huntr.dev Open in urlscan Pro
2600:9000:223d:a600:14:bb32:5f00:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
Submission: On January 12 via api (January 12th 2022, 1:37:39 pm UTC) from US — Scanned from DE

Summary HTTP 80 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 15 IPs in 2 countries across 10 domains to perform 80 HTTP transactions. The main IP is 2600:9000:223d:a600:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon on February 25th 2021. Valid for: a year.

This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 36	2600:9000:223... 2600:9000:223d:a600:14:bb32:5f00:93a1	16509 (AMAZON-02) (AMAZON-02)
8	99.86.7.85 99.86.7.85	16509 (AMAZON-02) (AMAZON-02)
2 12	52.202.168.65 52.202.168.65	14618 (AMAZON-AES) (AMAZON-AES)
2	52.87.13.132 52.87.13.132	14618 (AMAZON-AES) (AMAZON-AES)
10	13.35.253.34 13.35.253.34	16509 (AMAZON-02) (AMAZON-02)
1	13.32.22.92 13.32.22.92	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42:600... 2a04:4e42:600::729	54113 (FASTLY) (FASTLY)
1	54.186.140.208 54.186.140.208	16509 (AMAZON-02) (AMAZON-02)
1	143.204.98.45 143.204.98.45	16509 (AMAZON-02) (AMAZON-02)
1	143.204.98.69 143.204.98.69	16509 (AMAZON-02) (AMAZON-02)
1	18.202.160.2 18.202.160.2	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:214... 2600:9000:214f:fc00:7:dce7:b680:21	16509 (AMAZON-02) (AMAZON-02)
2	52.217.206.161 52.217.206.161	16509 (AMAZON-02) (AMAZON-02)
2	2606:50c0:800... 2606:50c0:8001::154	54113 (FASTLY) (FASTLY)
80	15

36 2600:9000:223d:a600:14:bb32:5f00:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

huntr.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 99.86.7.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-85.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.202.168.65 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-168-65.compute-1.amazonaws.com

app.chatwoot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.87.13.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-13-132.compute-1.amazonaws.com

app.posthog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.35.253.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-34.fra6.r.cloudfront.net

mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.22.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-92.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::729 (United States)

ASN54113 (FASTLY, US)

browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.186.140.208 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-140-208.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-45.fra50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-69.fra50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.202.160.2 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-160-2.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:214f:fc00:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)

d3tq67kexc2w2i.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.217.206.161 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

prod-chatwoot-assets.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:50c0:8001::154 (United States)

ASN54113 (FASTLY, US)

avatars.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	huntr.dev 1 redirects huntr.dev	1 MB
12	amazonaws.com mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com prod-chatwoot-assets.s3.amazonaws.com	138 KB
12	chatwoot.com 2 redirects app.chatwoot.com — Cisco Umbrella Rank: 567321	34 KB
8	segment.com cdn.segment.com — Cisco Umbrella Rank: 1486	82 KB
4	cloudfront.net d3tq67kexc2w2i.cloudfront.net	261 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 573 script.hotjar.com — Cisco Umbrella Rank: 719 vars.hotjar.com — Cisco Umbrella Rank: 857 in.hotjar.com — Cisco Umbrella Rank: 1592	66 KB
2	githubusercontent.com avatars.githubusercontent.com — Cisco Umbrella Rank: 7766	24 KB
2	sentry-cdn.com browser.sentry-cdn.com — Cisco Umbrella Rank: 4330	19 KB
2	posthog.com app.posthog.com — Cisco Umbrella Rank: 85202	776 B
1	segment.io api.segment.io — Cisco Umbrella Rank: 991	138 B
80	10

	Domain	Requested by
36	huntr.dev	1 redirects huntr.dev
12	app.chatwoot.com	2 redirects huntr.dev app.chatwoot.com d3tq67kexc2w2i.cloudfront.net
10	mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com	huntr.dev browser.sentry-cdn.com
8	cdn.segment.com	huntr.dev cdn.segment.com
4	d3tq67kexc2w2i.cloudfront.net	app.chatwoot.com d3tq67kexc2w2i.cloudfront.net
2	avatars.githubusercontent.com	huntr.dev
2	prod-chatwoot-assets.s3.amazonaws.com
2	browser.sentry-cdn.com	cdn.segment.com
2	app.posthog.com	huntr.dev browser.sentry-cdn.com
1	in.hotjar.com	browser.sentry-cdn.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	api.segment.io	cdn.segment.com
1	static.hotjar.com	cdn.segment.com
80	14

This site contains links to these domains. Also see Links.

Domain
www.github.com
github.com
nvd.nist.gov
cwe.mitre.org
linkedin.com
twitter.com
www.youtube.com
instagram.com
418sec.com
www.418sec.com

Subject Issuer	Validity	Valid
*.huntr.dev Amazon	`2021-02-25` - `2022-03-26`	a year	crt.sh
*.segment.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-19` - `2022-08-09`	a year	crt.sh
app.chatwoot.com R3	`2021-11-19` - `2022-02-17`	3 months	crt.sh
app.posthog.com Amazon	`2021-11-04` - `2022-12-02`	a year	crt.sh
*.appsync-api.eu-west-1.amazonaws.com Amazon	`2022-01-06` - `2023-02-04`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-11-26` - `2022-12-28`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh

This page contains 3 frames:

Primary Page: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
Frame ID: 7E509FEA4530EBD53B50FBC0FF7A2B15
Requests: 60 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html
Frame ID: AEAD416359B1EB7DE1D1D4951CE571D5
Requests: 1 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: 8FEC1A61D92ADE18E08D55E714DA0260
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cross-site Scripting (XSS) - Stored vulnerability found in orchardcore

Page URL History Show full URLs

https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b HTTP 301
https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/ Page URL

Detected technologies

Sentry (Issue Trackers) Expand

Overall confidence: 100%
Detected patterns

browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

Page Statistics

80
Requests

98 %
HTTPS

29 %
IPv6

10
Domains

14
Subdomains

15
IPs

2
Countries

1812 kB
Transfer

5316 kB
Size

10
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.github.com/orchardcms/orchardcore
Title: orchardcms/orchardcore

Search URL Search Domain Scan URL

URL: https://github.com/OrchardCMS/OrchardCore/blob/main/src/OrchardCore.Modules/OrchardCore.Layers/Views/Admin/Index.cshtml#L54
Title: Index.cshtml L54

Search URL Search Domain Scan URL

URL: https://github.com/OrchardCMS/OrchardCore/blob/main/src/OrchardCore.Modules/OrchardCore.Contents/Views/ContentsAdminListCreate.cshtml#L19
Title: ContentsAdminListCreate.cshtml L19

Search URL Search Domain Scan URL

URL: https://github.com/OrchardCMS/OrchardCore/blob/main/src/OrchardCore.Modules/OrchardCore.Demo/Pages/Hello.cshtml#L25
Title: Hello.cshtml L25

Search URL Search Domain Scan URL

URL: https://github.com/orchardcms/orchardcore
Title: orchardcms/orchardcore

Search URL Search Domain Scan URL

URL: https://github.com/orchardcms/orchardcore/issues/10982
Title: GitHub Issue

Search URL Search Domain Scan URL

URL: https://www.github.com/orchardcms/orchardcore/commit/4da927d39a49138527c30db09c962ff706f95202
Title: 4da927

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0159
Title: CVE-2022-0159

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/79.html
Title: CWE-79

Search URL Search Domain Scan URL

URL: https://github.com/laladee

Search URL Search Domain Scan URL

URL: https://linkedin.com/in/use-laladee

Search URL Search Domain Scan URL

URL: https://github.com/418sec/huntr

Search URL Search Domain Scan URL

URL: https://twitter.com/huntrdev

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC33YyLk3vdtnPqLeOuEZc2w

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/huntrdev

Search URL Search Domain Scan URL

URL: https://instagram.com/huntr.dev

Search URL Search Domain Scan URL

URL: https://418sec.com/
Title: company

Search URL Search Domain Scan URL

URL: https://www.418sec.com/#about
Title: about

Search URL Search Domain Scan URL

URL: https://www.418sec.com/#team
Title: team

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b HTTP 301
https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 59

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJYW5CbkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--d5bd8600745fd77201f6159b61f8b9f6f6f54b0a/huntr_logo.jpg HTTP 302
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133735Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c291963794b862c05e20af7c2470e27db0a6f0a8c8b1c4f15f8627f3fa5fd3ef

Request Chain 78

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBclZUIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--31ae538bf9d04000e44a5bbe8feed382c0892b6f/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--0ebc19c01420fe8a8c6a202fcf9e63947dea59fd/profile.png HTTP 302
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133735Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=9a54ddf8f05a7328d3bb0b066621e65a68d6477010198de5fd898a212c4ae5e3

80 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request / Show response
huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
Redirect Chain

https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b
https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/

5 KB
2 KB

102ms
101ms

Document
text/html

2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6190ebed8568901a2628a503e0bd1e72c10e6a5cc207193038f4a8c13fac9485

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html
date: Wed, 12 Jan 2022 13:37:32 GMT
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: u7wUFJGTlwVIkJMw5z8TnEZTGdFDM8MXYNe9tXljS3O5fWrm6piZ8w==

Redirect headers

content-type: application/xml
content-length: 0
date: Wed, 12 Jan 2022 13:37:33 GMT
server: AmazonS3
location: /bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
x-cache: Miss from cloudfront
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: rTGGkbVja44H0UJmb_UM9laUTQnr29RmLgby7Ftc_wvrzmO1fzAC-A==

GET
H2 200 f09ddd7.js Show response
huntr.dev/_nuxt/ 3 KB
3 KB 74ms
73ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/f09ddd7.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3ef0abb4845e08bf9ee05a34d8457724a637662a9030904aab5214c0e24a27a4

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"1637828b6467e9eba7ccaf747060225a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 59fgSnqgLlAZtwuDKTG2VpRsEdfIvzFWRbJxqukbgx7Yx8THBYoz5w==

GET
H2 200 31a45b0.js Show response
huntr.dev/_nuxt/ 299 KB
104 KB 82ms
81ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/31a45b0.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d3dcec4f248e2811281de6c0e8755ae7e03a72c54dc9b4d1e1ca7ce6ba3de30c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"753b0b0c61eb75e0594361a492eb0f96"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: _Otv2zx8IYv1xPrRyyTN41xv0Wj2jSGFF0BE-7Zl3gXDyP_mUTQRzw==

GET
H2 200 fbe198b.js Show response
huntr.dev/_nuxt/ 1 MB
309 KB 82ms
82ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/fbe198b.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b91bb18b545e5ae1b449eb4861af099fba89ce33c280f9b95f692d2367ea66ca

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"38a252c1a4726c2910305a7100db45ae"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: hTLehaT3xlzxSV2aQJIr-8zcaM34KtCz0GxM0mBLGNmpjjL-efwnxw==

GET
H2 200 d6b8649.js Show response
huntr.dev/_nuxt/ 74 KB
14 KB 85ms
85ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/d6b8649.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

78bb08ba17e489b63c7ceac9b4e8f4ac40450b9b64b40016626cb4d554297f69

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"a940690290b4af643ee4d8848fae79c5"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: R_nwByy4HC82WfACdguOoJgIDeVTAfbvMR1xMDN_kSNEgc7mcv55tg==

GET
H2 200 5e1f917.js Show response
huntr.dev/_nuxt/ 14 KB
6 KB 83ms
82ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/5e1f917.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

52bfe2c491b876e967ad8d9a46e5c43e4b342c204e865e049f3b74daaed7af84

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"4f650a111ec29530e868ed62dda88f76"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: kOT6-0rhmxEA7BoJU1p6U9-ddBemkDPL9Jh6mPLDS48xaFGBAhU9vA==

GET
H2 200 bf1611b.js Show response
huntr.dev/_nuxt/ 66 KB
19 KB 76ms
75ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/bf1611b.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6807e1d77edfeb9a4bb6d32f2bd8bea0e411aa158df9c3dc13a0be01dfca8f6b

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"3b49b6665c0823f885ce24348563538a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: q8iLI9x6oQVOohXF4rJ81Yy2IYJlyhDOpjlTi-XgXy9NfwENRLrZLg==

GET
H2 200 6c6d905.js Show response
huntr.dev/_nuxt/ 863 KB
273 KB 81ms
80ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/6c6d905.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7561fb9f36929fc5ee536239058b9ecff2d8075c5953dc2f81571a4d0fb0bbec

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"3a735ec63de389352387485e74332657"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: MkBqPy8yY466ENrEJ2zdo4clQFIudSnZlqhAnummoAOiRyaM2ZMidA==

GET
H2 200 7599c55.js Show response
huntr.dev/_nuxt/ 68 KB
15 KB 74ms
74ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/7599c55.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

506aa0ea770d002656c5a0884b149d33efd23951ca16bdbe7e3d76e8d0531a4c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"60f2fd04c9bea401a4ef96568780c81a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: mtxmXGRb-iVjNTDb67DkM3ikiCbJtQ5RF3YYCI36soVtDWhzCK7aTw==

GET
H2 200 6377196.js Show response
huntr.dev/_nuxt/ 183 KB
41 KB 102ms
102ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/6377196.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

10f593138390e0dca1a2bb1fd8b75b95e21e85363ed6e8941ac7ca9b73eaa58a

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"c44183da06fe8cb0d29fbdcbddb7aa6b"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: XWyW3k51rd8gtixQhAUePPeu7EKUfl7CAFOSCT_iTTobRHuaNPYc1A==

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 89 KB
24 KB 26ms
8ms Script
text/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae3711b69005cf8726b54df4b235f63d7ff9fb121ee2f3300b3b390215d09cb6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: QmhhTelhGE5paszzoYpPSspve3d4V_3d
content-encoding: br
etag: W/"23c66d249d6007e9395c095924914eb0"
age: 69
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Fri, 19 Nov 2021 21:20:02 GMT
server: AmazonS3
date: Wed, 12 Jan 2022 13:36:25 GMT
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
cache-control: public, max-age=120
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: MSbPxpAp3HlJgXtglEFLrkEWY8W16xG2krFk7KJ_Q2jxlWoKl37Q8A==

GET
H/1.1 200
OK sdk.js Show response
app.chatwoot.com/packs/js/ 51 KB
16 KB 335ms
102ms Script
application/javascript 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/packs/js/sdk.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/d6b8649.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

5c1941d5f7e989c15891c78441408048088fcd0ce5330b958187504340e0d528

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:37:33 GMT
Content-Encoding: br
Last-Modified: Wed, 12 Jan 2022 06:48:38 GMT
Server: Cowboy
Vary: Accept-Encoding, Origin
Connection: keep-alive
Content-Type: application/javascript
Via: 1.1 vegur
Cache-Control: public, max-age=31556952
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 16254

POST
H2 200 / Show response
app.posthog.com/decide/ 193 B
479 B 328ms
132ms XHR
application/json 52.87.13.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.posthog.com/decide/?v=2&ip=1&_=1641994653873

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.87.13.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-87-13-132.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
referrer-policy: same-origin
server: gunicorn
x-frame-options: DENY
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://huntr.dev
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
content-length: 193
x-content-type-options: nosniff

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 6 KB
2 KB 308ms
308ms XHR
application/json 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash: f8e8a2d525139b5a3807e85b5f436801ed293b34fa2c7ac1322073ae1ee1b6b3

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: c6dc9ba5-60ed-4c5e-92f3-0fdcd09fcd4a
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id: bestuRp4iF64P02c7j6l9ip8tRSiw0iBYLff6bIQcOFQ-1WvzWp9RQ==
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 96ms
77ms Preflight 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:37:34 GMT
x-amzn-requestid: 171d6a85-4627-4ca6-a489-de0eeb029fdc
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: Cqm6IVTpuje3OIbFGs-0nx38c2YejIwViGtz38tv87pOaecvyTwWVQ==

GET
H2 200 Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 240 KB
111 KB 75ms
75ms Font
font/ttf 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"ee6539921d713482b8ccd4d0d23961bb"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/ttf
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: iJYz-Lrqv1bijqeEGLf03XKOIKhlVqndF2NVsqBSbDjSPskzeM87SA==

GET
H2 200 Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 237 KB
110 KB 76ms
75ms Font
font/ttf 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"c8b6e083af3f94009801989c3739425e"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/ttf
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: mFgGvANsYabxLyf4BfV7XzGMq0dZK_Es1fAcuGWPQMiB-TEjombnZg==

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 2 KB
1 KB 25ms
8ms XHR
application/json 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 04e927aedd7e61c330b08636fb4a8ed48f53a74b6f804838d58d40f4a1631f4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: fMRaECo1ddvhaCCpmS9MNNcM4pHj6SCw
content-encoding: br
etag: W/"441c711770a14e48ac8c7bf30078ca2b"
age: 6983
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Thu, 09 Dec 2021 15:32:10 GMT
server: AmazonS3
date: Wed, 12 Jan 2022 11:41:12 GMT
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
cache-control: public, max-age=10800
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: qJ_w_o2x_Rb9ASDMO2V8qdjxcZTa5xHtPM34E-SfbtwFNzzOCwh40A==

GET
H2 200 22e71a7.js Show response
huntr.dev/_nuxt/ 37 KB
9 KB 85ms
85ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/22e71a7.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

43caf074caf0b74abf298083d24582bcc6222300c4758a34923b25664d964896

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"299e600939836addc690948bdc899d44"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: MLJpIF04CcHIuBmxJ7YJueT538HVRkHXVsqFMCeO2KEBo9282rUILA==

GET
H2 200 manifest.js Show response
huntr.dev/_nuxt/static/1641578563/ 89 KB
29 KB 93ms
93ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/manifest.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

581328a6d6e6e92f7eccc5237174bd8ed73c929960bd4c838de73afea046e87a

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"ace4503cfb70368daf6b9d3d9634e5e4"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: yzMvTMX89KTrSx5nYU4FXz5zHWAfGQWFEHwvey42ILlh3UV__beK9g==

GET
H2 200 65a6cfc.js Show response
huntr.dev/_nuxt/ 49 KB
13 KB 143ms
143ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/65a6cfc.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

211b5a9c89ca2bdb19447e2159875ba8be570b4e42d1962beca5bfad01b93b41

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"fac665e2ab8da270fc3fe50dc9636e0a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: fXZHnbebzfIm4XTUTUAVg1-y2NeqqSCJ4WA2Z71SQsd0sRAYHJkNFA==

GET
H2 200 ab902e6.js Show response
huntr.dev/_nuxt/ 183 KB
48 KB 93ms
92ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/ab902e6.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8993e0383e40e5bd3b61be2e4e7acbf8e8325863491928a06a1a0c25cfa7fdaa

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"60b2eb6b70bbfcac0f3eb9dd9fcf96c7"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: uy0lk63Qyei491npqviTasqUqTNw21oMhTfQut_3DHePe4HfmEUEhg==

GET
H2 200 a7f1227.js Show response
huntr.dev/_nuxt/ 47 KB
15 KB 73ms
72ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/a7f1227.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b9917ccf39f0ee3919543b9e3e00f636f66b3a22c67f30887708e2c6b5bfd439

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"635f2284a670fff39f4472ced5544fce"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: C50nr7-RpDG70AfnVI_B4GdDJh-y8pJhQTUcB2ewE8WIotgAn5ucow==

GET
H2 200 5ae2eef.js Show response
huntr.dev/_nuxt/ 6 KB
3 KB 78ms
77ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/5ae2eef.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6da167fbba631ae8858acb2511800949ad269156bb7a7af0e9b5455d887d7e8c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"4fe46ce58718ca2d678c49b9dc35d4ff"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: jULczRet0kaS8CpUsoTQUYgr_TpFo94BOGGdmUFQm09eqFN7dsotqg==

GET
H2 200 7b78e9f.js Show response
huntr.dev/_nuxt/ 4 KB
3 KB 88ms
87ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/7b78e9f.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f120052d211097e6bedc7819573661081c96151aeef903e657927c66260937c1

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"2f965042178b317436d8035317592b30"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: vVyG4TYQydi4UsG5Y6rSePPavfpRWGhdA2meDCo1Xb749p742HCFMw==

GET
H2 200 1c3acf0.js Show response
huntr.dev/_nuxt/ 23 KB
7 KB 88ms
87ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/1c3acf0.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6ec4210b7a41340415fcad48cdcd9fabf3497b1512d43c297077806fe9aed7c7

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"7ed623eb3afcc7f474b753b9e33a1005"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: bwE9X8NGtx6MFrlP6HCnwJRfAdEbIsr4C7DN5RUTMF5JdCXZ3o3SXw==

GET
H2 200 ba2849c.js Show response
huntr.dev/_nuxt/ 1 KB
2 KB 82ms
82ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/ba2849c.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4e0a3da788c1c015983887d374c806e0e22e00c1a05478ff48d4ddd00bc22830

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"be10b6951d5a8ed2d6dc34a728e8a821"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: pQe_0iGs_R8E98-g3iBd4JaWzl0Il4UHV04DZ91Wvqkuj3WOWKW2Tw==

GET
H2 200 ee0fe59.js Show response
huntr.dev/_nuxt/ 1 KB
2 KB 79ms
79ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/ee0fe59.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0069019b0f2cbc057ad4f69c01c9f510a46e86d4160f4093709f4da5999e8f76

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"951d2cbf6ecf7eef122de0b28315fb78"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: NAqV9nWw2uw7Zyse4O2aLk0qEuEhaKbEntSLqwHjOcOamKK9Oh4-rg==

GET
H2 200 130.bundle.55742ac9337d9e12bdd6.js Show response
cdn.segment.com/analytics-next/bundles/ 10 KB
4 KB 8ms
7ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/130.bundle.55742ac9337d9e12bdd6.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 98cfbc4941d976520dde0a548b87b499e1c0454f9bc38aeb581b9e13b1e219a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:32:35 GMT
content-encoding: br
vary: Accept-Encoding
age: 4053900
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Thu, 25 Nov 2021 23:09:33 GMT
server: AmazonS3
etag: W/"c32e07e36ae390e42c9cea85fcb9bb33"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: 7wIf9T6uzKT9TQ8NphPW2FKHVOtBcj40
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
content-type: application/javascript
x-amz-cf-id: pM5KJ96Oq-ZZCf_dgdUQ0JKi3MW-84J_H5yZJrFiK1sChogiTC-mLw==

GET
H2 200 ajs-destination.bundle.36b90a11867ae217be52.js Show response
cdn.segment.com/analytics-next/bundles/ 10 KB
3 KB 8ms
7ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.36b90a11867ae217be52.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4397a57f8357b3b0371c6df32a62b87eaa43218c42fa538fb34980bfb0b20a78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 02 Nov 2021 11:40:37 GMT
content-encoding: br
vary: Accept-Encoding
age: 6141418
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Fri, 29 Oct 2021 23:16:36 GMT
server: AmazonS3
etag: W/"605f393e8c3fbadf09528d469743232e"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: FjBsbHA.8FN2h5.3COmnYMKZvuK7a99Y
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
content-type: application/javascript
x-amz-cf-id: 8f2hcdqjb2lBhc4vWwuJ1FMEE6fnwk-mbyPYE3H_yR238Qy1830Vsw==

GET
H2 200 hotjar.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/ 3 KB
2 KB 8ms
8ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:50:52 GMT
content-encoding: gzip
age: 654403
x-cache: Hit from cloudfront
content-length: 1342
access-control-allow-origin: *
last-modified: Thu, 09 Dec 2021 17:29:39 GMT
server: AmazonS3
etag: "8efb1862102ff23cb16241a0b8ff3c9b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: s_9RULedH0BaifUc7v3ON5hu_HkkOIFq
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 9HFttqBN8rE8XCkxuK4sO964LKsDzs2k9XzTtO2xAO9g5twUVJ0oiA==

GET
H2 200 sentry.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 4 KB
2 KB 9ms
9ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e758112ff101392ac7e7b217a21f74bcafa7c8b7b60452014b41826160c87d6f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 23:22:51 GMT
content-encoding: gzip
age: 8950484
x-cache: Hit from cloudfront
content-length: 1639
access-control-allow-origin: *
last-modified: Tue, 28 Sep 2021 23:16:39 GMT
server: AmazonS3
etag: "9434992b2088ef157a888e645136ddd9"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: KkLGnWMXwwsyOOOBY8OvOj7JaKaevyLL
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: fNc8itGlwqoMsurz8aPmgA-cIbdII21tnes365R5JSfTLHyLaflP5g==

GET
H2 200 commons.54701049fd6fb8497e9e.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 8ms
7ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 08 Jan 2022 11:33:50 GMT
content-encoding: gzip
age: 353025
x-cache: Hit from cloudfront
content-length: 22174
access-control-allow-origin: *
last-modified: Thu, 09 Dec 2021 17:29:38 GMT
server: AmazonS3
etag: "7741fd16ad2418cd17ab981f8207b106"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: yMEgoyLxEpM8Rf_rEzgJOY.2Rwl34IeV
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: nAfJsLkEnPdUOg_rElNKsBbTWKy3MAiPdG0q9GUs4Q7f0TLtxaSVhw==

GET
H2 200 commons.3495c86769f191d6894f.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 9ms
8ms Script
application/javascript 99.86.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7b5e884ac6bca471440d62a21038e1b0342c4bc6e840388256b5f4137c2e666e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 14:16:30 GMT
content-encoding: gzip
age: 1639265
x-cache: Hit from cloudfront
content-length: 22175
access-control-allow-origin: *
last-modified: Tue, 12 Oct 2021 23:21:28 GMT
server: AmazonS3
etag: "97bdd3686696ee0e0f60bfaaa6b5693b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: p.AJWplN18GgEfmDvELKjPajEH9VF9mT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: aCFZ-sESaDlvbHJFMmaJC-dMuewLT1kGYIQyLZlc2lGWYdtr8WLI9A==

GET
H2 200 hotjar-2380708.js Show response
static.hotjar.com/c/ 8 KB
3 KB 52ms
34ms Script
application/javascript 13.32.22.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2380708.js?sv=6

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.22.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-22-92.fra56.r.cloudfront.net

Software

Resource Hash

5f0949724bdd234e9ad2104b9917a306c55aad89f52b4bfa9d04efc5d6a36857

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA56-C2
etag: W/c583c69d393d6add1da8cd630a48b5ae
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: Qc3iuK6jSE4yiNvEm-mnwu0Gsyuyc-H2DQQUsd-wIYXdkhJZnHYXtQ==
via: 1.1 dca6db3c8f31f3cd48bb06d78a8be624.cloudfront.net (CloudFront)

GET
H2 200 bundle.min.js Show response
browser.sentry-cdn.com/5.12.1/ 55 KB
17 KB 25ms
7ms Script
application/javascript 2a04:4e42:600::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/5.12.1/bundle.min.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://huntr.dev/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 11:19:05 GMT
server: Fastly
age: 12372491
etag: "1c5228c89d281d08aa0ce908f582609a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 17201
expires: Mon, 22 Aug 2022 08:49:23 GMT

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
138 B 511ms
169ms Fetch
application/json 54.186.140.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.segment.io/v1/p
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.186.140.208 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-186-140-208.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://huntr.dev
date: Wed, 12 Jan 2022 13:37:34 GMT
content-length: 21
vary: Origin
content-type: application/json

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/ 1 KB
1 KB 75ms
72ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"126dd630135f2a51a22e58e9f9dbb73b"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: Ly8E8qGRJ4PK0pMU7WJG1zA2p_57JDMAtXsajyCPqTsGxgJHf5r5vw==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/ 70 B
1 KB 83ms
81ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "ed9a10c88c5ac705aee93e7d26c4fc32"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: 4nZB6y7qLUilqqgBh9ACcLd5hZQXKQaNmX5RDww5cRmSWL1WYTu-7Q==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/disclose/ 79 B
1 KB 85ms
84ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/disclose/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 79
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "11e86df8ac1d9c85f55c418a4fbf5255"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: tkNNBFeaMXjSSfWOn6gmw7vIcRmSbqEWaRkBDRUGQ9Kd8K6wcjXEVw==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/faq/ 15 KB
5 KB 84ms
83ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/faq/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d41e5b545a338f280a64fb8f04cd5c3c4f5f006149559c7aaec1d6c3899f97a4

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"85273804bdff17f9fe54c2dbf2f1c2cd"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: t3L9PY5qyEpim98kI59XoUJm6n_ou19GlfxcZTB40_Tpcj__L5d4IA==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/contact-us/ 72 B
1 KB 73ms
72ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/contact-us/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 72
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "366dc6ea76591bc89566ac85b90aec65"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: E4IZUimJg-T89P_ABTzQfMhwqbOdc2gHwIJpX_iF5fZ22SubGmmahA==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/terms/ 23 KB
7 KB 91ms
90ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/terms/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

833e44e0f40eada5a7ca9770aea05768e576ee5ca6ce20ec636fa51bde65b03c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"8f45459c6a4fb30926c84cab9308c2d2"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: Pn685asBw7mYEiOACgRe2YYrd5S2FTbYzMh9qbK-fE70yhb_ngekIA==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/privacy/ 35 KB
10 KB 82ms
81ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/privacy/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7aabb3c3be9e964e33990c63a17c294a2dfd348422dda57ea50feb8355a34414

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"fab7e71c2829b15ec4b9dca695eb4763"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: FSXYVxPeCb8q1uTvYU8abDkYkZqtVyqDD2bFg553AowmNeHzT-rI3A==

GET
H2 200 rewriteframes.min.js Show response
browser.sentry-cdn.com/5.12.1/ 5 KB
2 KB 18ms
17ms Script
application/javascript 2a04:4e42:600::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://huntr.dev/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 11:19:05 GMT
server: Fastly
age: 3136332
etag: "4e240097ab71acf709caa48e23cd6411"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 1807
expires: Wed, 07 Dec 2022 06:25:22 GMT

GET
H2 200 modules.95d56a8fe70e88a7dcd9.js Show response
script.hotjar.com/ 229 KB
61 KB 43ms
11ms Script
application/javascript 143.204.98.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.95d56a8fe70e88a7dcd9.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.45 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-45.fra50.r.cloudfront.net

Software

Resource Hash

4fd4f9c63843aebb667973c535aa77d95795ebb28635e01b62cf81dfb44aee32

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 13:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88289
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 61466
access-control-allow-origin: *
last-modified: Tue, 11 Jan 2022 13:05:10 GMT
etag: "e2ccd91105747342ee4a8ed27f9e5793"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: YJeo2jy27LKyj251BIUUQffH9qc1XU6wnSx70lf-t7l_aNeEgrZkdQ==

GET
H2 200 box-21ccaa45726c0f3c8c458f7a87eb2298.html Show response
vars.hotjar.com/ Frame AEAD 2 KB
1 KB 34ms
9ms Document
text/html 143.204.98.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-69.fra50.r.cloudfront.net
Software: /
Resource Hash: c5da2e1eefbe4efd64ec18b775495cf3011d9ae03842917bfe1b0a50e03a7a44

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/

Response headers

content-type: text/html
content-length: 1044
date: Mon, 08 Nov 2021 14:05:19 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "6a4e2ae376c29011d2e53de65a08d0b7"
last-modified: Tue, 01 Jun 2021 09:17:15 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: Ip32qiEKAnm8JQrgpzhBgOxW7x9mV8vAfDzFengnRuIUOWXDu_hiWg==
age: 5614335

GET
H/1.1 200
OK widget Show response
app.chatwoot.com/ Frame 8FEC 5 KB
7 KB 163ms
163ms Document
text/html 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

51d2552d619bad96158840c343a8e23323e5e11118e3f97d2bcb541f5deb731e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/

Response headers

Server: Cowboy
Date: Wed, 12 Jan 2022 13:37:33 GMT
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Etag: W/"51d2552d619bad96158840c343a8e233"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 9370f2d7-fbe2-4458-a6fe-0bf27b925ebd
X-Runtime: 0.057528
Strict-Transport-Security: max-age=63072000; includeSubDomains
Transfer-Encoding: chunked
Via: 1.1 vegur

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2380708/ 146 B
321 B 97ms
34ms XHR
application/json 18.202.160.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2380708/visit-data?sv=6
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.202.160.2 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-160-2.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 30886bcaa4bc9292431c9ae196c0b6bbcc4e4311b4839780c91a09c771c76c6e

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 80ms
80ms Preflight 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:37:34 GMT
x-amzn-requestid: 3492e909-a587-4621-bc4b-d152d04552b2
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: AiYoCuUovM5xEU8vhswBYneIJmGKaOT14fSMQJi2VdIL1LC3lY6kYw==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 86ms
86ms Preflight 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:37:34 GMT
x-amzn-requestid: cba5f52b-02d6-4002-943d-5fc50a1d8c69
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: DGP20oOscfLzkkxiAb-MplXp_F6N2n3s1sl5ZlIncU8O7QG9HiDtsA==

GET
H2 200 file.83b6270.svg
huntr.dev/_nuxt/img/ 2 KB
2 KB 90ms
90ms Image
image/svg+xml 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://huntr.dev/_nuxt/img/file.83b6270.svg

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2dfc3666af220b4db71c2dbb69b23f0ba0dcb20761a98e8a770d4f68731f0a7a

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:46 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"c4baa48b7d062183232766e6a41d8d04"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: YgxZvrbk_iTFYz2q4YARa6OD0aiHFaJ8JkhhnvQxOSGZJCUiyp7vtg==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 4 KB
2 KB 341ms
340ms XHR
application/json 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash: 99935af23d80d979e5b6e0afd10e9ec4ef97a4caad72275d934136697fbd1247

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 78e67b9c-a38c-4190-a5ac-a5c22e768cde
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id: aWe0x9eSj7JyEcaDSDCct1wSyjDij8p2iHPl1GvUggLU8chll30rXQ==
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 479 B
872 B 154ms
154ms XHR
application/json 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash: 8b1909d6f778a2c091858e304381f344e9dd32001ef370b34f74c142220cbd95

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 09260eb6-cc9d-438c-bb22-56dd6b24458e
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 479
x-amz-cf-id: 8HKWrUi-k0UClIbbG2Xb1B_Luq2h2rdbAUBj4Uult6zj3Qjj9sFsRg==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 10 KB
3 KB 243ms
243ms XHR
application/json 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash: 99793f97f4695b86043d7803dfcfac24216fb609c99fd7ca4ef25cd48dcda2eb

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 613e6c72-6f65-46c6-9dee-fb7da4063049
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id: b3UQUkmQb1vAI0mzASG9h3xxcZgW3wVB8HP3YcXVakxLklY3nEQiww==
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 84ms
83ms Preflight 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:37:34 GMT
x-amzn-requestid: 04e91f00-b854-44f3-9d55-8a1085f90c6c
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 4qEx5lFHvLMQudEFFOTlq6ItOTDZG56JXKtDGsWhC6xWGwYO2evtLQ==

GET
H2 200 widget-962da5bb0691e5c58b54.js Show response
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 8FEC 646 KB
182 KB 28ms
8ms Script
application/javascript 2600:9000:214f:fc00:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Requested by

Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:fc00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

c7bb7011639a2c9a6ebb7ac5d5c77e24e51babbffc2cfa2b3a1bf17cd37b6bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 06:52:04 GMT
content-encoding: gzip
last-modified: Wed, 12 Jan 2022 06:48:38 GMT
server: Cowboy
age: 24330
vary: Accept-Encoding,Origin
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
via: 1.1 vegur, 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
cache-control: public, max-age=31556952
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA53-C1
content-length: 186244
x-amz-cf-id: anEK5T6qMg8qd5KPhjsDg28S9NmkRjPjgS6h0pEDE8gpsJ_LysRyjA==

GET
H2 200 widget-d3adafff.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 8FEC 36 KB
9 KB 28ms
8ms Stylesheet
text/css 2600:9000:214f:fc00:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css

Requested by

Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:fc00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

24c5c51ddb40e7b5a0b3f5aef0c2c344600214ad11de22c6d3d770b1400d8443

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 06:52:03 GMT
content-encoding: gzip
last-modified: Wed, 12 Jan 2022 06:48:38 GMT
server: Cowboy
age: 24330
vary: Accept-Encoding,Origin
strict-transport-security: max-age=63072000; includeSubDomains
content-type: text/css
via: 1.1 vegur, 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
cache-control: public, max-age=31556952
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA53-C1
content-length: 8455
x-amz-cf-id: 43qn9A4bBziBxMJG_pYO3XrpwFBkE5JYFKsQCwCSxAraTw7aER2woQ==

GET
H/1.1 200
OK conversations Show response
app.chatwoot.com/api/v1/widget/ Frame 8FEC 2 B
646 B 122ms
121ms XHR
application/json 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJiZjgyNzA4My00NGJmLTQ2NWUtODU4MS1jZjYzYTZjMDEwNTgiLCJpbmJveF9pZCI6MTQxMn0.0lLmKhvFvs7oQL5WNELY6dFjwuI974X-m58MgnlCbWk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:37:34 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 61394e70-09d5-4ab7-8e3f-515b326169e6
X-Runtime: 0.019097
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK ding.mp3 Show response
app.chatwoot.com/dashboard/audios/ Frame 8FEC 3 KB
3 KB 223ms
103ms XHR
audio/mpeg 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/dashboard/audios/ding.mp3

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

42b9d70c9c51cfdff6ed60e874771049df657c93a0361220174582f07dceba53

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:37:34 GMT
Via: 1.1 vegur
Last-Modified: Wed, 12 Jan 2022 03:28:49 GMT
Server: Cowboy
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: audio/mpeg
Cache-Control: public, max-age=31556952
Connection: keep-alive
Content-Length: 2667

GET
H/1.1

200
OK

367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7
prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/ Frame 8FEC
Redirect Chain

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJ...
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filenam...

37 KB
38 KB

434ms
137ms

Image
image/jpeg

52.217.206.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133735Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c291963794b862c05e20af7c2470e27db0a6f0a8c8b1c4f15f8627f3fa5fd3ef
Protocol: HTTP/1.1
Server: 52.217.206.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Wed, 12 Jan 2022 13:37:36 GMT
Last-Modified: Thu, 05 Aug 2021 20:31:19 GMT
Server: AmazonS3
x-amz-request-id: H0E7AX6N87ZMH7AS
ETag: "ab29439c87f225b2b0b1025797f85380"
Content-Type: image/jpeg
Content-Disposition: inline; filename="huntr_logo.jpg"; filename*=UTF-8''huntr_logo.jpg
Accept-Ranges: bytes
Content-Length: 38205
x-amz-id-2: GbsFbIkAb/3eZ8rvtPDCCW4j4/5e1cwaNJ+AN6sKb4mhZ4gsJoc0FqD8UfNt+qgmb4tUxXDfD60=

Redirect headers

Date: Wed, 12 Jan 2022 13:37:35 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 1cb4d075-5dc0-47ea-a52d-44cd24d01095
X-Runtime: 0.130504
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: text/html; charset=utf-8
Location: https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133735Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c291963794b862c05e20af7c2470e27db0a6f0a8c8b1c4f15f8627f3fa5fd3ef
Cache-Control: max-age=300, private

GET
H/1.1 200
OK logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame 8FEC 916 B
1 KB 333ms
104ms Image
image/svg+xml 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.chatwoot.com/brand-assets/logo_thumbnail.svg

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:37:34 GMT
Via: 1.1 vegur
Last-Modified: Wed, 12 Jan 2022 03:28:49 GMT
Server: Cowboy
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: public, max-age=31556952
Connection: keep-alive
Content-Length: 916

GET
H2 200 Inter-Regular-b35f79d43d03b9a20047efe416c35d08.woff2
d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/ Frame 8FEC 34 KB
35 KB 25ms
8ms Font
application/font-woff2 2600:9000:214f:fc00:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/Inter-Regular-b35f79d43d03b9a20047efe416c35d08.woff2

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:fc00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

9ff1509605edb93b5b09373cc654addcf9afe913bc0ca69082e5683348e2ba75

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css
Origin: https://app.chatwoot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 01 Jan 2022 23:53:24 GMT
via: 1.1 vegur, 1.1 befe3b8553d90339ecf78e5d7cefa60a.cloudfront.net (CloudFront)
vary: Origin
age: 913449
x-cache: Hit from cloudfront
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 34832
last-modified: Tue, 28 Dec 2021 16:38:47 GMT
server: Cowboy
access-control-max-age: 7200
access-control-allow-methods: GET, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=31556952
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: bdFducA-d0gPskr_qats8LmQ4sOaLm6QauTF7wVTm7QkjbGFeYtprw==

GET
H2 200 Inter-Medium-aec38a6b266a908bc320e30f261771d1.woff2
d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/ Frame 8FEC 34 KB
35 KB 26ms
9ms Font
application/font-woff2 2600:9000:214f:fc00:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/Inter-Medium-aec38a6b266a908bc320e30f261771d1.woff2

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:fc00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

9177550934c7d4516a148a4d0bc2cd709da01789a4d6d2862c6d17b083a7d8cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css
Origin: https://app.chatwoot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 23:23:35 GMT
via: 1.1 vegur, 1.1 befe3b8553d90339ecf78e5d7cefa60a.cloudfront.net (CloudFront)
vary: Origin
age: 7654438
x-cache: Hit from cloudfront
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 35264
last-modified: Fri, 15 Oct 2021 19:23:44 GMT
server: Cowboy
access-control-max-age: 7200
access-control-allow-methods: GET, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=31556952
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: l03lCOsUOEyT6Rr8G5wIxnfq5jPMSsCtfX95sOQi507Le4TUogLmRA==

GET
DATA 200
OK truncated
/ 424 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK messages Show response
app.chatwoot.com/api/v1/widget/ Frame 8FEC 2 B
646 B 314ms
134ms XHR
application/json 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJiZjgyNzA4My00NGJmLTQ2NWUtODU4MS1jZjYzYTZjMDEwNTgiLCJpbmJveF9pZCI6MTQxMn0.0lLmKhvFvs7oQL5WNELY6dFjwuI974X-m58MgnlCbWk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:37:34 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 304de73b-9f5d-4da2-bec5-70406a574f7b
X-Runtime: 0.022735
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK inbox_members Show response
app.chatwoot.com/api/v1/widget/ Frame 8FEC 959 B
2 KB 324ms
144ms XHR
application/json 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJiZjgyNzA4My00NGJmLTQ2NWUtODU4MS1jZjYzYTZjMDEwNTgiLCJpbmJveF9pZCI6MTQxMn0.0lLmKhvFvs7oQL5WNELY6dFjwuI974X-m58MgnlCbWk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:37:34 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: d4d6670a-7291-4e7e-9937-3cdf56a45d82
X-Runtime: 0.033556
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"76f1b39cfb3063a87ebc0b127fdedbf2"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK contact Show response
app.chatwoot.com/api/v1/widget/ Frame 8FEC 51 B
696 B 321ms
142ms XHR
application/json 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

b818ced72bb27a7f9b59b7323d5a14d65b50f188397ee03ff71038c4f2206f67

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJiZjgyNzA4My00NGJmLTQ2NWUtODU4MS1jZjYzYTZjMDEwNTgiLCJpbmJveF9pZCI6MTQxMn0.0lLmKhvFvs7oQL5WNELY6dFjwuI974X-m58MgnlCbWk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:37:34 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 06f8b28e-eb1b-4c70-82e5-95e94ce9d57a
X-Runtime: 0.027145
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"b818ced72bb27a7f9b59b7323d5a14d6"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK campaigns Show response
app.chatwoot.com/api/v1/widget/ Frame 8FEC 2 B
646 B 314ms
117ms XHR
application/json 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJiZjgyNzA4My00NGJmLTQ2NWUtODU4MS1jZjYzYTZjMDEwNTgiLCJpbmJveF9pZCI6MTQxMn0.0lLmKhvFvs7oQL5WNELY6dFjwuI974X-m58MgnlCbWk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:37:34 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: d05b6cee-63b3-4aac-a2c4-d75c157c2943
X-Runtime: 0.014849
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 26 B
419 B 96ms
95ms XHR
application/json 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash: 6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:37:34 GMT
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 25096278-2fef-4c7f-8911-d2115fb39afb
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 26
x-amz-cf-id: Hi0bHocAkFXuVcPohoZE1ChiHY5eBLMqxSNl6qIBNPkcnjdPQd_Xfw==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 132ms
132ms Preflight 13.35.253.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-34.fra6.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:37:34 GMT
x-amzn-requestid: 22fa3ede-cccb-473d-9c5d-5ce8bd1daace
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 6e432daa93321d42e8840614082fcdc2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: lhzQvT1IcBYYYCtxQpCLoV620MhGsjij14PKRJkplz7usMTpLCMwyA==

GET
H2 200 40205142
avatars.githubusercontent.com/u/ 12 KB
12 KB 26ms
7ms Image
image/jpeg 2606:50c0:8001::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/40205142?v=4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4cf910554ce83d90a2edfbfb9f3479c674c40d9cddbd5e4a800fe17a3004541a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-fastly-request-id: 4808bb0666acbed945c1290ecbd1238e3b15b1d8
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 12207
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4034-HHN
last-modified: Tue, 12 Jun 2018 13:04:06 GMT
x-github-request-id: 6B88:D6BA:5908D9:5D3482:61B545B2
x-timer: S1641994655.692533,VS0,VE1
x-frame-options: deny
date: Wed, 12 Jan 2022 13:37:34 GMT
source-age: 2724844
strict-transport-security: max-age=31557600
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
etag: "bf9023adda9320874af4ad49d0b15c7365cf99aea0bae11e4289f8af7c2a4443"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 12 Jan 2022 13:42:34 GMT

GET
H2 200 3bf14b9.js Show response
huntr.dev/_nuxt/ 52 KB
13 KB 110ms
109ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/3bf14b9.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d7ca3e432a3e1e2da46375be32a3f4f8006232808e00dd834bef57a1edad2f7c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"ec8276824992cc85a4af78a05796d3b0"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: YOJOQwgrEzEsM05YKjD0MvZbdWqUVwZn1VLzMjqOJUyzG3BD0d_s0w==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/users/laladee/ 75 B
1 KB 94ms
94ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/users/laladee/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f7e8631b6a93b0bd1a54212a84af2ac61a4b555bc6a2c0b56fce30bf7d2e90f0

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 75
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:54 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "d13f8bb7e0e4b1b1127940aa53e4347b"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: LEaFLSnO5_A9OU_nkh_9eOA4Ul17UDqdPW7i5GLRr8VdnIQmk6c72g==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/c3e4cf79-a4b5-4982-af27-729f66281501/ 259 B
1 KB 72ms
71ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/c3e4cf79-a4b5-4982-af27-729f66281501/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

29e37e43d4c2ed2702e005271223a872ef8ae39574f79c811bc003d51ab5592a

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 259
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:52 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "0ed3f9a1831d40f8c4ac9d1f8810b947"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: eTWAUr_Txz2VVT9b48l7KQbBSJIO2o3Tm77fTy0R785ZHbildsRpDQ==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/bc5afe30-bbaa-46a3-9b3b-58c5afca7db4/ 259 B
1 KB 75ms
75ms Script
application/javascript 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/bc5afe30-bbaa-46a3-9b3b-58c5afca7db4/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6b1a51be3c6f2de1477b126b102bbb525a29cdbc9dfa3a82ec74dec4dd3ec854

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 259
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:52 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "ebc156b4dfab7ba429140e42dbde6f5b"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: FP3Wl2Z2CkUIXnoPM_PtNdhBeMlCDnFFOt8bZrVIAFqx4TgKPFYKrQ==

GET
H2 200 40205142
avatars.githubusercontent.com/u/ 12 KB
12 KB 8ms
8ms Image
image/jpeg 2606:50c0:8001::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/40205142?v=4

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/31a45b0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4cf910554ce83d90a2edfbfb9f3479c674c40d9cddbd5e4a800fe17a3004541a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-fastly-request-id: 41d120c4b972d813f120c5eb23ae6d3130bf9d11
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 2
vary: Authorization,Accept-Encoding
content-length: 12207
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4034-HHN
last-modified: Tue, 12 Jun 2018 13:04:06 GMT
x-github-request-id: 6B88:D6BA:5908D9:5D3482:61B545B2
x-timer: S1641994655.862998,VS0,VE0
x-frame-options: deny
date: Wed, 12 Jan 2022 13:37:34 GMT
source-age: 2724844
strict-transport-security: max-age=31557600
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
etag: "bf9023adda9320874af4ad49d0b15c7365cf99aea0bae11e4289f8af7c2a4443"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 12 Jan 2022 13:42:34 GMT

GET
H2 200 generic-avatar.9a3295c.png
huntr.dev/_nuxt/img/ 5 KB
6 KB 87ms
86ms Image
image/png 2600:9000:223d:a600:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://huntr.dev/_nuxt/img/generic-avatar.9a3295c.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:a600:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

aec2c5330d63222d6def1e45d8f5412b86059dcecb921b259a95f65fe66a4c7d

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:37:35 GMT
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 5573
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:46 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "24f19f6fffd8809bee79b6ea162af382"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: IYn-guK8W3cxXvAqGShKapzWnL-K16-po7NRRHoAK-3BsIbU4i8RWQ==

GET
H/1.1 200
OK logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame 8FEC 916 B
1 KB 134ms
134ms Image
image/svg+xml 52.202.168.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.chatwoot.com/brand-assets/logo_thumbnail.svg

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.202.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-202-168-65.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:37:34 GMT
Via: 1.1 vegur
Last-Modified: Wed, 12 Jan 2022 03:28:49 GMT
Server: Cowboy
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: public, max-age=31556952
Connection: keep-alive
Content-Length: 916

GET
H/1.1

200
OK

57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e
prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/ Frame 8FEC
Redirect Chain

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBclZUIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--31ae538bf9d04000e44a5bbe8feed382c0892b6f/eyJ...
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filenam...

91 KB
92 KB

423ms
135ms

Image
image/png

52.217.206.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133735Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=9a54ddf8f05a7328d3bb0b066621e65a68d6477010198de5fd898a212c4ae5e3
Protocol: HTTP/1.1
Server: 52.217.206.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4a95b5c247339fdab7e5a42415d06af62c2338c1570cdadee683f256c49d0916

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Wed, 12 Jan 2022 13:37:36 GMT
Last-Modified: Thu, 05 Aug 2021 20:40:50 GMT
Server: AmazonS3
x-amz-request-id: H0EFRQ85NXH2TK9R
ETag: "9fd358b18d93851b67b6b768bddd8bb6"
Content-Type: image/png
Content-Disposition: inline; filename="profile.png"; filename*=UTF-8''profile.png
Accept-Ranges: bytes
Content-Length: 93584
x-amz-id-2: VaoHsdXrSYepz8Bto0jrOZ6X/m+Yp7oQ3jNlIf4OBcPhCZtC1lT/j0hOKEqsgRwdw9Ye0V4+F8Q=

Redirect headers

Date: Wed, 12 Jan 2022 13:37:35 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 8b269959-230c-46e2-a1e2-a1ec50289f07
X-Runtime: 0.048243
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: text/html; charset=utf-8
Location: https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133735Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=9a54ddf8f05a7328d3bb0b066621e65a68d6477010198de5fd898a212c4ae5e3
Cache-Control: max-age=300, private

POST
H2 200 / Show response
app.posthog.com/e/ 13 B
297 B 134ms
133ms XHR
application/json 52.87.13.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1641994656875

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.87.13.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-87-13-132.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Jan 2022 13:37:36 GMT
referrer-policy: same-origin
server: gunicorn
x-frame-options: DENY
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://huntr.dev
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
content-length: 13
x-content-type-options: nosniff

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
huntr.dev/	1969-12-31 23:59:59	Name: auth.strategy Value: cognito
.huntr.dev/	1970-01-20 08:52:10	Name: ajs_anonymous_id Value: fc3a8fb9-d0db-4d4e-9105-f6acb72b78b8
.huntr.dev/	1970-01-20 08:52:10	Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog Value: %7B%22distinct_id%22%3A%2217e4e8210ad2c8-04bbb82a4dc136-f791b31-1d4c00-17e4e8210ae6c9%22%2C%22%24device_id%22%3A%2217e4e8210ad2c8-04bbb82a4dc136-f791b31-1d4c00-17e4e8210ae6c9%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1641994653882%2C%2217e4e8210ba265-0eb4033e0f9bba-f791b31-1d4c00-17e4e8210bb10cd%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
.huntr.dev/	1970-01-20 08:52:10	Name: _hjSessionUser_2380708 Value: eyJpZCI6ImQwYjRlOTI1LWJiYzctNWYxMy1hYzhmLWE0MmZhNWExYmM1YSIsImNyZWF0ZWQiOjE2NDE5OTQ2NTQxNzYsImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/	1970-01-20 00:06:36	Name: _hjFirstSeen Value: 1
huntr.dev/	1970-01-20 00:06:34	Name: _hjIncludedInSessionSample Value: 0
.huntr.dev/	1970-01-20 00:06:36	Name: _hjSession_2380708 Value: eyJpZCI6IjhjYTVmNjcyLTgyMGQtNGFjMi1hMWFmLTNmZWNlOWU2MDQzYSIsImNyZWF0ZWQiOjE2NDE5OTQ2NTQzMzUsImluU2FtcGxlIjpmYWxzZX0=
huntr.dev/	1970-01-20 00:06:34	Name: _hjIncludedInPageviewSample Value: 1
.huntr.dev/	1970-01-20 00:06:36	Name: _hjAbsoluteSessionInProgress Value: 0
huntr.dev/	1970-01-20 08:52:10	Name: cw_conversation Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJiZjgyNzA4My00NGJmLTQ2NWUtODU4MS1jZjYzYTZjMDEwNTgiLCJpbmJveF9pZCI6MTQxMn0.0lLmKhvFvs7oQL5WNELY6dFjwuI974X-m58MgnlCbWk

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b/ Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js(Line 1) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
huntr.dev
in.hotjar.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
13.32.22.92
13.35.253.34
143.204.98.45
143.204.98.69
18.202.160.2
2600:9000:214f:fc00:7:dce7:b680:21
2600:9000:223d:a600:14:bb32:5f00:93a1
2606:50c0:8001::154
2a04:4e42:600::729
52.202.168.65
52.217.206.161
52.87.13.132
54.186.140.208
99.86.7.85
0069019b0f2cbc057ad4f69c01c9f510a46e86d4160f4093709f4da5999e8f76
04e927aedd7e61c330b08636fb4a8ed48f53a74b6f804838d58d40f4a1631f4b
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2
10f593138390e0dca1a2bb1fd8b75b95e21e85363ed6e8941ac7ca9b73eaa58a
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7
211b5a9c89ca2bdb19447e2159875ba8be570b4e42d1962beca5bfad01b93b41
24c5c51ddb40e7b5a0b3f5aef0c2c344600214ad11de22c6d3d770b1400d8443
29e37e43d4c2ed2702e005271223a872ef8ae39574f79c811bc003d51ab5592a
2dfc3666af220b4db71c2dbb69b23f0ba0dcb20761a98e8a770d4f68731f0a7a
30886bcaa4bc9292431c9ae196c0b6bbcc4e4311b4839780c91a09c771c76c6e
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
3ef0abb4845e08bf9ee05a34d8457724a637662a9030904aab5214c0e24a27a4
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
42b9d70c9c51cfdff6ed60e874771049df657c93a0361220174582f07dceba53
4397a57f8357b3b0371c6df32a62b87eaa43218c42fa538fb34980bfb0b20a78
43caf074caf0b74abf298083d24582bcc6222300c4758a34923b25664d964896
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a95b5c247339fdab7e5a42415d06af62c2338c1570cdadee683f256c49d0916
4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400
4cf910554ce83d90a2edfbfb9f3479c674c40d9cddbd5e4a800fe17a3004541a
4e0a3da788c1c015983887d374c806e0e22e00c1a05478ff48d4ddd00bc22830
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fd4f9c63843aebb667973c535aa77d95795ebb28635e01b62cf81dfb44aee32
506aa0ea770d002656c5a0884b149d33efd23951ca16bdbe7e3d76e8d0531a4c
51d2552d619bad96158840c343a8e23323e5e11118e3f97d2bcb541f5deb731e
52bfe2c491b876e967ad8d9a46e5c43e4b342c204e865e049f3b74daaed7af84
581328a6d6e6e92f7eccc5237174bd8ed73c929960bd4c838de73afea046e87a
5c1941d5f7e989c15891c78441408048088fcd0ce5330b958187504340e0d528
5f0949724bdd234e9ad2104b9917a306c55aad89f52b4bfa9d04efc5d6a36857
6190ebed8568901a2628a503e0bd1e72c10e6a5cc207193038f4a8c13fac9485
6807e1d77edfeb9a4bb6d32f2bd8bea0e411aa158df9c3dc13a0be01dfca8f6b
6b1a51be3c6f2de1477b126b102bbb525a29cdbc9dfa3a82ec74dec4dd3ec854
6da167fbba631ae8858acb2511800949ad269156bb7a7af0e9b5455d887d7e8c
6ec4210b7a41340415fcad48cdcd9fabf3497b1512d43c297077806fe9aed7c7
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
7561fb9f36929fc5ee536239058b9ecff2d8075c5953dc2f81571a4d0fb0bbec
76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
78bb08ba17e489b63c7ceac9b4e8f4ac40450b9b64b40016626cb4d554297f69
7aabb3c3be9e964e33990c63a17c294a2dfd348422dda57ea50feb8355a34414
7b5e884ac6bca471440d62a21038e1b0342c4bc6e840388256b5f4137c2e666e
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
833e44e0f40eada5a7ca9770aea05768e576ee5ca6ce20ec636fa51bde65b03c
8993e0383e40e5bd3b61be2e4e7acbf8e8325863491928a06a1a0c25cfa7fdaa
8b1909d6f778a2c091858e304381f344e9dd32001ef370b34f74c142220cbd95
9177550934c7d4516a148a4d0bc2cd709da01789a4d6d2862c6d17b083a7d8cb
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
98cfbc4941d976520dde0a548b87b499e1c0454f9bc38aeb581b9e13b1e219a7
99793f97f4695b86043d7803dfcfac24216fb609c99fd7ca4ef25cd48dcda2eb
99935af23d80d979e5b6e0afd10e9ec4ef97a4caad72275d934136697fbd1247
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
9ff1509605edb93b5b09373cc654addcf9afe913bc0ca69082e5683348e2ba75
ae3711b69005cf8726b54df4b235f63d7ff9fb121ee2f3300b3b390215d09cb6
aec2c5330d63222d6def1e45d8f5412b86059dcecb921b259a95f65fe66a4c7d
b818ced72bb27a7f9b59b7323d5a14d65b50f188397ee03ff71038c4f2206f67
b91bb18b545e5ae1b449eb4861af099fba89ce33c280f9b95f692d2367ea66ca
b9917ccf39f0ee3919543b9e3e00f636f66b3a22c67f30887708e2c6b5bfd439
bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b
c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32
c5da2e1eefbe4efd64ec18b775495cf3011d9ae03842917bfe1b0a50e03a7a44
c7bb7011639a2c9a6ebb7ac5d5c77e24e51babbffc2cfa2b3a1bf17cd37b6bc7
d3dcec4f248e2811281de6c0e8755ae7e03a72c54dc9b4d1e1ca7ce6ba3de30c
d41e5b545a338f280a64fb8f04cd5c3c4f5f006149559c7aaec1d6c3899f97a4
d7ca3e432a3e1e2da46375be32a3f4f8006232808e00dd834bef57a1edad2f7c
e758112ff101392ac7e7b217a21f74bcafa7c8b7b60452014b41826160c87d6f
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa
f120052d211097e6bedc7819573661081c96151aeef903e657927c66260937c1
f7e8631b6a93b0bd1a54212a84af2ac61a4b555bc6a2c0b56fce30bf7d2e90f0
f8e8a2d525139b5a3807e85b5f436801ed293b34fa2c7ac1322073ae1ee1b6b3

huntr.dev Open in urlscan Pro 2600:9000:223d:a600:14:bb32:5f00:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

80 Requests

98 %HTTPS

29 %IPv6

10 Domains

14 Subdomains

15 IPs

2 Countries

1812 kBTransfer

5316 kBSize

10 Cookies

19 Outgoing links

Page URL History

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

huntr.dev Open in urlscan Pro
2600:9000:223d:a600:14:bb32:5f00:93a1 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

98 %
HTTPS

29 %
IPv6

10
Domains

14
Subdomains

15
IPs

2
Countries

1812 kB
Transfer

5316 kB
Size

10
Cookies

80 HTTP transactions
1 data transactions