huntr.dev Open in urlscan Pro
2600:9000:223d:fc00:14:bb32:5f00:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Submission: On January 12 via api (January 12th 2022, 1:32:58 pm UTC) from US — Scanned from DE

Summary HTTP 80 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 11 domains to perform 80 HTTP transactions. The main IP is 2600:9000:223d:fc00:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon on February 25th 2021. Valid for: a year.

This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 35	2600:9000:223... 2600:9000:223d:fc00:14:bb32:5f00:93a1	16509 (AMAZON-02) (AMAZON-02)
8	18.66.110.125 18.66.110.125	16509 (AMAZON-02) (AMAZON-02)
2 11	18.205.222.128 18.205.222.128	14618 (AMAZON-AES) (AMAZON-AES)
2	52.87.13.132 52.87.13.132	14618 (AMAZON-AES) (AMAZON-AES)
10	52.222.236.16 52.222.236.16	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:231... 2600:9000:2315:2400:7:dce7:b680:21	16509 (AMAZON-02) (AMAZON-02)
2	52.217.201.225 52.217.201.225	16509 (AMAZON-02) (AMAZON-02)
3	2606:50c0:800... 2606:50c0:8002::154	54113 (FASTLY) (FASTLY)
1	18.66.97.53 18.66.97.53	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42::729 2a04:4e42::729	54113 (FASTLY) (FASTLY)
1	52.39.143.152 52.39.143.152	16509 (AMAZON-02) (AMAZON-02)
1	52.222.236.122 52.222.236.122	16509 (AMAZON-02) (AMAZON-02)
1	18.66.139.28 18.66.139.28	16509 (AMAZON-02) (AMAZON-02)
1	99.81.36.187 99.81.36.187	16509 (AMAZON-02) (AMAZON-02)
1	18.66.112.19 18.66.112.19	16509 (AMAZON-02) (AMAZON-02)
80	16

35 2600:9000:223d:fc00:14:bb32:5f00:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

huntr.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.66.110.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-110-125.fra56.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 18.205.222.128 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-222-128.compute-1.amazonaws.com

app.chatwoot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.87.13.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-13-132.compute-1.amazonaws.com

app.posthog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.222.236.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-16.fra56.r.cloudfront.net

mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2315:2400:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)

d3tq67kexc2w2i.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.217.201.225 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

prod-chatwoot-assets.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:50c0:8002::154 (United States)

ASN54113 (FASTLY, US)

avatars.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-53.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)

browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.39.143.152 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-39-143-152.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-122.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.139.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-28.fra60.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.81.36.187 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-36-187.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-19.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	huntr.dev 1 redirects huntr.dev	1 MB
12	amazonaws.com mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com prod-chatwoot-assets.s3.amazonaws.com	147 KB
11	chatwoot.com 2 redirects app.chatwoot.com — Cisco Umbrella Rank: 567321	33 KB
8	segment.com cdn.segment.com — Cisco Umbrella Rank: 1486	82 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 573 script.hotjar.com — Cisco Umbrella Rank: 719 vars.hotjar.com — Cisco Umbrella Rank: 857 in.hotjar.com — Cisco Umbrella Rank: 1592	66 KB
4	cloudfront.net d3tq67kexc2w2i.cloudfront.net	261 KB
3	githubusercontent.com avatars.githubusercontent.com — Cisco Umbrella Rank: 7766	30 KB
2	sentry-cdn.com browser.sentry-cdn.com — Cisco Umbrella Rank: 4330	19 KB
2	posthog.com app.posthog.com — Cisco Umbrella Rank: 85202	776 B
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 2046	256 B
1	segment.io api.segment.io — Cisco Umbrella Rank: 991	138 B
80	11

	Domain	Requested by
35	huntr.dev	1 redirects huntr.dev
11	app.chatwoot.com	2 redirects huntr.dev app.chatwoot.com d3tq67kexc2w2i.cloudfront.net
10	mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com	huntr.dev
8	cdn.segment.com	huntr.dev cdn.segment.com
4	d3tq67kexc2w2i.cloudfront.net	app.chatwoot.com d3tq67kexc2w2i.cloudfront.net
3	avatars.githubusercontent.com	huntr.dev
2	browser.sentry-cdn.com	cdn.segment.com
2	prod-chatwoot-assets.s3.amazonaws.com
2	app.posthog.com	huntr.dev browser.sentry-cdn.com
1	vc.hotjar.io	browser.sentry-cdn.com
1	in.hotjar.com	browser.sentry-cdn.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	api.segment.io	cdn.segment.com
1	static.hotjar.com	cdn.segment.com
80	15

This site contains links to these domains. Also see Links.

Domain
www.github.com
github.com
nvd.nist.gov
cwe.mitre.org
twitter.com
www.youtube.com
linkedin.com
instagram.com
418sec.com
www.418sec.com

Subject Issuer	Validity	Valid
*.huntr.dev Amazon	`2021-02-25` - `2022-03-26`	a year	crt.sh
*.segment.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-19` - `2022-08-09`	a year	crt.sh
app.chatwoot.com R3	`2021-11-19` - `2022-02-17`	3 months	crt.sh
app.posthog.com Amazon	`2021-11-04` - `2022-12-02`	a year	crt.sh
*.appsync-api.eu-west-1.amazonaws.com Amazon	`2022-01-06` - `2023-02-04`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-11-26` - `2022-12-28`	a year	crt.sh
*.hotjar.io Amazon	`2021-08-17` - `2022-09-15`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Frame ID: A45B57AA0C23C13EABBD71CB8983539D
Requests: 61 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: 53A0CD41B3A8364D8BBA292E7D234548
Requests: 14 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html
Frame ID: C12D537E3B9E60688BFF5DF51EFE3968
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Improper Access Control vulnerability found in snipe-it

Page URL History Show full URLs

https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7 HTTP 301
https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/ Page URL

Detected technologies

Sentry (Issue Trackers) Expand

Overall confidence: 100%
Detected patterns

browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

Page Statistics

80
Requests

98 %
HTTPS

27 %
IPv6

11
Domains

15
Subdomains

16
IPs

2
Countries

1824 kB
Transfer

5314 kB
Size

10
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.github.com/snipe/snipe-it
Title: snipe/snipe-it

Search URL Search Domain Scan URL

URL: https://github.com/snipe/snipe-it
Title: snipe/snipe-it

Search URL Search Domain Scan URL

URL: https://github.com/snipe/snipe-it/compare/HEAD...haxatron:fix-access-control
Title: patch

Search URL Search Domain Scan URL

URL: https://github.com/Haxatron/snipe-it/commit/bb095641c2f421f744796d184287c46fc9303591
Title: https://github.com/Haxatron/snipe-it/commit/bb095641c2f421f744796d184287c46fc9303591

Search URL Search Domain Scan URL

URL: https://www.github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e
Title: cf14a0

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0179
Title: CVE-2022-0179

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/284.html
Title: CWE-284

Search URL Search Domain Scan URL

URL: https://github.com/haxatron

Search URL Search Domain Scan URL

URL: https://twitter.com/Haxatron1

Search URL Search Domain Scan URL

URL: https://github.com/418sec/huntr

Search URL Search Domain Scan URL

URL: https://twitter.com/huntrdev

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC33YyLk3vdtnPqLeOuEZc2w

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/huntrdev

Search URL Search Domain Scan URL

URL: https://instagram.com/huntr.dev

Search URL Search Domain Scan URL

URL: https://418sec.com/
Title: company

Search URL Search Domain Scan URL

URL: https://www.418sec.com/#about
Title: about

Search URL Search Domain Scan URL

URL: https://www.418sec.com/#team
Title: team

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7 HTTP 301
https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJYW5CbkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--d5bd8600745fd77201f6159b61f8b9f6f6f54b0a/huntr_logo.jpg HTTP 302
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133254Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=12fce6a4cdb956413cb3cd1ca7bfa01e79e8d144316ee87d444e4dab60597b5a

Request Chain 78

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBclZUIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--31ae538bf9d04000e44a5bbe8feed382c0892b6f/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2QzNKbGMybDZaVWtpRERJMU1IZ3lOVEFHT3daVSIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--0ebc19c01420fe8a8c6a202fcf9e63947dea59fd/profile.png HTTP 302
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133254Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e0312fea44bf9310b49e091968c1cbf8b0a34a73681b15f3063c2a098e50741b

80 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request / Show response
huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Redirect Chain

https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7
https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

5 KB
2 KB

85ms
85ms

Document
text/html

2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6190ebed8568901a2628a503e0bd1e72c10e6a5cc207193038f4a8c13fac9485

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html
date: Wed, 12 Jan 2022 13:32:52 GMT
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: 6YyROJaRAM9nsTEert44clid9sGMMmRlZyVq6fzIPeCmYwfF8IiziA==

Redirect headers

content-type: application/xml
content-length: 0
date: Wed, 12 Jan 2022 13:32:52 GMT
server: AmazonS3
location: /bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
x-cache: Miss from cloudfront
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: S4LylShAQ1ZS1dToPTYWqikNXm_TnRDs--UKvq8HfxK2DVu2v0LYMg==

GET
H2 200 f09ddd7.js Show response
huntr.dev/_nuxt/ 3 KB
3 KB 78ms
77ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/f09ddd7.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3ef0abb4845e08bf9ee05a34d8457724a637662a9030904aab5214c0e24a27a4

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"1637828b6467e9eba7ccaf747060225a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: qNlsSPJ7N-oV9Zi3WcEr87tUm2fJk-WMC39KlpG-RUAYL_IeMut_6A==

GET
H2 200 31a45b0.js Show response
huntr.dev/_nuxt/ 299 KB
104 KB 85ms
85ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/31a45b0.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d3dcec4f248e2811281de6c0e8755ae7e03a72c54dc9b4d1e1ca7ce6ba3de30c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"753b0b0c61eb75e0594361a492eb0f96"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: vTA6vXaW1aoD9xx89cyVoH6Hm9BVHW21iiCZVdrvvFBLlKCKiUHRCg==

GET
H2 200 fbe198b.js Show response
huntr.dev/_nuxt/ 1 MB
309 KB 115ms
115ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/fbe198b.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b91bb18b545e5ae1b449eb4861af099fba89ce33c280f9b95f692d2367ea66ca

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"38a252c1a4726c2910305a7100db45ae"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: tDGOkQ-iViQ8WtZ1WzJSWWbgbW27GaF2SNXr-WFNfHjEqeYV2o9gSA==

GET
H2 200 d6b8649.js Show response
huntr.dev/_nuxt/ 74 KB
14 KB 77ms
77ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/d6b8649.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

78bb08ba17e489b63c7ceac9b4e8f4ac40450b9b64b40016626cb4d554297f69

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"a940690290b4af643ee4d8848fae79c5"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: L0TBdQpc-ov2aHYrbJiKc4CrFDl9VbXNk9ZDPyzZUcdax42S2R1xKQ==

GET
H2 200 5e1f917.js Show response
huntr.dev/_nuxt/ 14 KB
6 KB 97ms
96ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/5e1f917.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

52bfe2c491b876e967ad8d9a46e5c43e4b342c204e865e049f3b74daaed7af84

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"4f650a111ec29530e868ed62dda88f76"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: y_DzWGt5_aDKSJEfXp9JmScAm2zyURMMHxJFd-PNQgqSdm50opUjxQ==

GET
H2 200 bf1611b.js Show response
huntr.dev/_nuxt/ 66 KB
19 KB 81ms
80ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/bf1611b.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6807e1d77edfeb9a4bb6d32f2bd8bea0e411aa158df9c3dc13a0be01dfca8f6b

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"3b49b6665c0823f885ce24348563538a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: tK7qw12OM6y5v62O7LiZbJ-dvP_VTpzqlAU0dfelWBBHP_pvCnM5cA==

GET
H2 200 6c6d905.js Show response
huntr.dev/_nuxt/ 863 KB
273 KB 134ms
133ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/6c6d905.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7561fb9f36929fc5ee536239058b9ecff2d8075c5953dc2f81571a4d0fb0bbec

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"3a735ec63de389352387485e74332657"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: y34wMm3cYyrTl3TwFCITKZfwxfe3xQpVsyqSDpUr1caZxmMXQBbAmA==

GET
H2 200 7599c55.js Show response
huntr.dev/_nuxt/ 68 KB
15 KB 94ms
93ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/7599c55.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

506aa0ea770d002656c5a0884b149d33efd23951ca16bdbe7e3d76e8d0531a4c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"60f2fd04c9bea401a4ef96568780c81a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: pdyTGu6nNkt0-wpP5x0l1ScvhteTTjrHOvCs3-_bbAFaxmdG6HsC1Q==

GET
H2 200 6377196.js Show response
huntr.dev/_nuxt/ 183 KB
42 KB 74ms
73ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/6377196.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

10f593138390e0dca1a2bb1fd8b75b95e21e85363ed6e8941ac7ca9b73eaa58a

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"c44183da06fe8cb0d29fbdcbddb7aa6b"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: _mhhwTiIg6SCf9vll84pOrJRK2j650PsITjduFLgoFEGC3QrtU-l-g==

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 89 KB
24 KB 660ms
629ms Script
text/javascript 18.66.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-125.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae3711b69005cf8726b54df4b235f63d7ff9fb121ee2f3300b3b390215d09cb6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: QmhhTelhGE5paszzoYpPSspve3d4V_3d
content-encoding: br
etag: W/"23c66d249d6007e9395c095924914eb0"
x-amz-cf-pop: FRA56-P5
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Fri, 19 Nov 2021 21:20:02 GMT
server: AmazonS3
date: Wed, 12 Jan 2022 13:32:54 GMT
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
cache-control: public, max-age=120
x-amz-cf-id: WnxasCyFJE8ZNlpQj2rcvKVu--J_BwC-lopQG7xXyJ0jtSH3ozM5mw==

GET
H/1.1 200
OK sdk.js Show response
app.chatwoot.com/packs/js/ 51 KB
16 KB 352ms
107ms Script
application/javascript 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/packs/js/sdk.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/d6b8649.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

5c1941d5f7e989c15891c78441408048088fcd0ce5330b958187504340e0d528

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:32:53 GMT
Content-Encoding: br
Last-Modified: Wed, 12 Jan 2022 06:48:38 GMT
Server: Cowboy
Vary: Accept-Encoding, Origin
Connection: keep-alive
Content-Type: application/javascript
Via: 1.1 vegur
Cache-Control: public, max-age=31556952
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 16254

POST
H2 200 / Show response
app.posthog.com/decide/ 193 B
479 B 362ms
119ms XHR
application/json 52.87.13.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.posthog.com/decide/?v=2&ip=1&_=1641994373434

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.87.13.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-87-13-132.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 12 Jan 2022 13:32:53 GMT
referrer-policy: same-origin
server: gunicorn
x-frame-options: DENY
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://huntr.dev
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
content-length: 193
x-content-type-options: nosniff

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 4 KB
5 KB 357ms
357ms XHR
application/json 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash: b31f151521a901006a71ba693ec632c0dbbc29e54e1d1fbebeae08b9cf19c76f

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amzn-requestid: 21d54c4c-02f7-4319-a4c5-8a39a747947d
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 4241
x-amz-cf-id: T6Gi66IO42xgOYJX0ELfz9iTLiHStRUlRgg9JxyViCdXRO-5W3qDCA==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 177ms
138ms Preflight 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:32:53 GMT
x-amzn-requestid: 49265f50-e99b-4bb6-adf6-b8a8bf08f169
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: py0hyXz7Co2oj-BPcCZtB6IKB19NyO2goFRAUBKqQZ5ziDH5V4uYCg==

GET
H2 200 Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 240 KB
111 KB 77ms
76ms Font
font/ttf 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"ee6539921d713482b8ccd4d0d23961bb"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/ttf
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: OVZntqemM2HjoReLdUC1xzo04bY2QIqZCOKBfo8gVtmsD_s6upFFbQ==

GET
H2 200 Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 237 KB
110 KB 84ms
84ms Font
font/ttf 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"c8b6e083af3f94009801989c3739425e"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/ttf
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: R63YxLHNZtgTxZbnPoeBz5kp7VeKZb11mOt1HEsrcq2p4gCRrKMR-Q==

GET
H2 200 22e71a7.js Show response
huntr.dev/_nuxt/ 37 KB
9 KB 102ms
102ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/22e71a7.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

43caf074caf0b74abf298083d24582bcc6222300c4758a34923b25664d964896

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"299e600939836addc690948bdc899d44"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 3U4ye2dzYrSNR6tbWzmWpnaHn3kbp6pH2CmHwr6J2bCQ52PKSH7rSg==

GET
H2 200 manifest.js Show response
huntr.dev/_nuxt/static/1641578563/ 89 KB
29 KB 82ms
82ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/manifest.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

581328a6d6e6e92f7eccc5237174bd8ed73c929960bd4c838de73afea046e87a

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"ace4503cfb70368daf6b9d3d9634e5e4"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: TejHJHxI_75RGBZn2vgvHaG741InFFxxWNUEj35y1Qea_DC8-qsjRQ==

GET
H2 200 65a6cfc.js Show response
huntr.dev/_nuxt/ 49 KB
13 KB 114ms
113ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/65a6cfc.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

211b5a9c89ca2bdb19447e2159875ba8be570b4e42d1962beca5bfad01b93b41

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"fac665e2ab8da270fc3fe50dc9636e0a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: ChPpqm8VqT15rMu9hmnqmkmDVZmXw1kJM1tQ8apmuNg101yBSa8oiQ==

GET
H2 200 ab902e6.js Show response
huntr.dev/_nuxt/ 183 KB
48 KB 115ms
115ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/ab902e6.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8993e0383e40e5bd3b61be2e4e7acbf8e8325863491928a06a1a0c25cfa7fdaa

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"60b2eb6b70bbfcac0f3eb9dd9fcf96c7"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: gR7Jy4el3FtRUZ4fIHnPb4GydP0PeDQm6zkCqBhoTiuHUcQ81br3jg==

GET
H2 200 a7f1227.js Show response
huntr.dev/_nuxt/ 47 KB
15 KB 95ms
95ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/a7f1227.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b9917ccf39f0ee3919543b9e3e00f636f66b3a22c67f30887708e2c6b5bfd439

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"635f2284a670fff39f4472ced5544fce"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: Hjvxcly7toPYYLaob-1BR2m9c9jn1UbcCf5p4HQ8EbmarMf8GHCayw==

GET
H2 200 5ae2eef.js Show response
huntr.dev/_nuxt/ 6 KB
3 KB 97ms
97ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/5ae2eef.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6da167fbba631ae8858acb2511800949ad269156bb7a7af0e9b5455d887d7e8c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"4fe46ce58718ca2d678c49b9dc35d4ff"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: wFyAnMu8U4xkPqZ7K4KCuNG6fJ5sA17R1J9c3gRq8_T6CNtwYieX4g==

GET
H2 200 7b78e9f.js Show response
huntr.dev/_nuxt/ 4 KB
3 KB 103ms
103ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/7b78e9f.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f120052d211097e6bedc7819573661081c96151aeef903e657927c66260937c1

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"2f965042178b317436d8035317592b30"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 1uE9eGI4arbNN_CZI6m6UNWXDadvu7G39q4qiEblgoWzaKchtGgVww==

GET
H2 200 1c3acf0.js Show response
huntr.dev/_nuxt/ 23 KB
7 KB 80ms
80ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/1c3acf0.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6ec4210b7a41340415fcad48cdcd9fabf3497b1512d43c297077806fe9aed7c7

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"7ed623eb3afcc7f474b753b9e33a1005"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: iqO854-8B3ZrZPv-j-WzcOovzbxa0RY9XqdBufduiJW8fevuF9vawQ==

GET
H2 200 ba2849c.js Show response
huntr.dev/_nuxt/ 1 KB
2 KB 99ms
99ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/ba2849c.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4e0a3da788c1c015983887d374c806e0e22e00c1a05478ff48d4ddd00bc22830

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"be10b6951d5a8ed2d6dc34a728e8a821"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 892UTa1x7wIDgdASuKM4Z86K4Y6negWXuY8rF3Dxo3Neqc3xRVfojg==

GET
H2 200 ee0fe59.js Show response
huntr.dev/_nuxt/ 1 KB
2 KB 95ms
95ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/ee0fe59.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0069019b0f2cbc057ad4f69c01c9f510a46e86d4160f4093709f4da5999e8f76

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:39 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"951d2cbf6ecf7eef122de0b28315fb78"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 4ChKxFZGzng-EhWjbg98-Anw1DvMJ9yUKzEvMzfaEbUfPEQme_u1Zw==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/ 1 KB
1 KB 84ms
83ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"126dd630135f2a51a22e58e9f9dbb73b"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: zvLgLPfEnMD_krbd0y3DMX8fmO2yJTtOxd5Ksm9n-xrdgAeeys3UYA==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/ 70 B
1 KB 84ms
84ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "ed9a10c88c5ac705aee93e7d26c4fc32"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: 4Qf2Nvw1s79o9347cViRFfINr6d1chF4hBkWRVnnaR7jaYet_FAybQ==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/disclose/ 79 B
1 KB 87ms
87ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/disclose/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 79
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "11e86df8ac1d9c85f55c418a4fbf5255"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: oT4mS9lYrLCuD4yLU_6v1JXRNcOq1Crm4q4tbT8Cvq9m6XwHnYsDMA==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/faq/ 15 KB
5 KB 122ms
121ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/faq/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d41e5b545a338f280a64fb8f04cd5c3c4f5f006149559c7aaec1d6c3899f97a4

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"85273804bdff17f9fe54c2dbf2f1c2cd"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: D8sykiHCA0FRNOKTyVIvD3S3f6eVTmTR6FwKa0Iukbj7YZvTkJsXbQ==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/contact-us/ 72 B
1 KB 71ms
71ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/contact-us/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 72
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "366dc6ea76591bc89566ac85b90aec65"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: dvyTCiGPXZC41sWk2TgBuxMAFjfk2vhmGrDAWSiDI4QuAuJjh-v5Zg==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/terms/ 23 KB
7 KB 76ms
75ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/terms/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

833e44e0f40eada5a7ca9770aea05768e576ee5ca6ce20ec636fa51bde65b03c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"8f45459c6a4fb30926c84cab9308c2d2"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: iDC49zCUqYfaFiqQnCvOgyiNZ5fRIT2wfTrQWkClq1FW0-7SDELG2A==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/privacy/ 35 KB
10 KB 78ms
78ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/privacy/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7aabb3c3be9e964e33990c63a17c294a2dfd348422dda57ea50feb8355a34414

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"fab7e71c2829b15ec4b9dca695eb4763"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: 9LHNPA1JC3_x1q96KhxOVG7YCg1NhMRPM3FQL-g53pLxsr1jnfj-rA==

GET
H/1.1 200
OK widget Show response
app.chatwoot.com/ Frame 53A0 5 KB
7 KB 147ms
147ms Document
text/html 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

f60a6431b470b5f1c557904aa1087293dfb28647b4efbc202fdbdfb784c9cdf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/

Response headers

Server: Cowboy
Date: Wed, 12 Jan 2022 13:32:53 GMT
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Etag: W/"f60a6431b470b5f1c557904aa1087293"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: a5faed79-015c-4fac-9c77-ef1d61eb8e86
X-Runtime: 0.043589
Strict-Transport-Security: max-age=63072000; includeSubDomains
Transfer-Encoding: chunked
Via: 1.1 vegur

GET
H2 200 widget-962da5bb0691e5c58b54.js Show response
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 53A0 646 KB
182 KB 52ms
12ms Script
application/javascript 2600:9000:2315:2400:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Requested by

Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:2400:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

c7bb7011639a2c9a6ebb7ac5d5c77e24e51babbffc2cfa2b3a1bf17cd37b6bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 06:52:04 GMT
content-encoding: gzip
last-modified: Wed, 12 Jan 2022 06:48:38 GMT
server: Cowboy
age: 24050
vary: Accept-Encoding,Origin
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
via: 1.1 vegur, 1.1 c9ca35e5541827c5873bfdb59f015b20.cloudfront.net (CloudFront)
cache-control: public, max-age=31556952
x-cache: Hit from cloudfront
x-amz-cf-pop: DUS51-P2
content-length: 186244
x-amz-cf-id: g0l1yqcfuwv9u8xSc1pGC1KDBkG99diMamr6MeDL869hs56zOq43MA==

GET
H2 200 widget-d3adafff.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 53A0 36 KB
9 KB 50ms
10ms Stylesheet
text/css 2600:9000:2315:2400:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css

Requested by

Host: app.chatwoot.com
URL: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:2400:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

24c5c51ddb40e7b5a0b3f5aef0c2c344600214ad11de22c6d3d770b1400d8443

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 06:52:03 GMT
content-encoding: gzip
last-modified: Wed, 12 Jan 2022 06:48:38 GMT
server: Cowboy
age: 24050
vary: Accept-Encoding,Origin
strict-transport-security: max-age=63072000; includeSubDomains
content-type: text/css
via: 1.1 vegur, 1.1 c9ca35e5541827c5873bfdb59f015b20.cloudfront.net (CloudFront)
cache-control: public, max-age=31556952
x-cache: Hit from cloudfront
x-amz-cf-pop: DUS51-P2
content-length: 8455
x-amz-cf-id: 4M0Q5JNkkobYXvg1Jmn_fE9JPWUFdtYPerM-m8X-7kiKPfr55Fm_sg==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 138ms
138ms Preflight 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:32:54 GMT
x-amzn-requestid: 5b431eaa-a0dc-470b-b338-d38ce1481714
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: m0TA4pzM_stwJxgaHx6VYso4PAFd0l21snQ2rGSo9h8PPuwu--kHUg==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 30ms
29ms Preflight 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:32:54 GMT
x-amzn-requestid: ba7a41bf-0863-471b-a3b6-ddd963428a75
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: r-SRhcIEK8x3PeNuGuTn7TIALkyyhrPzaWvsNIHiMfvNjjdg9zTf3g==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 8 KB
9 KB 284ms
282ms XHR
application/json 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash: caa5f72527e871922763c493af6384144451a172db5db4566235196b07ce3e3a

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amzn-requestid: 96192dd1-af19-4697-b401-e9a97ccfb82f
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 8611
x-amz-cf-id: FVU7ieSzOHjY-bOIW5X1MOaixiHQuH3n8poXYHZV8e_hSnTanyrrGg==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 482 B
879 B 91ms
91ms XHR
application/json 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash: a5de64ce9eac87ca74a4dd88c3fe95a78f0514029e18b1ddc6542fbe1f99ffc0

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amzn-requestid: ad3c9969-4120-4522-989b-23b998a605e5
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 482
x-amz-cf-id: RCRA7u78HWeSrwIj3Y_5CESmTF8BvI98a1aRlZ1ZpagiOw92uePL3A==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 2 KB
3 KB 115ms
114ms XHR
application/json 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash: 87ba708d52459c2314d130b5f4ef8ce0c9060dd3180135ef8bf750852b72c954

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amzn-requestid: ec185a5d-a8ec-4ad5-b3c5-3eabe5cf6523
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 2374
x-amz-cf-id: SheElmZgERX8Gr5Wnyz1CGe2hGE_7GM9pCsn9HbcPmFbjXBy068jMQ==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 139ms
139ms Preflight 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:32:54 GMT
x-amzn-requestid: fd270714-8de6-44e6-97e3-f7e0ff6e6cb2
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: 0k0PMuKm6cTsHlj4Vsb10-4hYRKuS0gWHqGn1YaA0E1zv2YfFQNR-Q==

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 2 KB
1 KB 35ms
19ms XHR
application/json 18.66.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-125.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 04e927aedd7e61c330b08636fb4a8ed48f53a74b6f804838d58d40f4a1631f4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: fMRaECo1ddvhaCCpmS9MNNcM4pHj6SCw
content-encoding: gzip
etag: W/"441c711770a14e48ac8c7bf30078ca2b"
age: 6703
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Thu, 09 Dec 2021 15:32:10 GMT
server: AmazonS3
date: Wed, 12 Jan 2022 12:15:19 GMT
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: public, max-age=10800
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: ir7O1CEeCadtb_UsoUcmzuKcUBp7rmqmmwY2_QQsIGgo5h9e_sgfzw==

GET
H2 200 130.bundle.55742ac9337d9e12bdd6.js Show response
cdn.segment.com/analytics-next/bundles/ 10 KB
4 KB 14ms
14ms Script
application/javascript 18.66.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/130.bundle.55742ac9337d9e12bdd6.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-125.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 98cfbc4941d976520dde0a548b87b499e1c0454f9bc38aeb581b9e13b1e219a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 15:32:35 GMT
content-encoding: br
vary: Accept-Encoding
age: 4053620
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Thu, 25 Nov 2021 23:09:33 GMT
server: AmazonS3
etag: W/"c32e07e36ae390e42c9cea85fcb9bb33"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: 7wIf9T6uzKT9TQ8NphPW2FKHVOtBcj40
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: wYdT9glpMeZndtKrT-pr9DjtuulFm3WK6j2Lo8_Sgvd49Z-QTP13vQ==

GET
H2 200 ajs-destination.bundle.36b90a11867ae217be52.js Show response
cdn.segment.com/analytics-next/bundles/ 10 KB
3 KB 14ms
14ms Script
application/javascript 18.66.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.36b90a11867ae217be52.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-125.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4397a57f8357b3b0371c6df32a62b87eaa43218c42fa538fb34980bfb0b20a78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 02 Nov 2021 11:40:37 GMT
content-encoding: br
vary: Accept-Encoding
age: 6141138
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Fri, 29 Oct 2021 23:16:36 GMT
server: AmazonS3
etag: W/"605f393e8c3fbadf09528d469743232e"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: FjBsbHA.8FN2h5.3COmnYMKZvuK7a99Y
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: eq5IyDDzPgNcColy-nBtJi8_43-0cvMttwdHqHXjWm7IKSENBypgfw==

GET
H/1.1 200
OK conversations Show response
app.chatwoot.com/api/v1/widget/ Frame 53A0 2 B
646 B 117ms
117ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJmMzE3ZDMwMS1jOWM0LTQzOTMtOGFjMS1hODkzNDRiYzliNmYiLCJpbmJveF9pZCI6MTQxMn0.vR-7CEtJzwYMg3ONEELy5puypudffVVXZLOo5UJx8jE
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:32:53 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 66b4c446-59f9-432b-b27e-65fa33e85235
X-Runtime: 0.015557
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK ding.mp3 Show response
app.chatwoot.com/dashboard/audios/ Frame 53A0 3 KB
3 KB 218ms
101ms XHR
audio/mpeg 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/dashboard/audios/ding.mp3

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

42b9d70c9c51cfdff6ed60e874771049df657c93a0361220174582f07dceba53

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:32:53 GMT
Via: 1.1 vegur
Last-Modified: Wed, 12 Jan 2022 03:28:49 GMT
Server: Cowboy
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: audio/mpeg
Cache-Control: public, max-age=31556952
Connection: keep-alive
Content-Length: 2667

GET
H/1.1

200
OK

367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7
prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/ Frame 53A0
Redirect Chain

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbnBZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--b2477068e2d23c1e65bb089329b13a6d04b00366/eyJ...
https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filenam...

37 KB
38 KB

450ms
131ms

Image
image/jpeg

52.217.201.225
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133254Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=12fce6a4cdb956413cb3cd1ca7bfa01e79e8d144316ee87d444e4dab60597b5a
Protocol: HTTP/1.1
Server: 52.217.201.225 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Wed, 12 Jan 2022 13:32:56 GMT
Last-Modified: Thu, 05 Aug 2021 20:31:19 GMT
Server: AmazonS3
x-amz-request-id: T7DQ428P24KDVQ70
ETag: "ab29439c87f225b2b0b1025797f85380"
Content-Type: image/jpeg
Content-Disposition: inline; filename="huntr_logo.jpg"; filename*=UTF-8''huntr_logo.jpg
Accept-Ranges: bytes
Content-Length: 38205
x-amz-id-2: 8YdUirkmMetBn3y5CBuCWp3QeDYJ8+gKxXY9zBq2dLuKPa4VF30HPZdp/rrRuZ9ynOy4erqzW3o=

Redirect headers

Date: Wed, 12 Jan 2022 13:32:54 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 5941ef54-6f07-498a-96f9-6919693f6195
X-Runtime: 0.019303
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: text/html; charset=utf-8
Location: https://prod-chatwoot-assets.s3.amazonaws.com/variants/hn6ue7c7jw75y72krs1egpvhqzaq/367e750d10653fdd431885ff50e24bb4068c7b28e5cdfbe8dddcba535c6a24d7?response-content-disposition=inline%3B%20filename%3D%22huntr_logo.jpg%22%3B%20filename%2A%3DUTF-8%27%27huntr_logo.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133254Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=12fce6a4cdb956413cb3cd1ca7bfa01e79e8d144316ee87d444e4dab60597b5a
Cache-Control: max-age=300, private

GET
H/1.1 200
OK logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame 53A0 916 B
1 KB 374ms
101ms Image
image/svg+xml 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.chatwoot.com/brand-assets/logo_thumbnail.svg

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:32:53 GMT
Via: 1.1 vegur
Last-Modified: Wed, 12 Jan 2022 03:28:49 GMT
Server: Cowboy
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: public, max-age=31556952
Connection: keep-alive
Content-Length: 916

GET
H2 200 Inter-Regular-b35f79d43d03b9a20047efe416c35d08.woff2
d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/ Frame 53A0 34 KB
35 KB 33ms
11ms Font
application/font-woff2 2600:9000:2315:2400:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/Inter-Regular-b35f79d43d03b9a20047efe416c35d08.woff2

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:2400:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

9ff1509605edb93b5b09373cc654addcf9afe913bc0ca69082e5683348e2ba75

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css
Origin: https://app.chatwoot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 05:13:13 GMT
via: 1.1 vegur, 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
vary: Origin
age: 7978781
x-cache: Hit from cloudfront
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 34832
last-modified: Fri, 08 Oct 2021 10:31:57 GMT
server: Cowboy
access-control-max-age: 7200
access-control-allow-methods: GET, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=31556952
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: tXSl42tx0NsatVnhCReMfs7pwxT_3rcTLK2DX9EqUXUV8UuQI69QWA==

GET
H2 200 Inter-Medium-aec38a6b266a908bc320e30f261771d1.woff2
d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/ Frame 53A0 34 KB
35 KB 46ms
24ms Font
application/font-woff2 2600:9000:2315:2400:7:dce7:b680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tq67kexc2w2i.cloudfront.net/packs/media/shared/assets/fonts/Inter-Medium-aec38a6b266a908bc320e30f261771d1.woff2

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:2400:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cowboy /

Resource Hash

9177550934c7d4516a148a4d0bc2cd709da01789a4d6d2862c6d17b083a7d8cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-d3adafff.css
Origin: https://app.chatwoot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 23:23:35 GMT
via: 1.1 vegur, 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
vary: Origin
age: 7654158
x-cache: Hit from cloudfront
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 35264
last-modified: Fri, 15 Oct 2021 19:23:44 GMT
server: Cowboy
access-control-max-age: 7200
access-control-allow-methods: GET, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=31556952
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: 5AkvYmwUwqVaUwh864yuvXqiOSPCqVIzL0MSubXLPK4wsWed5xbVRg==

GET
DATA 200
OK truncated
/ 424 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK messages Show response
app.chatwoot.com/api/v1/widget/ Frame 53A0 2 B
646 B 264ms
129ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJmMzE3ZDMwMS1jOWM0LTQzOTMtOGFjMS1hODkzNDRiYzliNmYiLCJpbmJveF9pZCI6MTQxMn0.vR-7CEtJzwYMg3ONEELy5puypudffVVXZLOo5UJx8jE
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:32:53 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 5b2ea0cf-84e0-4ea4-8903-fc953e770bfc
X-Runtime: 0.024702
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK inbox_members Show response
app.chatwoot.com/api/v1/widget/ Frame 53A0 959 B
2 KB 280ms
146ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJmMzE3ZDMwMS1jOWM0LTQzOTMtOGFjMS1hODkzNDRiYzliNmYiLCJpbmJveF9pZCI6MTQxMn0.vR-7CEtJzwYMg3ONEELy5puypudffVVXZLOo5UJx8jE
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:32:54 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 71965d8f-820b-4fa3-af1a-2ef6a842c01c
X-Runtime: 0.043361
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"76f1b39cfb3063a87ebc0b127fdedbf2"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK contact Show response
app.chatwoot.com/api/v1/widget/ Frame 53A0 56 B
701 B 263ms
129ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

688c663183df7b4bbed5e57fe7328f81225d18b1eebcad7f099d3bc984a04e35

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJmMzE3ZDMwMS1jOWM0LTQzOTMtOGFjMS1hODkzNDRiYzliNmYiLCJpbmJveF9pZCI6MTQxMn0.vR-7CEtJzwYMg3ONEELy5puypudffVVXZLOo5UJx8jE
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:32:54 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 957fc9f3-7784-4941-96fa-e2ce60054174
X-Runtime: 0.021965
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"688c663183df7b4bbed5e57fe7328f81"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK campaigns Show response
app.chatwoot.com/api/v1/widget/ Frame 53A0 2 B
646 B 267ms
123ms XHR
application/json 18.205.222.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X

Requested by

Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-222-128.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJmMzE3ZDMwMS1jOWM0LTQzOTMtOGFjMS1hODkzNDRiYzliNmYiLCJpbmJveF9pZCI6MTQxMn0.vR-7CEtJzwYMg3ONEELy5puypudffVVXZLOo5UJx8jE
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 13:32:54 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 629b26df-73f1-450e-ba6d-e442b945d865
X-Runtime: 0.020848
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: application/json; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate

GET
H2 200 hotjar.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/ 3 KB
2 KB 8ms
8ms Script
application/javascript 18.66.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-125.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 09:28:20 GMT
content-encoding: gzip
age: 3557075
x-cache: Hit from cloudfront
content-length: 1342
access-control-allow-origin: *
last-modified: Mon, 22 Nov 2021 18:20:55 GMT
server: AmazonS3
etag: "8efb1862102ff23cb16241a0b8ff3c9b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: osqsGt4iUnjtvIfMhMwUGZ.EYLDHF.6D
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 6_rYw9Q7eEJWG_dPwWhSwlJEgzl5T3unFdmTVXge4Yusb9PYSboObQ==

GET
H2 200 sentry.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/sentry/3.0.1/ 4 KB
2 KB 8ms
8ms Script
application/javascript 18.66.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/sentry/3.0.1/sentry.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-125.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e758112ff101392ac7e7b217a21f74bcafa7c8b7b60452014b41826160c87d6f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 23:22:51 GMT
content-encoding: gzip
age: 8950204
x-cache: Hit from cloudfront
content-length: 1639
access-control-allow-origin: *
last-modified: Tue, 28 Sep 2021 23:16:39 GMT
server: AmazonS3
etag: "9434992b2088ef157a888e645136ddd9"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: KkLGnWMXwwsyOOOBY8OvOj7JaKaevyLL
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ai_Qzyhdzasm9F5qOPlZmmhtKrnPcJ-Im2UzU1RcE4o7excPIlP2zQ==

POST
H2 200 graphql Show response
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 26 B
420 B 87ms
86ms XHR
application/json 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by: Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash: 6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept: */*
Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-api-key: da2-fql7xoajcng6pilmew4lfbi6ga
content-type: application/json

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amzn-requestid: 315aaec3-6c15-41e9-8c65-d6061823a492
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length: 26
x-amz-cf-id: _NAofwltHvww_867iq9dnc_u159xfYBi_a4l2Gt1btwUKIAX9dcZug==

OPTIONS
H2 200 graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 0
0 31ms
31ms Preflight 52.222.236.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-16.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://huntr.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 12 Jan 2022 13:32:54 GMT
x-amzn-requestid: 2c4465d6-7f58-4f0b-8f8d-7c184690ccd2
access-control-allow-origin: *
access-control-allow-headers: content-type,x-api-key
access-control-allow-methods: POST
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age: 172800
x-cache: Miss from cloudfront
via: 1.1 d04699b52d8873377c4b5f4e7dcf7068.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: 2sLv6xzcAfgi3dWJZd72J_89xInIqgb5L723TCWQwZ9YcAq5ffEXwQ==

GET
H2 200 76475453
avatars.githubusercontent.com/u/ 2 KB
2 KB 33ms
7ms Image
image/png 2606:50c0:8002::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/76475453?v=4

Requested by

Host: huntr.dev
URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5147a815de3a26be091fcf10e707e74ea15835dceb388aa69a03b50b32fde99a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-fastly-request-id: b5c0a7c112e45100f792f5e0b082972f8ea6ee51
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 1549
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4025-HHN
last-modified: Fri, 13 Jan 2012 11:45:41 GMT
x-github-request-id: A14E:1247D:1097C2:11C831:61DCD666
x-timer: S1641994374.349962,VS0,VE1
x-frame-options: deny
date: Wed, 12 Jan 2022 13:32:54 GMT
source-age: 131616
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "5147a815de3a26be091fcf10e707e74ea15835dceb388aa69a03b50b32fde99a"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 12 Jan 2022 13:37:54 GMT

GET
H2 200 commons.54701049fd6fb8497e9e.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 8ms
8ms Script
application/javascript 18.66.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-125.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 22:21:04 GMT
content-encoding: gzip
age: 7398711
x-cache: Hit from cloudfront
content-length: 22174
access-control-allow-origin: *
last-modified: Mon, 18 Oct 2021 20:14:58 GMT
server: AmazonS3
etag: "7741fd16ad2418cd17ab981f8207b106"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: vuUoGDHqAHP6RTrp_GpDodkP4IGSOtsZ
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 5rxfLhGFy_-cF7mo8XVco8QoH1_h7q5ijIF-Mtm2y5GEFqMFQm3tbg==

GET
H2 200 commons.3495c86769f191d6894f.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 9ms
9ms Script
application/javascript 18.66.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-110-125.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7b5e884ac6bca471440d62a21038e1b0342c4bc6e840388256b5f4137c2e666e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 07:50:32 GMT
content-encoding: gzip
age: 10820542
x-cache: Hit from cloudfront
content-length: 22175
access-control-allow-origin: *
last-modified: Thu, 26 Aug 2021 21:35:44 GMT
server: AmazonS3
etag: "97bdd3686696ee0e0f60bfaaa6b5693b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: ycGBqmRQJe7ubt596zlSYLfgMdBxARsQ
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
cache-control: public,max-age=31536000,immutable
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: hWT-6ufWDpW4k6HzTSGXEm9FODkLRFTfNF-KAZAUC0yR5BfIGd9vwA==

GET
H2 200 3bf14b9.js Show response
huntr.dev/_nuxt/ 52 KB
13 KB 79ms
79ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/3bf14b9.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/f09ddd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d7ca3e432a3e1e2da46375be32a3f4f8006232808e00dd834bef57a1edad2f7c

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:40 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: W/"ec8276824992cc85a4af78a05796d3b0"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
x-amz-cf-id: N2yAbxgI75oagM_bxt1F6Edm0Qzu8krsiYreUaMhUx9rer-z6RqK1g==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/users/haxatron/ 76 B
1 KB 78ms
77ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/users/haxatron/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e6cb28220805df2d8d624f0cac59a3a516a74f8940ea1bc3bd37e35248125124

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:55 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 76
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:54 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "15ae76c3b256dd8ea5aa8c53932b9b59"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: 1BV6pvg5kLBbpMZY40nFI365GWriJafFr9ZRHiuoilhN_kVf_viHZA==

GET
H2 200 hotjar-2380708.js Show response
static.hotjar.com/c/ 8 KB
3 KB 55ms
36ms Script
application/javascript 18.66.97.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2380708.js?sv=6

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.3.2/hotjar.dynamic.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-53.fra56.r.cloudfront.net

Software

Resource Hash

3b6cdf04a18662cd0d51d4c8b2f1317b20b4a6d5a040d723cf14e0f29b31a4c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA56-P2
etag: W/5816b55857649f181a828da75d443d98
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: SU11S4s4WJpPZe12nfnu340W1HuL2WWNhlQuLq2w7jjgdi9N0vq8WQ==
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)

GET
H2 200 bundle.min.js Show response
browser.sentry-cdn.com/5.12.1/ 55 KB
17 KB 22ms
6ms Script
application/javascript 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/5.12.1/bundle.min.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://huntr.dev/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 11:19:05 GMT
server: Fastly
age: 12372211
etag: "1c5228c89d281d08aa0ce908f582609a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 17201
expires: Mon, 22 Aug 2022 08:49:23 GMT

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
138 B 511ms
172ms Fetch
application/json 52.39.143.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.segment.io/v1/p
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.39.143.152 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-39-143-152.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://huntr.dev
date: Wed, 12 Jan 2022 13:32:54 GMT
content-length: 21
vary: Origin
content-type: application/json

GET
H2 200 rewriteframes.min.js Show response
browser.sentry-cdn.com/5.12.1/ 5 KB
2 KB 7ms
7ms Script
application/javascript 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/5.12.1/rewriteframes.min.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.3495c86769f191d6894f.js.gz

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://huntr.dev/
Origin: https://huntr.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 11:19:05 GMT
server: Fastly
age: 3136053
etag: "4e240097ab71acf709caa48e23cd6411"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 1807
expires: Wed, 07 Dec 2022 06:25:22 GMT

GET
H2 200 modules.95d56a8fe70e88a7dcd9.js Show response
script.hotjar.com/ 229 KB
61 KB 26ms
9ms Script
application/javascript 52.222.236.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.95d56a8fe70e88a7dcd9.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-122.fra56.r.cloudfront.net

Software

Resource Hash

4fd4f9c63843aebb667973c535aa77d95795ebb28635e01b62cf81dfb44aee32

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 13:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88009
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 61466
access-control-allow-origin: *
last-modified: Tue, 11 Jan 2022 13:05:10 GMT
etag: "e2ccd91105747342ee4a8ed27f9e5793"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 71c4b07776e0b6812900664940c9d7a6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P4
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: tUQeQYCjOp0BOe-CXnOxzAg3q_F5EBy_D74ZASGrV9jmjXM0r0EU2Q==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/eeb1508f-a986-45cb-9aaf-312deb225a84/ 259 B
1 KB 105ms
105ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/eeb1508f-a986-45cb-9aaf-312deb225a84/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

62c691fb84e766d1140d4ed45474d379708c7815ec1ac770e82ddd77184691dc

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:55 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 259
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:53 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "3dbcde5116b8bcf647a1eb8e77bf73aa"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: umY7T2No7BYZTuQwaphN6qlqkV_CQ-00-iyIkJuC6xD7iotpEtKfYA==

GET
H2 200 payload.js Show response
huntr.dev/_nuxt/static/1641578563/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df/ 259 B
1 KB 120ms
120ms Script
application/javascript 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://huntr.dev/_nuxt/static/1641578563/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df/payload.js

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/fbe198b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

ef194ca71890600317872e8ad974670ff0be419e9264644f97d6b94fcfc97b45

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:55 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 259
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:49 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "d3784cc40e0133a5718d2c5543b8dbf2"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: uZZQKkofkYRlgZ4pCy92GIp044nkqDV_EQ96aUrqy-tN5KGBHX6dTA==

GET
H2 200 box-21ccaa45726c0f3c8c458f7a87eb2298.html Show response
vars.hotjar.com/ Frame C12D 2 KB
1 KB 24ms
7ms Document
text/html 18.66.139.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-28.fra60.r.cloudfront.net
Software: /
Resource Hash: c5da2e1eefbe4efd64ec18b775495cf3011d9ae03842917bfe1b0a50e03a7a44

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/

Response headers

content-type: text/html
content-length: 1044
date: Mon, 08 Nov 2021 14:05:19 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "6a4e2ae376c29011d2e53de65a08d0b7"
last-modified: Tue, 01 Jun 2021 09:17:15 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 da392114e7046bd9720a70f40c796f62.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: i_2vflBJZg7v_qZbL6yCVqdD7o_hQUWp97GJWmskn0gti_EDflvxGg==
age: 5614055

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2380708/ 146 B
321 B 88ms
32ms XHR
application/json 99.81.36.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2380708/visit-data?sv=6
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.36.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-36-187.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 30886bcaa4bc9292431c9ae196c0b6bbcc4e4311b4839780c91a09c771c76c6e

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 204 2380708 Show response
vc.hotjar.io/sessions/ 0
256 B 50ms
33ms XHR
text/plain 18.66.112.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/2380708?s=0.25&r=0.09390733277416441
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-19.fra56.r.cloudfront.net
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:54 GMT
via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
server: Python/3.7 aiohttp/3.5.4
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: N0kcgCltDf1-c5HgbyBkR1g831pG60_guFSG-jVILJElZy_rt-lNNA==

GET
H2 200 76475453
avatars.githubusercontent.com/u/ 2 KB
2 KB 7ms
7ms Image
image/png 2606:50c0:8002::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/76475453?v=4

Requested by

Host: huntr.dev
URL: https://huntr.dev/_nuxt/31a45b0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5147a815de3a26be091fcf10e707e74ea15835dceb388aa69a03b50b32fde99a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-fastly-request-id: e0425fd898e3ca14946ba0d69fec0a222f8ce5ee
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 2
vary: Authorization,Accept-Encoding
content-length: 1549
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4025-HHN
last-modified: Fri, 13 Jan 2012 11:45:41 GMT
x-github-request-id: A14E:1247D:1097C2:11C831:61DCD666
x-timer: S1641994375.587169,VS0,VE0
x-frame-options: deny
date: Wed, 12 Jan 2022 13:32:54 GMT
source-age: 131616
strict-transport-security: max-age=31557600
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
etag: "5147a815de3a26be091fcf10e707e74ea15835dceb388aa69a03b50b32fde99a"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 12 Jan 2022 13:37:54 GMT

GET
H2 200 generic-avatar.9a3295c.png
huntr.dev/_nuxt/img/ 5 KB
6 KB 83ms
82ms Image
image/png 2600:9000:223d:fc00:14:bb32:5f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://huntr.dev/_nuxt/img/generic-avatar.9a3295c.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:fc00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

aec2c5330d63222d6def1e45d8f5412b86059dcecb921b259a95f65fe66a4c7d

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://.ingest.sentry.io https://.hotjar.com https://.hotjar.io https://.huntr.dev https://.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 13:32:55 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 5573
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:10:46 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "24f19f6fffd8809bee79b6ea162af382"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: no-cache, s-maxage=2
content-security-policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
accept-ranges: bytes
x-amz-cf-id: Pc1zmpfx7pGrB0B0xqU1dK0VGVz6ZX-6LXcZ0lpMLA7Jn0pZlZzgLA==

GET
H2 200 197404
avatars.githubusercontent.com/u/ 27 KB
27 KB 8ms
8ms Image
image/jpeg 2606:50c0:8002::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/197404?v=4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dbc65505e4eb5d51660dd058b6c1d21c0049626749f5e6b5098f4d163bfac235

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://huntr.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-fastly-request-id: 74ea4ceda251ff83fc497b711f7172a71c239f53
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 27162
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4025-HHN
last-modified: Fri, 10 Apr 2020 00:17:47 GMT
x-github-request-id: 8456:14B4:10414F:114DC3:61DCCA7B
x-timer: S1641994375.651757,VS0,VE1
x-frame-options: deny
date: Wed, 12 Jan 2022 13:32:54 GMT
source-age: 134667
strict-transport-security: max-age=31557600
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
etag: "07e79134bc4983d0352ee937a698f6730780a8685f324e05d9dd12236174cabf"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Wed, 12 Jan 2022 13:37:54 GMT

GET
H/1.1

200
OK

57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e
prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/ Frame 53A0
Redirect Chain

https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBclZUIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--31ae538bf9d04000e44a5bbe8feed382c0892b6f/eyJ...
https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filenam...

91 KB
92 KB

426ms
138ms

Image
image/png

52.217.201.225
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133254Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e0312fea44bf9310b49e091968c1cbf8b0a34a73681b15f3063c2a098e50741b
Protocol: HTTP/1.1
Server: 52.217.201.225 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4a95b5c247339fdab7e5a42415d06af62c2338c1570cdadee683f256c49d0916

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.chatwoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Wed, 12 Jan 2022 13:32:56 GMT
Last-Modified: Thu, 05 Aug 2021 20:40:50 GMT
Server: AmazonS3
x-amz-request-id: T7DYDJX93V5GXB64
ETag: "9fd358b18d93851b67b6b768bddd8bb6"
Content-Type: image/png
Content-Disposition: inline; filename="profile.png"; filename*=UTF-8''profile.png
Accept-Ranges: bytes
Content-Length: 93584
x-amz-id-2: N8B6WNsphlYJ4LcCV3gIzGweSqgVnQpjpuLEZ1px9Iq+4PwxLzU/LIj2Pk5wz33k5+5dfm0a62Y=

Redirect headers

Date: Wed, 12 Jan 2022 13:32:54 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-Id: 2522b638-3ede-4ac2-bf9e-2a91f8655bb3
X-Runtime: 0.036264
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: text/html; charset=utf-8
Location: https://prod-chatwoot-assets.s3.amazonaws.com/variants/gv7tfvier42y7ypbo8fn5k0mhlm8/57496d59bd65461658f8699a5f17b76e76ea0b02ffb71890c8dbfe4064ba7e6e?response-content-disposition=inline%3B%20filename%3D%22profile.png%22%3B%20filename%2A%3DUTF-8%27%27profile.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIEKWPSDFO%2F20220112%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220112T133254Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e0312fea44bf9310b49e091968c1cbf8b0a34a73681b15f3063c2a098e50741b
Cache-Control: max-age=300, private

POST
H2 200 / Show response
app.posthog.com/e/ 13 B
297 B 121ms
120ms XHR
application/json 52.87.13.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1641994376437

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.12.1/bundle.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.87.13.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-87-13-132.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://huntr.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Jan 2022 13:32:56 GMT
referrer-policy: same-origin
server: gunicorn
x-frame-options: DENY
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://huntr.dev
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
content-length: 13
x-content-type-options: nosniff

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
huntr.dev/	1969-12-31 23:59:59	Name: auth.strategy Value: cognito
.huntr.dev/	1970-01-20 08:52:10	Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog Value: %7B%22distinct_id%22%3A%2217e4e7dc9375b7-0a98abbceae7c2-f791b31-1d4c00-17e4e7dc938734%22%2C%22%24device_id%22%3A%2217e4e7dc9375b7-0a98abbceae7c2-f791b31-1d4c00-17e4e7dc938734%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1641994373444%2C%2217e4e7dc945a59-0cbb8beaefdbe3-f791b31-1d4c00-17e4e7dc9461270%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
huntr.dev/	1970-01-20 08:52:10	Name: cw_conversation Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiJmMzE3ZDMwMS1jOWM0LTQzOTMtOGFjMS1hODkzNDRiYzliNmYiLCJpbmJveF9pZCI6MTQxMn0.vR-7CEtJzwYMg3ONEELy5puypudffVVXZLOo5UJx8jE
.huntr.dev/	1970-01-20 08:52:10	Name: ajs_anonymous_id Value: b94b02d2-268f-4878-acdb-711f6ce46f44
.huntr.dev/	1970-01-20 08:52:10	Name: _hjSessionUser_2380708 Value: eyJpZCI6IjUxYjc3Y2Y0LTQ2ODYtNWNkZS04ZjU4LTEyNTNjODgxMzg1NSIsImNyZWF0ZWQiOjE2NDE5OTQzNzQ0NDYsImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/	1970-01-20 00:06:36	Name: _hjFirstSeen Value: 1
huntr.dev/	1970-01-20 00:06:34	Name: _hjIncludedInSessionSample Value: 0
.huntr.dev/	1970-01-20 00:06:36	Name: _hjSession_2380708 Value: eyJpZCI6IjEzYTY2NGE3LTNjNTEtNDBkMS1hM2Q3LWY1MDdkNTcxMmYyNSIsImNyZWF0ZWQiOjE2NDE5OTQzNzQ0OTUsImluU2FtcGxlIjpmYWxzZX0=
huntr.dev/	1970-01-20 00:06:34	Name: _hjIncludedInPageviewSample Value: 1
.huntr.dev/	1970-01-20 00:06:36	Name: _hjAbsoluteSessionInProgress Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7/ Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-962da5bb0691e5c58b54.js(Line 1) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
huntr.dev
in.hotjar.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
vc.hotjar.io
18.205.222.128
18.66.110.125
18.66.112.19
18.66.139.28
18.66.97.53
2600:9000:223d:fc00:14:bb32:5f00:93a1
2600:9000:2315:2400:7:dce7:b680:21
2606:50c0:8002::154
2a04:4e42::729
52.217.201.225
52.222.236.122
52.222.236.16
52.39.143.152
52.87.13.132
99.81.36.187
0069019b0f2cbc057ad4f69c01c9f510a46e86d4160f4093709f4da5999e8f76
04e927aedd7e61c330b08636fb4a8ed48f53a74b6f804838d58d40f4a1631f4b
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
10bdda367e9ad0ceec3a5577cdf3379cd0c7bea4cdd78aca57fd15f9c8a38ff2
10f593138390e0dca1a2bb1fd8b75b95e21e85363ed6e8941ac7ca9b73eaa58a
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1a37031e6a0feef007ad05ef938452805b8c01fd6a3e3388e62a951c65796df7
211b5a9c89ca2bdb19447e2159875ba8be570b4e42d1962beca5bfad01b93b41
24c5c51ddb40e7b5a0b3f5aef0c2c344600214ad11de22c6d3d770b1400d8443
30886bcaa4bc9292431c9ae196c0b6bbcc4e4311b4839780c91a09c771c76c6e
373059db7c24b296fc0a96692d7eecb9249d4274128de91c553bc70467c7d8ce
3b6cdf04a18662cd0d51d4c8b2f1317b20b4a6d5a040d723cf14e0f29b31a4c1
3ef0abb4845e08bf9ee05a34d8457724a637662a9030904aab5214c0e24a27a4
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
42b9d70c9c51cfdff6ed60e874771049df657c93a0361220174582f07dceba53
4397a57f8357b3b0371c6df32a62b87eaa43218c42fa538fb34980bfb0b20a78
43caf074caf0b74abf298083d24582bcc6222300c4758a34923b25664d964896
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a95b5c247339fdab7e5a42415d06af62c2338c1570cdadee683f256c49d0916
4cd37ca89d1fae5c0bef85012bc9a6512c0879fca28092111ea3842160796400
4e0a3da788c1c015983887d374c806e0e22e00c1a05478ff48d4ddd00bc22830
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fd4f9c63843aebb667973c535aa77d95795ebb28635e01b62cf81dfb44aee32
506aa0ea770d002656c5a0884b149d33efd23951ca16bdbe7e3d76e8d0531a4c
5147a815de3a26be091fcf10e707e74ea15835dceb388aa69a03b50b32fde99a
52bfe2c491b876e967ad8d9a46e5c43e4b342c204e865e049f3b74daaed7af84
581328a6d6e6e92f7eccc5237174bd8ed73c929960bd4c838de73afea046e87a
5c1941d5f7e989c15891c78441408048088fcd0ce5330b958187504340e0d528
6190ebed8568901a2628a503e0bd1e72c10e6a5cc207193038f4a8c13fac9485
62c691fb84e766d1140d4ed45474d379708c7815ec1ac770e82ddd77184691dc
6807e1d77edfeb9a4bb6d32f2bd8bea0e411aa158df9c3dc13a0be01dfca8f6b
688c663183df7b4bbed5e57fe7328f81225d18b1eebcad7f099d3bc984a04e35
6da167fbba631ae8858acb2511800949ad269156bb7a7af0e9b5455d887d7e8c
6ec4210b7a41340415fcad48cdcd9fabf3497b1512d43c297077806fe9aed7c7
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
75457b054e6e1e89f10dda4b777d5676404acaa1541618f03d4ed055a3857e05
7561fb9f36929fc5ee536239058b9ecff2d8075c5953dc2f81571a4d0fb0bbec
76f1b39cfb3063a87ebc0b127fdedbf29fe76c5a4c61c9f4cd05eac5c3f5bb9f
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
78bb08ba17e489b63c7ceac9b4e8f4ac40450b9b64b40016626cb4d554297f69
7aabb3c3be9e964e33990c63a17c294a2dfd348422dda57ea50feb8355a34414
7b5e884ac6bca471440d62a21038e1b0342c4bc6e840388256b5f4137c2e666e
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
833e44e0f40eada5a7ca9770aea05768e576ee5ca6ce20ec636fa51bde65b03c
87ba708d52459c2314d130b5f4ef8ce0c9060dd3180135ef8bf750852b72c954
8993e0383e40e5bd3b61be2e4e7acbf8e8325863491928a06a1a0c25cfa7fdaa
9177550934c7d4516a148a4d0bc2cd709da01789a4d6d2862c6d17b083a7d8cb
93a1f3263e3c883f998ff8f4a3fd8afc3066f33daf90248b89e2bb01cd2003f7
98cfbc4941d976520dde0a548b87b499e1c0454f9bc38aeb581b9e13b1e219a7
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
9ff1509605edb93b5b09373cc654addcf9afe913bc0ca69082e5683348e2ba75
a5de64ce9eac87ca74a4dd88c3fe95a78f0514029e18b1ddc6542fbe1f99ffc0
ae3711b69005cf8726b54df4b235f63d7ff9fb121ee2f3300b3b390215d09cb6
aec2c5330d63222d6def1e45d8f5412b86059dcecb921b259a95f65fe66a4c7d
b31f151521a901006a71ba693ec632c0dbbc29e54e1d1fbebeae08b9cf19c76f
b91bb18b545e5ae1b449eb4861af099fba89ce33c280f9b95f692d2367ea66ca
b9917ccf39f0ee3919543b9e3e00f636f66b3a22c67f30887708e2c6b5bfd439
bffad81246e13f89b8aff1aa4415ff0cd6d7ec01aec2a19e740a48e64fd5cf1b
c0300a30bf78c5dd7f0b467b4c4d1fcceaab232cd5fcee2c0c04f96de316af32
c5da2e1eefbe4efd64ec18b775495cf3011d9ae03842917bfe1b0a50e03a7a44
c7bb7011639a2c9a6ebb7ac5d5c77e24e51babbffc2cfa2b3a1bf17cd37b6bc7
caa5f72527e871922763c493af6384144451a172db5db4566235196b07ce3e3a
d3dcec4f248e2811281de6c0e8755ae7e03a72c54dc9b4d1e1ca7ce6ba3de30c
d41e5b545a338f280a64fb8f04cd5c3c4f5f006149559c7aaec1d6c3899f97a4
d7ca3e432a3e1e2da46375be32a3f4f8006232808e00dd834bef57a1edad2f7c
dbc65505e4eb5d51660dd058b6c1d21c0049626749f5e6b5098f4d163bfac235
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6cb28220805df2d8d624f0cac59a3a516a74f8940ea1bc3bd37e35248125124
e758112ff101392ac7e7b217a21f74bcafa7c8b7b60452014b41826160c87d6f
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa
ef194ca71890600317872e8ad974670ff0be419e9264644f97d6b94fcfc97b45
f120052d211097e6bedc7819573661081c96151aeef903e657927c66260937c1
f60a6431b470b5f1c557904aa1087293dfb28647b4efbc202fdbdfb784c9cdf0

huntr.dev Open in urlscan Pro 2600:9000:223d:fc00:14:bb32:5f00:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

80 Requests

98 %HTTPS

27 %IPv6

11 Domains

15 Subdomains

16 IPs

2 Countries

1824 kBTransfer

5314 kBSize

10 Cookies

17 Outgoing links

Page URL History

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

huntr.dev Open in urlscan Pro
2600:9000:223d:fc00:14:bb32:5f00:93a1 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

98 %
HTTPS

27 %
IPv6

11
Domains

15
Subdomains

16
IPs

2
Countries

1824 kB
Transfer

5314 kB
Size

10
Cookies

80 HTTP transactions
1 data transactions