LeakIX - Host support.redflame.shop

Domain support.redflame.shop

Germany

Datacamp Limited

Software information

BunnyCDN-DE1-1330

tcp/443 tcp/80

BunnyCDN-DE1-1332

tcp/443 tcp/80

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 185.111.111.158
Domain: support.redflame.shop
Port: 443
URL: https://support.redflame.shop

First seen 2025-11-26 18:26
Last seen 2026-01-02 09:31
Open for 36 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3be9dc50adeb0c6ba6118edd4e16a6fba7cf16247

GraphQL introspection enabled at /graphql
Types: 370 (by kind: ENUM: 35, INPUT_OBJECT: 58, INTERFACE: 2, OBJECT: 256, SCALAR: 12, UNION: 7)
Operations:
- Query: Queries | fields: applicationBuildChecksum, applicationConfig, autocompleteSearchAgent, autocompleteSearchGeneric, autocompleteSearchIdoitObjectTypes
- Mutation: Mutations | fields: adminPasswordAuthSend, adminPasswordAuthVerify, channelEmailAdd, channelEmailGuessConfiguration, channelEmailSetNotificationConfiguration
- Subscription: Subscriptions | fields: appMaintenance, checklistTemplateUpdates, configUpdates, linkUpdates, macrosUpdate
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 09:31

463.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa347fc75e4bc395be875451a73bb1cb6bb03fd7bdc

GraphQL introspection enabled at /graphql
Types: 333 (by kind: ENUM: 32, INPUT_OBJECT: 52, INTERFACE: 2, OBJECT: 232, SCALAR: 12, UNION: 3)
Operations:
- Query: Queries | fields: applicationBuildChecksum, applicationConfig, autocompleteSearchAgent, autocompleteSearchGeneric, autocompleteSearchMergeTicket
- Mutation: Mutations | fields: adminPasswordAuthSend, adminPasswordAuthVerify, channelEmailAdd, channelEmailGuessConfiguration, channelEmailSetNotificationConfiguration
- Subscription: Subscriptions | fields: appMaintenance, checklistTemplateUpdates, configUpdates, macrosUpdate, onlineNotificationsCount
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-27 00:22

415.7 kBytes

Create report

Open service 185.111.111.158:443 · support.redflame.shop

2026-01-09 03:40

HTTP/1.1 200 OK
Date: Fri, 09 Jan 2026 03:40:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Server: BunnyCDN-DE1-1332
CDN-PullZone: 5053598
CDN-RequestCountryCode: SG
Cache-Control: no-cache
ETag: W/"0c7687632f00a5adc951e9be01a672d5"
Set-Cookie: _zammad_session_a138cfd0f37=ce6028823217f638719e03e93d2e05f1; path=/; secure; HttpOnly
Via: 1.1 Caddy
Content-Security-Policy: base-uri 'self' https://support.redflame.shop; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-YP18zF16+eUeBG6pRgFlJg=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com
Csrf-Token: JftxoXxyxfbT2V_wBBuK1KuLo-WAfngEW-6IIrjcVhOCsGpCb_Inl8EwnBKC28AYqts3NOG_a7TsEqwjomTnJw
Link: </assets/application-a5490c9f5e1c06c24451c9c0d5d670c2bb888d3cea0a62c4142257dba8560dcc.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: 2e5afe5c-07ed-415f-84dd-356d3fe077e3
X-Runtime: 0.038150
X-XSS-Protection: 0
CDN-ProxyVer: 1.43
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 1328
CDN-CachedAt: 01/09/2026 03:40:07
CDN-Status: 200
CDN-RequestTime: 0
CDN-RequestId: 4a3670709fe0f256ec16a297b750d638
CDN-Cache: MISS

Page title: RF Support

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width">
  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  <title>RF Support</title>
  <link rel="apple-touch-icon" href="apple-touch-icon.png" />
  <link rel="stylesheet" href="/assets/application-a5490c9f5e1c06c24451c9c0d5d670c2bb888d3cea0a62c4142257dba8560dcc.css" media="all" />
  <link rel="stylesheet" href="/assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css" media="print" />
  <script nonce="YP18zF16+eUeBG6pRgFlJg==">
//<![CDATA[
    if(window.MSInputMethodContext && document.documentMode){
      var polyfillScriptTag = document.createElement('script');
      polyfillScriptTag.setAttribute('src', '/assets/ie11CustomProperties.min-eb19b438c0f5d2010c250595ef6b0b161dacf892c8a6f772dc121e99fc020a2c.js');
      polyfillScriptTag.setAttribute('nonce', 'YP18zF16+eUeBG6pRgFlJg==');
      document.head.appendChild(polyfillScriptTag);
    }

    try {
      if(window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem('theme') != 'light' && !window.location.href.includes('/tests_') ){
        document.documentElement.dataset.theme = 'dark';
      }
    } catch (e) { };

//]]>
</script>    <script src="/assets/application-3adb299a07b8e1065ebab73f76dee733b586384066da7632534bc1278807a4e0.js" nonce="YP18zF16+eUeBG6pRgFlJg==" defer="defer"></script>

  <script src="/javascripts/../assets/form/form.js" nonce="YP18zF16+eUeBG6pRgFlJg==" defer="defer" id="zammad_form_script"></script>


  <meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="htBrGwJZFfYYTcC3H452JBlFecDVwA_zs4Odteu2YKYhm3D4Edn3lwqkA1WZTjzoGBXtEbQBHEMEf7m08Q7Rkg" />
</head>
<body>

  <!-- svgstore fallback -->
<script nonce="YP18zF16+eUeBG6pRgFlJg==">
//<![CDATA[
  /*
    detect if browser is
    - Chrome 14-20
    - Android Browser 4.1+
    - iOS 6-7
    - Safari 6
    - Edge 12
    - IE 9-11
  */
  window.svgPolyfill = /\bEdge\/12\b|\bTrident\/[567]\b|\bVersion\/7.0 Safari\b/.test(navigator.userAgent) || (navigator.userAgent.match(/AppleWebKit\/(\d+)/) || [])[1] < 537;

  (function (doc) {
    if(!svgPolyfill)
      return

    var scripts = doc.getElementsByTagName('script')
    var script = scripts[scripts.length - 1]
    var xhr = new XMLHttpRequest()
    xhr.onload = function () {
      var div = doc.createElement('div')
      div.innerHTML = this.responseText
      div.style.cssText = 'position: absolute; clip: rect(0, 0, 0, 0); z-index: -1;'
      script.parentNode.insertBefore(div, script)
    }
    xhr.open('get', 'assets/images/icons.svg?1764751827', true)
    xhr.send()
  })(document)

//]]>
</script><div id="app"></div>
<div class="splash">
  <svg class="icon icon-logo"><use xlink:href="assets/images/icons.svg?1764751827#icon-logo" /></svg>
  <div class="splash-title">Loading…</div>
</div>


</body>
</html>

Found 3 days ago by HttpPlugin

Create report

Open service 185.111.111.158:443 · support.redflame.shop

2026-01-02 09:31

HTTP/1.1 200 OK
Date: Fri, 02 Jan 2026 09:31:50 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Server: BunnyCDN-DE1-1332
CDN-PullZone: 5053598
CDN-RequestCountryCode: NL
Cache-Control: no-cache
ETag: W/"7ed7dbeda19bfb58b1353c50e41ccf6b"
Set-Cookie: _zammad_session_a138cfd0f37=23f10d2fa5627f944185e5f8a771f542; path=/; secure; HttpOnly
Via: 1.1 Caddy
Content-Security-Policy: base-uri 'self' https://support.redflame.shop; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-XmYpua3olAG9b1HSnSxpNw=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com
Csrf-Token: ImR8CFMlV61dx_eZYEoltbd1Mjg_XEBGKddGRQ2uYstU5v_5IKwJ-Xc97-zPij_-oUeSkem_DQ3Oa-AZkxV20A
Link: </assets/application-a5490c9f5e1c06c24451c9c0d5d670c2bb888d3cea0a62c4142257dba8560dcc.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: 92fdc8b7-f1bb-45cc-95f7-e085d4d2aa11
X-Runtime: 0.023984
X-XSS-Protection: 0
CDN-ProxyVer: 1.43
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 1328
CDN-CachedAt: 01/02/2026 09:31:50
CDN-Status: 200
CDN-RequestTime: 0
CDN-RequestId: aa4d6bfd590b99363ba1e83e53cf05f2
CDN-Cache: MISS

Page title: RF Support

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width">
  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  <title>RF Support</title>
  <link rel="apple-touch-icon" href="apple-touch-icon.png" />
  <link rel="stylesheet" href="/assets/application-a5490c9f5e1c06c24451c9c0d5d670c2bb888d3cea0a62c4142257dba8560dcc.css" media="all" />
  <link rel="stylesheet" href="/assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css" media="print" />
  <script nonce="XmYpua3olAG9b1HSnSxpNw==">
//<![CDATA[
    if(window.MSInputMethodContext && document.documentMode){
      var polyfillScriptTag = document.createElement('script');
      polyfillScriptTag.setAttribute('src', '/assets/ie11CustomProperties.min-eb19b438c0f5d2010c250595ef6b0b161dacf892c8a6f772dc121e99fc020a2c.js');
      polyfillScriptTag.setAttribute('nonce', 'XmYpua3olAG9b1HSnSxpNw==');
      document.head.appendChild(polyfillScriptTag);
    }

    try {
      if(window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem('theme') != 'light' && !window.location.href.includes('/tests_') ){
        document.documentElement.dataset.theme = 'dark';
      }
    } catch (e) { };

//]]>
</script>    <script src="/assets/application-3adb299a07b8e1065ebab73f76dee733b586384066da7632534bc1278807a4e0.js" nonce="XmYpua3olAG9b1HSnSxpNw==" defer="defer"></script>

  <script src="/javascripts/../assets/form/form.js" nonce="XmYpua3olAG9b1HSnSxpNw==" defer="defer" id="zammad_form_script"></script>


  <meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="t1k5tioSxd-6Zu611eqCR68jN39UVB2Z8WWj_087khvB27pHWZubi5Cc9sB6KpgMuRGX1oK3UNIW2QWj0YCGAA" />
</head>
<body>

  <!-- svgstore fallback -->
<script nonce="XmYpua3olAG9b1HSnSxpNw==">
//<![CDATA[
  /*
    detect if browser is
    - Chrome 14-20
    - Android Browser 4.1+
    - iOS 6-7
    - Safari 6
    - Edge 12
    - IE 9-11
  */
  window.svgPolyfill = /\bEdge\/12\b|\bTrident\/[567]\b|\bVersion\/7.0 Safari\b/.test(navigator.userAgent) || (navigator.userAgent.match(/AppleWebKit\/(\d+)/) || [])[1] < 537;

  (function (doc) {
    if(!svgPolyfill)
      return

    var scripts = doc.getElementsByTagName('script')
    var script = scripts[scripts.length - 1]
    var xhr = new XMLHttpRequest()
    xhr.onload = function () {
      var div = doc.createElement('div')
      div.innerHTML = this.responseText
      div.style.cssText = 'position: absolute; clip: rect(0, 0, 0, 0); z-index: -1;'
      script.parentNode.insertBefore(div, script)
    }
    xhr.open('get', 'assets/images/icons.svg?1764751827', true)
    xhr.send()
  })(document)

//]]>
</script><div id="app"></div>
<div class="splash">
  <svg class="icon icon-logo"><use xlink:href="assets/images/icons.svg?1764751827#icon-logo" /></svg>
  <div class="splash-title">Loading…</div>
</div>


</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 185.111.111.158:443 · support.redflame.shop

2025-12-22 10:10

HTTP/1.1 200 OK
Date: Mon, 22 Dec 2025 10:10:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Server: BunnyCDN-DE1-1332
CDN-PullZone: 4875261
CDN-RequestCountryCode: US
Cache-Control: no-cache
ETag: W/"b9d8b4bbe9f8f562bf2d656fa765a76e"
Set-Cookie: _zammad_session_a138cfd0f37=c69acaae35e220460c9ee3fa1e6b3ff3; path=/; secure; HttpOnly
Content-Security-Policy: base-uri 'self' https://support.redflame.shop; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-TB62CxwI8Lz1kUFS8pCBKw=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com
Csrf-Token: EddkURr6a5MCJRqHcUSMsuWuCfgmXxS3n5acP86Ihy6nv5NNxGU8ZH_F72QY41_jNxs5K1QhZz0mYkyYwHnE5Q
Link: </assets/application-92b128953b1be83c0b67d76ee0e2ac55ac38b13150e0f33956f8623356157d56.css>; rel=preload; as=style; nopush,</assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: aed4151e-462e-4230-8605-f18cc482e7dc
X-Runtime: 0.027068
X-XSS-Protection: 0
CDN-ProxyVer: 1.41
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 200
CDN-CachedAt: 12/22/2025 10:10:09
CDN-EdgeStorageId: 1332
CDN-RequestId: 81edccf2ea1861940255a015b4fee3ac
CDN-Cache: MISS
CDN-Status: 200
CDN-RequestTime: 0

Page title: RF Support

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width">
  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  <title>RF Support</title>
  <link rel="apple-touch-icon" href="apple-touch-icon.png" />
  <link rel="stylesheet" href="/assets/application-92b128953b1be83c0b67d76ee0e2ac55ac38b13150e0f33956f8623356157d56.css" media="all" />
  <link rel="stylesheet" href="/assets/application-print-b13bcc6b8c456b67c376ff97d8c717cfa9869ea4412e4f49b65170aa535c5722.css" media="print" />
  <script nonce="TB62CxwI8Lz1kUFS8pCBKw==">
//<![CDATA[
    if(window.MSInputMethodContext && document.documentMode){
      var polyfillScriptTag = document.createElement('script');
      polyfillScriptTag.setAttribute('src', '/assets/ie11CustomProperties.min-eb19b438c0f5d2010c250595ef6b0b161dacf892c8a6f772dc121e99fc020a2c.js');
      polyfillScriptTag.setAttribute('nonce', 'TB62CxwI8Lz1kUFS8pCBKw==');
      document.head.appendChild(polyfillScriptTag);
    }

    try {
      if(window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem('theme') != 'light' && !window.location.href.includes('/tests_') ){
        document.documentElement.dataset.theme = 'dark';
      }
    } catch (e) { };

//]]>
</script>    <script src="/assets/application-0a85c1a8faf9c37bf1b4fbadaf8c8c7278937bc13cb53cf9bc83167dda2ec25c.js" nonce="TB62CxwI8Lz1kUFS8pCBKw==" defer="defer"></script>

  <script src="/javascripts/../assets/form/form.js" nonce="TB62CxwI8Lz1kUFS8pCBKw==" defer="defer" id="zammad_form_script"></script>


  <meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="9ID5z2x3vlwhfMjtQf2u4mK4m5irAAfnbCph9vwliAdC6A7Tsujpq1ycPQ4oWn2zsA2rS9l-dG3V3rFR8tTLzA" />
</head>
<body>

  <!-- svgstore fallback -->
<script nonce="TB62CxwI8Lz1kUFS8pCBKw==">
//<![CDATA[
  /*
    detect if browser is
    - Chrome 14-20
    - Android Browser 4.1+
    - iOS 6-7
    - Safari 6
    - Edge 12
    - IE 9-11
  */
  window.svgPolyfill = /\bEdge\/12\b|\bTrident\/[567]\b|\bVersion\/7.0 Safari\b/.test(navigator.userAgent) || (navigator.userAgent.match(/AppleWebKit\/(\d+)/) || [])[1] < 537;

  (function (doc) {
    if(!svgPolyfill)
      return

    var scripts = doc.getElementsByTagName('script')
    var script = scripts[scripts.length - 1]
    var xhr = new XMLHttpRequest()
    xhr.onload = function () {
      var div = doc.createElement('div')
      div.innerHTML = this.responseText
      div.style.cssText = 'position: absolute; clip: rect(0, 0, 0, 0); z-index: -1;'
      script.parentNode.insertBefore(div, script)
    }
    xhr.open('get', 'assets/images/icons.svg?1733381914', true)
    xhr.send()
  })(document)

//]]>
</script><div id="app"></div>
<div class="splash">
  <svg class="icon icon-logo"><use xlink:href="assets/images/icons.svg?1733381914#icon-logo" /></svg>
  <div class="splash-title">Loading…</div>
</div>


</body>
</html>

Found 2025-12-22 by HttpPlugin