urlscan.io logo urlscan.io
SecurityTrails logo

huntr.dev Open in urlscan Pro
2600:9000:223d:fc00:14:bb32:5f00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Submission: On September 17 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 2 countries across 9 domains to perform 64 HTTP transactions. The main IP is 2600:9000:223d:fc00:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon on February 25th 2021. Valid for: a year.
This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 32 2600:9000:223... 16509 (AMAZON-02)
9 143.204.99.83 16509 (AMAZON-02)
1 9 54.161.241.46 14618 (AMAZON-AES)
2 143.204.98.27 16509 (AMAZON-02)
1 143.204.98.93 16509 (AMAZON-02)
1 143.204.98.89 16509 (AMAZON-02)
2 2a04:4e42:600... 54113 (FASTLY)
1 52.37.21.144 16509 (AMAZON-02)
1 143.204.98.33 16509 (AMAZON-02)
1 52.1.91.246 14618 (AMAZON-AES)
1 143.204.98.102 16509 (AMAZON-02)
1 52.16.211.92 16509 (AMAZON-02)
4 2600:9000:215... 16509 (AMAZON-02)
1 52.217.12.84 16509 (AMAZON-02)
64 15
32    2600:9000:223d:fc00:14:bb32:5f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
huntr.dev
9    143.204.99.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-99-83.fra50.r.cloudfront.net
cdn.segment.com
9    54.161.241.46 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-241-46.compute-1.amazonaws.com
app.chatwoot.com
2    143.204.98.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-27.fra50.r.cloudfront.net
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
1    143.204.98.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-93.fra50.r.cloudfront.net
static.hotjar.com
1    143.204.98.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-89.fra50.r.cloudfront.net
cdn.heapanalytics.com
2    2a04:4e42:600::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    52.37.21.144 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-37-21-144.us-west-2.compute.amazonaws.com
api.segment.io
1    143.204.98.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-33.fra50.r.cloudfront.net
script.hotjar.com
1    52.1.91.246 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-91-246.compute-1.amazonaws.com
heapanalytics.com
1    143.204.98.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-102.fra50.r.cloudfront.net
vars.hotjar.com
1    52.16.211.92 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-211-92.eu-west-1.compute.amazonaws.com
in.hotjar.com
4    2600:9000:2156:4e00:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)
d3tq67kexc2w2i.cloudfront.net
1    52.217.12.84 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
Domain Requested by
32 huntr.dev 1 redirects huntr.dev
9 app.chatwoot.com 1 redirects huntr.dev
app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
9 cdn.segment.com huntr.dev
cdn.segment.com
4 d3tq67kexc2w2i.cloudfront.net app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
2 browser.sentry-cdn.com cdn.segment.com
2 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.dev
1 prod-chatwoot-assets.s3.amazonaws.com
1 in.hotjar.com browser.sentry-cdn.com
1 vars.hotjar.com static.hotjar.com
1 heapanalytics.com huntr.dev
1 script.hotjar.com static.hotjar.com
1 api.segment.io cdn.segment.com
1 cdn.heapanalytics.com cdn.segment.com
1 static.hotjar.com cdn.segment.com
64 14

This site contains links to these domains. Also see Links.

Domain
github.com
twitter.com
www.youtube.com
linkedin.com
instagram.com
418sec.com
www.418sec.com
Subject Issuer Validity Valid
*.huntr.dev
Amazon		 2021-02-25 -
2022-03-26		 a year crt.sh
*.segment.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-19 -
2022-08-09		 a year crt.sh
app.chatwoot.com
R3		 2021-07-21 -
2021-10-19		 3 months crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon		 2021-02-05 -
2022-03-06		 a year crt.sh
*.hotjar.com
Amazon		 2020-12-25 -
2022-01-23		 a year crt.sh
cdn.heapanalytics.com
Amazon		 2021-08-28 -
2022-09-26		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-02-22 -
2022-03-26		 a year crt.sh
heapanalytics.com
Amazon		 2020-12-24 -
2022-01-22		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2021-01-11 -
2022-02-11		 a year crt.sh

This page contains 3 frames:

Primary Page: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Frame ID: 47E0AD09F4CF1587FBCC1330276C8C65
Requests: 51 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: F058EF27D3D63F2D46C41E1BB94AA4E6
Requests: 12 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Frame ID: 01335E89B8B3B523F9B5FA3967305A8E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

huntr: Disclose & Fix Security Vulnerabilities in Open Source

Page URL History Show full URLs

  1. https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc' HTTP 301
    https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • heap-\d+\.js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

64
Requests

100 %
HTTPS

21 %
IPv6

9
Domains

14
Subdomains

15
IPs

2
Countries

2122 kB
Transfer

6282 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc' HTTP 301
    https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJYW5CbkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--d5bd8600745fd77201f6159b61f8b9f6f6f54b0a/huntr_logo.jpg HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20210917%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210917T082615Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e06f33deaf761a48680844063190f233864add78c0657cc3a951c52fd19d0295

64 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Redirect Chain
  • https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'
  • https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
89559266f343037882abd8052b95adf592f891f59bf0ab1290ed05db3c781422

Request headers

:method
GET
:authority
huntr.dev
:scheme
https
:path
/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html
date
Fri, 17 Sep 2021 08:26:13 GMT
server
AmazonS3
content-encoding
gzip
vary
Accept-Encoding
x-cache
Error from cloudfront
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-cf-id
j7UIqVrURUCRPVnbrHALia-TCC0752f6Gak9Zw1NjN6j4MEiCYUgqQ==

Redirect headers

content-type
application/xml
content-length
0
date
Fri, 17 Sep 2021 08:26:12 GMT
server
AmazonS3
location
/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
x-cache
Miss from cloudfront
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-cf-id
mcf32XcozGvgGIuhuWGgmwBVXmtTqljmGaciUUshEJKwxzNkV_r90w==
f47c122.js
huntr.dev/_nuxt/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f47c122.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e6244823c57a9001132f6cc89e3dd22de3b4669c360ed52e5e6b23b42d09ca7c
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/f47c122.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"19aceba0e042e0cc602da4d198b91adc"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
Wy_FCloGZOpwruJ8bS5my2Hknsv5QElmuIjxU_1KhTmISgn-7FOfUw==
5c933b9.js
huntr.dev/_nuxt/ 		310 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/5c933b9.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bc8209b02b00c89dc04741e3f3d88b42e942b5f5125cd46e34555125c3bb1e22
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/5c933b9.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"e47ccd4595d79482f2ecab6cac4e8f82"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
_vt6mSSdeSL4iqLTfQ3uqlexknnTK_PfxwC4ImsvYjLh7fkMyS_NDw==
56837f2.js
huntr.dev/_nuxt/ 		2 MB
662 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/56837f2.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e2af3ec263aaf18da93b0997f28fd4975565bd43cbcd73ffcc894ba93394631f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/56837f2.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:02 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"c842463167f73f575830e4ab062a5c36"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
SdPOEGztHZa18vUnuEoFZEMdRvM66gS2dPrPIVnf6yLre2Xah5tYOg==
eae7a4a.js
huntr.dev/_nuxt/ 		71 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/eae7a4a.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ec4e06e58a053a4952a165f580bf73bb4df7c54b61b8dbc369ae64d7ebe122e6
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/eae7a4a.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"b233ded9a0fcb5072d4beefcb9b7970f"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
qr6vw5lo-yhmEkEyAdu9eUrhWXn4pX4NnoPk0tFkEBclfIgYy_gBZw==
9e4aca6.js
huntr.dev/_nuxt/ 		65 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/9e4aca6.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d46b32681aa4ac92b9789bf6b28146329808987a47c2ad10d251f3046c52707c
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/9e4aca6.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"2dbb9765a9d43e6b50b0b290dce84c55"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
8JmExE8l9POInc8wcHbPXwobxf0-D1olWEZMm4x9jZJ-gZ0m5DB8Hw==
9908ea4.js
huntr.dev/_nuxt/ 		863 KB
273 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/9908ea4.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
239868551f90040bd1e795c9df613cc840f36784147bad6c17bbc960a4b7892f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/9908ea4.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:02 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"7a44c2ffd3c05269611a138d3fc39f99"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
hMh0E1x0SGBD39OXP7LUhtxi6nyz3D0TMZqaCUigJvZ795JfTVn9wQ==
3bf4462.js
huntr.dev/_nuxt/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/3bf4462.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7b5299675cc7d667691abaf524b378633ba3e23403ba741743e067323f6369e3
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/3bf4462.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"28702c5fd04add75dfd3b1efbf3aea08"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
JKdTdrH__zVB1RbTjZBmMcvgRfXF9bOO907GCisfJAgxiZwBFzWgyA==
db93482.js
huntr.dev/_nuxt/ 		49 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/db93482.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6db92edcf34d99d3b8de7563633c2292df0463419aecbebf73580002daefd63d
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/db93482.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"368b77283c03e544b2b814ad3eda6e68"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
SA_LW627eZrz04GoOo2fFpzjB39rEnreq5CHmIs6HEEKTDGqF-l75A==
1ae0eb2.js
huntr.dev/_nuxt/ 		122 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/1ae0eb2.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2ec368348c95d908acf4edbd3e5f0c587ec8a7c2490e6df102c2ef817a6ebda
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/1ae0eb2.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"3980b3163c40caacbb7ed79642434cc4"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
b5VLDx0zS6hYqqZ9wol954OT4UCDUBcQmCp3b77j2NW8mVUC3dnEyQ==
analytics.min.js
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		86 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.99.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-99-83.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a9d21f058ea3e889e215f74ca279992954905eb833349ccaac411e92868f5361

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id
znUA8fZtqJpHuwW9sT5qHFQfLE4_PfOS
content-encoding
br
etag
W/"66ef9d747fb48d69a3a8e3f08c619c39"
age
2
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Sat, 28 Aug 2021 08:38:04 GMT
server
AmazonS3
date
Fri, 17 Sep 2021 08:26:13 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
1bSx0R-X6JzCN1HEczjdrHFMfrUO7E0CWCFMCYnOtQO5ROxUv9aGdQ==
sdk.js
app.chatwoot.com/packs/js/ 		50 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/packs/js/sdk.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/eae7a4a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
2ff1483e7872d59b2bbf22407931bce103c32a6081950367ee85352e2d9491c7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 08:26:14 GMT
Content-Encoding
br
Last-Modified
Wed, 15 Sep 2021 15:03:28 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Connection
keep-alive
Content-Type
application/javascript
Via
1.1 vegur
Cache-Control
public, max-age=31556952
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
16111
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		23 B
418 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-27.fra50.r.cloudfront.net
Software
/
Resource Hash
b6fa817ec4be2648355af89c3dd061d455ffe0d9def8f9f476a3422b5c3e051d

Request headers

accept
*/*
Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

date
Fri, 17 Sep 2021 08:26:14 GMT
via
1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amzn-requestid
afbcfeb4-d7aa-4283-b051-7e623d7a39fb
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
23
x-amz-cf-id
aTfk7tkXAZ-WVKkccoqmCaixt89XUQZWm90r-_Rl1uZYiChM_VY2Vg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Server
143.204.98.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-27.fra50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-api-key
Origin
https://huntr.dev
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Fri, 17 Sep 2021 08:26:14 GMT
x-amzn-requestid
39584864-28a4-4974-ae61-0a39f09c81b9
access-control-allow-origin
*
access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
x-cache
Miss from cloudfront
via
1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
fb2da0P-ndxDskWq0oTEHdprlvaKskXYXTygv8sEpX7VZgB0wuFVnQ==
Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 		240 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://huntr.dev
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
font
cookie
auth.strategy=cognito
:path
/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/ttf
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
anqUCPe0nbSDRR0xfMbDLAZbrsQQRbmnd_o_djtyEK9bp_aAS3EiWQ==
Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 		237 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://huntr.dev
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
font
cookie
auth.strategy=cognito
:path
/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"c8b6e083af3f94009801989c3739425e"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/ttf
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
530vvQobPaaCEM5Ce4qAlUlhfUvllxnNgh1-7Ib8JGFRdUuKh0KGlg==
8046985.js
huntr.dev/_nuxt/ 		36 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/8046985.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b69e0d9679b200eba867f997f2b4b169a4e61ab1c279367ac6c0fafeba2658f2
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/8046985.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"d20b5b695fdd37430f4d48c856d4bfff"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
L9PNqAxRNktGjPfbsCz4BG_EZCwzAYieH9OBym8SwF-1sLzVTrIZTQ==
manifest.js
huntr.dev/_nuxt/static/1631810399/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1631810399/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4e0d80a1cd1e647fa23f9721ab56793ad850bd04aeeb923b029cc4db8f7af989
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/static/1631810399/manifest.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:03 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"d81fb4469f3baf439c82482a1104de78"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
7Q33RkkiOJWmT4vgVJtq11pw3VTCRTdWhVll54W9W-uA5Xn701IMhA==
3db81c2.js
huntr.dev/_nuxt/ 		38 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/3db81c2.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
48a53856daa42f3df6cedc122d47a95827c57ed857d385441ba77e488fa6f9f2
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/3db81c2.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"36e828ed16b0bdc449e391713ac7d4fd"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
Q7sbzxsuRCuZyu3azOIkBBfnbAqDpgorbmCuTe_FWA1vl4mUXQcS9A==
e304473.js
huntr.dev/_nuxt/ 		132 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/e304473.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4f51c8aef0bb7d5f2f1343853a64fa9f204f0b5d60d085c250365a13775ceb8a
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/e304473.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"7892c46d922e7444dc2d69593c6263a0"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
lZ05e4mStOGDNF6hPF_ap7aPKmGflq1dvIpzZDnHglwpVtzQEtuU3g==
settings
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.99.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-99-83.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef5c24b66294a94d32811bcd75750c92f21ea7b618161d99ee6cf4a0041e2195

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id
wbtUmnsUaU0BzJxlo783AAYfximAnWMb
content-encoding
gzip
etag
W/"ad5b3fce641607f3bd4aa56d22bec6a4"
age
9319
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Thu, 08 Jul 2021 06:02:59 GMT
server
AmazonS3
date
Fri, 17 Sep 2021 05:50:55 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
via
1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
cache-control
public, max-age=10800
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
F4Po51xqXpxpl6VFPd0_ml6kCuxImUIb-ybumwo0Ac7YxcWe2N7btQ==
payload.js
huntr.dev/_nuxt/static/1631810399/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1631810399/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7d22aed387904d593414b47466c3fd9efd0515efbbf21a8623fbdcab612c9b4c
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/static/1631810399/payload.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:03 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"f76a40d713edd16bd90044325875a3d6"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
m8zUXZqBQVLbudqnSFjBlQNWJqxPcao-OoDm5vxXw_jX7DV0NTd7cA==
payload.js
huntr.dev/_nuxt/static/1631810399/bounties/ 		70 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1631810399/bounties/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/static/1631810399/bounties/payload.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
70
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:03 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"ed9a10c88c5ac705aee93e7d26c4fc32"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
n9g4ekv2KsJIhBzDlpJGQ3tt8LjVsodX2wWO_WyY2lHCXexEpOgfZg==
payload.js
huntr.dev/_nuxt/static/1631810399/bounties/disclose/ 		79 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1631810399/bounties/disclose/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/static/1631810399/bounties/disclose/payload.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:03 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
fe7r6asyswV3v8KhaIoUXzvMCpq52uWiIXT-CAY1oAPvRO5sX0diZg==
130.bundle.4658d09930a38c10c8b6.js
cdn.segment.com/analytics-next/bundles/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/130.bundle.4658d09930a38c10c8b6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.99.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-99-83.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2ad1c920d36b3551a4184b5497087355e89ba42a35a7f5185cd0f65cdc26ccfa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 21:12:24 GMT
content-encoding
br
vary
Accept-Encoding
age
2718831
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Mon, 16 Aug 2021 21:09:22 GMT
server
AmazonS3
etag
W/"1b09f8230210d186ae274e7f5668f933"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
EyGtog2ZHhgOh9wPkdYgzAWMYYDki75T
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
xKAOoCT8fnRp1HALnAF51jYKekHzKwAj_9rj1eqgRxhWi01dWj4Y-Q==
ajs-destination.bundle.5c4dc5a893f01d22d9bb.js
cdn.segment.com/analytics-next/bundles/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.5c4dc5a893f01d22d9bb.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.99.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-99-83.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
01f42218fd8653a91a8b43c6684e9bbfad81618ed359e5b5154b181f85120865

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 28 Jul 2021 18:39:17 GMT
content-encoding
br
vary
Accept-Encoding
age
4369618
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Wed, 28 Jul 2021 18:38:18 GMT
server
AmazonS3
etag
W/"0a20d76fd1575156dd469cfd0cb00105"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
I_0vE2YjpvkkCUx2ynE.qqOV6La2W8Jb
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
e2g0TR6ZkB5zXYUkDfc6AmCHU2uODNsrkPc8wX_Sl6Fkuz0xOf0RKA==
heap.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/heap/2.1.2/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/heap/2.1.2/heap.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.99.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-99-83.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
495bd41586dca53b986f60226cc13c438f007a539d67bbbfc8333e99c77001f0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 23:22:41 GMT
content-encoding
gzip
age
5994214
x-cache
Hit from cloudfront
content-length
1669
access-control-allow-origin
*
last-modified
Fri, 09 Jul 2021 19:25:22 GMT
server
AmazonS3
etag
"306c37d78510725e5937aec0a5fcea33"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
klo853aAvCRU2nvYW7jHHT8k3STQbLoy
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
lbzYrEdSe8IsfvlZiXCYJirkYhkh9pXtn3Zy4VeAbGAj_QQCSRirOg==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.99.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-99-83.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d42e3c428f1422c65d407da359b81c3cebf11753c0904af02e73c1afbe92d16e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 13:12:28 GMT
content-encoding
gzip
age
69227
x-cache
Hit from cloudfront
content-length
1343
access-control-allow-origin
*
last-modified
Thu, 26 Aug 2021 21:35:46 GMT
server
AmazonS3
etag
"b92e2362e4114fa67e843e95f39fee40"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
NNqVKDS3ybNnTxU2Qe.hDqY35kMdkzpY
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Xzch8o6l_F5YCDt5UFI0k4fesxhle7g31aYbemngJFPmEIBojrl_1A==
sentry.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.99.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-99-83.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f015747353783a0def6770bf8f2a0a3dc50e6bdd120ea847ac1d7ce6f45f3583

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 26 Jun 2021 20:34:28 GMT
content-encoding
gzip
age
7127507
x-cache
Hit from cloudfront
content-length
1636
access-control-allow-origin
*
last-modified
Mon, 21 Jun 2021 21:31:31 GMT
server
AmazonS3
etag
"a3828884b9c1734e21c1860ffd4b8ef0"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
bIR3qXQ.AHvPEJf8bXknuRv58H6XP5m0
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
D5W4XtEJ-ii86lTeNvSZgvzEgm8Op4yFOvDQ2zHKkH9o1xtg2phj4A==
da4b3c4.js
huntr.dev/_nuxt/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/da4b3c4.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0667864a2286a262032ee90ff515736ce1c50dcc84d3902c41b18fbef7924770
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/da4b3c4.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"2793d1cc0b15585efb56f2781df2c753"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
eXsCreWe_hAD77mr3SqMnG1ZGSjLnCslboLDj14iVqNmuuqL3KESqw==
6679063.js
huntr.dev/_nuxt/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/6679063.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cbc59f7fe2b47ef4ff44a4e391fab8d253906cccc4b41b9db3e271ced191d195
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/6679063.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"34395fb36e0d55764878fc540b89ae2c"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
ZnyGpvxQqVRopIotRDflFdMBwOL18uhNqynraMBsCEeKOWuCdQxYEQ==
3172e4f.js
huntr.dev/_nuxt/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/3172e4f.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a55752f35e23b89a1d7f6f2aea1c8ccf2d8728931cefc6443a6d4006ebc82894
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/3172e4f.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"2c124f57a2c428451692574a881c17f5"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
nvsA_qK8QCsI6NIcQVP8eIQzFCcfNNypjA6e1MRE82j55xiScCdRBw==
adb3bfa.js
huntr.dev/_nuxt/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/adb3bfa.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5ec930383b6c533f6ab685a698d98e74cb943c536536787681b2bd07b6f638d2
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/adb3bfa.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"77ec1e5a1960b6f7366b52d9dfc9e4ac"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
jJYyTqapYTkDTBfM7UOEthw8W2NB2FuHlLhrQEXUydCzlV2bX63hFg==
70c7341.js
huntr.dev/_nuxt/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/70c7341.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
45bc2afd31bbc3c5ccd755d5d00837089f4a8badea13bb0756af544825080eac
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/70c7341.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"69f1c80552460b92b0264f2744f898e6"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
Tyo-K0WdQ_d_Y0ypcalqNAwMM3ivaTINqB00ZPBes3eXkfywzf4dSw==
8aaaf80.js
huntr.dev/_nuxt/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/8aaaf80.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f47c122.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d18266c616ff5f6d3e741d8febd26b9a60bef42cdcf48cc8a023801ada6d861e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/8aaaf80.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"0727b63a89b4aac8f1428eddb3cbf394"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
RLH46y-R_awx5nRTbv4vbk6hHYAlm0-kLnhttP2c5B2I4ehqBQMLWQ==
payload.js
huntr.dev/_nuxt/static/1631810399/faq/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1631810399/faq/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cb63844df7f3a2a8ba754c021bb5e9b240fbd629503e6266e1adf20c584154dd
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/static/1631810399/faq/payload.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:03 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"2242fbaf9daf3d1bdedc81fe5349ca64"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
9upFECGTDsoKEdwnJY6PpHY8fYhGS3DUqkJOZPn6_PY5vcdlXVQkyQ==
payload.js
huntr.dev/_nuxt/static/1631810399/contact-us/ 		72 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1631810399/contact-us/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/static/1631810399/contact-us/payload.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
72
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:03 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"366dc6ea76591bc89566ac85b90aec65"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges
bytes
x-amz-cf-id
lewTsg_HbD_WI_dE0OYeTVBlelaZF6VJ5ZrGtepj1JLikk6hen6Zvg==
payload.js
huntr.dev/_nuxt/static/1631810399/terms/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1631810399/terms/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
769a6c5aabdd7f338307a9b898433143c500d7342df7ae1dcbb182a039a91174
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/static/1631810399/terms/payload.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:03 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"2e83ab90bd37079d74ecbd6378fb9655"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
p7u0JevvyDAFBP6L3RksVgBM4ehc2j1z_cmeMtcKvPKuKD74AEOiPQ==
payload.js
huntr.dev/_nuxt/static/1631810399/privacy/ 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1631810399/privacy/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/56837f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bcd2f7ca784a357955ece72de7b45d91901cef84ab86a34df147075d31fa8a1e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/static/1631810399/privacy/payload.js
pragma
no-cache
cookie
auth.strategy=cognito
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:03 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"87a2a3c24fa5ee0081ea0352c7f527f4"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
DtLZFN_f51Y4jQRMZ_q4TURU3engbhgnEMfe1GKVXnMF5jROczk5WQ==
commons.3495c86769f191d6894f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.99.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-99-83.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7b5e884ac6bca471440d62a21038e1b0342c4bc6e840388256b5f4137c2e666e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 09 Sep 2021 07:50:32 GMT
content-encoding
gzip
age
693342
x-cache
Hit from cloudfront
content-length
22175
access-control-allow-origin
*
last-modified
Thu, 26 Aug 2021 21:35:44 GMT
server
AmazonS3
etag
"97bdd3686696ee0e0f60bfaaa6b5693b"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
ycGBqmRQJe7ubt596zlSYLfgMdBxARsQ
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
JgRAIpcNtgGI5onJeS3-Dypc2nj292pSauvoFGu3X2k5o85yXkFNZA==
commons.dddbd6a06577f22e5c7f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.dddbd6a06577f22e5c7f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.99.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-99-83.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5ad7b91941f455bd1260b2d44ab9de7b3cfc1fff40fb56c4798afef02d8d012e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 07 Aug 2021 15:25:01 GMT
content-encoding
gzip
age
3517274
x-cache
Hit from cloudfront
content-length
22055
access-control-allow-origin
*
last-modified
Mon, 02 Aug 2021 21:35:35 GMT
server
AmazonS3
etag
"a58c4402066684684bff5837e7b5fe12"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
zkm5nKHdYX074QnkKX8hTl4BnbVqYwQ1
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
ZR7vwRzEbSFd0XCvGypXa7TvxFZ7L-u9v0t5pBX1s_RD4qnKO7Wdbw==
hotjar-2380708.js
static.hotjar.com/c/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-93.fra50.r.cloudfront.net
Software
/
Resource Hash
bfd6fd1a483b3e9cfa686a46c885264f208ccc7c5a65e1a3b189a39829da8242
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:12 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
age
2
etag
W/23696ec4376a85b40232b82b3fd94787
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
UN9-JeALYkGUMEMmyeiXg89j3rdl5Ba6OqhelcL57O_9ydUMnMG1TQ==
via
1.1 5721f7035c3fc934bd3f96dbb04ba1e5.cloudfront.net (CloudFront)
heap-3119211033.js
cdn.heapanalytics.com/js/ 		102 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/heap-3119211033.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.dddbd6a06577f22e5c7f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-89.fra50.r.cloudfront.net
Software
nginx /
Resource Hash
31a571494b22367242e4e05a8bad001817e715547ab493adfd04366368286fb5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:25:04 GMT
content-encoding
gzip
server
nginx
age
70
etag
W/"19667-rEcXyepvTFCA2jBajJzX3Q"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-pop
FRA50-C1
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
eS7g0IaDB62if1C6hrF5qGKnlADw_O57jPMC7kRjA4oszmNqFK6cWQ==
bundle.min.js
browser.sentry-cdn.com/5.12.1/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.dddbd6a06577f22e5c7f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:14 GMT
content-encoding
gzip
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
8644650
etag
"1c5228c89d281d08aa0ce908f582609a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
17201
expires
Thu, 09 Jun 2022 07:08:44 GMT
p
api.segment.io/v1/ 		21 B
138 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.37.21.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-37-21-144.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://huntr.dev
date
Fri, 17 Sep 2021 08:26:15 GMT
content-length
21
vary
Origin
content-type
application/json
rewriteframes.min.js
browser.sentry-cdn.com/5.12.1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.dddbd6a06577f22e5c7f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:14 GMT
content-encoding
gzip
last-modified
Tue, 04 Feb 2020 11:19:05 GMT
server
Fastly
age
3102318
etag
"4e240097ab71acf709caa48e23cd6411"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
1807
expires
Fri, 12 Aug 2022 10:40:57 GMT
modules.5fe2f4f38cf4833026a9.js
script.hotjar.com/ 		221 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.5fe2f4f38cf4833026a9.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-33.fra50.r.cloudfront.net
Software
/
Resource Hash
33d18bfaad19367135cba7d9096fba55164cd67b8e5819617c6d6b34bd43454b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 09 Sep 2021 07:15:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
695469
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
59626
access-control-allow-origin
*
last-modified
Thu, 09 Sep 2021 07:14:26 GMT
etag
"e8c5ca8d148a212696c04c37e713b2a1"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
GCrcAmH4Wqu1pLEliipoIdOGsTmys_EUCUygmPOVBJ0370jvE0tUiQ==
h
heapanalytics.com/ 		37 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=3119211033&u=4355233505018576&v=8828241346265266&s=8361967785588598&b=web&tv=4.0&z=0&h=%2Fbounties%2Fc98e0f0e-ebf2-4072-be73-a1848ea031cc%27%2F&d=huntr.dev&t=huntr%3A%20undefined%20undefined%20Vulnerability%20in%20undefined&ts=1631867174925&st=1631867174927&ei=140&et=variation
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.91.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-91-246.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Sep 2021 08:26:15 GMT
server
nginx
etag
W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
Cookie set widget
app.chatwoot.com/ Frame F058 		5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
d4fd03d7a89fea515091f7fa07bbea444e758b0ab86581312fe019d142e94758
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
app.chatwoot.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://huntr.dev/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/

Response headers

Server
Cowboy
Date
Fri, 17 Sep 2021 08:26:14 GMT
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
Referrer-Policy
strict-origin-when-cross-origin
Content-Type
text/html; charset=utf-8
Etag
W/"d4fd03d7a89fea515091f7fa07bbea44"
Cache-Control
max-age=0, private, must-revalidate
Set-Cookie
_chatwoot_session=vQoIQUZPXsS%2BdDzgmvqfwrRK959mRROMbhimnVXPswqJo%2FlaxF%2FByidBP5M8Kyw4DDpBvgeuQmy6AXQo4te3r7kbLsO1ggtqXhIq0UM6oNuCnfcOr%2Fqz3U7rFhkvb9qOzp7tIaMGW4uCQyDIX9B4O%2B86QNnmOHXQtipUCfmFjAJCroFWHQe0lfC0EljSEREFw%2Bf%2BRDxyzwDKNzMJsZVDKmvPggGk8k8glYH9%2BIKNF7uE9TBBKxbglnBPueuN7%2F%2BkFnE3fX6EXBe3iQZnOckw4Wcf9NAZ%2B8tfKQ%3D%3D--ReS909hvJmMcTlTf--meTU6xqh9g3JV9Wp83Zl4A%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
X-Request-Id
6e2aa586-7710-47bc-9405-1c71a759c95e
X-Runtime
0.048580
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur
mouse-warrior.svg
huntr.dev/ 		18 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://huntr.dev/mouse-warrior.svg
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1b5edb321d2b7d45407aa8200e19b348290867d3508d8a23e5fd2fea0615715e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/mouse-warrior.svg
pragma
no-cache
cookie
auth.strategy=cognito; ajs_anonymous_id=6916e7ea-06cd-49f8-a49d-d0ec85e5ce43; _hp2_id.3119211033=%7B%22userId%22%3A%224355233505018576%22%2C%22pageviewId%22%3A%228828241346265266%22%2C%22sessionId%22%3A%228361967785588598%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D; _hp2_ses_props.3119211033=%7B%22z%22%3A0%2C%22ts%22%3A1631867174925%2C%22d%22%3A%22huntr.dev%22%2C%22h%22%3A%22%2Fbounties%2Fc98e0f0e-ebf2-4072-be73-a1848ea031cc'%2F%22%2C%22t%22%3A%22huntr%3A%20undefined%20undefined%20Vulnerability%20in%20undefined%22%7D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:07 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"c8935bfe1cb0f30bbaa28775465d947c"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/svg+xml
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
6ArWHC1E_vWIMaLb4dlVtEd6aLt4g_EFzaRLMpyDJ1DeppW7QU96TQ==
Montserrat-Bold.079ca05.ttf
huntr.dev/_nuxt/fonts/ 		239 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Bold.079ca05.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c8289a870d238aa042bdfd09364fe6dea524bcd1ea485341878d8c75a32ab444
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://huntr.dev
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
font
cookie
auth.strategy=cognito; ajs_anonymous_id=6916e7ea-06cd-49f8-a49d-d0ec85e5ce43; _hp2_id.3119211033=%7B%22userId%22%3A%224355233505018576%22%2C%22pageviewId%22%3A%228828241346265266%22%2C%22sessionId%22%3A%228361967785588598%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D; _hp2_ses_props.3119211033=%7B%22z%22%3A0%2C%22ts%22%3A1631867174925%2C%22d%22%3A%22huntr.dev%22%2C%22h%22%3A%22%2Fbounties%2Fc98e0f0e-ebf2-4072-be73-a1848ea031cc'%2F%22%2C%22t%22%3A%22huntr%3A%20undefined%20undefined%20Vulnerability%20in%20undefined%22%7D
:path
/_nuxt/fonts/Montserrat-Bold.079ca05.ttf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
huntr.dev
referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Origin
https://huntr.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
last-modified
Thu, 16 Sep 2021 16:44:01 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ade91f473255991f410f61857696434b"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/ttf
via
1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
cache-control
no-cache, s-maxage=2
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://o721354.ingest.sentry.io https://*.hotjar.com https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id
BHbdwTzArzKcpoNmLTewZjWhiZeIb2LEotryTL9Ocv2pEvi7LCyQ5A==
box-dfc01efbdc94bb0936d9a35a502b0b64.html
vars.hotjar.com/ Frame 0133 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-102.fra50.r.cloudfront.net
Software
/
Resource Hash
88ca677c14d4217c2f6b8c8964a1d172027974c4c0839e4d531ad7d3d6de1987

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-dfc01efbdc94bb0936d9a35a502b0b64.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://huntr.dev/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://huntr.dev/

Response headers

content-type
text/html
content-length
1044
date
Tue, 20 Jul 2021 13:05:05 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
etag
"10714b84569172431728622d7c8098e4"
last-modified
Tue, 20 Jul 2021 13:04:43 GMT
x-amz-server-side-encryption
AES256
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
oe4jRr7sX-4fh9MSQrkH2ctik97QTgMf7QVgxcY4Lb7dETF1WnL-HQ==
age
5080870
visit-data
in.hotjar.com/api/v2/client/sites/2380708/ 		147 B
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://in.hotjar.com/api/v2/client/sites/2380708/visit-data?sv=6
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.16.211.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-211-92.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
94a8ab0e7a25c3ae19210bc4b6e014c99780c9058e0ffbc3e70e0f4708229d2c

Request headers

Referer
https://huntr.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Fri, 17 Sep 2021 08:26:15 GMT
content-encoding
br
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store
access-control-allow-credentials
true
widget-b0f38237787ba64a7baa.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame F058 		619 KB
174 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-b0f38237787ba64a7baa.js
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:4e00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
14557d37712b583de900c6965b94780030c007be6588e84e92370ef7ddd8b59a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 15:08:11 GMT
content-encoding
gzip
last-modified
Wed, 15 Sep 2021 15:03:28 GMT
server
Cowboy
age
148683
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
via
1.1 vegur, 1.1 a1098f0eeab192209962e3a9d76d0339.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA50-C1
content-length
177461
x-amz-cf-id
oPWq4fSlmxMznC_bkgIUYsUlBpgpAt2tbYgN2PPku_a9AzP3DoL7Pg==
widget-a1dae881.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame F058 		84 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-a1dae881.css
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:4e00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
9b5ba0ac082c7910532fe65926d5fbb4b904a886a2a3b8038a23bcabef492a27
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 15:08:11 GMT
content-encoding
gzip
last-modified
Wed, 15 Sep 2021 15:03:28 GMT
server
Cowboy
age
148683
vary
Accept-Encoding,Origin
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
via
1.1 vegur, 1.1 a1098f0eeab192209962e3a9d76d0339.cloudfront.net (CloudFront)
cache-control
public, max-age=31556952
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA50-C1
content-length
16963
x-amz-cf-id
vSVsUmMOVrC-fHmz9xBYQIS7FWLYdmybAbXuC9x2QGtdlFN5faJ0BA==
367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7
prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/ Frame F058
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJ...
  • https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filenam...
37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20210917%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210917T082615Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e06f33deaf761a48680844063190f233864add78c0657cc3a951c52fd19d0295
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.12.84 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Fri, 17 Sep 2021 08:26:17 GMT
Last-Modified
Thu, 05 Aug 2021 20:31:19 GMT
Server
AmazonS3
x-amz-request-id
2BDXSSSAYD9SYZ4Q
ETag
"ab29439c87f225b2b0b1025797f85380"
Content-Type
image/jpeg
Content-Disposition
inline; filename="huntr_logo.jpg"; filename*=UTF-8''huntr_logo.jpg
Accept-Ranges
bytes
Content-Length
38205
x-amz-id-2
Bij+pk11P63+6ciER3zKtcqSM66H5BtW0OYTjKb1zw7hJh29yj8uScUhoOhqMwUbnwGXOgDXqrM=

Redirect headers

Date
Fri, 17 Sep 2021 08:26:15 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
88dd7363-2a49-4d13-8290-12a012ea7c37
X-Runtime
0.134268
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20210917%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210917T082615Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e06f33deaf761a48680844063190f233864add78c0657cc3a951c52fd19d0295
Cache-Control
max-age=300, private
logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame F058 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.chatwoot.com/brand-assets/logo_thumbnail.svg
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 08:26:14 GMT
Via
1.1 vegur
Last-Modified
Wed, 15 Sep 2021 14:49:34 GMT
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/svg+xml
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
916
conversations
app.chatwoot.com/api/v1/widget/ Frame F058 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-b0f38237787ba64a7baa.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhNGU4ZWIwMi1jNTFmLTQyZGItYTlmOS1hYjE3MTM4MDkwZTgiLCJpbmJveF9pZCI6MTQxMn0.kxIUM7G4QuT9_J36IK_9bDRNjO_mmTQzfQMhaAz_tQA
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 08:26:15 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
d9e72220-30d9-4924-b70e-1f081c76c0cb
X-Runtime
0.068847
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
Inter-Regular-b35f79d43d03b9a20047efe416c35d08.woff2
d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/ Frame F058 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/Inter-Regular-b35f79d43d03b9a20047efe416c35d08.woff2
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-a1dae881.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:4e00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
9ff1509605edb93b5b09373cc654addcf9afe913bc0ca69082e5683348e2ba75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-a1dae881.css
Origin
https://app.chatwoot.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 28 Jun 2021 14:39:05 GMT
via
1.1 vegur, 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
vary
Origin
age
6976029
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
content-length
34832
last-modified
Mon, 28 Jun 2021 14:00:37 GMT
server
Cowboy
access-control-max-age
7200
access-control-allow-methods
GET, OPTIONS
content-type
application/font-woff2
access-control-allow-origin
*
access-control-expose-headers
cache-control
public, max-age=31556952
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
ihJbDNsKMhfnIbrvPOqTxSSpGYpmBd5iNc14Ss8mWdTcc6Ffj8OJ5A==
Inter-Medium-aec38a6b266a908bc320e30f261771d1.woff2
d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/ Frame F058 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/Inter-Medium-aec38a6b266a908bc320e30f261771d1.woff2
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-a1dae881.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:4e00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
9177550934c7d4516a148a4d0bc2cd709da01789a4d6d2862c6d17b083a7d8cb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-a1dae881.css
Origin
https://app.chatwoot.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 02:17:14 GMT
via
1.1 vegur, 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
vary
Origin
age
1750140
x-cache
Hit from cloudfront
strict-transport-security
max-age=63072000; includeSubDomains
content-length
35264
last-modified
Thu, 26 Aug 2021 13:34:38 GMT
server
Cowboy
access-control-max-age
7200
access-control-allow-methods
GET, OPTIONS
content-type
application/font-woff2
access-control-allow-origin
*
access-control-expose-headers
cache-control
public, max-age=31556952
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
jsB4XIYjft3PFNNS62DdpbLZaEg6RojBPvTUQY8TzsGQLSwg0KimCg==
truncated
/ 		424 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
messages
app.chatwoot.com/api/v1/widget/ Frame F058 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-b0f38237787ba64a7baa.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhNGU4ZWIwMi1jNTFmLTQyZGItYTlmOS1hYjE3MTM4MDkwZTgiLCJpbmJveF9pZCI6MTQxMn0.kxIUM7G4QuT9_J36IK_9bDRNjO_mmTQzfQMhaAz_tQA
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 08:26:15 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
f2c047ad-6490-4476-b43b-2e7a7ac660ac
X-Runtime
0.020376
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
inbox_members
app.chatwoot.com/api/v1/widget/ Frame F058 		958 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-b0f38237787ba64a7baa.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
8d6ae1e82a7210727a5b123d09d9e9599eff23f32509a45ca35d339183abb2a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhNGU4ZWIwMi1jNTFmLTQyZGItYTlmOS1hYjE3MTM4MDkwZTgiLCJpbmJveF9pZCI6MTQxMn0.kxIUM7G4QuT9_J36IK_9bDRNjO_mmTQzfQMhaAz_tQA
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 08:26:15 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
5d6edd06-30e2-433d-801b-fb81594babdc
X-Runtime
0.079706
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"8d6ae1e82a7210727a5b123d09d9e959"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
contact
app.chatwoot.com/api/v1/widget/ Frame F058 		51 B
696 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-b0f38237787ba64a7baa.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
ba1e0d45b84e142ad1b3a1e58d8dc191fe20c6bcece5bfa933066ec75a89e4a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhNGU4ZWIwMi1jNTFmLTQyZGItYTlmOS1hYjE3MTM4MDkwZTgiLCJpbmJveF9pZCI6MTQxMn0.kxIUM7G4QuT9_J36IK_9bDRNjO_mmTQzfQMhaAz_tQA
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 08:26:14 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
1c9b8b45-21c6-4b8e-99b8-b8dbb6b00522
X-Runtime
0.018005
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"ba1e0d45b84e142ad1b3a1e58d8dc191"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
campaigns
app.chatwoot.com/api/v1/widget/ Frame F058 		2 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-b0f38237787ba64a7baa.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhNGU4ZWIwMi1jNTFmLTQyZGItYTlmOS1hYjE3MTM4MDkwZTgiLCJpbmJveF9pZCI6MTQxMn0.kxIUM7G4QuT9_J36IK_9bDRNjO_mmTQzfQMhaAz_tQA
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 08:26:15 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-Id
8a01e6a1-33d4-4fed-ab4c-42cd28adb048
X-Runtime
0.014096
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ object| core object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ object| analytics object| chatwootSettings object| $nuxt object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| AnalyticsNext object| hotjarDeps function| hotjarLoader object| heapDeps function| heapLoader object| sentryDeps function| sentryLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| heapIntegration object| heap function| sentryIntegration object| Sentry object| __SENTRY__ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| chatwootSDK object| $chatwoot

10 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ajs_anonymous_id
Value: 6916e7ea-06cd-49f8-a49d-d0ec85e5ce43
.huntr.dev/ Name: _hp2_id.3119211033
Value: %7B%22userId%22%3A%224355233505018576%22%2C%22pageviewId%22%3A%228828241346265266%22%2C%22sessionId%22%3A%228361967785588598%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.huntr.dev/ Name: _hjid
Value: 801cf82a-daf3-4b0e-b933-300b462b9f72
.huntr.dev/ Name: _hjFirstSeen
Value: 1
huntr.dev/ Name: _hjIncludedInPageviewSample
Value: 1
.huntr.dev/ Name: _hjAbsoluteSessionInProgress
Value: 0
huntr.dev/ Name: _hjIncludedInSessionSample
Value: 0
.huntr.dev/ Name: _hp2_ses_props.3119211033
Value: %7B%22ts%22%3A1631867174925%2C%22d%22%3A%22huntr.dev%22%2C%22h%22%3A%22%2Fbounties%2Fc98e0f0e-ebf2-4072-be73-a1848ea031cc'%2F%22%7D
huntr.dev/ Name: cw_conversation
Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJhNGU4ZWIwMi1jNTFmLTQyZGItYTlmOS1hYjE3MTM4MDkwZTgiLCJpbmJveF9pZCI6MTQxMn0.kxIUM7G4QuT9_J36IK_9bDRNjO_mmTQzfQMhaAz_tQA

1 Console Messages

Source Level URL
Text
network error URL: https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc'/
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
browser.sentry-cdn.com
cdn.heapanalytics.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
heapanalytics.com
huntr.dev
in.hotjar.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
143.204.98.102
143.204.98.27
143.204.98.33
143.204.98.89
143.204.98.93
143.204.99.83
2600:9000:2156:4e00:7:dce7:b680:21
2600:9000:223d:fc00:14:bb32:5f00:93a1
2a04:4e42:600::729
52.1.91.246
52.16.211.92
52.217.12.84
52.37.21.144
54.161.241.46
01f42218fd8653a91a8b43c6684e9bbfad81618ed359e5b5154b181f85120865
0667864a2286a262032ee90ff515736ce1c50dcc84d3902c41b18fbef7924770
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
14557d37712b583de900c6965b94780030c007be6588e84e92370ef7ddd8b59a
1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7
1b5edb321d2b7d45407aa8200e19b348290867d3508d8a23e5fd2fea0615715e
239868551f90040bd1e795c9df613cc840f36784147bad6c17bbc960a4b7892f
2ad1c920d36b3551a4184b5497087355e89ba42a35a7f5185cd0f65cdc26ccfa
2ff1483e7872d59b2bbf22407931bce103c32a6081950367ee85352e2d9491c7
31a571494b22367242e4e05a8bad001817e715547ab493adfd04366368286fb5
33d18bfaad19367135cba7d9096fba55164cd67b8e5819617c6d6b34bd43454b
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45bc2afd31bbc3c5ccd755d5d00837089f4a8badea13bb0756af544825080eac
48a53856daa42f3df6cedc122d47a95827c57ed857d385441ba77e488fa6f9f2
495bd41586dca53b986f60226cc13c438f007a539d67bbbfc8333e99c77001f0
4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400
4e0d80a1cd1e647fa23f9721ab56793ad850bd04aeeb923b029cc4db8f7af989
4f51c8aef0bb7d5f2f1343853a64fa9f204f0b5d60d085c250365a13775ceb8a
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5ad7b91941f455bd1260b2d44ab9de7b3cfc1fff40fb56c4798afef02d8d012e
5ec930383b6c533f6ab685a698d98e74cb943c536536787681b2bd07b6f638d2
6db92edcf34d99d3b8de7563633c2292df0463419aecbebf73580002daefd63d
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
769a6c5aabdd7f338307a9b898433143c500d7342df7ae1dcbb182a039a91174
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
7b5299675cc7d667691abaf524b378633ba3e23403ba741743e067323f6369e3
7b5e884ac6bca471440d62a21038e1b0342c4bc6e840388256b5f4137c2e666e
7d22aed387904d593414b47466c3fd9efd0515efbbf21a8623fbdcab612c9b4c
88ca677c14d4217c2f6b8c8964a1d172027974c4c0839e4d531ad7d3d6de1987
89559266f343037882abd8052b95adf592f891f59bf0ab1290ed05db3c781422
8d6ae1e82a7210727a5b123d09d9e9599eff23f32509a45ca35d339183abb2a3
9177550934c7d4516a148a4d0bc2cd709da01789a4d6d2862c6d17b083a7d8cb
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
94a8ab0e7a25c3ae19210bc4b6e014c99780c9058e0ffbc3e70e0f4708229d2c
9b5ba0ac082c7910532fe65926d5fbb4b904a886a2a3b8038a23bcabef492a27
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
9ff1509605edb93b5b09373cc654addcf9afe913bc0ca69082e5683348e2ba75
a2ec368348c95d908acf4edbd3e5f0c587ec8a7c2490e6df102c2ef817a6ebda
a55752f35e23b89a1d7f6f2aea1c8ccf2d8728931cefc6443a6d4006ebc82894
a9d21f058ea3e889e215f74ca279992954905eb833349ccaac411e92868f5361
b69e0d9679b200eba867f997f2b4b169a4e61ab1c279367ac6c0fafeba2658f2
b6fa817ec4be2648355af89c3dd061d455ffe0d9def8f9f476a3422b5c3e051d
ba1e0d45b84e142ad1b3a1e58d8dc191fe20c6bcece5bfa933066ec75a89e4a3
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc8209b02b00c89dc04741e3f3d88b42e942b5f5125cd46e34555125c3bb1e22
bcd2f7ca784a357955ece72de7b45d91901cef84ab86a34df147075d31fa8a1e
bfd6fd1a483b3e9cfa686a46c885264f208ccc7c5a65e1a3b189a39829da8242
c8289a870d238aa042bdfd09364fe6dea524bcd1ea485341878d8c75a32ab444
cb63844df7f3a2a8ba754c021bb5e9b240fbd629503e6266e1adf20c584154dd
cbc59f7fe2b47ef4ff44a4e391fab8d253906cccc4b41b9db3e271ced191d195
d18266c616ff5f6d3e741d8febd26b9a60bef42cdcf48cc8a023801ada6d861e
d42e3c428f1422c65d407da359b81c3cebf11753c0904af02e73c1afbe92d16e
d46b32681aa4ac92b9789bf6b28146329808987a47c2ad10d251f3046c52707c
d4fd03d7a89fea515091f7fa07bbea444e758b0ab86581312fe019d142e94758
e2af3ec263aaf18da93b0997f28fd4975565bd43cbcd73ffcc894ba93394631f
e6244823c57a9001132f6cc89e3dd22de3b4669c360ed52e5e6b23b42d09ca7c
ec4e06e58a053a4952a165f580bf73bb4df7c54b61b8dbc369ae64d7ebe122e6
ef5c24b66294a94d32811bcd75750c92f21ea7b618161d99ee6cf4a0041e2195
f015747353783a0def6770bf8f2a0a3dc50e6bdd120ea847ac1d7ce6f45f3583