Domain support.avehr.com
Germany
Hetzner Online GmbH
Software information
nginx
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-12-12 08:09
Last seen 2026-01-02 08:24
Open for 21 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa35e57e82a7f920a1a422f160c9aa84e2dfb75e18eGraphQL introspection enabled at /graphql Types: 227 (by kind: ENUM: 24, INPUT_OBJECT: 33, INTERFACE: 2, OBJECT: 154, SCALAR: 12, UNION: 2) Operations: - Query: Queries | fields: accountAvatarActive, applicationBuildChecksum, applicationConfig, autocompleteSearchMergeTicket, autocompleteSearchObjectAttributeExternalDataSource - Mutation: Mutations | fields: accountAvatarAdd, accountAvatarDelete, accountLocale, adminPasswordAuthSend, adminPasswordAuthVerify - Subscription: Subscriptions | fields: appMaintenance, configUpdates, onlineNotificationsCount, organizationUpdates, publicLinkUpdates Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
Found on 2026-01-02 08:24284.6 kBytes
-
-
Open service 195.201.18.244:443 · support.avehr.com
2026-01-09 09:01
HTTP/1.1 200 OK Server: nginx Date: Fri, 09 Jan 2026 09:01:04 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2915 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Link: </assets/application-6f775051a09b27a6b02313489298285146d149ca6130f6cdc88ea2608720f3c9.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush CSRF-TOKEN: rYK0qXY7uRkxGqJY7rXQZUM7p3ZDw_HfbA9qkuCZLOtvdgEmdF9H8rv44WaixgwyTmHCuU4QKH37wobT02RhBA ETag: W/"038b9dd805eb7e54c85a85aa77be3a3e" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: base-uri 'self' https://support.avehr.com; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-dQ4zDh1lDTHbgqUz/q6Cww=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com Set-Cookie: _zammad_session_a138cfd0f37=25ff98e4b3f2ea7bf2871d58b038e8a0; path=/; secure; HttpOnly; SameSite=Lax X-Request-Id: 38b9c80d-fd42-4d4d-900a-f7fde4337358 X-Runtime: 0.033513 Page title: AveHR Helpdesk <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <title>AveHR Helpdesk</title> <link rel="apple-touch-icon" href="apple-touch-icon.png" /> <link rel="stylesheet" href="/assets/application-6f775051a09b27a6b02313489298285146d149ca6130f6cdc88ea2608720f3c9.css" media="all" /> <link rel="stylesheet" href="/assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css" media="print" /> <script nonce="dQ4zDh1lDTHbgqUz/q6Cww=="> //<![CDATA[ if(window.MSInputMethodContext && document.documentMode){ var polyfillScriptTag = document.createElement('script'); polyfillScriptTag.setAttribute('src', '/assets/ie11CustomProperties.min-eb19b438c0f5d2010c250595ef6b0b161dacf892c8a6f772dc121e99fc020a2c.js'); polyfillScriptTag.setAttribute('nonce', 'dQ4zDh1lDTHbgqUz/q6Cww=='); document.head.appendChild(polyfillScriptTag); } try { if(window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem('theme') != 'light' && !window.location.href.includes('/tests_') ){ document.documentElement.dataset.theme = 'dark'; } } catch (e) { }; //]]> </script> <script src="/assets/application-5795b3cd134f7effad50696632a2f8fd1d0c60df7c4b7340f409ad951136bc7d.js" nonce="dQ4zDh1lDTHbgqUz/q6Cww==" defer="defer"></script> <script src="/javascripts/../assets/form/form.js" nonce="dQ4zDh1lDTHbgqUz/q6Cww==" defer="defer" id="zammad_form_script"></script> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="4COquH0bxzq8uW_dWVvOdAWp6fqDjWr01J6atfMgJhEi1x83f3850TZbLOMVKBIjCPOMNY5es1ZDU3b0wN1r_g" /> </head> <body> <!-- svgstore fallback --> <script nonce="dQ4zDh1lDTHbgqUz/q6Cww=="> //<![CDATA[ /* detect if browser is - Chrome 14-20 - Android Browser 4.1+ - iOS 6-7 - Safari 6 - Edge 12 - IE 9-11 */ window.svgPolyfill = /\bEdge\/12\b|\bTrident\/[567]\b|\bVersion\/7.0 Safari\b/.test(navigator.userAgent) || (navigator.userAgent.match(/AppleWebKit\/(\d+)/) || [])[1] < 537; (function (doc) { if(!svgPolyfill) return var scripts = doc.getElementsByTagName('script') var script = scripts[scripts.length - 1] var xhr = new XMLHttpRequest() xhr.onload = function () { var div = doc.createElement('div') div.innerHTML = this.responseText div.style.cssText = 'position: absolute; clip: rect(0, 0, 0, 0); z-index: -1;' script.parentNode.insertBefore(div, script) } xhr.open('get', 'assets/images/icons.svg', true) xhr.send() })(document) //]]> </script><div id="app"></div> <div class="splash"> <svg class="icon icon-logo"><use xlink:href="assets/images/icons.svg#icon-logo" /></svg> <div class="splash-title">Loading…</div> </div> </body> </html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 195.201.18.244:443 · support.avehr.com
2026-01-02 08:24
HTTP/1.1 200 OK Server: nginx Date: Fri, 02 Jan 2026 08:24:25 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2915 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Link: </assets/application-6f775051a09b27a6b02313489298285146d149ca6130f6cdc88ea2608720f3c9.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush CSRF-TOKEN: x5WYalAhroGQ7Fwz-iueZyr0c7VHZuVBoq7T9kCPRRdyWIbFUvc7mLGgNIPZcMC8hr7K36znsqjd1eu6OhvNyg ETag: W/"165ebad753abe3bf3dedf24e43fc3f56" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: base-uri 'self' https://support.avehr.com; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-AZeDdgeqZDAh+y4EFG/3bA=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com Set-Cookie: _zammad_session_a138cfd0f37=f574f6d64e40cfc8c502b39d1dc82e55; path=/; secure; HttpOnly; SameSite=Lax X-Request-Id: c694f719-c906-469c-aea4-faa384fead6e X-Runtime: 0.023602 Page title: AveHR Helpdesk <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <title>AveHR Helpdesk</title> <link rel="apple-touch-icon" href="apple-touch-icon.png" /> <link rel="stylesheet" href="/assets/application-6f775051a09b27a6b02313489298285146d149ca6130f6cdc88ea2608720f3c9.css" media="all" /> <link rel="stylesheet" href="/assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css" media="print" /> <script nonce="AZeDdgeqZDAh+y4EFG/3bA=="> //<![CDATA[ if(window.MSInputMethodContext && document.documentMode){ var polyfillScriptTag = document.createElement('script'); polyfillScriptTag.setAttribute('src', '/assets/ie11CustomProperties.min-eb19b438c0f5d2010c250595ef6b0b161dacf892c8a6f772dc121e99fc020a2c.js'); polyfillScriptTag.setAttribute('nonce', 'AZeDdgeqZDAh+y4EFG/3bA=='); document.head.appendChild(polyfillScriptTag); } try { if(window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem('theme') != 'light' && !window.location.href.includes('/tests_') ){ document.documentElement.dataset.theme = 'dark'; } } catch (e) { }; //]]> </script> <script src="/assets/application-5795b3cd134f7effad50696632a2f8fd1d0c60df7c4b7340f409ad951136bc7d.js" nonce="AZeDdgeqZDAh+y4EFG/3bA==" defer="defer"></script> <script src="/javascripts/../assets/form/form.js" nonce="AZeDdgeqZDAh+y4EFG/3bA==" defer="defer" id="zammad_form_script"></script> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="_6gxRECLyMoq1Ml4Yg4wfyMswUbFC9IIhU0qxkcPYVxKZS_rQl1d0wuYochBVW6kj2Z4LC6KheH6NhKKPZvpgQ" /> </head> <body> <!-- svgstore fallback --> <script nonce="AZeDdgeqZDAh+y4EFG/3bA=="> //<![CDATA[ /* detect if browser is - Chrome 14-20 - Android Browser 4.1+ - iOS 6-7 - Safari 6 - Edge 12 - IE 9-11 */ window.svgPolyfill = /\bEdge\/12\b|\bTrident\/[567]\b|\bVersion\/7.0 Safari\b/.test(navigator.userAgent) || (navigator.userAgent.match(/AppleWebKit\/(\d+)/) || [])[1] < 537; (function (doc) { if(!svgPolyfill) return var scripts = doc.getElementsByTagName('script') var script = scripts[scripts.length - 1] var xhr = new XMLHttpRequest() xhr.onload = function () { var div = doc.createElement('div') div.innerHTML = this.responseText div.style.cssText = 'position: absolute; clip: rect(0, 0, 0, 0); z-index: -1;' script.parentNode.insertBefore(div, script) } xhr.open('get', 'assets/images/icons.svg', true) xhr.send() })(document) //]]> </script><div id="app"></div> <div class="splash"> <svg class="icon icon-logo"><use xlink:href="assets/images/icons.svg#icon-logo" /></svg> <div class="splash-title">Loading…</div> </div> </body> </html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 195.201.18.244:443 · support.avehr.com
2025-12-23 03:22
HTTP/1.1 200 OK Server: nginx Date: Tue, 23 Dec 2025 03:22:55 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2915 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Link: </assets/application-6f775051a09b27a6b02313489298285146d149ca6130f6cdc88ea2608720f3c9.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush CSRF-TOKEN: 6I4VQNfDQjLVMGZtv5msoHSvr3ev8WCzTI0Quceq_k_WjzuX7u0b6Pgs0XKsqWwiH-dWyyOkgND-0Mk0J2fYnQ ETag: W/"ead8e09e77b4cd494a773ad8a64fe6aa" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: base-uri 'self' https://support.avehr.com; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-q00hQgayQIliwAlYe04AAw=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com Set-Cookie: _zammad_session_a138cfd0f37=e1048cda248cba58ad9bbf088e9e4e44; path=/; secure; HttpOnly; SameSite=Lax X-Request-Id: d812665c-d7e7-4ab7-a6df-af99431e226e X-Runtime: 0.023364 Page title: AveHR Helpdesk <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <title>AveHR Helpdesk</title> <link rel="apple-touch-icon" href="apple-touch-icon.png" /> <link rel="stylesheet" href="/assets/application-6f775051a09b27a6b02313489298285146d149ca6130f6cdc88ea2608720f3c9.css" media="all" /> <link rel="stylesheet" href="/assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css" media="print" /> <script nonce="q00hQgayQIliwAlYe04AAw=="> //<![CDATA[ if(window.MSInputMethodContext && document.documentMode){ var polyfillScriptTag = document.createElement('script'); polyfillScriptTag.setAttribute('src', '/assets/ie11CustomProperties.min-eb19b438c0f5d2010c250595ef6b0b161dacf892c8a6f772dc121e99fc020a2c.js'); polyfillScriptTag.setAttribute('nonce', 'q00hQgayQIliwAlYe04AAw=='); document.head.appendChild(polyfillScriptTag); } try { if(window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem('theme') != 'light' && !window.location.href.includes('/tests_') ){ document.documentElement.dataset.theme = 'dark'; } } catch (e) { }; //]]> </script> <script src="/assets/application-5795b3cd134f7effad50696632a2f8fd1d0c60df7c4b7340f409ad951136bc7d.js" nonce="q00hQgayQIliwAlYe04AAw==" defer="defer"></script> <script src="/javascripts/../assets/form/form.js" nonce="q00hQgayQIliwAlYe04AAw==" defer="defer" id="zammad_form_script"></script> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="Nrb-DPudEzzI4owd9EM8Xuli5DX0WxrnoTL-VzDReMkIt9DbwrNK5uX-OwLnc_zcgiodiXgO-oQTbyfa0BxeGw" /> </head> <body> <!-- svgstore fallback --> <script nonce="q00hQgayQIliwAlYe04AAw=="> //<![CDATA[ /* detect if browser is - Chrome 14-20 - Android Browser 4.1+ - iOS 6-7 - Safari 6 - Edge 12 - IE 9-11 */ window.svgPolyfill = /\bEdge\/12\b|\bTrident\/[567]\b|\bVersion\/7.0 Safari\b/.test(navigator.userAgent) || (navigator.userAgent.match(/AppleWebKit\/(\d+)/) || [])[1] < 537; (function (doc) { if(!svgPolyfill) return var scripts = doc.getElementsByTagName('script') var script = scripts[scripts.length - 1] var xhr = new XMLHttpRequest() xhr.onload = function () { var div = doc.createElement('div') div.innerHTML = this.responseText div.style.cssText = 'position: absolute; clip: rect(0, 0, 0, 0); z-index: -1;' script.parentNode.insertBefore(div, script) } xhr.open('get', 'assets/images/icons.svg', true) xhr.send() })(document) //]]> </script><div id="app"></div> <div class="splash"> <svg class="icon icon-logo"><use xlink:href="assets/images/icons.svg#icon-logo" /></svg> <div class="splash-title">Loading…</div> </div> </body> </html>Found 2025-12-23 by HttpPluginCreate report
-
Open service 195.201.18.244:443 · support.avehr.com
2025-12-20 13:48
HTTP/1.1 200 OK Server: nginx Date: Sat, 20 Dec 2025 13:48:15 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2915 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Link: </assets/application-6f775051a09b27a6b02313489298285146d149ca6130f6cdc88ea2608720f3c9.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush CSRF-TOKEN: ikoIZjOfM5R9ryNOxwyP-be6vP4JtC4uYc54ZhaDAZ6uaEJcLpLX5OY3QfZBvaIu6lBRExf_AreLffABSsWbew ETag: W/"bebcbaccb7849b35a1770660a01b5326" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: base-uri 'self' https://support.avehr.com; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-sBFgGdrc2CVTSu1dIUDidw=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com Set-Cookie: _zammad_session_a138cfd0f37=27bee8c7c26c102931117899bdb638c2; path=/; secure; HttpOnly; SameSite=Lax X-Request-Id: 5835ac33-ca12-4225-8b9a-ec05cf69f26a X-Runtime: 0.029549 Page title: AveHR Helpdesk <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <title>AveHR Helpdesk</title> <link rel="apple-touch-icon" href="apple-touch-icon.png" /> <link rel="stylesheet" href="/assets/application-6f775051a09b27a6b02313489298285146d149ca6130f6cdc88ea2608720f3c9.css" media="all" /> <link rel="stylesheet" href="/assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css" media="print" /> <script nonce="sBFgGdrc2CVTSu1dIUDidw=="> //<![CDATA[ if(window.MSInputMethodContext && document.documentMode){ var polyfillScriptTag = document.createElement('script'); polyfillScriptTag.setAttribute('src', '/assets/ie11CustomProperties.min-eb19b438c0f5d2010c250595ef6b0b161dacf892c8a6f772dc121e99fc020a2c.js'); polyfillScriptTag.setAttribute('nonce', 'sBFgGdrc2CVTSu1dIUDidw=='); document.head.appendChild(polyfillScriptTag); } try { if(window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem('theme') != 'light' && !window.location.href.includes('/tests_') ){ document.documentElement.dataset.theme = 'dark'; } } catch (e) { }; //]]> </script> <script src="/assets/application-5795b3cd134f7effad50696632a2f8fd1d0c60df7c4b7340f409ad951136bc7d.js" nonce="sBFgGdrc2CVTSu1dIUDidw==" defer="defer"></script> <script src="/javascripts/../assets/form/form.js" nonce="sBFgGdrc2CVTSu1dIUDidw==" defer="defer" id="zammad_form_script"></script> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="R8_uuwSVFurrcwyHKzHFZSj3C5-kXn8HDpO54hmSnDdj7aSBGZjymnDrbj-tgOiydR3mcroVU57kIDGFRdQG0g" /> </head> <body> <!-- svgstore fallback --> <script nonce="sBFgGdrc2CVTSu1dIUDidw=="> //<![CDATA[ /* detect if browser is - Chrome 14-20 - Android Browser 4.1+ - iOS 6-7 - Safari 6 - Edge 12 - IE 9-11 */ window.svgPolyfill = /\bEdge\/12\b|\bTrident\/[567]\b|\bVersion\/7.0 Safari\b/.test(navigator.userAgent) || (navigator.userAgent.match(/AppleWebKit\/(\d+)/) || [])[1] < 537; (function (doc) { if(!svgPolyfill) return var scripts = doc.getElementsByTagName('script') var script = scripts[scripts.length - 1] var xhr = new XMLHttpRequest() xhr.onload = function () { var div = doc.createElement('div') div.innerHTML = this.responseText div.style.cssText = 'position: absolute; clip: rect(0, 0, 0, 0); z-index: -1;' script.parentNode.insertBefore(div, script) } xhr.open('get', 'assets/images/icons.svg', true) xhr.send() })(document) //]]> </script><div id="app"></div> <div class="splash"> <svg class="icon icon-logo"><use xlink:href="assets/images/icons.svg#icon-logo" /></svg> <div class="splash-title">Loading…</div> </div> </body> </html>Found 2025-12-20 by HttpPluginCreate report
support.avehr.comwww.support.avehr.com
CN:
support.avehr.com
Not before:
2025-12-12 07:09
Not after:
2026-03-12 07:09