Link to chall: http://35.200.197.38:8016/
On a first glance, the site looked like cryptocurrency trading website. But there was no option for loading our wallet or performing any kind of transactions. There were only a few listed transactions. Also no robots.txt, sitemap.xml (solution for web200) or .git directory were present.
Next, we analyzed headers and cookies, found nothing very interesting other than session cookies. Next thought of checking file source and came across some commented js scripts. Some of them when tried to access returned 400. But, when going through all those js files, helpers.js had a function api_EditSignatures
having a commented out link to gist file.
helpers.js:
var canvas = document.getElementById("gameCanv");