11:50 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
12-d775cf2c.chunk.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame C210 		1 KB
848 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/12-d775cf2c.chunk.css
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a8327266e408285236ee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225a:b400:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
352a47912631dd9a6aea92a61fb973ca88b7f4cb597346ccbae7a850c0cab77f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 09:07:38 GMT
content-encoding
gzip
last-modified
Wed, 06 Apr 2022 09:02:53 GMT
server
Cowboy
age
29052
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
via
1.1 vegur, 1.1 a2255db944717fedb0da0026622f7e7a.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
TXL50-P1
content-length
458
x-amz-cf-id
CV5WamW7_RAE_x3pmyB8HbvjMSG5tp0dxWJ-rgPUhlptXPN_U8waJA==
12-0201e2c46174a99c3475.chunk.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame C210 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/12-0201e2c46174a99c3475.chunk.js
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a8327266e408285236ee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225a:b400:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
ebcde6b1885e83984d923a39be0ff70b604609446207d8ad17e1dcf2ea83eef9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 09:07:38 GMT
content-encoding
gzip
last-modified
Wed, 06 Apr 2022 09:02:53 GMT
server
Cowboy
age
29052
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
via
1.1 vegur, 1.1 a2255db944717fedb0da0026622f7e7a.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
TXL50-P1
content-length
3472
x-amz-cf-id
Je_s_5vwXxnyXDt3L_eOeq0vxyAqwuq1WmevqTf6hwlQdVsUkJhYFA==
conversations
app.chatwoot.com/api/v1/widget/ Frame C210 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a8327266e408285236ee.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhOWI2NWJiZS1kNTg2LTQ0N2YtOGEyMy0xNDYwMGJhZTU1NzIiLCJpbmJveF9pZCI6MTQxMn0.oWn6252Hx65xAGVf8cGXJXOzHuyk4SLQlq5b95aXmk0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 06 Apr 2022 17:11:49 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
73557d56-7bb8-457b-adca-2446860e5c4a
X-Runtime
0.020230
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
modules.9beafb9ca96c2f868fe2.js
script.hotjar.com/ 		236 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-22.fra6.r.cloudfront.net
Software
/
Resource Hash
95f2a2d9bf981b3f923cc601270603e88c14767e7e29310eb2d8b6b1407457f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 16:20:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
89504
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
63051
access-control-allow-origin
*
last-modified
Tue, 05 Apr 2022 16:20:05 GMT
etag
"74214ff5f7e679f43ba048194d7bf23c"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
egTKMNNg0qInImcPSuLQvuVcuOfrg1f881_r-n5Bu13uXNUGl-880A==
truncated
/ 		424 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type
image/png
rewriteframes.min.js
browser.sentry-cdn.com/5.12.1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
content-encoding
gzip
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
10406789
etag
"4e240097ab71acf709caa48e23cd6411"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
1807
expires
Wed, 07 Dec 2022 06:25:22 GMT
messages
app.chatwoot.com/api/v1/widget/ Frame C210 		14 B
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a8327266e408285236ee.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhOWI2NWJiZS1kNTg2LTQ0N2YtOGEyMy0xNDYwMGJhZTU1NzIiLCJpbmJveF9pZCI6MTQxMn0.oWn6252Hx65xAGVf8cGXJXOzHuyk4SLQlq5b95aXmk0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 06 Apr 2022 17:11:49 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
472ac470-c1a0-4583-8985-3010d79d1c70
X-Runtime
0.046058
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"258153158e38e3291e3d48162225fcdb"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
inbox_members
app.chatwoot.com/api/v1/widget/ Frame C210 		959 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a8327266e408285236ee.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhOWI2NWJiZS1kNTg2LTQ0N2YtOGEyMy0xNDYwMGJhZTU1NzIiLCJpbmJveF9pZCI6MTQxMn0.oWn6252Hx65xAGVf8cGXJXOzHuyk4SLQlq5b95aXmk0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 06 Apr 2022 17:11:50 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
c2958073-629c-4ba5-8244-01f80266daf0
X-Runtime
0.104756
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"76f1b39cfb3063a87ebc0b127fdedbf2"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
contact
app.chatwoot.com/api/v1/widget/ Frame C210 		52 B
697 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a8327266e408285236ee.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9b6ef96a602ffbc562e60e7001c82ce93474588173d1ce084c872bdf73b40e21
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhOWI2NWJiZS1kNTg2LTQ0N2YtOGEyMy0xNDYwMGJhZTU1NzIiLCJpbmJveF9pZCI6MTQxMn0.oWn6252Hx65xAGVf8cGXJXOzHuyk4SLQlq5b95aXmk0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 06 Apr 2022 17:11:50 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
0656a73a-4c13-41f4-b251-da25d2240ac2
X-Runtime
0.058043
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"9b6ef96a602ffbc562e60e7001c82ce9"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
campaigns
app.chatwoot.com/api/v1/widget/ Frame C210 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-a8327266e408285236ee.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhOWI2NWJiZS1kNTg2LTQ0N2YtOGEyMy0xNDYwMGJhZTU1NzIiLCJpbmJveF9pZCI6MTQxMn0.oWn6252Hx65xAGVf8cGXJXOzHuyk4SLQlq5b95aXmk0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 06 Apr 2022 17:11:50 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
47f2f655-97de-4ba8-a261-a90749dbb08b
X-Runtime
0.019852
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame FFEB 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-95.fra53.r.cloudfront.net
Software
/
Resource Hash
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges
bytes
age
5300384
cache-control
max-age=31536000
content-encoding
br
content-length
1044
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 04 Feb 2022 08:52:06 GMT
etag
"6f65fac4e8efe167ff5132c0c54c5729"
last-modified
Fri, 04 Feb 2022 08:51:39 GMT
vary
Accept-Encoding
via
1.1 78c402b74e65ae12b398b6b957ab229e.cloudfront.net (CloudFront)
x-amz-cf-id
un3lFgfq7B72aXngRTtQ6mmh797p8sSb9MJsir6g9Alj9E3wOb-ITA==
x-amz-cf-pop
FRA53-C1
x-cache
Hit from cloudfront
x-robots-tag
none
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5260be2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
1cf48487-0006-486c-be1a-57e59b51767d
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
HST-BQq0YrAHgeQjPsxz9NgBpZmh3c-nNmy3oQHV1qdFSzV_Q-X9-w==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Wed, 06 Apr 2022 17:11:50 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-id
9rFPsmV_HFIiF7BpaGUerNZ08Z5qQb0OtEctkwyTVn_KJjJ00tx9bQ==
x-amz-cf-pop
DUS51-P1
x-amzn-requestid
4d5d8d32-d306-4956-b7f8-e3b7e2c5aeb8
x-cache
Miss from cloudfront
29351179
avatars.githubusercontent.com/u/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/29351179?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
18924f0b6f17ae819efedecbb28e8a355ae52f4a4f1ab9e7b04b0f7647351acf
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-fastly-request-id
68efcacca3d13b7e27de5a3892cba91efcdcf499
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
2
vary
Authorization,Accept-Encoding
content-length
29179
x-xss-protection
1; mode=block
x-served-by
cache-mxp6950-MXP
last-modified
Sun, 11 Jun 2017 13:28:35 GMT
x-github-request-id
0819:2DD5:62414C:667648:624C0D03
x-timer
S1649265111.574699,VS0,VE0
x-frame-options
deny
date
Wed, 06 Apr 2022 17:11:50 GMT
source-age
113875
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"8b120dbf01db4a99f80024b503d8c902d1299db8b22f19a26279ee39a2ccba1a"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 06 Apr 2022 17:16:50 GMT
visit-data
in.hotjar.com/api/v2/client/sites/2380708/ 		147 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://in.hotjar.com/api/v2/client/sites/2380708/visit-data?sv=6
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.73.183.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-73-183-234.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
f1328936bb058f2305664a8507a0be9b5cf477e10edef84ecfaabaf315e3e24c

Request headers

Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Wed, 06 Apr 2022 17:11:50 GMT
content-encoding
br
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store
access-control-allow-credentials
true
023a064.js
huntr.dev/_nuxt/ 		50 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/023a064.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/5cca8a0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:d600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5209409a63c8d4768b057892605b29c8e25dc9db456b9c0d1d43d9e98f37d4dd
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:11:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Wed, 06 Apr 2022 13:34:58 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"578e30fa05d132e52d057072a1c5423d"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 3ffa21fde24be18d36c5d5b13a622abe.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=600
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
Xo4jHbJGCVjmQ36AQJSui-I4R-oG_d-U38s1Lrnyxpis46-T31vr7g==
29351179
avatars.githubusercontent.com/u/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/29351179?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/3f02194.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
18924f0b6f17ae819efedecbb28e8a355ae52f4a4f1ab9e7b04b0f7647351acf
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-fastly-request-id
fd6f8e7d126212aef3e28a83f6e318a8061dd1c7
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
3
vary
Authorization,Accept-Encoding
content-length
29179
x-xss-protection
1; mode=block
x-served-by
cache-mxp6950-MXP
last-modified
Sun, 11 Jun 2017 13:28:35 GMT
x-github-request-id
0819:2DD5:62414C:667648:624C0D03
x-timer
S1649265111.731739,VS0,VE0
x-frame-options
deny
date
Wed, 06 Apr 2022 17:11:50 GMT
source-age
113875
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"8b120dbf01db4a99f80024b503d8c902d1299db8b22f19a26279ee39a2ccba1a"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 06 Apr 2022 17:16:50 GMT
283089
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/openemr.png
  • https://avatars.githubusercontent.com/u/283089?v=4
11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/283089?v=4
Protocol
H2
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3bdb58ab93f3a3768080520a107a92c0fec278a395253dc6678d710867fcff5d
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-fastly-request-id
9a9f0131254e813a512b792b105c26e9f4334e56
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
2
vary
Authorization,Accept-Encoding
content-length
11346
x-xss-protection
1; mode=block
x-served-by
cache-mxp6950-MXP
last-modified
Sun, 03 Dec 2017 23:01:02 GMT
x-github-request-id
F828:D51B:C158B0:D26E40:6242B845
x-timer
S1649265111.781773,VS0,VE0
x-frame-options
deny
date
Wed, 06 Apr 2022 17:11:50 GMT
source-age
725394
strict-transport-security
max-age=31557600
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
"aacedf05eb9121a4573e72e01665bfaccf045e6109831c60c8165f500ee3e735"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 06 Apr 2022 17:16:50 GMT

Redirect headers

date
Wed, 06 Apr 2022 17:11:48 GMT
x-content-type-options
nosniff
vary
X-PJAX, X-PJAX-Container, Accept-Encoding, Accept, X-Requested-With
content-length
116
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
E692:13649:66605E:6B146B:624DC9D4
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/283089?v=4
cache-control
no-cache
permissions-policy
interest-cohort=()
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
55323451
avatars.githubusercontent.com/u/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/55323451?v=4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
13d93c3869631680be7177c6f15caa6468bafeace6b72d736d004c95ea57c62d
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-fastly-request-id
c8aa4a7c06d4e00db5b9030287a669e7d484442f
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
2
vary
Authorization,Accept-Encoding
content-length
17492
x-xss-protection
1; mode=block
x-served-by
cache-mxp6950-MXP
last-modified
Fri, 05 Nov 2021 23:22:53 GMT
x-github-request-id
7FA0:2B72:24E2B9A:26C2AA4:62398126
x-timer
S1649265111.751004,VS0,VE0
x-frame-options
deny
date
Wed, 06 Apr 2022 17:11:50 GMT
source-age
1329329
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"70dd35c5b34af3111326bd6bb12a7108fd0eda1973d3e1caa0f478d601e808ae"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 06 Apr 2022 17:16:50 GMT
57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e
prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/ Frame C210
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--6cb91ac7b4e48808e78a8d6ff61c52a99da0...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filenam...
18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220406%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220406T171150Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=641877d6738737924cf3e5360609199809f4ae21ad5dde2bf4933cc9c47eea34
Protocol
HTTP/1.1
Server
52.217.49.180 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Wed, 06 Apr 2022 17:11:52 GMT
Last-Modified
Wed, 30 Mar 2022 16:04:43 GMT
Server
AmazonS3
x-amz-request-id
F1ZWVGB0JP8F8HRK
ETag
"46905dbd95a052f59e14b7dec8b50a6a"
Content-Type
image/png
Content-Disposition
inline; filename="New Project %2816%29.png"; filename*=UTF-8''New%20Project%20%2816%29.png
Accept-Ranges
bytes
Content-Length
18903
x-amz-id-2
c0jZQMP0qWR3zQBdR9rQDPUrS0n6ySLbMnU+glskEVr8oCyjx32yDvLgEiiYBraNi7WrgXKzprc=

Redirect headers

Date
Wed, 06 Apr 2022 17:11:50 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
f524a423-812c-4247-ae77-ff9df8e15681
X-Runtime
0.092080
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/2ll67w41cg1ugvvjj7lvmhtlw499/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220406%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220406T171150Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=641877d6738737924cf3e5360609199809f4ae21ad5dde2bf4933cc9c47eea34
Cache-Control
max-age=300, private
logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame C210 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.chatwoot.com/brand-assets/logo_thumbnail.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.237.133.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-133-81.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 06 Apr 2022 17:11:50 GMT
Via
1.1 vegur
Last-Modified
Wed, 06 Apr 2022 08:24:55 GMT
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/svg+xml
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
916
57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e
prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/ Frame C210
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBclZUIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--31ae538bf9d04000e44a5bbe8feed382c0892b6f/eyJ...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filenam...
91 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220406%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220406T171150Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=5275c2e92384d7221b97093f66b4732e4af93289509ec0cff8382c7ddcd5a190
Protocol
HTTP/1.1
Server
52.217.49.180 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4a95b5c247339fdab7e5a42415d06af62c2338c1570cdadee683f256c49d0916

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Wed, 06 Apr 2022 17:11:52 GMT
Last-Modified
Thu, 05 Aug 2021 20:40:50 GMT
Server
AmazonS3
x-amz-request-id
F1ZG6R9N81RGFV53
ETag
"9fd358b18d93851b67b6b768bddd8bb6"
Content-Type
image/png
Content-Disposition
inline; filename="profile.png"; filename*=UTF-8''profile.png
Accept-Ranges
bytes
Content-Length
93584
x-amz-id-2
zb26mP9qvUOhhqZRoXudBmf85g2yHcniP8l/CnheeA6UA+ukoAzCMVqUoGtvYajoTcH37bHuW3k=

Redirect headers

Date
Wed, 06 Apr 2022 17:11:50 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
e977c5a5-f867-4a7e-aa78-b0eae81b89e9
X-Runtime
0.052286
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220406%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220406T171150Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=5275c2e92384d7221b97093f66b4732e4af93289509ec0cff8382c7ddcd5a190
Cache-Control
max-age=300, private
/
app.posthog.com/e/ 		13 B
297 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1649265112176
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.93.102.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-93-102-238.compute-1.amazonaws.com
Software
gunicorn /
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 06 Apr 2022 17:11:52 GMT
referrer-policy
same-origin
server
gunicorn
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With
content-length
13
x-content-type-options
nosniff

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ object| core object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ object| analytics object| chatwootSettings object| $nuxt object| chatwootSDK object| $chatwoot object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| AnalyticsNext object| hotjarDeps function| hotjarLoader object| sentryDeps function| sentryLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| sentryIntegration object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| Sentry object| __SENTRY__ function| playAudioAlert

10 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%2217fffdc688275f-0306e6f28e490c-1f343371-1d4c00-17fffdc6883cd4%22%2C%22%24device_id%22%3A%2217fffdc688275f-0306e6f28e490c-1f343371-1d4c00-17fffdc6883cd4%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1649265109163%2C%2217fffdc68ab458-00fbd5fef0891c-1f343371-1d4c00-17fffdc68ac6a9%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
.huntr.dev/ Name: ajs_anonymous_id
Value: e872cefa-33f6-4acd-8834-0bf269d11f61
huntr.dev/ Name: cw_conversation
Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhOWI2NWJiZS1kNTg2LTQ0N2YtOGEyMy0xNDYwMGJhZTU1NzIiLCJpbmJveF9pZCI6MTQxMn0.oWn6252Hx65xAGVf8cGXJXOzHuyk4SLQlq5b95aXmk0
.huntr.dev/ Name: _hjSessionUser_2380708
Value: eyJpZCI6ImZlZmM0YTM3LTYzZGItNWQ2Yy05NmE5LTc2ZDVmMzQ3OWVkMSIsImNyZWF0ZWQiOjE2NDkyNjUxMTA1NDksImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/ Name: _hjFirstSeen
Value: 1
huntr.dev/ Name: _hjIncludedInSessionSample
Value: 0
.huntr.dev/ Name: _hjSession_2380708
Value: eyJpZCI6IjEwMWNmNTViLWFjMzktNDhlMy1iNDIxLTg4YTliMzY1NGNmMSIsImNyZWF0ZWQiOjE2NDkyNjUxMTA1ODUsImluU2FtcGxlIjpmYWxzZX0=
huntr.dev/ Name: _hjIncludedInPageviewSample
Value: 1
.huntr.dev/ Name: _hjAbsoluteSessionInProgress
Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
github.com
huntr.dev
i.postimg.cc
in.hotjar.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
140.82.121.3
141.94.130.128
143.204.215.95
18.66.248.56
2600:9000:225a:b400:7:dce7:b680:21
2600:9000:2260:d600:14:bb32:5f00:93a1
2606:50c0:8000::154
2a04:4e42::729
3.93.102.238
52.217.49.180
54.149.50.128
54.237.133.81
54.73.183.234
65.9.66.34
99.86.4.22
99.86.8.175
0040cc1a846be01f5f56dcd02327ca88de7613dacf9018bfad5f4df64b125a9c
044a7784699f2d122661f43bb4a8441bf7c8e85c78693fc8090b36c7c82044a0
04e927aedd7e61c330b08636fb4a8ed48f53a74b6f804838d58d40f4a1631f4b
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
0a98c9b99d2f4d0b88db1b5b89c1f4e0ce56c4e13aa03e17bee3767b55355f6b
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
13d93c3869631680be7177c6f15caa6468bafeace6b72d736d004c95ea57c62d
18924f0b6f17ae819efedecbb28e8a355ae52f4a4f1ab9e7b04b0f7647351acf
198bcb3f4f57f4828d23e402e42c7fe805a57d167e17c5eb81b1851bff1c6ee0
207348661d8104d3737a3c267c6a55b8858a78d7fdf1987ba7dcf65bf0f56731
22423e113628c1028d7bee4e3de3733132aed0f532d89c0b59cdeac7e1af6784
2332fc9e9a9c2f3231ac212f6fd84af0a0c65edecf2cbbd744df1fbb263583db
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
2ff43deebbb2369ffbcc02032717514475c2eac63c9757e3ca56df59d905e450
30c86e29c13e3bd7400cee0c063214bd035ac7fdfa011ae4bb8fb9d0036981ca
325c7d6e6f19c0dd13d27af57965881b19d410df75ac2f99c01473726a1dd3cd
352a47912631dd9a6aea92a61fb973ca88b7f4cb597346ccbae7a850c0cab77f
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
3832eeeb9a9d4fc14a16351445d09fe4470cabefbe41ae1a2a60fc60a60fd585
3bdb58ab93f3a3768080520a107a92c0fec278a395253dc6678d710867fcff5d
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a95b5c247339fdab7e5a42415d06af62c2338c1570cdadee683f256c49d0916
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5209409a63c8d4768b057892605b29c8e25dc9db456b9c0d1d43d9e98f37d4dd
5bf0ee89c2d026d01f458d22854446273a94ad0a5e746db50c06cc73a8e2e20e
5ee19f2716685d9b8c858d2a2473f809edcdda30e6edd687399a95e09e22cc00
6a74e26636816c23aefe287ec9758b5ed2d33c2b6bbf783c1fff8ebadfb03812
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
6ff6c2ae10d61435f42ea14161a5e1c1bc70b4aba6d3e44b1aa73acdf6ab4291
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
83c69a85ae5ce23e12728f8f0c6aa480d7e4c587489899e07abbc7ceb58c3111
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
95f2a2d9bf981b3f923cc601270603e88c14767e7e29310eb2d8b6b1407457f1
98d263d94a0353d93a51556e3cd5918ce20055f32cc6e1dd7257da423d817269
9b6ef96a602ffbc562e60e7001c82ce93474588173d1ce084c872bdf73b40e21
9ba90947696a0ab28573382ca2ce75b5dc664e4d49d231246f08b6e589dd09fc
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
a26078177a61e9ea9135d66f6669d2dba7629e7ba3c8a1439d915bab77148243
a86b41247e36b3ff3a7300d11dcde765c229eb90d85604e9b04d1dd657a3d39c
b0265949bac0ef564e6bd6e54f6f1dec4f184e0bdbc3c1546005c94c3e819495
b085a4ae94b45ea034aa52973063b0e2dbaa20c655ff70b3158f0c820ba99209
b6cc91b88a0e4b6ceb9c85e5388d8a52e4983ae06a623c945c539874f59e0931
bfc862ec13fd01b0aec439c46f58891d874e396025c9c5974ea2c05435cdb7b9
bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b
c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32
c2256ca967e5343339a586843799f60c8b3d82c570d2dfba9838a1016d85debf
d37353d6da8d33066205d762078967b78a0faae3859aff1953e9a9e7107e660a
d40d0716597be50d78489f55e6b7ad167672f72c916612f6daa31563ad64e5f0
d98b7fc9c04389caaa48c773f707038efbfadcb84aaf68868e27a8392461ec32
db404b06b88b317d780f295d5af2f1b5a1a8dae8a71d2a03687e9864263b73a0
dd9d80dc11454327eae7f0f516326281e8d1c30d432878d104a01cdca84840ca
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e17900682004a70680ef07bcf114ef26e6cb94853892133a869e89e110b40a53
e349c5a94ac4582a91eeba90a10c4c2aad4568169f75138231a04c263a2ffc9b
e5ce5fd7f2342018d02fc36ec0cbd00118577fa48d4fe579a65eb0b02abef0d2
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa
ebcde6b1885e83984d923a39be0ff70b604609446207d8ad17e1dcf2ea83eef9
ec1f39dfa709dbfd54f64eb0ee10e903370f413ee64a6d003a2ca96e8a753731
ec7c17f32f88526fbf474b9830ffe7620c82e250d4540ec8d3a98ae328238815
f0161f2f91dd7e0f48e97bff0536f3bc0a8e45996a43fd50ece88f8c1df2d744
f1328936bb058f2305664a8507a0be9b5cf477e10edef84ecfaabaf315e3e24c
fde18e667f959d5e3b8c8a21e9bd0e44d945b7210b94d3897b0ae8491b4738ab
fe8881595794eedbecfec508bbdc2821659ae7d30cc11be96d687ab1b2d61986