Domain carrot.co
United States
AMAZON-02
Software information

CloudFront

tcp/80

Pantheon

tcp/443 tcp/80

nginx nginx

tcp/443 tcp/80

  • Open service 2620:12a:8001::4:80 · carrot.co

    2026-01-28 13:59 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 162
Content-Type: text/html
Location: https://carrot.co/
Server: nginx
X-Pantheon-Styx-Hostname: styx-fe4-a-7f76c9f659-kg98h
X-Styx-Req-Id: e55fa4de-fc25-11f0-b827-4e571a49a1fa
Cache-Control: public, max-age=86400
Date: Wed, 28 Jan 2026 13:59:14 GMT
X-Served-By: cache-chi-klot8100090-CHI, cache-yyz4566-YYZ
X-Cache: HIT, HIT
X-Cache-Hits: 18, 1
X-Timer: S1769608755.753872,VS0,VE8
Vary: Cookie, Cookie
Age: 18741
Accept-Ranges: bytes
Via: 1.1 varnish, 1.1 varnish

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
    Found 2026-01-28 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:d400:17:49a6:42c0:93a1:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:47 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 89efe3a7854e47cf7f1fe47e28e39348.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: r5mhwoxVLxsb61U0M9uRwSfo5cDkcKYy67qjWf-0h7IYnWbx_LrbCA==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:d400:17:49a6:42c0:93a1:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:48 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=ABD4B92E-6218-438F-A4A83885E4340970;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: 52624a5a-9619-bbd4-75ee-d088743f8f22
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 f4c3162878591c5abd76f8ee1f873476.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: SIzoG0ninOmC4rCZKA2deADX9Z2ZX-UHzFJqsxYtIQcTlJ-1Aw6ihg==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 18.66.192.62:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:47 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 a4a80ac7ffee78c042728f52e3f729e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: u5c-2UNymE36JILj4uZwEPgXjSXp-Fi_6SMO0HSf9g-K20STHWLrJQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 18.66.192.84:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:47 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 47755cdb8b36419a04f12ee3c24f7fae.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: V7ns2BZ9yLy2DaIH1sN8EU5PY4brGw2o_Snr1iI_wAHZYblDLBObrw==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:e200:17:49a6:42c0:93a1:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:47 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=A1AD8098-017A-4586-9814D01D349B3F91;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: 18abaabe-5a38-d460-c58e-68c15ee92ba0
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 77aa8087323921dee0b130bc0589bda8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: yg6iuHk5OJNvJ2F5L1nKSVvkf-IQ6HW0I1l5Xt-Js97Gxi4h_I8NeQ==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:5e00:17:49a6:42c0:93a1:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:46 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 a4a80ac7ffee78c042728f52e3f729e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: f581voWSVV7FYN3LmayepF1WSapo_dvxPMl9V6iWgxQ6rQpkntQP1A==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:ec00:17:49a6:42c0:93a1:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:47 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=838B77F7-E2A8-4A28-BB1E83AF2D13EADF;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: a0176f77-3647-226c-8a14-6f39ff92fceb
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 ec12d3de4ccd821a7e749609dcc62010.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: 2Eppc5eusqKdIAmNzm2lb9M5yl7gOi9HeTG2m7ovhpisr4A8IjsUXw==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:1600:17:49a6:42c0:93a1:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:48 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=BC87A511-7D7D-4A2D-98ACACD79867596D;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: 4e88f48a-c37c-9a1f-314b-335153f97ab9
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 033e374ece012797cbee0d505e2e61b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: 7CBFMs8wv6hep-E3gYtbnG8GrQYi3dX3HfULT_YqWVEvMthmBZ8DzA==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:5e00:17:49a6:42c0:93a1:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:47 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=6043175A-4FB9-4E49-8CCD99850E66BFC4;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: 5ec0bc04-b331-8606-49ae-fbf274cf8482
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 77aa8087323921dee0b130bc0589bda8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: ta8rUKEt5qPcTKbVFL-hZXMCBRh9Sw_Imc4qepatfI8SEuq5eOn34A==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 18.66.192.51:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:48 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=331F26CC-BCF2-43CF-BC5630D7AD468093;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: 0151781d-43e7-a82f-6b04-a6c23e3b97e6
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 32162aed20605276097da109dc97c5b0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: Y3h0j7hIcRMVy-RIEZgQRpIM1pqgtUBXDc6x0bLmfO1S-H_fKsz6mg==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 18.66.192.51:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:47 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 badff53d2116a4b3d32a2dd1eb918a48.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: h5jyoCCDymbxlMxe0YHZObMRpLF-xmtBm80vQmZKOvWDCA83QndFVQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:ec00:17:49a6:42c0:93a1:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:46 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 c3f546c2f6132a41e608317139aa8faa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: MOY7Z5tg8QJlg_GoLljanEBToEujsjF3cnPxHDbGJtIaJUQ5buCgjA==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:3c00:17:49a6:42c0:93a1:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:47 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=9933D04E-8033-47EE-883A8E46B7530824;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: 4312a4fd-7b3f-924c-d63f-f09c4a6d083d
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 8ebebe66cc8de626ee8e15b2ee72d826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: rP1DcHgO7qsxt9haYWiK9qpoK_QlErILOMg5aYYS3U3qVffC23eirA==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:e200:17:49a6:42c0:93a1:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:47 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 eec5ede1fdb15ceb2352a4ebfb155362.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: smEatK8kcN1xkmhlSBwsDY57fOWIu-hKjO6a49ZWGQp47dN0j_Eymw==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:3c00:17:49a6:42c0:93a1:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:46 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 0f14828b89630f6555c6372e13fc999a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: fybxxyLtnZDigdQWqTzLNN02n92SgtB0juQtnPTwHDibzg74EPjFAQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 18.66.192.62:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:47 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=A932A420-2401-48CF-9CAF6FF71C01DEAF;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: a1410571-2a2c-a7c2-a2dd-3dd75b77f4e4
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 66ce4848bcf993e3c57b596461cd0b82.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: K5k3tZ0jlnLAkp4M04Wxoqp4TODsgCbPjMsahwknXYf7Tp8EFzTbRw==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:1600:17:49a6:42c0:93a1:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:47 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: hjuV6fnQUzqhfzj9BxNUKmsnG5LoQ03Cy8cV90c80KfpM_jnnpMAIA==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 18.66.192.115:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:48 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=37B9333B-A4F5-46C3-8B52E4D38108F675;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: 5538609f-8bab-efe0-e230-70ebeace1506
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 8ebebe66cc8de626ee8e15b2ee72d826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: eQOB2YgJBRQnst-swiaibjO-F-7ra7EGTw5Zh7FmSPdY6ckBVO34Uw==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:2800:17:49a6:42c0:93a1:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:47 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=535803A5-B940-475E-8F41F63AD9CB899C;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: 09b2dea6-f0ab-eb85-4e2e-e58ead3a35d4
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 ae6c2eb8d653982f5df6a91a4b14b518.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: JlL-N6GT7CEI4nA6LrV8Jg_FR5PLbXer_Gw1pcCtrGSg0m57gCQvMg==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 18.66.192.115:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:46 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 32162aed20605276097da109dc97c5b0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: JvUz1KvaNILGRE-s80gFCIA1Hrj1KZ-7j5kI7YEWYaICXlrS6JjOSA==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:ea00:17:49a6:42c0:93a1:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:46 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 6ef87569c26a159f552948d3c30a2be0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: m7IFXfJg6EoMTMGlUG_-V5DlmYk2o-GdoW3xc9k0P34Df10WPVghXQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:2800:17:49a6:42c0:93a1:80 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 10 Jan 2026 02:59:46 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://pivot.carrot.co/
X-Cache: Redirect from cloudfront
Via: 1.1 8ebebe66cc8de626ee8e15b2ee72d826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: k6Y59UasrEnQqCF_NTyVUsmJ0KGkwtixrc9Id1Brg8pnB_fAe8WsIg==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2600:9000:225b:ea00:17:49a6:42c0:93a1:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:47 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=A9A22F71-D4DC-41AC-8328BBD2B65FF1A8;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: b1be1d97-02a6-e32a-5e9c-5d5bee5f29ed
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 6ef87569c26a159f552948d3c30a2be0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: UH1eeLssrWtGqDuiiLQotN5BkEbI8nKwEX1k6Zs1KOk3A5We9I8rTw==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 18.66.192.84:443 · pivot.carrot.co

    2026-01-10 02:59 

    HTTP/1.1 302 Found
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:59:47 GMT
Permissions-Policy: camera=(), geolocation=(), microphone=()
Server: nginx
Set-Cookie: bynder=5BE62F9C-824B-4F14-B3FBCA420A4320F2;Path=/;Secure;HttpOnly
Set-Cookie: DEFAULTLOCALE=en_US;Path=/
Content-Security-Policy-Report-Only: default-src 'self'; child-src blob: https://*; connect-src 'self' blob: https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://*.courier.com wss://*.courier.com https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://api.eu1.honeycomb.io https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com  https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e
location: https://us-login.getbynder.com
X-API-Correlation-Id: 27f49ad2-7e0e-ae45-5a0d-b7ef7022fa70
Cross-Origin-Resource-Policy: cross-origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 32700c539a5f821aadd3624288c4aeb6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
X-Amz-Cf-Id: ZNwvUfYFvudrwjvM70LvwEPEI2m22nHlS7HLCpz9QVhsoz9FEeHvIw==
    Found 2026-01-10 by HttpPlugin
    Create report

  • Open service 2620:12a:8000::4:80 · www.carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Server: Pantheon
Location: http://carrot.co/
X-Pantheon-Redirect: primary-domain-policy-doc
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-sin-wsat1880042-SIN
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1767283011.790725,VS0,VE4
Age: 0
Accept-Ranges: bytes
Via: 1.1 varnish
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 23.185.0.4:443 · www.carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Server: Pantheon
Location: https://carrot.co/
X-Pantheon-Redirect: primary-domain-policy-doc
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-sin-wsss1830045-SIN
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1767283011.729691,VS0,VE5
Age: 0
Accept-Ranges: bytes
Via: 1.1 varnish
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 23.185.0.4:80 · www.carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Server: Pantheon
Location: http://carrot.co/
X-Pantheon-Redirect: primary-domain-policy-doc
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-yyz4532-YYZ
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1767283011.634565,VS0,VE4
Age: 0
Accept-Ranges: bytes
Via: 1.1 varnish
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 2620:12a:8001::4:80 · www.carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Server: Pantheon
Location: http://carrot.co/
X-Pantheon-Redirect: primary-domain-policy-doc
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-fra-eddf8230133-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1767283011.569566,VS0,VE9
Age: 0
Accept-Ranges: bytes
Via: 1.1 varnish
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 2620:12a:8001::4:443 · www.carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Server: Pantheon
Location: https://carrot.co/
X-Pantheon-Redirect: primary-domain-policy-doc
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-lga21984-LGA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1767283010.490800,VS0,VE5
Age: 0
Accept-Ranges: bytes
Via: 1.1 varnish
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 2620:12a:8001::4:80 · carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 162
Content-Type: text/html
Location: https://carrot.co/
Server: nginx
X-Pantheon-Styx-Hostname: styx-fe4-b-6c484cfbdf-rtz4b
X-Styx-Req-Id: 119a4e55-e6ed-11f0-ae12-46a76c2f8118
Cache-Control: public, max-age=86400
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-chi-klot8100090-CHI, cache-vie6326-VIE
X-Cache: HIT, MISS
X-Cache-Hits: 20, 0
X-Timer: S1767283011.521474,VS0,VE130
Vary: Cookie, Cookie
Age: 26378
Accept-Ranges: bytes
Via: 1.1 varnish, 1.1 varnish

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 2620:12a:8000::4:443 · carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Location: https://pivot.co/?fromCarrot=1
Server: nginx
Strict-Transport-Security: max-age=300
X-Pantheon-Styx-Hostname: styx-fe4-b-6c484cfbdf-mhvss
X-Styx-Req-Id: c9b8d79b-e710-11f0-8a0a-aef974168071
Cache-Control: public, max-age=86400
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-chi-kigq8000084-CHI, cache-vie6330-VIE
X-Cache: HIT, MISS
X-Cache-Hits: 23, 0
X-Timer: S1767283011.525409,VS0,VE140
Vary: Cookie, Cookie
Age: 11037
Accept-Ranges: bytes
Via: 1.1 varnish, 1.1 varnish
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 2620:12a:8001::4:443 · carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Location: https://pivot.co/?fromCarrot=1
Server: nginx
Strict-Transport-Security: max-age=300
X-Pantheon-Styx-Hostname: styx-fe4-b-6c484cfbdf-mhvss
X-Styx-Req-Id: c9b8d79b-e710-11f0-8a0a-aef974168071
Cache-Control: public, max-age=86400
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-chi-kigq8000084-CHI, cache-lcy-egml8630022-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 10, 1
X-Timer: S1767283010.459629,VS0,VE5
Vary: Cookie, Cookie
Age: 11037
Accept-Ranges: bytes
Via: 1.1 varnish, 1.1 varnish
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 2620:12a:8000::4:443 · www.carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Server: Pantheon
Location: https://carrot.co/
X-Pantheon-Redirect: primary-domain-policy-doc
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-vie6375-VIE
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1767283010.494956,VS0,VE150
Age: 0
Accept-Ranges: bytes
Via: 1.1 varnish
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 2620:12a:8000::4:80 · carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 162
Content-Type: text/html
Location: https://carrot.co/
Server: nginx
X-Pantheon-Styx-Hostname: styx-fe4-b-6c484cfbdf-rtz4b
X-Styx-Req-Id: 119a4e55-e6ed-11f0-ae12-46a76c2f8118
Cache-Control: public, max-age=86400
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-chi-klot8100090-CHI, cache-fra-eddf8230078-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 6, 1
X-Timer: S1767283010.492083,VS0,VE16
Vary: Cookie, Cookie
Age: 26378
Accept-Ranges: bytes
Via: 1.1 varnish, 1.1 varnish

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 23.185.0.4:443 · carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Location: https://pivot.co/?fromCarrot=1
Server: nginx
Strict-Transport-Security: max-age=300
X-Pantheon-Styx-Hostname: styx-fe4-b-6c484cfbdf-mhvss
X-Styx-Req-Id: c9b8d79b-e710-11f0-8a0a-aef974168071
Cache-Control: public, max-age=86400
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-chi-kigq8000084-CHI, cache-rtm-ehrd2290028-RTM
X-Cache: HIT, HIT
X-Cache-Hits: 22, 1
X-Timer: S1767283011.506412,VS0,VE6
Vary: Cookie, Cookie
Age: 11037
Accept-Ranges: bytes
Via: 1.1 varnish, 1.1 varnish
    Found 2026-01-01 by HttpPlugin
    Create report

  • Open service 23.185.0.4:80 · carrot.co

    2026-01-01 15:56 

    HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 162
Content-Type: text/html
Location: https://carrot.co/
Server: nginx
X-Pantheon-Styx-Hostname: styx-fe4-b-6c484cfbdf-rtz4b
X-Styx-Req-Id: 119a4e55-e6ed-11f0-ae12-46a76c2f8118
Cache-Control: public, max-age=86400
Date: Thu, 01 Jan 2026 15:56:50 GMT
X-Served-By: cache-chi-klot8100090-CHI, cache-fra-eddf8230163-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 6, 1
X-Timer: S1767283010.381646,VS0,VE30
Vary: Cookie, Cookie
Age: 26378
Accept-Ranges: bytes
Via: 1.1 varnish, 1.1 varnish

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
    Found 2026-01-01 by HttpPlugin
    Create report
pivot.carrot.co
Fingerprint:
bf99379a5764c5e2e295776eaa5f8225578f22c2096f4a72dac29681d3c13031
CN:
pivot.carrot.co
Key:
RSA-2048
Issuer:
Amazon RSA 2048 M03
Not before:
2025-02-10 00:00
Not after:
2026-03-10 23:59
carrot.cocarrotsense.comwww.carrot.cowww.carrotsense.com
Fingerprint:
1a92606a4719f125646599c1d7d092aeece9407270f79cf7bf4faf4e6b52dff4
CN:
carrot.co
Key:
RSA-2048
Issuer:
R13
Not before:
2026-01-01 14:57
Not after:
2026-04-01 14:57
Domain summary

carrot.co 6 pivot.carrot.co 23 www.carrot.co 5

3 recorded
IP summary

2620:12a:8001::4 2 2600:9000:225b:d400:17:49a6:42c0:93a1 2 18.66.192.62 1 18.66.192.84 1 2600:9000:225b:e200:17:49a6:42c0:93a1 1 2600:9000:225b:5e00:17:49a6:42c0:93a1 1 2600:9000:225b:ec00:17:49a6:42c0:93a1 1 2600:9000:225b:1600:17:49a6:42c0:93a1 1 18.66.192.51 1 2600:9000:225b:3c00:17:49a6:42c0:93a1 1 18.66.192.115 1 2600:9000:225b:2800:17:49a6:42c0:93a1 1 2600:9000:225b:ea00:17:49a6:42c0:93a1 1 2620:12a:8000::4 1 23.185.0.4 1

15 recorded

© 2026 LeakIX v2.0.49
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice