urlscan.io logo urlscan.io
SecurityTrails logo

huntr.dev Open in urlscan Pro
2600:9000:21dd:7400:14:bb32:5f00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Submission: On February 18 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 2 countries across 10 domains to perform 72 HTTP transactions. The main IP is 2600:9000:21dd:7400:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon on January 26th 2022. Valid for: a year.
This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 27 2600:9000:21d... 16509 (AMAZON-02)
5 2606:50c0:800... 54113 (FASTLY)
8 52.85.63.176 16509 (AMAZON-02)
1 10 54.161.241.46 14618 (AMAZON-AES)
10 52.85.61.25 16509 (AMAZON-02)
4 2600:9000:202... 16509 (AMAZON-02)
1 52.217.71.188 16509 (AMAZON-02)
1 52.85.61.48 16509 (AMAZON-02)
2 2a04:4e42::729 54113 (FASTLY)
1 35.162.116.128 16509 (AMAZON-02)
1 52.85.61.27 16509 (AMAZON-02)
1 143.204.143.64 16509 (AMAZON-02)
1 34.240.93.148 16509 (AMAZON-02)
72 14
27    2600:9000:21dd:7400:14:bb32:5f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
huntr.dev
5    2606:50c0:8000::154 (United States)

ASN54113 (FASTLY, US)
avatars.githubusercontent.com
8    52.85.63.176 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-63-176.ewr53.r.cloudfront.net
cdn.segment.com
10    54.161.241.46 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-241-46.compute-1.amazonaws.com
app.chatwoot.com
10    52.85.61.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-25.ewr53.r.cloudfront.net
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
4    2600:9000:202c:3a00:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)
d3tq67kexc2w2i.cloudfront.net
1    52.217.71.188 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
1    52.85.61.48 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-48.ewr53.r.cloudfront.net
static.hotjar.com
2    2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    35.162.116.128 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-162-116-128.us-west-2.compute.amazonaws.com
api.segment.io
1    52.85.61.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-27.ewr53.r.cloudfront.net
script.hotjar.com
1    143.204.143.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-143-64.ewr52.r.cloudfront.net
vars.hotjar.com
1    34.240.93.148 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-93-148.eu-west-1.compute.amazonaws.com
in.hotjar.com
Apex Domain
Subdomains		 Transfer
27 huntr.dev
huntr.dev
1 MB
11 amazonaws.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
41 KB
10 chatwoot.com
app.chatwoot.com — Cisco Umbrella Rank: 523908
32 KB
8 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1481
61 KB
5 githubusercontent.com
avatars.githubusercontent.com — Cisco Umbrella Rank: 7379
93 KB
4 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 574
script.hotjar.com — Cisco Umbrella Rank: 726
vars.hotjar.com — Cisco Umbrella Rank: 809
in.hotjar.com — Cisco Umbrella Rank: 1615
67 KB
4 cloudfront.net
d3tq67kexc2w2i.cloudfront.net
147 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 3856
57 KB
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1009
138 B
0 posthog.com Failed
app.posthog.com Failed
72 10
Domain Requested by
27 huntr.dev 1 redirects huntr.dev
10 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.dev
browser.sentry-cdn.com
10 app.chatwoot.com 1 redirects huntr.dev
app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
8 cdn.segment.com huntr.dev
cdn.segment.com
5 avatars.githubusercontent.com huntr.dev
4 d3tq67kexc2w2i.cloudfront.net app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
2 browser.sentry-cdn.com cdn.segment.com
1 in.hotjar.com browser.sentry-cdn.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 api.segment.io cdn.segment.com
1 static.hotjar.com cdn.segment.com
1 prod-chatwoot-assets.s3.amazonaws.com
0 app.posthog.com Failed huntr.dev
browser.sentry-cdn.com
72 14
Subject Issuer Validity Valid
*.huntr.dev
Amazon		 2022-01-26 -
2023-02-23		 a year crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA		 2020-05-06 -
2022-04-14		 2 years crt.sh
*.segment.com
Amazon		 2022-01-12 -
2023-02-10		 a year crt.sh
app.chatwoot.com
R3		 2022-01-19 -
2022-04-19		 3 months crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon		 2022-01-06 -
2023-02-04		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
*.hotjar.com
Amazon		 2021-11-25 -
2022-12-23		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-11-26 -
2022-12-28		 a year crt.sh
*.segment.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh

This page contains 3 frames:

Primary Page: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Frame ID: 3A815DCE0F5A929FC2EA4171DAF6C9C4
Requests: 54 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: 14818D7C0707D2883634FD1F3F28089E
Requests: 13 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: FCFAEBDF4907F31F529DA757CF50DEA5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ vulnerability found in microweber

Page URL History Show full URLs

  1. https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55 HTTP 301
    https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

72
Requests

96 %
HTTPS

31 %
IPv6

10
Domains

14
Subdomains

14
IPs

2
Countries

1687 kB
Transfer

5050 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55 HTTP 301
    https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJYW5CbkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--d5bd8600745fd77201f6159b61f8b9f6f6f54b0a/huntr_logo.jpg HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220218%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220218T160953Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=43c02063c721cab507955d88aaeaaceb11305ec89554bf28b001a2a5356a69a2

72 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Redirect Chain
  • https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55
  • https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
159 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4585af40bf875c408154bcb394f4e27afc2ad9669d29bc9efebe03be13adf4b5
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

content-type
text/html
date
Fri, 18 Feb 2022 16:09:53 GMT
last-modified
Fri, 18 Feb 2022 14:14:08 GMT
x-amz-server-side-encryption
AES256
server
AmazonS3
cache-control
public, max-age=0, s-maxage=2
strict-transport-security
max-age=31536000; includeSubDomains
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
etag
W/"88800c1925521ea61e90fc7a2b757daf"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
6j8hHa6PrQ_8jeZ9LCKQSnmhA42rElMsae68vnZ0HE8C3R_D3pg8eg==

Redirect headers

content-type
application/xml
content-length
0
date
Fri, 18 Feb 2022 16:09:51 GMT
server
AmazonS3
location
/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
x-cache
Error from cloudfront
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
qTWsrxNtwlLxoglIFPjYUJcIiraG-IGVySvwqLhbhk9Qn-aDvXosgQ==
8a454eb.js
huntr.dev/_nuxt/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/8a454eb.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
74eedf8411ca178e3837fec8cc4609af5b0e60e1273ba2bec14fefbe69e87fee
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:50 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"82aad691524f72da0f82a8ae6d52c835"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
efjRLicXwqbEzl3MoVfElFMCB63jxJ3umkUZEjbHyungSxHYq5FP0Q==
ca205ed.js
huntr.dev/_nuxt/ 		299 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/ca205ed.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c7d39078cbaba7d16e5f530a43b88fbefd8a644ae6b960e1c0d1648491091554
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:51 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"823b1648340da0889ef4b951f616bb4d"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
nAR8ZebuQT7zsoRoXnVSDxlCpbkumirRW7IBGFo4z074dYXch8fvmA==
2747eb5.js
huntr.dev/_nuxt/ 		1 MB
310 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/2747eb5.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5671d2b7c22f320ce7c50e5c2161685f30f333736b110a68f196093d97ac178f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:51 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"6a72b43cc729d7e60c4464e4ba4851d4"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
WjYhEojCoBvnI-TMzLo3a8fqMUMCGgW0q9eAe-5TcGg1XjKu88nuXA==
158a91c.js
huntr.dev/_nuxt/ 		65 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/158a91c.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9d0ad9e6a6a56665f7c66f82f757f1ac61725b1f770dc0cab74c005b45ada498
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:50 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"e4f5ba45c5c654a3f03eb97e5203e593"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
GNXLECFJc5VxW8m6S360ap6prPAZafIQTkAbuaktQ60DGTMMAJcW0Q==
270279a.js
huntr.dev/_nuxt/ 		217 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/270279a.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e3a542de469136b651ab00f163ba9392b02aa05287850a5dbe1db9b705fbb5f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:51 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"a4b094b4c04da86cb75ea7d45a125a8a"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
OD6YX0aLohWzNlknEb3xYxSk_HSKJQvFmS4ATlwBxNbT4q19i_oOoA==
bae200a.js
huntr.dev/_nuxt/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/bae200a.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8b60a23d258735442370c4ab0bde948c4fbdcd1e5f8322b2fb1efcf73ff8ad7c
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:50 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"949b7f4bdf346efeb5282e374d4a86b5"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
mk1Icg2Ja-X8BJScd9j8cMnnplSnOTJzXtl5OTWcp6NS49SqEIdXlg==
99da1c8.js
huntr.dev/_nuxt/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/99da1c8.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5d8abb19387f7f9a68c4efd17cb154b238956a2b73c443d4755ae00d644df332
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:50 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"193f3c06c2476b21cf9f46ef4f7d06fb"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
AJ6mbamcZrTFEFRvkfSlLAUdjbPiSZjXysJPZK_H93VgulbpU6YXkw==
3fb9889.js
huntr.dev/_nuxt/ 		863 KB
273 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/3fb9889.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f9f65a03ab52d952cc7f795887ae4bc956c5e45d416bd3356a8f0146ce3c52fc
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:51 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"d8930f53e71ab40ffd6e53e282bc4f44"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
LR16XluVOeIPKfao4Bxc7SvusgOIbbtxl9xfEv0YxJ1vOVXRAz783Q==
fcd8420.js
huntr.dev/_nuxt/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fcd8420.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c3d05056fa84de1e560a9e0a9a417da02bbb79ff7fffb5ad06e23f352a9e9f81
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:50 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"099399032977bde982e259b77086cf0f"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
tWbGoZ6-CPt-bc7jsudffemejcLg5L8cDlImIisTuB6AQwCnkjjyjA==
state.js
huntr.dev/_nuxt/static/1645193157/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1645193157/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/state.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f3b2255d9059d4757b704be9359a7b89d3f255c1b98f2a84f14b7f606a6c6d9
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:59 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ce8105b2da689c1355b3bd23075a84c9"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
MdA0oLe3_pQ3vN3GRSd2_4Y5YGp4nI8idrizuqUjkbgEUUvI61haYg==
payload.js
huntr.dev/_nuxt/static/1645193157/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/ 		259 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1645193157/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ebfd0bbe20fffb7e21d62638ddcbe23df6c82b279c00031301fc3899080f201a
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
259
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:59 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"072b0ed3f111662c652ab2ab4466c189"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
-R92IyAMMvpj16SVGAYLPU93hB-cvg_-e2OulML3yG9Tj9C3NF3RUw==
manifest.js
huntr.dev/_nuxt/static/1645193157/ 		105 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1645193157/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
34d360273df0fff90bd94371db2ffc37ae0ca3007f13ab30c406b63a22c53ff1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:14:02 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"3eaac36eecb04985488f64617ef28519"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
ZHXNvZzHlYU714k1tR7fUiiyJaW8KRxUJuspPuBKpAsGwvZ0ewJvcA==
php_elephant.5d71f8d.svg
huntr.dev/_nuxt/img/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://huntr.dev/_nuxt/img/php_elephant.5d71f8d.svg
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab513161359bcd805d8df2ae160b0064edcdc60f914ac3f0bac697f2979bfd1e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:56 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"f4fa9b2257b2973619f471612924a977"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/svg+xml
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
qXEf0kKCNEhrWbRlrpXc3JORm-bDCPVZ814vBMh5mflcbPWcA_xbDA==
55628921
avatars.githubusercontent.com/u/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/55628921?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8028dcf290dadcee45aad3820c896f8d8333592637ce9f44ced929b69a594591
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-fastly-request-id
a533a7a0e4e4b1db88f47b0fffff554033c177f1
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
x-cache-hits
0
vary
Authorization,Accept-Encoding
content-length
20354
x-xss-protection
1; mode=block
x-served-by
cache-yul12831-YUL
last-modified
Tue, 20 Oct 2020 08:24:10 GMT
x-github-request-id
4466:70CB:3C794A:52C172:620FC4D0
x-timer
S1645200593.664962,VS0,VE121
x-frame-options
deny
date
Fri, 18 Feb 2022 16:09:52 GMT
source-age
0
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"829e146ee1473b87b8689679cae4942ac4b09967683856253b863eac3ab85fcf"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Fri, 18 Feb 2022 16:14:52 GMT
5698247
avatars.githubusercontent.com/u/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/5698247?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f7076ac0a77555d5d0dcd285287c46d561d2c01166e567b767c3ac4c4a464e72
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-fastly-request-id
cb7ab9f8a28f55d8d148cb9fef67a059ba32fe6e
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
x-cache-hits
0
vary
Authorization,Accept-Encoding
content-length
14113
x-xss-protection
1; mode=block
x-served-by
cache-yul12831-YUL
last-modified
Fri, 13 Jun 2014 16:13:25 GMT
x-github-request-id
520C:70C6:2209:138390:620FC4D0
x-timer
S1645200593.665055,VS0,VE92
x-frame-options
deny
date
Fri, 18 Feb 2022 16:09:52 GMT
source-age
0
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"c03c7fb15f32fa3c03e254c1ccb527d38874e6334e3b1714da1c8abbe1e79deb"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Fri, 18 Feb 2022 16:14:52 GMT
Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 		240 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Origin
https://huntr.dev
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:51 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/ttf
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
Fgcqn-AqD7JolZ9jdPJyCh-kzjcafeOPy7cZwLCQqUQsjuS-n3087A==
Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 		237 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Origin
https://huntr.dev
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:51 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"c8b6e083af3f94009801989c3739425e"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/ttf
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
WZnXKpcHXMTMY6kMUNpuuv0BRvHDZbWJVKX-wMkFWmGwKit2ZmJPAg==
50577633
avatars.githubusercontent.com/u/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/50577633?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a76629e7d4947b81a9785fb974417c265d85b4b7e6cf9d606d70096085b3a1fa
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-fastly-request-id
bd3f36add86f2ee4d725abb47c6710044e2e420d
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
x-cache-hits
0
vary
Authorization,Accept-Encoding
content-length
25228
x-xss-protection
1; mode=block
x-served-by
cache-yul12831-YUL
last-modified
Tue, 14 May 2019 14:38:38 GMT
x-github-request-id
F98C:75EC:57DD8C:702F1F:620FC4D0
x-timer
S1645200593.691671,VS0,VE86
x-frame-options
deny
date
Fri, 18 Feb 2022 16:09:52 GMT
source-age
0
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"f9eb4e6f01f65eec5fb590564de7817823b3692543a976d9465450d86ff3545d"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Fri, 18 Feb 2022 16:14:52 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		90 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2747eb5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.63.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-63-176.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6e7547cdec8cac5b91dcbba5138836bd253d9cf8d944fa2962caec1746c6672a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
0mtotg2uI.uX_GU_f4IkYhv77q5S09uX
content-encoding
br
etag
W/"70a47e5774bbdef0da5984ffb1cf49e7"
x-amz-cf-pop
EWR53-P1
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Sat, 29 Jan 2022 14:13:10 GMT
server
AmazonS3
date
Fri, 18 Feb 2022 16:09:54 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-id
PEjT9LdbTgRwJEPJ1Wfe96vQssBsdskw-g4v70psqWJszsxNxfYVQA==
sdk.js
app.chatwoot.com/packs/js/ 		51 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/packs/js/sdk.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/158a91c.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
ed4ac405391a5bdc2acdddc3de047ff20c37364c821c9ddbcfad89676b1ecb47
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 16:09:52 GMT
Content-Encoding
br
Last-Modified
Fri, 18 Feb 2022 14:40:20 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Connection
keep-alive
Content-Type
application/javascript
Via
1.1 vegur
Cache-Control
public, max-age=31556952
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
16251
/
app.posthog.com/decide/ 		0
0
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-api-key
Origin
https://huntr.dev
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Fri, 18 Feb 2022 16:09:53 GMT
x-amzn-requestid
fd6385dd-9b05-4f49-b7f5-2c31f657263d
access-control-allow-origin
*
access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
x-cache
Miss from cloudfront
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amz-cf-id
SBUoFuMxOoZEpWVlARsq7bXR5HmbOLKzLish6DPF4t_3CeL81hwfGw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-api-key
Origin
https://huntr.dev
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Fri, 18 Feb 2022 16:09:53 GMT
x-amzn-requestid
56c184e9-0b4e-402f-af89-11eff10ec3e8
access-control-allow-origin
*
access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
x-cache
Miss from cloudfront
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amz-cf-id
Fe6fCiDvN6gjAbDwcWyfbgaL8GfqM62lMEpDnAUIItfwGWJmxvZENQ==
generic-avatar.9a3295c.png
huntr.dev/_nuxt/img/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://huntr.dev/_nuxt/img/generic-avatar.9a3295c.png
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
aec2c5330d63222d6def1e45d8f5412b86059dcecb921b259a95f65fe66a4c7d
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
5573
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:56 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"24f19f6fffd8809bee79b6ea162af382"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
Q31KANwrpVTSawu6VH2Vta2SHk0vxb0xIVjAyjz6XSDyqdUwG02BrA==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-api-key
Origin
https://huntr.dev
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Fri, 18 Feb 2022 16:09:53 GMT
x-amzn-requestid
149a0654-eb4f-4de7-a98a-6ba2e425ef4b
access-control-allow-origin
*
access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
x-cache
Miss from cloudfront
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amz-cf-id
2qrN1jpBmySCIknaDQQYMHZThFIENMI8KdD2CTTnrWriIv2zcP46nw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		231 B
651 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2747eb5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash
d066dcc7428c49bbc32acaff2911fd72f5ee7591edae89b6615ff8fb7264fcc1

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Fri, 18 Feb 2022 16:09:54 GMT
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amzn-requestid
9c17a13e-cc19-4d8b-ba14-3ef4af62a622
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
231
x-amz-cf-id
9fUAvkoXaSXIE52yZaHKeiV_TB4by2LrxgwfrMFwn09kmQ8Ww4A0BQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		331 B
753 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2747eb5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash
b6559dabf5c4c75df5f0e2afaf3f894b9692f765ed8d6b445f4b86a14d60e83f

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Fri, 18 Feb 2022 16:09:54 GMT
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amzn-requestid
5ef7b668-c88c-4f97-a625-6d941bfd4ce0
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
331
x-amz-cf-id
z61jHrPriJNhkhntVqZJL6lUZadHwXt8KLYyhe728HGvad7XXsAGOw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		348 B
769 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2747eb5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash
6879eddc75bb39b45011ea2b7e90581d40e19173b9a582109c28fd7ddc1328d5

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Fri, 18 Feb 2022 16:09:54 GMT
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amzn-requestid
d49d1f5c-f729-42ce-a330-0aa5db5cd117
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
348
x-amz-cf-id
vDcZ1CcWrzEvLDn2oj1hRaROrcMa48BuBdZbqYc0NPPG0fFA6Uf5OA==
widget
app.chatwoot.com/ Frame 1481 		6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
1ab68786ea16c1d872ead33464dbe72c592d696e1af1cfce1ca12c0bf7f6fea7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/

Response headers

Server
Cowboy
Date
Fri, 18 Feb 2022 16:09:52 GMT
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
Referrer-Policy
strict-origin-when-cross-origin
Content-Type
text/html; charset=utf-8
Etag
W/"1ab68786ea16c1d872ead33464dbe72c"
Cache-Control
max-age=0, private, must-revalidate
X-Request-Id
21cf1a78-1a8b-4087-83c2-a2f60de0b2fe
X-Runtime
0.040082
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur
fd8da9b.js
huntr.dev/_nuxt/ 		38 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fd8da9b.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/8a454eb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bc23faf540c0a5dba1403c0938d575d0d5b9acdf21813924dc006ec60547688e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:50 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"7643fc70e12fdabb50ef85a450ab5520"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
x7rSLEdngErp6Z3R4qP5VZz33wxMfSzj67ZSyK5EOSOY9aqu9qezSQ==
6e72508.js
huntr.dev/_nuxt/ 		66 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/6e72508.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/8a454eb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dd664399c702d8f2897ffe72aa1a83f692414db9f066c1ba0f706b33cf71c9a4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:50 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"72fe793bc8da8f98078640ff17a7c1db"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
zM2HVUwLMK0adm1ld5E8TAOrAaRUbxUjWju6T6nNIVO2vki-mdX2bw==
9db46a2.js
huntr.dev/_nuxt/ 		192 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/9db46a2.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/8a454eb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8caeadd94dba8c9f0ffb5087196a392d73e00424cc0e2d3aee6aafdd1d04a231
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:51 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"72f42ac3058564b20e9674e77356a506"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
jJZFY07HJswDMg2Pdw26zp9rSUsUlGlU0_KD7rN0ql3hCTkYFlO20A==
6bf3c79.js
huntr.dev/_nuxt/ 		55 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/6bf3c79.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/8a454eb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad0f82677c24ec787c8ba64d30acf0edc91f32e88af5118bd0b5b4d23135fc19
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:13:50 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"88e83eda015cae67bee88f806170a0e5"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
cOVMnse6nsfx3BZGzGL2Bty78RUbltcPc6SyQCs6n9H6dIpPTdWv2w==
payload.js
huntr.dev/_nuxt/static/1645193157/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1645193157/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2747eb5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:14:02 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"126dd630135f2a51a22e58e9f9dbb73b"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
rFpW-WZ921-slnu0CRQcm6gMm-MDCEag0NmhhKNy63uc0pYATNnGJQ==
payload.js
huntr.dev/_nuxt/static/1645193157/bounties/ 		70 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1645193157/bounties/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2747eb5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
70
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:14:02 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"ed9a10c88c5ac705aee93e7d26c4fc32"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
R43MObiqAfc_l-NefJ8JBwYsIZnlH_8wEke5mCfk02tgrl3w4LicrA==
payload.js
huntr.dev/_nuxt/static/1645193157/bounties/disclose/ 		79 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1645193157/bounties/disclose/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2747eb5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:14:02 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
nsGtlgKAQ-S6KPfjxZWg7CStAimVvkIeuddHnmLfpWLD3gvmGACXtw==
payload.js
huntr.dev/_nuxt/static/1645193157/users/yashrk078/ 		77 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1645193157/users/yashrk078/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2747eb5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2a73380a20debc11a3bb8062e7be5958519b110862a9135fb1417420e65b9fd0
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
77
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:14:04 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"cfcf9a9c5b274a987a905ef63ddfa03d"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
AtMbESeoWMQRW7cB1QkipuDsxLEQh-cc49bt8DoJ69NRVhg1hPhksA==
widget-0b6b35bf0e81536faa0d.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 1481 		468 KB
137 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:202c:3a00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
1ece1e2b71a243eaef0899084fad206a651686451fd0c5cb1badf5e45151460a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 14:44:06 GMT
content-encoding
gzip
last-modified
Fri, 18 Feb 2022 14:40:20 GMT
server
Cowboy
age
5147
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
via
1.1 vegur, 1.1 936397b26a4278a4582b6e1456333afa.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
EWR52-C2
content-length
139543
x-amz-cf-id
s3VueYwyySu2q52GGFM_Twi0PlAcIVkHiszIAWkKC2cF7D_CVWCSVQ==
widget-ff7cbb40.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 1481 		22 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-ff7cbb40.css
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:202c:3a00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
0376f3d49c6d13f0554b558686671b869d43e6d3ddf76c412fba4ac8828f1f2f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 14:44:00 GMT
content-encoding
gzip
last-modified
Fri, 18 Feb 2022 14:40:20 GMT
server
Cowboy
age
5152
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
via
1.1 vegur, 1.1 936397b26a4278a4582b6e1456333afa.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
EWR52-C2
content-length
5622
x-amz-cf-id
EPCjvQgJi2AmKWX01B95eSVIWtlhoc3pYR5MIAoNftbeRdzMznKIHw==
settings
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.63.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-63-176.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
82752de16ad3ef43a8f7e3ebde612f106157ff52f0dda8ced99a58f82fe9c987

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
kkPNk.iLCAQn8uderUupTGjlkxl.J4rq
content-encoding
gzip
etag
W/"2253955354a5f83b4bf8b1959852f701"
age
7129
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Tue, 08 Feb 2022 21:57:10 GMT
server
AmazonS3
date
Fri, 18 Feb 2022 14:11:05 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
via
1.1 34deee8ac34d726c1404a3045667664a.cloudfront.net (CloudFront)
cache-control
public, max-age=10800
x-amz-cf-pop
EWR53-P1
x-amz-cf-id
7rcIb21SDPic9hvI8QR6cZwL3yH43FdYg0eGGHdl-o3ih9OW8FY0fg==
12-5453d556.chunk.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 1481 		1 KB
857 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/12-5453d556.chunk.css
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:202c:3a00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
352a47912631dd9a6aea92a61fb973ca88b7f4cb597346ccbae7a850c0cab77f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 14:44:10 GMT
content-encoding
gzip
last-modified
Fri, 18 Feb 2022 14:40:20 GMT
server
Cowboy
age
5143
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
via
1.1 vegur, 1.1 936397b26a4278a4582b6e1456333afa.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
EWR52-C2
content-length
458
x-amz-cf-id
TyoDLMzY85g2BVcD4ZAW3KY0TxDGxFw3ZHRjxTXq0BHc74wxbc1yuw==
12-c5c15ea6ac571f8d3b48.chunk.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 1481 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/12-c5c15ea6ac571f8d3b48.chunk.js
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:202c:3a00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
267f6aa2b13625b4209e0f519dd31d8284fc337de60ec932392385eb30ad4ba4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 14:44:13 GMT
content-encoding
gzip
last-modified
Fri, 18 Feb 2022 14:40:20 GMT
server
Cowboy
age
5139
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
via
1.1 vegur, 1.1 936397b26a4278a4582b6e1456333afa.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
EWR52-C2
content-length
3294
x-amz-cf-id
MyC8QyPbCkaALQuZ6tevYyXUrBg9lW-K69Ai6g3XlIe4h8CzYy2-uQ==
conversations
app.chatwoot.com/api/v1/widget/ Frame 1481 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0YTYzMzBhOS0zNTFiLTRmZmMtYTI0MC00MzdmZjFmNjQwNzAiLCJpbmJveF9pZCI6MTQxMn0.dFtHd-Gbouuhimm0lQmjI6aGZRNcQhhpqn4Gpd34wVs
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 16:09:53 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
4898dcc5-b299-4b6b-9f46-bc6a0d58d2f8
X-Runtime
0.024619
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
ding.mp3
app.chatwoot.com/dashboard/audios/ Frame 1481 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/dashboard/audios/ding.mp3
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
42b9d70c9c51cfdff6ed60e874771049df657c93a0361220174582f07dceba53
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 16:09:53 GMT
Via
1.1 vegur
Last-Modified
Fri, 18 Feb 2022 14:32:50 GMT
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
audio/mpeg
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
2667
truncated
/ 		424 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
130.bundle.55742ac9337d9e12bdd6.js
cdn.segment.com/analytics-next/bundles/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/130.bundle.55742ac9337d9e12bdd6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.63.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-63-176.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
98cfbc4941d976520dde0a548b87b499e1c0454f9bc38aeb581b9e13b1e219a7

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 29 Oct 2021 23:59:36 GMT
content-encoding
br
vary
Accept-Encoding
age
9648618
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Fri, 29 Oct 2021 23:16:36 GMT
server
AmazonS3
etag
W/"c32e07e36ae390e42c9cea85fcb9bb33"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
UvSxvdHgsDlPO8OsHFG8aObTtbAtOVjt
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
EWR53-P1
content-type
application/javascript
x-amz-cf-id
Zg2EoKADmdB5uQh_SGfwYrazNReJUpnaVtCqTCMf8ffIH_Gqu0Otrw==
ajs-destination.bundle.36b90a11867ae217be52.js
cdn.segment.com/analytics-next/bundles/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.36b90a11867ae217be52.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.63.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-63-176.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4397a57f8357b3b0371c6df32a62b87eaa43218c42fa538fb34980bfb0b20a78

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 15 Nov 2021 02:33:15 GMT
content-encoding
br
vary
Accept-Encoding
age
8256999
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Wed, 10 Nov 2021 23:55:51 GMT
server
AmazonS3
etag
W/"605f393e8c3fbadf09528d469743232e"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
fy.MA097CATl_W1IjHDc5e5LK_JtcSCf
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
EWR53-P1
content-type
application/javascript
x-amz-cf-id
xaKggkLnTjhR_mKxg6-5Q0wp5bbK0lP9cnT_L5U0a59eRz6y0viyfA==
messages
app.chatwoot.com/api/v1/widget/ Frame 1481 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0YTYzMzBhOS0zNTFiLTRmZmMtYTI0MC00MzdmZjFmNjQwNzAiLCJpbmJveF9pZCI6MTQxMn0.dFtHd-Gbouuhimm0lQmjI6aGZRNcQhhpqn4Gpd34wVs
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 16:09:53 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
931d492e-29fe-4d75-b330-4164e041780c
X-Runtime
0.013975
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
inbox_members
app.chatwoot.com/api/v1/widget/ Frame 1481 		960 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
22164bbd88c02c7654f35b068308b772001beff211e722d9d4db5379e5049180
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0YTYzMzBhOS0zNTFiLTRmZmMtYTI0MC00MzdmZjFmNjQwNzAiLCJpbmJveF9pZCI6MTQxMn0.dFtHd-Gbouuhimm0lQmjI6aGZRNcQhhpqn4Gpd34wVs
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 16:09:53 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
cb2ed803-ecd1-4635-ae58-cf44afd47293
X-Runtime
0.149299
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"22164bbd88c02c7654f35b068308b772"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
contact
app.chatwoot.com/api/v1/widget/ Frame 1481 		53 B
698 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
d3425ef4b87f6af4d569583a8e5ebb8c579c718959df0398deaced6de07a500a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0YTYzMzBhOS0zNTFiLTRmZmMtYTI0MC00MzdmZjFmNjQwNzAiLCJpbmJveF9pZCI6MTQxMn0.dFtHd-Gbouuhimm0lQmjI6aGZRNcQhhpqn4Gpd34wVs
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 16:09:53 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
5eace461-c5af-415b-8e4b-a3c71eb6745e
X-Runtime
0.100985
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"d3425ef4b87f6af4d569583a8e5ebb8c"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
campaigns
app.chatwoot.com/api/v1/widget/ Frame 1481 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0YTYzMzBhOS0zNTFiLTRmZmMtYTI0MC00MzdmZjFmNjQwNzAiLCJpbmJveF9pZCI6MTQxMn0.dFtHd-Gbouuhimm0lQmjI6aGZRNcQhhpqn4Gpd34wVs
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 16:09:53 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
0ce063a9-3c3f-4a8c-83c3-0384dbbc43c1
X-Runtime
0.008545
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
schemaFilter.bundle.b2bf2b63b07c356b1232.js
cdn.segment.com/analytics-next/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.b2bf2b63b07c356b1232.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.63.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-63-176.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
661b70adb190f9cb3a093173d2e9663a186c2ab4a89c565a4e5fa286db881fab

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 22:19:57 GMT
content-encoding
br
vary
Accept-Encoding
age
7235397
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Fri, 26 Nov 2021 16:52:39 GMT
server
AmazonS3
etag
W/"6072fc38e45abaf1a789df4a46438bf9"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
p2YBkHl7eKKWDmpxjZ9m6WfTjqTbpeHx
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
EWR53-P1
content-type
application/javascript
x-amz-cf-id
LtB1-q959AYferuCVmNq44OyP4JzezadLeuewGhAthIlGzjqmPyPtw==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.63.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-63-176.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 15 Feb 2022 09:00:30 GMT
content-encoding
gzip
age
284964
x-cache
Hit from cloudfront
content-length
1342
access-control-allow-origin
*
last-modified
Wed, 09 Feb 2022 22:20:43 GMT
server
AmazonS3
etag
"8efb1862102ff23cb16241a0b8ff3c9b"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
7B3FWZil7MmBXZJ_HBsoptiMlYf1StYS
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
EWR53-P1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
o5umEYO3hk7Cp9CG6hkE7aEEOhaAgKmtuSTwHblzbfRv2oFLUe5cWQ==
sentry.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.63.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-63-176.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c2256ca967e5343339a586843799f60c8b3d82c570d2dfba9838a1016d85debf

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 01:01:53 GMT
content-encoding
gzip
age
832081
x-cache
Hit from cloudfront
content-length
1637
access-control-allow-origin
*
last-modified
Thu, 27 Jan 2022 00:21:29 GMT
server
AmazonS3
etag
"3a460c80ebcb314cbb94b79eb9b5e168"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
TLGgRdY9bmm7dXcaRbbIp0sIiHBmOQhA
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
EWR53-P1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
PBNzbYMafcXK5quys_6gWoTKhzd4UW68rHUrsLv6ZtCKvFfZOTBMww==
commons.54701049fd6fb8497e9e.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.63.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-63-176.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 15:58:09 GMT
content-encoding
gzip
age
605505
x-cache
Hit from cloudfront
content-length
22174
access-control-allow-origin
*
last-modified
Wed, 09 Feb 2022 22:20:41 GMT
server
AmazonS3
etag
"7741fd16ad2418cd17ab981f8207b106"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
m4x5gn21q.LzJLpmQcpJGP1pnLFO2MYi
via
1.1 c4460641b6e6b194f0c11732a1b10d1c.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
EWR53-P1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
RwxS2TcBy9FoUw4oVbd0H0oYWw25gvL0cYnpnfjVZJqTjYzaRmBaaQ==
367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7
prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/ Frame 1481
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJ...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filenam...
37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220218%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220218T160953Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=43c02063c721cab507955d88aaeaaceb11305ec89554bf28b001a2a5356a69a2
Protocol
HTTP/1.1
Server
52.217.71.188 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Fri, 18 Feb 2022 16:09:55 GMT
Last-Modified
Thu, 05 Aug 2021 20:31:19 GMT
Server
AmazonS3
x-amz-request-id
A1XZ7B9R225T86RB
ETag
"ab29439c87f225b2b0b1025797f85380"
Content-Type
image/jpeg
Content-Disposition
inline; filename="huntr_logo.jpg"; filename*=UTF-8''huntr_logo.jpg
Accept-Ranges
bytes
Content-Length
38205
x-amz-id-2
vmBo4AbCy2BT2z8o1AW0NWeXorh8s1ahfJyAUQfqmbauxCol4l9GypzQnkGnQ/rUAgt1K8KboC0=

Redirect headers

Date
Fri, 18 Feb 2022 16:09:53 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
76069d9a-9dc6-40b1-9759-053be43ea68d
X-Runtime
0.024774
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220218%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220218T160953Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=43c02063c721cab507955d88aaeaaceb11305ec89554bf28b001a2a5356a69a2
Cache-Control
max-age=300, private
logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame 1481 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.chatwoot.com/brand-assets/logo_thumbnail.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 16:09:53 GMT
Via
1.1 vegur
Last-Modified
Fri, 18 Feb 2022 14:32:50 GMT
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/svg+xml
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
916
hotjar-2380708.js
static.hotjar.com/c/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-48.ewr53.r.cloudfront.net
Software
/
Resource Hash
9f32bf2f2d11ae32ea43df2912c71d5d476ef175dda6e1259a7a8ea8233c236c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
EWR53-P1
etag
W/12df28e4ecc545a8eb2cfbf7e3075f62
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
62IlGG8DCVQqECWPTG8iT_Fw_1kXwAap2gdPdKO5n9jAs8l80QO5Ug==
via
1.1 2c7d387775f2e52dd268d2f49202b5d2.cloudfront.net (CloudFront)
bundle.min.js
browser.sentry-cdn.com/5.12.1/ 		55 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
22054462
etag
W/"1c5228c89d281d08aa0ce908f582609a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-guploader-response-body-transformations
gunzipped
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
access-control-allow-origin
*
content-length
56268
expires
Wed, 08 Jun 2022 09:55:32 GMT
p
api.segment.io/v1/ 		21 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.162.116.128 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-162-116-128.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer
https://huntr.dev/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://huntr.dev
date
Fri, 18 Feb 2022 16:09:54 GMT
content-length
21
vary
Origin
content-type
application/json
rewriteframes.min.js
browser.sentry-cdn.com/5.12.1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
content-encoding
gzip
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
22054458
etag
"4e240097ab71acf709caa48e23cd6411"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
1807
expires
Wed, 08 Jun 2022 09:55:34 GMT
modules.7d6d0311dc6eb2c0bc38.js
script.hotjar.com/ 		235 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.7d6d0311dc6eb2c0bc38.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-27.ewr53.r.cloudfront.net
Software
/
Resource Hash
01dfdc130cd3e3b7ed01572613ea6552ab9819ca803c688076f850d06aa627a0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 17 Feb 2022 14:12:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
93468
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
62769
access-control-allow-origin
*
last-modified
Thu, 17 Feb 2022 14:12:00 GMT
etag
"fb6a0182102480f4b418874ee97e7e39"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 acbc1e922360be31edf0371abdc7a3a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-P1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
6XyoktLLLr49XjcR6QBgpPL4OVEwIm7etRf9o5zqRVSyP1juvvwqDA==
5698247
avatars.githubusercontent.com/u/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/5698247?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/ca205ed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f7076ac0a77555d5d0dcd285287c46d561d2c01166e567b767c3ac4c4a464e72
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-fastly-request-id
af7e3bb6d2b693f2fd6e56efcb200fc7b1bd9883
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
14113
x-xss-protection
1; mode=block
x-served-by
cache-yul12831-YUL
last-modified
Fri, 13 Jun 2014 16:13:25 GMT
x-github-request-id
520C:70C6:2209:138390:620FC4D0
x-timer
S1645200594.175039,VS0,VE0
x-frame-options
deny
date
Fri, 18 Feb 2022 16:09:54 GMT
source-age
1
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"c03c7fb15f32fa3c03e254c1ccb527d38874e6334e3b1714da1c8abbe1e79deb"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Fri, 18 Feb 2022 16:14:54 GMT
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
447 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Fri, 18 Feb 2022 16:09:54 GMT
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amzn-requestid
9f626fea-739e-4561-be33-edf3b0e4ac11
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
4qB4BHIC9rYcd1JrFk0QAuzc80BXZDjmlY49Sya-F80pZRWXWeHbVw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-api-key
Origin
https://huntr.dev
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Fri, 18 Feb 2022 16:09:54 GMT
x-amzn-requestid
7f225504-eb10-4434-8271-f8187044df09
access-control-allow-origin
*
access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
x-cache
Miss from cloudfront
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amz-cf-id
NSj1-afqWRpaCEFmAcVDLU9zN7dKSwJYcrhIPZ-mBrYcJfuKLMmX1w==
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame FCFA 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.143.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-143-64.ewr52.r.cloudfront.net
Software
/
Resource Hash
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/

Response headers

content-type
text/html
content-length
1044
date
Fri, 04 Feb 2022 08:52:06 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
etag
"6f65fac4e8efe167ff5132c0c54c5729"
last-modified
Fri, 04 Feb 2022 08:51:39 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 f90455bc1ae6b17d472e4be0fa0d191e.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C2
x-amz-cf-id
tvuXW4FFBE5R944bdKrowjzXFIAdSO5esVBhfZDHHJP3ukMunXKGpg==
age
1235868
55628921
avatars.githubusercontent.com/u/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/55628921?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/ca205ed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8028dcf290dadcee45aad3820c896f8d8333592637ce9f44ced929b69a594591
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-fastly-request-id
bcff98f7649cce55674c5d19cf204cb1146c0e83
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
20354
x-xss-protection
1; mode=block
x-served-by
cache-yul12831-YUL
last-modified
Tue, 20 Oct 2020 08:24:10 GMT
x-github-request-id
4466:70CB:3C794A:52C172:620FC4D0
x-timer
S1645200594.192388,VS0,VE0
x-frame-options
deny
date
Fri, 18 Feb 2022 16:09:54 GMT
source-age
1
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"829e146ee1473b87b8689679cae4942ac4b09967683856253b863eac3ab85fcf"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Fri, 18 Feb 2022 16:14:54 GMT
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Fri, 18 Feb 2022 16:09:54 GMT
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amzn-requestid
ba9fd811-73c7-4fdb-a4e4-fbdc0ccafee4
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
ACAalV3aAsggw9BmZAbcQfufdAk_FbsXauCjDtIx9bx7Z6ZaglMIJw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-25.ewr53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-api-key
Origin
https://huntr.dev
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Fri, 18 Feb 2022 16:09:54 GMT
x-amzn-requestid
01a79693-31d9-48ae-82ba-50858ccbcbf8
access-control-allow-origin
*
access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
x-cache
Miss from cloudfront
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
x-amz-cf-id
5_anDSKN-X-H8mOjTF2bjuk_gu3ljsoJBEM9FmxKLxeYBhljRU4pNw==
visit-data
in.hotjar.com/api/v2/client/sites/2380708/ 		146 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://in.hotjar.com/api/v2/client/sites/2380708/visit-data?sv=6
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.240.93.148 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-240-93-148.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bd50219667293fd4ee2c24ca0ab2140a609854fc6b1facb507cbf1d5d1a5effd

Request headers

Referer
https://huntr.dev/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Fri, 18 Feb 2022 16:09:54 GMT
content-encoding
br
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store
access-control-allow-credentials
true
payload.js
huntr.dev/_nuxt/static/1645193157/users/peter-mw/ 		76 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1645193157/users/peter-mw/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/2747eb5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7400:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8429dcc57fa3a09dbf40102549919935b0bee78e9e647df4d7be55f775db0f7d
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 16:09:55 GMT
via
1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
76
x-xss-protection
1; mode=block
last-modified
Fri, 18 Feb 2022 14:14:03 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"8f8a0c3f63108afc66ea3d53d3d42f5b"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
mO0ngmhZ_A-jq2kPErvS1G_x8oxUTco1EhlYnZVmrMv6D42nGEEXEg==
/
app.posthog.com/e/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
app.posthog.com
URL
https://app.posthog.com/decide/?v=2&ip=1&_=1645200593302
Domain
app.posthog.com
URL
https://app.posthog.com/e/?ip=1&_=1645200596329

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ object| core object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ object| analytics object| chatwootSettings object| $nuxt object| chatwootSDK object| $chatwoot object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| AnalyticsNext object| hotjarDeps function| hotjarLoader object| sentryDeps function| sentryLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| sentryIntegration object| Sentry object| __SENTRY__ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules

10 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%2217f0d98d193d2-061b53f609ba03-576153c-1d4c00-17f0d98d194bc0%22%2C%22%24device_id%22%3A%2217f0d98d193d2-061b53f609ba03-576153c-1d4c00-17f0d98d194bc0%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1645200593321%2C%2217f0d98d1a93-01bdc07f7bc5e-576153c-1d4c00-17f0d98d1aacd0%22%5D%2C%22%24session_recording_enabled%22%3Afalse%7D
huntr.dev/ Name: cw_conversation
Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI0YTYzMzBhOS0zNTFiLTRmZmMtYTI0MC00MzdmZjFmNjQwNzAiLCJpbmJveF9pZCI6MTQxMn0.dFtHd-Gbouuhimm0lQmjI6aGZRNcQhhpqn4Gpd34wVs
.huntr.dev/ Name: ajs_anonymous_id
Value: 5cf68652-f518-4756-9190-0c8898f64931
.huntr.dev/ Name: _hjSessionUser_2380708
Value: eyJpZCI6ImFlZGI2N2M2LTg4ZmYtNTU2OS1iNzY5LWVmNTA3ZmRmZjAwNSIsImNyZWF0ZWQiOjE2NDUyMDA1OTQyMTUsImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/ Name: _hjFirstSeen
Value: 1
huntr.dev/ Name: _hjIncludedInSessionSample
Value: 0
.huntr.dev/ Name: _hjSession_2380708
Value: eyJpZCI6IjE3NDI0MzgzLThjZmItNDg0MC1hZWM5LTYwZDM1ODY1YzY3MiIsImNyZWF0ZWQiOjE2NDUyMDA1OTQyNzAsImluU2FtcGxlIjpmYWxzZX0=
huntr.dev/ Name: _hjIncludedInPageviewSample
Value: 1
.huntr.dev/ Name: _hjAbsoluteSessionInProgress
Value: 0

3 Console Messages

Source Level URL
Text
security error URL: https://huntr.dev/_nuxt/2747eb5.js(Line 1)
Message:
Refused to connect to 'https://app.posthog.com/decide/?v=2&ip=1&_=1645200593302' because it violates the following Content Security Policy directive: "connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com".
other warning URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-0b6b35bf0e81536faa0d.js(Line 1)
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
security error URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js(Line 1)
Message:
Refused to connect to 'https://app.posthog.com/e/?ip=1&_=1645200596329' because it violates the following Content Security Policy directive: "connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
huntr.dev
in.hotjar.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
app.posthog.com
143.204.143.64
2600:9000:202c:3a00:7:dce7:b680:21
2600:9000:21dd:7400:14:bb32:5f00:93a1
2606:50c0:8000::154
2a04:4e42::729
34.240.93.148
35.162.116.128
52.217.71.188
52.85.61.25
52.85.61.27
52.85.61.48
52.85.63.176
54.161.241.46
01dfdc130cd3e3b7ed01572613ea6552ab9819ca803c688076f850d06aa627a0
0376f3d49c6d13f0554b558686671b869d43e6d3ddf76c412fba4ac8828f1f2f
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1ab68786ea16c1d872ead33464dbe72c592d696e1af1cfce1ca12c0bf7f6fea7
1ece1e2b71a243eaef0899084fad206a651686451fd0c5cb1badf5e45151460a
22164bbd88c02c7654f35b068308b772001beff211e722d9d4db5379e5049180
267f6aa2b13625b4209e0f519dd31d8284fc337de60ec932392385eb30ad4ba4
2a73380a20debc11a3bb8062e7be5958519b110862a9135fb1417420e65b9fd0
34d360273df0fff90bd94371db2ffc37ae0ca3007f13ab30c406b63a22c53ff1
352a47912631dd9a6aea92a61fb973ca88b7f4cb597346ccbae7a850c0cab77f
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
3e3a542de469136b651ab00f163ba9392b02aa05287850a5dbe1db9b705fbb5f
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
42b9d70c9c51cfdff6ed60e874771049df657c93a0361220174582f07dceba53
4397a57f8357b3b0371c6df32a62b87eaa43218c42fa538fb34980bfb0b20a78
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4585af40bf875c408154bcb394f4e27afc2ad9669d29bc9efebe03be13adf4b5
4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5671d2b7c22f320ce7c50e5c2161685f30f333736b110a68f196093d97ac178f
5d8abb19387f7f9a68c4efd17cb154b238956a2b73c443d4755ae00d644df332
661b70adb190f9cb3a093173d2e9663a186c2ab4a89c565a4e5fa286db881fab
6879eddc75bb39b45011ea2b7e90581d40e19173b9a582109c28fd7ddc1328d5
6e7547cdec8cac5b91dcbba5138836bd253d9cf8d944fa2962caec1746c6672a
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
74eedf8411ca178e3837fec8cc4609af5b0e60e1273ba2bec14fefbe69e87fee
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
8028dcf290dadcee45aad3820c896f8d8333592637ce9f44ced929b69a594591
82752de16ad3ef43a8f7e3ebde612f106157ff52f0dda8ced99a58f82fe9c987
8429dcc57fa3a09dbf40102549919935b0bee78e9e647df4d7be55f775db0f7d
8b60a23d258735442370c4ab0bde948c4fbdcd1e5f8322b2fb1efcf73ff8ad7c
8caeadd94dba8c9f0ffb5087196a392d73e00424cc0e2d3aee6aafdd1d04a231
8f3b2255d9059d4757b704be9359a7b89d3f255c1b98f2a84f14b7f606a6c6d9
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
98cfbc4941d976520dde0a548b87b499e1c0454f9bc38aeb581b9e13b1e219a7
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
9d0ad9e6a6a56665f7c66f82f757f1ac61725b1f770dc0cab74c005b45ada498
9f32bf2f2d11ae32ea43df2912c71d5d476ef175dda6e1259a7a8ea8233c236c
a76629e7d4947b81a9785fb974417c265d85b4b7e6cf9d606d70096085b3a1fa
ab513161359bcd805d8df2ae160b0064edcdc60f914ac3f0bac697f2979bfd1e
ad0f82677c24ec787c8ba64d30acf0edc91f32e88af5118bd0b5b4d23135fc19
aec2c5330d63222d6def1e45d8f5412b86059dcecb921b259a95f65fe66a4c7d
b6559dabf5c4c75df5f0e2afaf3f894b9692f765ed8d6b445f4b86a14d60e83f
bc23faf540c0a5dba1403c0938d575d0d5b9acdf21813924dc006ec60547688e
bd50219667293fd4ee2c24ca0ab2140a609854fc6b1facb507cbf1d5d1a5effd
c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32
c2256ca967e5343339a586843799f60c8b3d82c570d2dfba9838a1016d85debf
c3d05056fa84de1e560a9e0a9a417da02bbb79ff7fffb5ad06e23f352a9e9f81
c7d39078cbaba7d16e5f530a43b88fbefd8a644ae6b960e1c0d1648491091554
d066dcc7428c49bbc32acaff2911fd72f5ee7591edae89b6615ff8fb7264fcc1
d3425ef4b87f6af4d569583a8e5ebb8c579c718959df0398deaced6de07a500a
dd664399c702d8f2897ffe72aa1a83f692414db9f066c1ba0f706b33cf71c9a4
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa
ebfd0bbe20fffb7e21d62638ddcbe23df6c82b279c00031301fc3899080f201a
ed4ac405391a5bdc2acdddc3de047ff20c37364c821c9ddbcfad89676b1ecb47
f7076ac0a77555d5d0dcd285287c46d561d2c01166e567b767c3ac4c4a464e72
f9f65a03ab52d952cc7f795887ae4bc956c5e45d416bd3356a8f0146ce3c52fc