urlscan.io logo urlscan.io
SecurityTrails logo

huntr.dev Open in urlscan Pro
2600:9000:223d:ba00:14:bb32:5f00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Submission: On June 29 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 1 countries across 9 domains to perform 67 HTTP transactions. The main IP is 2600:9000:223d:ba00:14:bb32:5f00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is huntr.dev.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 22nd 2023. Valid for: a year.
This is the only time huntr.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 26 2600:9000:223... 16509 (AMAZON-02)
3 2606:50c0:800... 54113 (FASTLY)
7 99.86.8.175 16509 (AMAZON-02)
2 10 54.161.241.46 14618 (AMAZON-AES)
2 2600:9000:223... 16509 (AMAZON-02)
12 13.249.9.61 16509 (AMAZON-02)
1 18.173.187.81 16509 (AMAZON-02)
2 2a04:4e42:600... 54113 (FASTLY)
1 18.164.52.121 16509 (AMAZON-02)
4 2600:9000:214... 16509 (AMAZON-02)
2 52.216.54.233 16509 (AMAZON-02)
67 11
26    2600:9000:223d:ba00:14:bb32:5f00:93a1 (United States)

ASN16509 (AMAZON-02, US)
huntr.dev
3    2606:50c0:8003::154 (United States)

ASN54113 (FASTLY, US)
avatars.githubusercontent.com
7    99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net
cdn.segment.com
10    54.161.241.46 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-241-46.compute-1.amazonaws.com
app.chatwoot.com
2    2600:9000:223f:3200:1d:be94:4b80:93a1 (United States)

ASN16509 (AMAZON-02, US)
app.posthog.com
12    13.249.9.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-9-61.cdg53.r.cloudfront.net
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
1    18.173.187.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-81.muc50.r.cloudfront.net
static.hotjar.com
2    2a04:4e42:600::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
1    18.164.52.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-52-121.cdg50.r.cloudfront.net
script.hotjar.com
4    2600:9000:214f:7c00:7:dce7:b680:21 (United States)

ASN16509 (AMAZON-02, US)
d3tq67kexc2w2i.cloudfront.net
2    52.216.54.233 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
Apex Domain
Subdomains		 Transfer
26 huntr.dev
huntr.dev
1 MB
14 amazonaws.com
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com — Cisco Umbrella Rank: 671833
54 KB
10 chatwoot.com
app.chatwoot.com — Cisco Umbrella Rank: 192184
45 KB
7 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1616
62 KB
4 cloudfront.net
d3tq67kexc2w2i.cloudfront.net
221 KB
3 githubusercontent.com
avatars.githubusercontent.com — Cisco Umbrella Rank: 9457
81 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4934
21 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 753
script.hotjar.com — Cisco Umbrella Rank: 1081
75 KB
2 posthog.com
app.posthog.com — Cisco Umbrella Rank: 21614
1 KB
67 9
Domain Requested by
26 huntr.dev 1 redirects huntr.dev
12 mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com huntr.dev
browser.sentry-cdn.com
10 app.chatwoot.com 2 redirects huntr.dev
app.chatwoot.com
d3tq67kexc2w2i.cloudfront.net
7 cdn.segment.com huntr.dev
cdn.segment.com
4 d3tq67kexc2w2i.cloudfront.net huntr.dev
d3tq67kexc2w2i.cloudfront.net
3 avatars.githubusercontent.com huntr.dev
2 prod-chatwoot-assets.s3.amazonaws.com
2 browser.sentry-cdn.com cdn.segment.com
2 app.posthog.com huntr.dev
browser.sentry-cdn.com
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com cdn.segment.com
67 11
Subject Issuer Validity Valid
*.huntr.dev
Amazon RSA 2048 M01		 2023-02-22 -
2024-01-24		 a year crt.sh
*.github.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-21 -
2024-03-20		 a year crt.sh
*.segment.com
Amazon RSA 2048 M01		 2023-02-24 -
2024-01-12		 a year crt.sh
app.chatwoot.com
R3		 2023-05-13 -
2023-08-11		 3 months crt.sh
app.posthog.com
Amazon RSA 2048 M01		 2023-05-02 -
2024-05-31		 a year crt.sh
*.appsync-api.eu-west-1.amazonaws.com
Amazon RSA 2048 M02		 2023-02-24 -
2024-01-05		 10 months crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2022 Q3		 2022-09-28 -
2023-10-30		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh

This page contains 2 frames:

Primary Page: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Frame ID: D09C12405B0BA7F2E63C609488BE5A5E
Requests: 48 HTTP requests in this frame

Frame: https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Frame ID: 514C5C48111200E6131B235FB4620470
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Business Logic Errors vulnerability found in dolibarr

Page URL History Show full URLs

  1. https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f HTTP 301
    https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

67
Requests

97 %
HTTPS

45 %
IPv6

9
Domains

11
Subdomains

11
IPs

1
Countries

1888 kB
Transfer

6079 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f HTTP 301
    https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--dd0afdd7a9805f8d4463fe96514a85e76612a13c/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJY0c1bkJqb0dSVlE2RTNKbGMybDZaVjkwYjE5bWFXeHNXd2RwQWZvdyIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--624b3ceb3fdf42c4b07c7818563fe60603b6095b/New%20Project%20(16).png HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/wveuf5mscswvl5nci26yt5jui4jf?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230629T113236Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c9989a2af407d697e12d6ff22f7cc2d57cbceaf0d5400986cc5b8e624812a51a
Request Chain 61
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBcEJZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1eca2fbbec1106143b0ace0663d6c185c3a7e57e/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJYW5CbkJqb0dSVlE2RTNKbGMybDZaVjkwYjE5bWFXeHNXd2RwQWZvdyIsImV4cCI6bnVsbCwicHVyIjoidmFyaWF0aW9uIn19--fabd060060e055c9dd6a8996dc0b9ef8a3776cf5/headshot.jpg HTTP 302
  • https://prod-chatwoot-assets.s3.amazonaws.com/w97hsefzw9wcud22xhgryh23kvha?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230629T113236Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=8564f831b68e559e8bb7abfd5b8591fa9d634c6f35aa1938650fca9a8b80cda7

67 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Redirect Chain
  • https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f
  • https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
164 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5ca3d4752735e2a391278cf9d3fba0320c209e810093c148957ccc32804b75b9
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=2
content-encoding
gzip
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-type
text/html
date
Thu, 29 Jun 2023 11:32:35 GMT
etag
W/"a2dfcc9557d62d07c8944e596ba4698e"
last-modified
Wed, 28 Jun 2023 11:05:08 GMT
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-id
Hjgyor3C58rXFneE2jNpTiAh-EJbAT_lDainvt4Z5bdpbW4nyazxLg==
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
application/xml
date
Thu, 29 Jun 2023 11:32:33 GMT
location
/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
server
AmazonS3
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-id
VomSA3TzxtkQ-Ndbvk0Ng34xx6aLA6CU9Eqal7hIVl1pBZc8zfFRAQ==
x-amz-cf-pop
FRA56-P3
x-cache
Miss from cloudfront
b8a52a6.js
huntr.dev/_nuxt/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/b8a52a6.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d16f855f36aa7312cfee9375d49a7f88d0ac0e6a514a98a3b4d57b691ef6795
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"1146dd9e763dfabd6c56e51ff88ee524"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
uRppVuTnDaW37pQL6ltMA9qnTdvCKFSPt5viskkZJnuLc1xqsb7I_w==
0db1603.js
huntr.dev/_nuxt/ 		314 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/0db1603.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a07de7ccf11f7c30e58172ba0c458d73d8c188a4308fa49916d76386a073cb26
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"81cbc4645b3040f3d6fa6cac387ae732"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
xjb3d6aT9vGBLfE2s0WH-JA9untqqKFOaqNlNQnGgASDWHWhToxw0w==
c99aed5.js
huntr.dev/_nuxt/ 		1 MB
305 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/c99aed5.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f4ee103204c6b1b5e3d88e45e9a186205ff394d9549bd71bcfa231697f0d536
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"59f650b4963cd266382a75c4921219c0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
hUkZh56WeNu2VixXwc8x29Zeehtixs-695huZi4kJhg8kEelcJ_I6Q==
f5328a7.js
huntr.dev/_nuxt/ 		215 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f5328a7.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
818e86b7387edf30a09923f0129f489070297f7ecdb9c892dd61b800aada4a47
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"c9c3a8b98f7256ddc20ffa9a09d2f5dc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
MGyIYVgyBry4TFgVbAVhWi6mkNBuRTC2AkvFm-Ly6cpc30IUAqBR5A==
76a2887.js
huntr.dev/_nuxt/ 		430 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/76a2887.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
20a715f096b93c3332dc39be54823e0fda8d9b939a8d8fbd5be0136043aa89a9
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"2b6ecf2fc76ba3ea22b81905d2ce90ab"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
DfqjVb5z3Fjwmcrmqk0FqAr6VuhWGryPzVbseoo42xHZkhDl43YiIw==
bbb917f.js
huntr.dev/_nuxt/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/bbb917f.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"be4dba135aeb7cf8e26a4cdd1d35986c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
WBlR0vRl7m6eUHEa_-E28kv-iBJaKlkgORokR31v0DWRSQkzaClh4Q==
3786b1c.js
huntr.dev/_nuxt/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/3786b1c.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e157475410165a42f7d87fc4eef0ce39c3c52bddfb366dd4ed7227899ebdae61
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"e2ec6f778e62e4251d3a7928731e1396"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
uwETa5f1kWWP5o_68CgVHwY7pBvEY8dX3gD6j1u6X-tFJ0y1RuD1zA==
cc2b3db.js
huntr.dev/_nuxt/ 		864 KB
274 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/cc2b3db.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
36a002cd5d74b4708ba35d4a438409b51792eab3cd85452d8aab926c02c61fe4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"0c95873e18e9f1d4b043ff978d45a281"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
gXGp5S1KmdG_Dbku9Yf4j36LrPrzBnJGVY2RgnkFII4DtqSBfuRBhA==
a16bd5b.js
huntr.dev/_nuxt/ 		74 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/a16bd5b.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ada4bd8c8021353ebb011cf098080b175e011d7ba40bea92cdb341dda5eebf8c
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"c570366cc0b00cf2513ff56b45f70596"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
u08DsnsB4Q15oRN8TXjrZqcX3m_ykZMPxsNY9MJwlDje54PkmbWcqg==
state.js
huntr.dev/_nuxt/static/1687949605/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687949605/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/state.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e61cf63334403fdac6c44bc03bf68aab944a994eab068a13be40447c7adcdecc
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:50 GMT
server
AmazonS3
etag
W/"699cab9bf7e99351e75a70d85544918c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
3sXglRxXQGWHkMP3HBqyRbGs7m2APQXkou36TKKtalIgcRE09hec5A==
payload.js
huntr.dev/_nuxt/static/1687949605/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/ 		259 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687949605/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4d628a4f57725c3195c8033af5ba7f53576d9f11d64341bb956aad4bd220610d
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
259
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:50 GMT
server
AmazonS3
etag
"e3f98c9c6383a163f156f4778ff0abc0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
48qC8q5X7cmmgKiRyvr6dZVQBjg2GHYLTQKS-9O79A1-mqsfM8QihQ==
manifest.js
huntr.dev/_nuxt/static/1687949605/ 		195 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687949605/manifest.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ea0fc524e52fb13b391ca15cd829097344811225a0e323552157c6ef6c815a73
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:56 GMT
server
AmazonS3
etag
W/"662bb981bf36dfe5d692c0ddc7af902c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
m9ZHDbZ7q2lDnYK-DMftIHOf41tZy51hducjmfbhMjHToMAHLSj63w==
Montserrat-Regular.3cd7866.ttf
huntr.dev/_nuxt/fonts/ 		240 KB
111 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Regular.3cd7866.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"ee6539921d713482b8ccd4d0d23961bb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
L3BfPDaEO0gOjv1pJyyCRUATPZkL4Nn5puhbfik2VtL_QynoKSX4Yg==
Montserrat-Medium.e2d60bc.ttf
huntr.dev/_nuxt/fonts/ 		237 KB
110 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Montserrat-Medium.e2d60bc.ttf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"c8b6e083af3f94009801989c3739425e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/ttf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
yftmbBl92URv0xisWNzmVCrnXHzy2yfQ4w0nMTizRENF0Wd17dfznQ==
883887
avatars.githubusercontent.com/u/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/883887?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
eb438449d5e1e1981bf81c2050e8276857210dc4725b76afdcf722839f3c924d
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id
744a4b26d46de321382b06f28751fa6d7787eb3e
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Thu, 29 Jun 2023 11:32:34 GMT
via
1.1 varnish
x-cache-hits
0
x-cache
MISS
cross-origin-resource-policy
cross-origin
content-length
32523
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230020-FRA
last-modified
Sun, 18 Dec 2011 09:07:35 GMT
x-github-tenant
x-github-request-id
D702:BDCC:141D599:14E5AE3:649D6BD2
x-timer
S1688038355.646955,VS0,VE98
source-age
0
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 29 Jun 2023 11:37:34 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		105 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c99aed5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0101f73217dd574dd30deb66ef55e17e6c28ccb887f1d0e36bd809c5cf73cfb0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id
BoWfzAj98Dv60pllXcdllqEFKDS5eOVk
content-encoding
gzip
via
1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
date
Thu, 29 Jun 2023 11:31:44 GMT
x-amz-cf-pop
FRA6-C1
age
115
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 08 Jun 2023 04:50:00 GMT
server
AmazonS3
etag
W/"dacf31da4cecdc9b09f96ef969dfac00"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
HGy5I-wnVYJssJeDi1ZFqLoTVAa3GrIQzuue_WLq5PgKZ4KtqcK-2Q==
sdk.js
app.chatwoot.com/packs/js/ 		100 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/packs/js/sdk.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/f5328a7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
5e1134238bbb5dacdfa5a56b40bc2ead30809def8a9e57099846923f6305978a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Thu, 29 Jun 2023 11:32:34 GMT
Content-Encoding
br
Via
1.1 vegur
Strict-Transport-Security
max-age=63072000; includeSubDomains
Last-Modified
Thu, 29 Jun 2023 07:19:41 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Content-Type
application/javascript
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
30646
/
app.posthog.com/decide/ 		293 B
708 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/decide/?v=2&ip=1&_=1688038354986
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c99aed5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:3200:1d:be94:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2d68ea73045c567769056c309497d9ce08947e0e50007e83d54c52c0b012441c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
via
1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
referrer-policy
same-origin
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
x-cache
Miss from cloudfront
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
x-amz-cf-id
ZrvU569uXTCH9gwWVbTeUbRi4tA069UL9n_bMPfVVT5oU_0KfBgk_A==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 29 Jun 2023 11:32:35 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-id
A2ioK-DTsZzYpV3dL2tl-V6Cpv0_hmKWEXEc_I4yR43Fi5dUIxFCbw==
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
3c0c5f82-55c9-46e6-9d75-518cdc122c4b
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 29 Jun 2023 11:32:35 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-id
4Z5ntUr-Lhbl35xVVeaJguvIkF0Ze5Mw9ZhWIPoUr2MxOFV6XjspgA==
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
9d8d3683-666d-41dc-a2b8-8307b5c0a600
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 29 Jun 2023 11:32:35 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-id
8QPCMdE2sUQSQSxwJsk3HxWlhNyHvZzU0seq6bnhiTPgx5yJpSs-Fg==
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
c533016d-7679-41ac-912b-d07f1f366950
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 29 Jun 2023 11:32:35 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-id
szcdSEylNsREfjucB7qRbmnlUo_5lXlasxnOsbqOFCl_R5lFfZsb3Q==
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
7971e508-c22b-4199-9cf1-8119f5fae648
x-cache
Miss from cloudfront
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		196 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c99aed5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash
c181c1c2bf36092d17ee70b98ccd2264b4e33fc91f0bb2bf532ecce6796cde0f

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Thu, 29 Jun 2023 11:32:35 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
98bd3430-06a4-4d02-b50a-8a0d0fbfd746
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
196
x-amz-cf-id
9EKPuJVOwHPZND0d50YZ2Ivph_za3XrXLNxqSodBt1yagU1wD4ly3A==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		33 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c99aed5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash
3af437e24c3a97f4ab6abf35fd373ce3986cd33862b114c1b98aea98bc4a8044

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
2
date
Thu, 29 Jun 2023 11:32:36 GMT
content-encoding
gzip
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
d84fc14e-96e2-4921-904d-12190837d61a
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id
d0NZe-Zs7xzNCnxdax0BCrkFaYr8mnqz9m4Yf7S42RTCRc9WzgVXTw==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		12 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c99aed5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash
3f46e4c66a525a9b477a2357ef6b8b1eaad11c3e8cb5e91fae668d3cc4f2a834

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Thu, 29 Jun 2023 11:32:36 GMT
content-encoding
gzip
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
1039f2b7-92f5-44c9-b188-4ecad395f8e1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
x-amz-cf-id
pGSvYGylgUCBs5NkVaT0awwIz-GEzP2zYXFY3G2dTeZDLR_3LmeFXQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		31 B
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c99aed5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
6
date
Thu, 29 Jun 2023 11:32:35 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
2b5a43f9-36a3-4255-b8bc-0af17c28ad18
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
31
x-amz-cf-id
vvLj6Tidd66nrqUJSOy63Gh7RyqhapyOCwQ--0cxN3FDwAKWZOEIxw==
Metropolis-Regular.67a1988.otf
huntr.dev/_nuxt/fonts/ 		23 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/fonts/Metropolis-Regular.67a1988.otf
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"f7b5e589f88206b4bd5cb1408c5362e6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
FZm_MsPxoA_XCrYTufFrP4DHQ22Jx6L69RkgBDkjGe1DgfFkZPhi4g==
settings
cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d115f2da2d8b15e1bd94ac2fd51421df52c94fcd42fbbcc0fbb07d68db7c4d37

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id
gV79Vv2hwWOcDLQSQJv1Q3slZEchk8Sj
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
date
Thu, 29 Jun 2023 08:44:16 GMT
x-amz-cf-pop
FRA6-C1
age
10401
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 11 May 2023 06:43:26 GMT
server
AmazonS3
etag
W/"850f9709d16422be8d080f3ed61da799"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
DcZfE4QKikZOxx2lQimdO5R1MqhrYpdP2olidA_2QttRRwnkNSYyJg==
27bfdc7.js
huntr.dev/_nuxt/ 		33 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/27bfdc7.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8a52a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31ecd6f0ee1ec93d53e3430f9c730034d86bb802b9fa8af1233d60b6e32ae9d4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"5618e899514de835d7f38399d4645fc9"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
REK5OSJYrN4eQk-SsuulaCAMUvdTWX6nHnh7Mp3Oll_fesReXp4FYw==
f3f42fa.js
huntr.dev/_nuxt/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f3f42fa.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8a52a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
20d79f58a5fee064733df88b065b82d7939ff7afad34bb938babce88a4683033
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"66d57a3195ab69aa4ecdc2deb98fb12e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
gTGfSH_o4OcQ_E8nfBK406zeyuTzaqBszfcMz31BqyoY4Y-eVcaZbQ==
f9f0f01.js
huntr.dev/_nuxt/ 		103 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/f9f0f01.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8a52a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d334c8d9d0c9f5b92fe6d1b691e83b5d582868413dfb275f384bfaddefebbf8
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"a8568e6eaa36388ad32e706b9025efb3"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
DckI7zpGn6TVyroa8xnrO3dSE1UGl7Qa-6qYjNOZCmfX8UdFu-Q9xg==
b42781c.js
huntr.dev/_nuxt/ 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/b42781c.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8a52a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
67de16a48fd4de7d559f3a983c7f4c9ef88972b0a5c436bd22f16030968ab49b
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"e590b0f16b4b157c1719995dca4dca2d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
7qTDSzeEW6adgPsPp-qP7KzrzwXgKJKBPEgYBePN-PeXZssKuTkxPA==
86547f4.js
huntr.dev/_nuxt/ 		44 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/86547f4.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8a52a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f8d0b4869d2080031f5e46e895dd444ad49724db855e3d263dc6bcbb656e0aed
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"c106afd2ca9bdec08bab32cee795580e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
qiepifQy8GcyCb8L3dRiAP85mmzSzrPsjtMuGzBGuSP0w42_tB6wjg==
b3fc1a8.js
huntr.dev/_nuxt/ 		122 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/b3fc1a8.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/b8a52a6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4113709c843bbfa5bc82c222b9b3e1429bb0f1b187000579679e57e3983951e4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:28 GMT
server
AmazonS3
etag
W/"f89077546e50819da35bbc786716c80b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
0lT0ymfk3Bc_JGd3mHFWut1UHwPrBL6ma_nGEDKeejkI0RGPYYLOcQ==
payload.js
huntr.dev/_nuxt/static/1687949605/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687949605/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c99aed5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
content-encoding
gzip
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:56 GMT
server
AmazonS3
etag
W/"126dd630135f2a51a22e58e9f9dbb73b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
e_zsem8qVGZyhsPGvB5gJPPJHPKQ7UjSsgwhFzV0u0i4LCMu6s9xyg==
payload.js
huntr.dev/_nuxt/static/1687949605/repos/dolibarr/dolibarr/ 		542 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687949605/repos/dolibarr/dolibarr/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c99aed5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e263e2eeec4cea7079abfb73ef3cae55613ef6dcaa0aea94bf3b31fd98b0e14e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
542
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:56 GMT
server
AmazonS3
etag
"53b3ab34d462317356d2bb24a2977e88"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
A2iTfCn56BoxYeymVMFUaBM-GcRI5KiFSTXuoRVmfE7wPmusi5Tn6w==
payload.js
huntr.dev/_nuxt/static/1687949605/bounties/disclose/ 		79 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://huntr.dev/_nuxt/static/1687949605/bounties/disclose/payload.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/c99aed5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ba00:14:bb32:5f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
79
x-xss-protection
1; mode=block
last-modified
Wed, 28 Jun 2023 11:04:55 GMT
server
AmazonS3
etag
"11e86df8ac1d9c85f55c418a4fbf5255"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
x-amz-cf-id
NMDpiMHNP__a-TuKmfX3ZDhhdTa_oJncrz5DRY-5mzOl3zDHImftOg==
ajs-destination.bundle.0f003b5e4b03680982b4.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.0f003b5e4b03680982b4.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3e2bce089186ecc5310b103ce3056fce92ce32e1db3d5e2db4c1dab4fa87c175

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 22:41:18 GMT
x-amz-version-id
RsGKQvvF9Yt9j0mZ1IGFuFjuWHMd3XFe
content-encoding
br
via
1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
2379078
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 01 Jun 2023 20:07:54 GMT
server
AmazonS3
etag
W/"5c08e208387787e375df16faad0e6cd2"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
NnjjEMY7TbpbRkQ3NZ24BqdxAwyutsBkbIRX-VZbumXp9-I24V8UHw==
schemaFilter.bundle.f63551a29dc1697f71b6.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.f63551a29dc1697f71b6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Apr 2023 00:10:37 GMT
x-amz-version-id
MniMHHUYFjJc54scO3EWeBryCREtRHVz
content-encoding
br
via
1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
7298519
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 06 Apr 2023 00:06:35 GMT
server
AmazonS3
etag
W/"2a359f6227308e4ee31623f9381ae1d7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
AigIYmz6tin_IlWWKSxSqLA2_lNusNxF8y_Iuxq8Eu14co3dTmtccA==
hotjar.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 12 Jun 2023 14:36:31 GMT
content-encoding
gzip
via
1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
x-amz-version-id
iu1zbgeHwykvymiEND1aa93zoJ2gI8Ne
x-amz-cf-pop
FRA6-C1
age
1457765
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1336
last-modified
Wed, 03 May 2023 11:04:44 GMT
server
AmazonS3
etag
"4cd7c93a55ce331d264d9a857bd044ed"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
vo0a5Sd1ltNjcQ_JR2ljCN5exl8ECFkS2KxqOD13Sjo1Gin7e_D1zQ==
sentry.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/sentry/4.0.0/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/sentry/4.0.0/sentry.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a45596c2087026ebad9fe6991aa7c6d4b55bb4ceeab5ec99f5e5f1b73c5cbc32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 09 May 2023 10:23:36 GMT
content-encoding
gzip
via
1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
x-amz-version-id
2vezJ.GrCC1b.P6opCF2.LahamyxF100
x-amz-cf-pop
FRA6-C1
age
4410540
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1674
last-modified
Wed, 03 May 2023 11:04:45 GMT
server
AmazonS3
etag
"2404d84a05081bd5da596a06fce0a77e"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
ZswdPvDr7g20i16dOPqcpVlic_mQnynEWvZrAktFBCtT8yoyaL4qJQ==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/VWwEgATDMwku1jvgt0soCRaORr8xbOyx/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 03:34:22 GMT
content-encoding
gzip
via
1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
x-amz-version-id
1x6q_MsAdAkmPosImHjKsztmTTUAb2Vd
x-amz-cf-pop
FRA6-C1
age
1929494
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22177
last-modified
Wed, 03 May 2023 11:04:43 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
9COMQ36SVywxK7BaCkEFDCanZduJJrf-CxEHBPmH-iqJBQEIzODtog==
hotjar-2380708.js
static.hotjar.com/c/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/hotjar/1.4.0/hotjar.dynamic.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-81.muc50.r.cloudfront.net
Software
/
Resource Hash
90da798f2b8c5600035155a12bbf53cfeccaa226332f0548f11e7f3dfb4bb49e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Thu, 29 Jun 2023 11:32:22 GMT
via
1.1 0dfb58f1fc97e590bcf6bcf75288d878.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P4
age
21
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/e6f14f9defbcc954a8fa0c5671c3fc0b
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
C9wFeR4AQ9R0CvXL658RWxPFsIpcJF808OVkNw8kaXGvqJKOw_QzLA==
bundle.min.js
browser.sentry-cdn.com/7.45.0/ 		57 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/7.45.0/bundle.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
05bcbc540206cd609115e7b8e685959e641b5e058f209a504e838676477574ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 24 Mar 2023 09:06:27 GMT
server
Fastly
age
5018663
etag
"f6c15f63eee05d140bbee54d82c0199f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
19827
expires
Wed, 01 May 2024 09:28:11 GMT
rewriteframes.min.js
browser.sentry-cdn.com/7.45.0/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/7.45.0/rewriteframes.min.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
d57e040bae754a4dc9a076f4a185b05f7c3a78aa2510b0a2622da91925581cce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://huntr.dev/
Origin
https://huntr.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 11:32:35 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 24 Mar 2023 09:06:27 GMT
server
Fastly
age
5043012
etag
"d6d99482c2dca6d5889a60f82bc3a795"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
1138
expires
Wed, 01 May 2024 02:42:20 GMT
modules.710fa773759992ae5199.js
script.hotjar.com/ 		270 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.710fa773759992ae5199.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2380708.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.52.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-52-121.cdg50.r.cloudfront.net
Software
/
Resource Hash
8e4eb2fbe2428b73be6461073a48b2059abde0936219b8c1b2cc4b7dfbd85d83
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Fri, 23 Jun 2023 13:19:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 36bd0d69f76f5e62cbdf6ece28e39cae.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-P4
age
512008
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
70212
last-modified
Fri, 23 Jun 2023 13:18:24 GMT
etag
"c0d8da1fc28983e2914d2514d6175f9a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
HUVBvg-gIxwRQqGS4er2_1geHoOV1-NGCJnpfgqBaG4tE77MBwH82g==
widget
app.chatwoot.com/ Frame 514C 		6 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: app.chatwoot.com
URL: https://app.chatwoot.com/packs/js/sdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
32d19a11961d9442b31003fc486e47e9eb42aea36bc1b42da0c5a64290c09e9c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://huntr.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, private, must-revalidate
Connection
keep-alive
Content-Length
6558
Content-Type
text/html; charset=utf-8
Date
Thu, 29 Jun 2023 11:32:34 GMT
Etag
W/"32d19a11961d9442b31003fc486e47e9"
Link
<https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-c3a8366fff24162d3920.js>; rel=preload; as=script; nopush,<https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-7c0977b3.css>; rel=preload; as=style; nopush
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Strict-Transport-Security
max-age=63072000; includeSubDomains
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
d4d0a218-6e88-4f1e-8196-81b7e90c39c0
X-Runtime
0.093726
X-Xss-Protection
0
widget-c3a8366fff24162d3920.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 514C 		754 KB
205 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-c3a8366fff24162d3920.js
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:7c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
6c4984b2b6f6b883b69be920c8ae38cf5b727a5b4bbe27187a30c78acdfc4caf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 07:22:41 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Thu, 29 Jun 2023 07:19:41 GMT
server
Cowboy
x-amz-cf-pop
FRA53-C1
age
14993
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
209449
x-amz-cf-id
YCnzhwo55iZ-8LoU4oWNbg1kS9cYipnTzXIWMTrBA67kPC_u4vIxEA==
widget-7c0977b3.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 514C 		49 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/widget-7c0977b3.css
Requested by
Host: huntr.dev
URL: https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:7c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
5638b2a2c0bb779c1ad59ae775f3f1f76834a175d6ea9ac5d08e4703bb3339a7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 07:22:19 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Thu, 29 Jun 2023 07:19:41 GMT
server
Cowboy
x-amz-cf-pop
FRA53-C1
age
15015
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
9816
x-amz-cf-id
Bj90wCSSoi1r_kRAANt4Liv51cPKr2DpilVL3tsMnGWi_qSPhsPsEA==
23-0baaed8e.chunk.css
d3tq67kexc2w2i.cloudfront.net/packs/css/ Frame 514C 		1 KB
901 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/css/23-0baaed8e.chunk.css
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-c3a8366fff24162d3920.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:7c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 07:22:36 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Thu, 29 Jun 2023 07:19:41 GMT
server
Cowboy
x-amz-cf-pop
FRA53-C1
age
14998
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=31556952
content-length
512
x-amz-cf-id
VrOVda1RfnNPafPa0SIN4Jp1XPhi7D7SpBKmaNixCqihRg8iZruNDg==
23-77856aad21e97a8d4953.chunk.js
d3tq67kexc2w2i.cloudfront.net/packs/js/ Frame 514C 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3tq67kexc2w2i.cloudfront.net/packs/js/23-77856aad21e97a8d4953.chunk.js
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-c3a8366fff24162d3920.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:7c00:7:dce7:b680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cowboy /
Resource Hash
096c019a49e536c2efe46ff1ae8e668b18ebbcea39cf5f905820cedf21659287
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 29 Jun 2023 07:22:47 GMT
content-encoding
gzip
via
1.1 vegur, 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Thu, 29 Jun 2023 07:19:41 GMT
server
Cowboy
x-amz-cf-pop
FRA53-C1
age
14988
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=31556952
content-length
4521
x-amz-cf-id
4x8BnWj_D7GkQmKso8-FGWGkzdxqWCyB8L9QjP8b7dUN6lLna3hfPw==
conversations
app.chatwoot.com/api/v1/widget/ Frame 514C 		2 B
615 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/conversations?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-c3a8366fff24162d3920.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NTkyNThkZS0xYjRjLTQxNzMtOGMxZC02MThkYWNmMTY5NjgiLCJpbmJveF9pZCI6MTQxMn0.wp3jQGLxUqUO2MuqYKyaf1OAWXa25Mu1Zwcxoaf_eWU
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Thu, 29 Jun 2023 11:32:34 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
2
X-Xss-Protection
0
X-Request-Id
3a00ab04-34a5-4155-ab09-1c8bd4fc7901
X-Runtime
0.016083
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"44136fa355b3678a1146ad16f7e8649e"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
messages
app.chatwoot.com/api/v1/widget/ Frame 514C 		14 B
628 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/messages?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-c3a8366fff24162d3920.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NTkyNThkZS0xYjRjLTQxNzMtOGMxZC02MThkYWNmMTY5NjgiLCJpbmJveF9pZCI6MTQxMn0.wp3jQGLxUqUO2MuqYKyaf1OAWXa25Mu1Zwcxoaf_eWU
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Thu, 29 Jun 2023 11:32:35 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
14
X-Xss-Protection
0
X-Request-Id
f06f86e0-6769-4747-ac22-ad65eab56a08
X-Runtime
0.013498
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"258153158e38e3291e3d48162225fcdb"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
inbox_members
app.chatwoot.com/api/v1/widget/ Frame 514C 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/inbox_members?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-c3a8366fff24162d3920.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
f5ad190a2e36ff513d2020ce0a3db80843b10bf677465807047d8925b4f2835d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NTkyNThkZS0xYjRjLTQxNzMtOGMxZC02MThkYWNmMTY5NjgiLCJpbmJveF9pZCI6MTQxMn0.wp3jQGLxUqUO2MuqYKyaf1OAWXa25Mu1Zwcxoaf_eWU
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Thu, 29 Jun 2023 11:32:35 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
1024
X-Xss-Protection
0
X-Request-Id
5cad6dc1-72e7-4d2c-bc16-773b3fe7dee9
X-Runtime
0.022548
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"f5ad190a2e36ff513d2020ce0a3db808"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
contact
app.chatwoot.com/api/v1/widget/ Frame 514C 		95 B
709 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/contact?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-c3a8366fff24162d3920.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
b13e0bc1f8396e90467162ad010cf3e95f4976ab261cd7b86447bcafd23b65f4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NTkyNThkZS0xYjRjLTQxNzMtOGMxZC02MThkYWNmMTY5NjgiLCJpbmJveF9pZCI6MTQxMn0.wp3jQGLxUqUO2MuqYKyaf1OAWXa25Mu1Zwcxoaf_eWU
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Thu, 29 Jun 2023 11:32:35 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
95
X-Xss-Protection
0
X-Request-Id
c8784147-9ac0-4c1d-b35d-8ff80ede9cb0
X-Runtime
0.010271
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"b13e0bc1f8396e90467162ad010cf3e9"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
campaigns
app.chatwoot.com/api/v1/widget/ Frame 514C 		2 B
615 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.chatwoot.com/api/v1/widget/campaigns?website_token=puTnMCiAd9DHeNuoWk2mzm6X
Requested by
Host: d3tq67kexc2w2i.cloudfront.net
URL: https://d3tq67kexc2w2i.cloudfront.net/packs/js/widget-c3a8366fff24162d3920.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
X-Auth-Token
eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NTkyNThkZS0xYjRjLTQxNzMtOGMxZC02MThkYWNmMTY5NjgiLCJpbmJveF9pZCI6MTQxMn0.wp3jQGLxUqUO2MuqYKyaf1OAWXa25Mu1Zwcxoaf_eWU
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Thu, 29 Jun 2023 11:32:35 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
2
X-Xss-Protection
0
X-Request-Id
d6952402-68e3-4f22-980b-02214c34b706
X-Runtime
0.017066
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
Etag
W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=0, private, must-revalidate
wveuf5mscswvl5nci26yt5jui4jf
prod-chatwoot-assets.s3.amazonaws.com/ Frame 514C
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBeWplRVE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--dd0afdd7a9805f8d4463fe96514a85e76612...
  • https://prod-chatwoot-assets.s3.amazonaws.com/wveuf5mscswvl5nci26yt5jui4jf?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27N...
18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/wveuf5mscswvl5nci26yt5jui4jf?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230629T113236Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c9989a2af407d697e12d6ff22f7cc2d57cbceaf0d5400986cc5b8e624812a51a
Protocol
HTTP/1.1
Server
52.216.54.233 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d51c3c1fbbce96c8fb2a89cb6d5097372f1cfcb6dc8e54fa5d3abe1e063a2ba1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Thu, 29 Jun 2023 11:32:37 GMT
Last-Modified
Fri, 05 May 2023 09:24:19 GMT
Server
AmazonS3
x-amz-request-id
WJ2Q3G2Y4MMYABX0
ETag
"b351e229320c5501912c91056af34bf3"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Content-Disposition
inline; filename="New Project %2816%29.png"; filename*=UTF-8''New%20Project%20%2816%29.png
Accept-Ranges
bytes
Content-Length
17995
x-amz-id-2
335zcBC2/BlbYdDlPUS9nTSGpyAFYs6n/J8CG4vqAmMPV7WsA7uYAGwJ1DtZP6G/7KDpBVDGIVU=

Redirect headers

Date
Thu, 29 Jun 2023 11:32:36 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
0
X-Request-Id
f7bab3c8-ccf5-4c72-98cc-01a6d2be55ca
X-Runtime
0.009103
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/wveuf5mscswvl5nci26yt5jui4jf?response-content-disposition=inline%3B%20filename%3D%22New%20Project%20%252816%2529.png%22%3B%20filename%2A%3DUTF-8%27%27New%2520Project%2520%252816%2529.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230629T113236Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c9989a2af407d697e12d6ff22f7cc2d57cbceaf0d5400986cc5b8e624812a51a
Cache-Control
max-age=300, private
logo_thumbnail.svg
app.chatwoot.com/brand-assets/ Frame 514C 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.chatwoot.com/brand-assets/logo_thumbnail.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.161.241.46 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-241-46.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/widget?website_token=puTnMCiAd9DHeNuoWk2mzm6X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Thu, 29 Jun 2023 11:32:35 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Via
1.1 vegur
Last-Modified
Thu, 29 Jun 2023 07:07:00 GMT
Server
Cowboy
Content-Type
image/svg+xml
Cache-Control
public, max-age=31556952
Connection
keep-alive
Content-Length
916
883887
avatars.githubusercontent.com/u/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/883887?v=4
Requested by
Host: huntr.dev
URL: https://huntr.dev/_nuxt/0db1603.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
eb438449d5e1e1981bf81c2050e8276857210dc4725b76afdcf722839f3c924d
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id
2f2bf73aa6e94f33e1c0efcaddb6e0a949b3f2c5
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Thu, 29 Jun 2023 11:32:36 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
32523
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230020-FRA
last-modified
Sun, 18 Dec 2011 09:07:35 GMT
x-github-tenant
x-github-request-id
D702:BDCC:141D599:14E5AE3:649D6BD2
x-timer
S1688038356.119613,VS0,VE0
source-age
1
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 29 Jun 2023 11:37:36 GMT
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
447 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.45.0/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Thu, 29 Jun 2023 11:32:36 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
d68d6af9-548c-44fd-80d4-263234971922
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
UYhWxaJqkBHoDJDhQZ2cMauXXG1CQ1LGwLSvBHIRcnrYXF5mwsFSdQ==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 29 Jun 2023 11:32:36 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-id
eqNGPRUIC8DWKySRl6iOY7pHriyFvowTbi1N9VWHD0vutCSpfM-NAA==
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
787ec654-b1fa-41d6-aefd-8e029a64b8db
x-cache
Miss from cloudfront
w97hsefzw9wcud22xhgryh23kvha
prod-chatwoot-assets.s3.amazonaws.com/ Frame 514C
Redirect Chain
  • https://app.chatwoot.com/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBcEJZIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1eca2fbbec1106143b0ace0663d6c185c3a7e57e/eyJ...
  • https://prod-chatwoot-assets.s3.amazonaws.com/w97hsefzw9wcud22xhgryh23kvha?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response...
22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prod-chatwoot-assets.s3.amazonaws.com/w97hsefzw9wcud22xhgryh23kvha?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230629T113236Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=8564f831b68e559e8bb7abfd5b8591fa9d634c6f35aa1938650fca9a8b80cda7
Protocol
HTTP/1.1
Server
52.216.54.233 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
7574d3f6daf85e332e2310626ee5615721d6a118caa30710c66824f2faca7ce9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.chatwoot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Thu, 29 Jun 2023 11:32:37 GMT
Last-Modified
Fri, 05 May 2023 09:24:20 GMT
Server
AmazonS3
x-amz-request-id
WJ2R6JS6SRBBBNJZ
ETag
"7cee0c2be057c330ff9b6dd850648dc3"
x-amz-server-side-encryption
AES256
Content-Type
image/jpeg
Content-Disposition
inline; filename="headshot.jpg"; filename*=UTF-8''headshot.jpg
Accept-Ranges
bytes
Content-Length
22820
x-amz-id-2
W+aELkLEpsildjiBcLxLMy7WZcU+GPPs/yaWulXXMwEZv2N+eiFHs26pfpQFqOjFdq2c9JJWh74=

Redirect headers

Date
Thu, 29 Jun 2023 11:32:36 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Via
1.1 vegur
X-Permitted-Cross-Domain-Policies
none
Transfer-Encoding
chunked
Connection
keep-alive
X-Xss-Protection
0
X-Request-Id
0549bcfd-381c-4d24-a0e0-e5e8462aa82b
X-Runtime
0.011833
Referrer-Policy
strict-origin-when-cross-origin
Server
Cowboy
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://prod-chatwoot-assets.s3.amazonaws.com/w97hsefzw9wcud22xhgryh23kvha?response-content-disposition=inline%3B%20filename%3D%22headshot.jpg%22%3B%20filename%2A%3DUTF-8%27%27headshot.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAX7PDOLKIAFKYEREY%2F20230629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230629T113236Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=8564f831b68e559e8bb7abfd5b8591fa9d634c6f35aa1938650fca9a8b80cda7
Cache-Control
max-age=300, private
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ 		26 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.45.0/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01

Request headers

accept
*/*
Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key
da2-fql7xoajcng6pilmew4lfbi6ga
content-type
application/json

Response headers

x-amzn-appsync-tokensconsumed
1
date
Thu, 29 Jun 2023 11:32:36 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
90611e22-8277-413a-8e7d-dc6a9d6d0c26
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
content-length
26
x-amz-cf-id
wlBCbhksgfLNNfEiQ_lHEjYuMcZcIrzNWVgW5P-T_ioexnaWSkCmXg==
graphql
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-61.cdg53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://huntr.dev
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-api-key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amz-user-agent,x-amzn-ErrorMessage,Date,x-amz-schema-version
access-control-max-age
172800
content-length
0
date
Thu, 29 Jun 2023 11:32:36 GMT
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
x-amz-cf-id
Fao4QMdT6i4-LgWLUm5Fyo-jTxa8HP-OMKHVkmdnJXUPYaeyZCpNaw==
x-amz-cf-pop
CDG53-C1
x-amzn-requestid
f29d8988-0800-404a-b3a2-34743ae50f14
x-cache
Miss from cloudfront
48460056
avatars.githubusercontent.com/u/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.githubusercontent.com/u/48460056?v=4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c49584c87b418841159e35908ad65a33ed6e3ef0c65e1cb0ab2c33e6eb781321
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://huntr.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id
1f414e556e33fe83b437000baac21679e0b6106d
content-security-policy
default-src 'none'
strict-transport-security
max-age=31557600
x-content-type-options
nosniff
date
Thu, 29 Jun 2023 11:32:36 GMT
via
1.1 varnish
x-cache-hits
1
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
16458
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230020-FRA
last-modified
Fri, 04 Dec 2020 01:35:27 GMT
x-github-tenant
x-github-request-id
27C2:DBB2:2E5EA2C:302F2D9:647E9627
x-timer
S1688038356.374628,VS0,VE1
etag
"aa93dbd63240ff258d697f9ceead8b7d1411195df597fa96213db587eeb26423"
source-age
2020780
x-frame-options
deny
vary
Authorization,Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 29 Jun 2023 11:37:36 GMT
/
app.posthog.com/e/ 		13 B
427 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.posthog.com/e/?compression=gzip-js&ip=1&_=1688038358005
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.45.0/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:3200:1d:be94:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://huntr.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 29 Jun 2023 11:32:38 GMT
via
1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
referrer-policy
same-origin
x-amz-cf-pop
FRA56-P5
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://huntr.dev
x-cache
Miss from cloudfront
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type
x-amz-cf-id
VuDt53oXh9zu4H4uorVsjAdgtCWvmQZbIMpxWG26SZCwOcZ1zPOk9A==

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless object| onbeforetoggle object| onscrollend object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ function| MarkdownHeaderButtonElement function| MarkdownBoldButtonElement function| MarkdownItalicButtonElement function| MarkdownQuoteButtonElement function| MarkdownCodeButtonElement function| MarkdownLinkButtonElement function| MarkdownImageButtonElement function| MarkdownUnorderedListButtonElement function| MarkdownOrderedListButtonElement function| MarkdownTaskListButtonElement function| MarkdownMentionButtonElement function| MarkdownRefButtonElement function| MarkdownStrikethroughButtonElement function| MarkdownToolbarElement function| __NUXT_JSONP__ object| __NUXT_JSONP_CACHE__ function| __NUXT_IMPORT__ function| Cvss function| _ object| analytics object| chatwootSettings object| $nuxt object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| hotjarDeps function| hotjarLoader object| sentryDeps function| sentryLoader object| webpackJsonp_name_Integration function| hotjarIntegration object| _hjSelf function| hj object| _hjSettings function| sentryIntegration object| Sentry object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| __SENTRY__ object| chatwootSDK object| $chatwoot function| playAudioAlert

8 Cookies

Domain/Path Name / Value
huntr.dev/ Name: auth.strategy
Value: cognito
.huntr.dev/ Name: ph_phc_GS5LnADH5vBtmEMYnjEZbSH4DVSNMemzgYiuyGyUZz9_posthog
Value: %7B%22distinct_id%22%3A%2218906ed302783f-004260a1432565-6a335054-1d4c00-18906ed30288a5%22%2C%22%24device_id%22%3A%2218906ed302783f-004260a1432565-6a335054-1d4c00-18906ed30288a5%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22%24referrer%22%3A%22%24direct%22%2C%22%24referring_domain%22%3A%22%24direct%22%2C%22%24sesid%22%3A%5B1688038354996%2C%2218906ed3034e8e-0fd5d4a8a4ee9-6a335054-1d4c00-18906ed3035146f%22%5D%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%7D
.huntr.dev/ Name: _hjSessionUser_2380708
Value: eyJpZCI6IjA4MDAxYTcyLTgyM2MtNTRlNC04YzhhLTY5MDRhMjc0ODMzOSIsImNyZWF0ZWQiOjE2ODgwMzgzNTU0MzQsImV4aXN0aW5nIjpmYWxzZX0=
.huntr.dev/ Name: _hjFirstSeen
Value: 1
.huntr.dev/ Name: _hjIncludedInSessionSample_2380708
Value: 0
.huntr.dev/ Name: _hjSession_2380708
Value: eyJpZCI6ImNiMGFlMTgwLTg0YmEtNGE1NC1iMjA2LWJlNTUwNWI1MmQxMSIsImNyZWF0ZWQiOjE2ODgwMzgzNTU0NDYsImluU2FtcGxlIjpmYWxzZX0=
.huntr.dev/ Name: _hjAbsoluteSessionInProgress
Value: 0
huntr.dev/ Name: cw_conversation
Value: eyJhbGciOiJIUzI1NiJ9.eyJzb3VyY2VfaWQiOiI3NTkyNThkZS0xYjRjLTQxNzMtOGMxZC02MThkYWNmMTY5NjgiLCJpbmJveF9pZCI6MTQxMn0.wp3jQGLxUqUO2MuqYKyaf1OAWXa25Mu1Zwcxoaf_eWU

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; connect-src 'self' https://cdn.segment.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.huntr.dev https://*.appsync-api.eu-west-1.amazonaws.com https://api.github.com https://api.bloggify.net https://heapanalytics.com https://api.segment.io wss://*.hotjar.com https://app.posthog.com https://app.chatwoot.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://app.chatwoot.com https://cdn.segment.com; font-src 'self' data: https://fonts.gstatic.com; child-src blob: https://www.youtube.com https://app.chatwoot.com https://vars.hotjar.com https://www.podbean.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.chatwoot.com
app.posthog.com
avatars.githubusercontent.com
browser.sentry-cdn.com
cdn.segment.com
d3tq67kexc2w2i.cloudfront.net
huntr.dev
mnk2smepzzdp5djxpbthzr6odq.appsync-api.eu-west-1.amazonaws.com
prod-chatwoot-assets.s3.amazonaws.com
script.hotjar.com
static.hotjar.com
13.249.9.61
18.164.52.121
18.173.187.81
2600:9000:214f:7c00:7:dce7:b680:21
2600:9000:223d:ba00:14:bb32:5f00:93a1
2600:9000:223f:3200:1d:be94:4b80:93a1
2606:50c0:8003::154
2a04:4e42:600::729
52.216.54.233
54.161.241.46
99.86.8.175
0101f73217dd574dd30deb66ef55e17e6c28ccb887f1d0e36bd809c5cf73cfb0
05bcbc540206cd609115e7b8e685959e641b5e058f209a504e838676477574ec
05cee74e08992e6f58bc28d43ff042c5def119ba66ca7601cdb4b3efce53625f
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
096c019a49e536c2efe46ff1ae8e668b18ebbcea39cf5f905820cedf21659287
1d334c8d9d0c9f5b92fe6d1b691e83b5d582868413dfb275f384bfaddefebbf8
1f4ee103204c6b1b5e3d88e45e9a186205ff394d9549bd71bcfa231697f0d536
20a715f096b93c3332dc39be54823e0fda8d9b939a8d8fbd5be0136043aa89a9
20d79f58a5fee064733df88b065b82d7939ff7afad34bb938babce88a4683033
258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57
2d68ea73045c567769056c309497d9ce08947e0e50007e83d54c52c0b012441c
31ecd6f0ee1ec93d53e3430f9c730034d86bb802b9fa8af1233d60b6e32ae9d4
32d19a11961d9442b31003fc486e47e9eb42aea36bc1b42da0c5a64290c09e9c
36a002cd5d74b4708ba35d4a438409b51792eab3cd85452d8aab926c02c61fe4
3af437e24c3a97f4ab6abf35fd373ce3986cd33862b114c1b98aea98bc4a8044
3e2bce089186ecc5310b103ce3056fce92ce32e1db3d5e2db4c1dab4fa87c175
3f46e4c66a525a9b477a2357ef6b8b1eaad11c3e8cb5e91fae668d3cc4f2a834
4113709c843bbfa5bc82c222b9b3e1429bb0f1b187000579679e57e3983951e4
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4d628a4f57725c3195c8033af5ba7f53576d9f11d64341bb956aad4bd220610d
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5638b2a2c0bb779c1ad59ae775f3f1f76834a175d6ea9ac5d08e4703bb3339a7
5ca3d4752735e2a391278cf9d3fba0320c209e810093c148957ccc32804b75b9
5e1134238bbb5dacdfa5a56b40bc2ead30809def8a9e57099846923f6305978a
67de16a48fd4de7d559f3a983c7f4c9ef88972b0a5c436bd22f16030968ab49b
6c4984b2b6f6b883b69be920c8ae38cf5b727a5b4bbe27187a30c78acdfc4caf
6d16f855f36aa7312cfee9375d49a7f88d0ac0e6a514a98a3b4d57b691ef6795
6f8992eb58eeced41efea7076be4d468ac678f9778420438fab4a3358aa2b462
6fa6da6f05f56f48f876b2fe7504dc0e89cd6ae5d6874bcc83c85b1e14778a01
7574d3f6daf85e332e2310626ee5615721d6a118caa30710c66824f2faca7ce9
78a22e968841df97d2a8f5f6150f98a563a711e6d4097962719837c18320f3b1
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
7e7056490a6aa47842422c016c7990d2621f7efb96114ba073809ca7ef306489
818e86b7387edf30a09923f0129f489070297f7ecdb9c892dd61b800aada4a47
8e4eb2fbe2428b73be6461073a48b2059abde0936219b8c1b2cc4b7dfbd85d83
90da798f2b8c5600035155a12bbf53cfeccaa226332f0548f11e7f3dfb4bb49e
917a1a36e4df34776ab68224439190e342ac6cb9b3697d51606a6b8c7d9271f6
9c1bb7bba73eaf75e949795556bc7e66ce7ff3fec6f65797271c7cfe1a305f6f
a07de7ccf11f7c30e58172ba0c458d73d8c188a4308fa49916d76386a073cb26
a45596c2087026ebad9fe6991aa7c6d4b55bb4ceeab5ec99f5e5f1b73c5cbc32
ada4bd8c8021353ebb011cf098080b175e011d7ba40bea92cdb341dda5eebf8c
b13e0bc1f8396e90467162ad010cf3e95f4976ab261cd7b86447bcafd23b65f4
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b6ab533881a858227c19cb2e27a8740ab16b3688620636970f306cb1bbe3c8c3
b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83
c181c1c2bf36092d17ee70b98ccd2264b4e33fc91f0bb2bf532ecce6796cde0f
c49584c87b418841159e35908ad65a33ed6e3ef0c65e1cb0ab2c33e6eb781321
d115f2da2d8b15e1bd94ac2fd51421df52c94fcd42fbbcc0fbb07d68db7c4d37
d51c3c1fbbce96c8fb2a89cb6d5097372f1cfcb6dc8e54fa5d3abe1e063a2ba1
d57e040bae754a4dc9a076f4a185b05f7c3a78aa2510b0a2622da91925581cce
e157475410165a42f7d87fc4eef0ce39c3c52bddfb366dd4ed7227899ebdae61
e263e2eeec4cea7079abfb73ef3cae55613ef6dcaa0aea94bf3b31fd98b0e14e
e61cf63334403fdac6c44bc03bf68aab944a994eab068a13be40447c7adcdecc
e82c376465bde839192944cece9d23d0c39d2ddb7523212b4a809355f15efb59
ea0fc524e52fb13b391ca15cd829097344811225a0e323552157c6ef6c815a73
eb438449d5e1e1981bf81c2050e8276857210dc4725b76afdcf722839f3c924d
f5ad190a2e36ff513d2020ce0a3db80843b10bf677465807047d8925b4f2835d
f8d0b4869d2080031f5e46e895dd444ad49724db855e3d263dc6bcbb656e0aed