Domain dev-api.huntingapp.eu
United States
Software information
Heroku
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-12-04 00:34
Last seen 2026-01-02 03:52
Open for 29 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa32583e0a5f45ea9a7a5b386a2159d0ca8961b4f55GraphQL introspection enabled at /graphql Types: 87 (by kind: ENUM: 8, INPUT_OBJECT: 32, OBJECT: 38, SCALAR: 8, UNION: 1) Operations: - Query: Query | fields: hunt, huntTemplate, huntTemplates, hunts, location - Mutation: Mutation | fields: addHuntUser, addLocation, huntCreate, huntRemove, huntTemplateCreate - Subscription: Subscription | fields: addedLocation Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
Found on 2026-01-02 03:52107.9 kBytes
-
-
Open service 76.223.11.49:443 · dev-api.huntingapp.eu
2026-01-09 11:10
HTTP/1.1 302 Found Cache-Control: no-cache Content-Length: 0 Content-Type: text/html; charset=utf-8 Location: https://dev-api.huntingapp.eu/auth/reset-password-request Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=FqCjFBGhgxRu%2F7fitQUmfzLzuiNb%2FSubJreORr7BPLs%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767957019"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=FqCjFBGhgxRu%2F7fitQUmfzLzuiNb%2FSubJreORr7BPLs%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767957019" Server: Heroku Set-Cookie: _hunt_session=3s1k0eNPr43J8350zF%2B8UoampCZL4iQlAJdQn3mD7qBUwapmigvrLtESzXC1bKjMfrjQ%2BQnUH4Mc%2FUv0ILCcYjkdcHTjMvCXsp5Z5ROZ7T3qHP2%2BPe8Yk4lOgyjHSbOqKz08bp%2F4jquvwAEEYeQxM9pUmHkPC7NS5v64xybN%2B9PyOUE7bA%3D%3D--ZBrV1lnmN1nyUN4f--SXk4EDwSSe0yW75iHpHODg%3D%3D; path=/; secure; httponly; samesite=lax Set-Cookie: _hunt_session=cSKcE8fTQyzcoURwBds7HSI%2Fjajfm9vEmgVupBrnlYrdnPXDVOHikRr1uYPUCf58bu7glyWHI4yFISvA8COzDUkyLKkMEG5UVjCIoC79W5Ugiizb8e4%2F4abp9H9%2FXSkCu%2Bt%2F8C%2FDnfX9i8PYR%2BQ3GdetI4Nqr9S7e7s%2B8Ei%2BuZmfqHKNRA%3D%3D--8zSS8s%2BW6No9Pn2s--pSJP%2FpjJh0XYul06UxeBFg%3D%3D; path=/; secure; httponly; samesite=lax Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 2fbc8c95-e0ed-c9a6-5c5e-d1f826b1ea5d X-Runtime: 0.005176 X-Xss-Protection: 0 Date: Fri, 09 Jan 2026 11:10:19 GMT Connection: closeFound 3 days ago by HttpPluginCreate report
-
Open service 76.223.11.49:443 · dev-api.huntingapp.eu
2026-01-02 03:52
HTTP/1.1 302 Found Cache-Control: no-cache Content-Length: 0 Content-Type: text/html; charset=utf-8 Location: https://dev-api.huntingapp.eu/auth/reset-password-request Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Ah7Vjm0JH3Wic2zz8MeIQXFMpvYeXS5Fp7RwDTxSl2k%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767325942"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Ah7Vjm0JH3Wic2zz8MeIQXFMpvYeXS5Fp7RwDTxSl2k%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767325942" Server: Heroku Set-Cookie: _hunt_session=MvmeovgKl8peF2gwjjmxUQyHnZjjPihklQ8HtXlyBUYpZmZVqV6yAWpX%2B5cIgKHGYQGIjFN123gZQjNkKsl5tLP4sZ87EjjdWgkom338MG8y9qVRxxKT5uB9erfjOFrAAlzr8gyOK7cha7Kk8DFfGv7ftP%2BqsIfWwwAE3pPLI3TBUqZmmQ%3D%3D--IFACKLpvSR2f8irw--gjDDCFZv%2F06ae74s1z%2FaHw%3D%3D; path=/; secure; httponly; samesite=lax Set-Cookie: _hunt_session=La8f8O4B8LTMOixT7Gpf1SPTIvJlqpWZn5VLgvN0lQZo%2BJ7y6YRPfmbnJD8M%2BvrF9OXR62YQjcfYdQ2BlCZ1IKbNEtosJpKilSL9nvq89sPBo5CczljHLn8XQCV8dJIVWypfA7iSHK9eDuzp2y0H4T6dBSHGjonM4UBGwm7a4eCpXnKHjw%3D%3D--zJQkVsD%2FNVJPKRAJ--xYXkrv4MLZ%2F5EgHu9OgpCw%3D%3D; path=/; secure; httponly; samesite=lax Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: dd749807-4f23-6aae-eac7-5e83f537bd01 X-Runtime: 0.047880 X-Xss-Protection: 0 Date: Fri, 02 Jan 2026 03:52:22 GMT Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 76.223.11.49:443 · dev-api.huntingapp.eu
2025-12-22 12:24
HTTP/1.1 302 Found Cache-Control: no-cache Content-Length: 0 Content-Type: text/html; charset=utf-8 Location: https://dev-api.huntingapp.eu/auth/reset-password-request Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=lZvzaf7leqrHAHeba8eiOynmGU3i0kDcFs5X5%2F1v2uw%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766406248"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=lZvzaf7leqrHAHeba8eiOynmGU3i0kDcFs5X5%2F1v2uw%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766406248" Server: Heroku Set-Cookie: _hunt_session=vuON%2FGYVrEheM8MK%2F8d53Gml8PP0hYVG%2F4e8rs8aml4Ku%2BM%2BXEvr3ftAfoFJyjSqrh0Axub%2BPnHUaqRT3WmD1L8EbtFsqFs612UvJkB8%2BRmcm84%2BegzVtaNzdetaBqwNqAXiUnI0GQEVNmELCdnj89KP6%2BrGgwBnBG%2BnVMK3Tv%2FReicQgA%3D%3D--Faj03SJj2llDr9R3--sN0sjaY1rKLKIjz9R4tM%2Fw%3D%3D; path=/; secure; httponly; samesite=lax Set-Cookie: _hunt_session=kwQegkCuQvXhXuG3JQIN5kN5QqNMpDhjREWAh2WyDxunqOpCE6xiCbBdaGNjyzdbrHirOr4ruEzDpkKY6cgwwjneyRsltlQCkajTd4owPWba4Qq5g8%2FCJ9yvlSU2BlaiAXRUZbH9bdE9Sxai8vxBM%2FRUDt1vSg9KCOv7Vihb%2FI6rG0kPqA%3D%3D--6LEV8KzAN4hJK5QT--ioj2fK10V146%2FGEaHsV%2BNw%3D%3D; path=/; secure; httponly; samesite=lax Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: dab60dfd-e315-6731-cd3b-528c6d2dd663 X-Runtime: 0.003168 X-Xss-Protection: 0 Date: Mon, 22 Dec 2025 12:24:08 GMT Connection: closeFound 2025-12-22 by HttpPluginCreate report
-
Open service 76.223.11.49:443 · dev-api.huntingapp.eu
2025-12-20 10:39
HTTP/1.1 302 Found Cache-Control: no-cache Content-Length: 0 Content-Type: text/html; charset=utf-8 Location: https://dev-api.huntingapp.eu/auth/reset-password-request Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=5Q%2FYNwqozTmIV0muSvS285IDWWyBquI7YDl%2F42kMVUo%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766227152"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=5Q%2FYNwqozTmIV0muSvS285IDWWyBquI7YDl%2F42kMVUo%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766227152" Server: Heroku Set-Cookie: _hunt_session=JYFzo2gmuhkX83aA1tXU%2BZZ7ReUf3dzIpMuOoPxr3xdrbNea6AXEbBedApo8fE6Fc0NuXZZePIVhuN%2FLQbUVsISa%2BKkqlheBB1Bo7IoAB%2BjFrZTCy9NRewhglck7oP3RIaVfTqnKfg7cqEIb7%2FXjmRWYAD5C9dyAI66%2F4%2BM0CgVDjpRdfA%3D%3D--N6HIuOvcWUdDD6SU--aUeXpbODBNRpKkXfAS%2FkOQ%3D%3D; path=/; secure; httponly; samesite=lax Set-Cookie: _hunt_session=iNi62AMoilEk2tHzeRzFXWsat0H1zGV321T%2B%2FeMJyGP1OwYHVyRYLFEmfrF2SOaYnYnfFUBxSHu7wloU0kgKEeXkOQGuRVdUjA2KXNUyH%2BAhiO3LCZHpcc%2B0g2%2BiEMywBfwcO%2FXyhWOp4oVwHKO%2Bo1dz6Zvtls%2F43%2B%2BsPXJTsveWnieLxw%3D%3D--QDFCuNLRw0YRx7lc--6Mn5Um%2FLD5fc1UrSQOzt0g%3D%3D; path=/; secure; httponly; samesite=lax Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: b9ab1595-a518-1e70-ad95-64a2ebd07646 X-Runtime: 0.004087 X-Xss-Protection: 0 Date: Sat, 20 Dec 2025 10:39:12 GMT Connection: closeFound 2025-12-20 by HttpPluginCreate report