LeakIX - Host api-dev.bid2board.com

Domain api-dev.bid2board.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 15.197.253.240
Domain: api-dev.bid2board.com
Port: 443
URL: https://api-dev.bid2board.com

First seen 2025-11-14 03:23
Last seen 2026-01-02 14:17
Open for 49 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa378891b17a1f5c9c5f0bf35a5fa79b49537ae15a1
```
GraphQL introspection enabled at /graphql
Types: 132 (by kind: ENUM: 35, INPUT_OBJECT: 24, OBJECT: 65, SCALAR: 8)
Operations:
- Query: Query | fields: conversionRates, findAgents, findSuppliers, getAnnualServiceReports, makers
- Mutation: Mutation | fields: addError, addRating, addServiceRequest, addShip, addTransaction
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 14:17
  
  471.9 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 52.223.53.203
Domain: api-dev.bid2board.com
Port: 80
URL: http://api-dev.bid2board.com

First seen 2025-11-14 03:23
Last seen 2026-01-02 08:25
Open for 49 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa378891b17a1f5c9c5f0bf35a5fa79b49537ae15a1
```
GraphQL introspection enabled at /graphql
Types: 132 (by kind: ENUM: 35, INPUT_OBJECT: 24, OBJECT: 65, SCALAR: 8)
Operations:
- Query: Query | fields: conversionRates, findAgents, findSuppliers, getAnnualServiceReports, makers
- Mutation: Mutation | fields: addError, addRating, addServiceRequest, addShip, addTransaction
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 08:25
  
  471.9 kBytes
Create report

Open service 15.197.253.240:443 · api-dev.bid2board.com

2026-01-09 10:15

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Type: text/plain; charset=utf-8
Date: Fri, 09 Jan 2026 10:15:50 GMT
Etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Expect-Ct: max-age=0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Lec8B70DEf%2Bv6e8s0nNMXIvMyRBMlDBEQq8tRblBNJY%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767953750"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Lec8B70DEf%2Bv6e8s0nNMXIvMyRBMlDBEQq8tRblBNJY%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767953750"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Unauthorized

Found 2026-01-09 by HttpPlugin

Create report

Open service 52.223.53.203:80 · api-dev.bid2board.com

2026-01-09 09:00

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Type: text/plain; charset=utf-8
Date: Fri, 09 Jan 2026 09:01:11 GMT
Etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Expect-Ct: max-age=0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=wZenr6qUENFKDIY9k7JxD8vB2NG9cySDF7uWTfO00QQ%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767949271"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=wZenr6qUENFKDIY9k7JxD8vB2NG9cySDF7uWTfO00QQ%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767949271"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Unauthorized

Found 2026-01-09 by HttpPlugin

Create report

Open service 15.197.253.240:443 · api-dev.bid2board.com

2026-01-02 14:17

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jan 2026 14:17:01 GMT
Etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Expect-Ct: max-age=0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=y%2BN%2F1gau5GvTf0gjUkj%2BmG%2FJZpr2ZOYtR4UExuXtbNg%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767363421"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=y%2BN%2F1gau5GvTf0gjUkj%2BmG%2FJZpr2ZOYtR4UExuXtbNg%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767363421"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Unauthorized

Found 2026-01-02 by HttpPlugin

Create report

Open service 52.223.53.203:80 · api-dev.bid2board.com

2026-01-02 08:25

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jan 2026 08:25:06 GMT
Etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Expect-Ct: max-age=0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=9Ls0NKqGOt6kUxtqoNNRapAmp21gDnozaxbp7lpMPYg%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767342306"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=9Ls0NKqGOt6kUxtqoNNRapAmp21gDnozaxbp7lpMPYg%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767342306"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Unauthorized

Found 2026-01-02 by HttpPlugin

Create report

Open service 15.197.253.240:443 · api-dev.bid2board.com

2025-12-23 03:14

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Type: text/plain; charset=utf-8
Date: Tue, 23 Dec 2025 03:14:17 GMT
Etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Expect-Ct: max-age=0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=XTKkE344qVkbUGtjU%2BrvHcIF5rH6h8%2BHCESN7m4%2FWZM%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766459657"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=XTKkE344qVkbUGtjU%2BrvHcIF5rH6h8%2BHCESN7m4%2FWZM%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766459657"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Unauthorized

Found 2025-12-23 by HttpPlugin

Create report

Open service 52.223.53.203:80 · api-dev.bid2board.com

2025-12-23 03:10

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Type: text/plain; charset=utf-8
Date: Tue, 23 Dec 2025 03:10:42 GMT
Etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Expect-Ct: max-age=0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=o4NG1jrQ1dnJ4v4H%2BJiVIelvGh061Ib4ly5p9t3JmSc%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766459442"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=o4NG1jrQ1dnJ4v4H%2BJiVIelvGh061Ib4ly5p9t3JmSc%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766459442"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Unauthorized

Found 2025-12-23 by HttpPlugin

Create report

Open service 52.223.53.203:80 · api-dev.bid2board.com

2025-12-20 15:28

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Type: text/plain; charset=utf-8
Date: Sat, 20 Dec 2025 15:28:51 GMT
Etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Expect-Ct: max-age=0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=GgLsLv8vlhihAveXfNgnSPGr4z9%2Bn%2BxZOgusKxOKl18%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766244531"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=GgLsLv8vlhihAveXfNgnSPGr4z9%2Bn%2BxZOgusKxOKl18%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766244531"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Unauthorized

Found 2025-12-20 by HttpPlugin

Create report

Open service 15.197.253.240:443 · api-dev.bid2board.com

2025-12-20 11:39

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Type: text/plain; charset=utf-8
Date: Sat, 20 Dec 2025 11:39:10 GMT
Etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Expect-Ct: max-age=0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=pIp2MbluVxZA54L2oMii6BAbp9jfYK9lEgZFsr%2BjyGY%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766230750"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=pIp2MbluVxZA54L2oMii6BAbp9jfYK9lEgZFsr%2BjyGY%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766230750"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Unauthorized

Found 2025-12-20 by HttpPlugin

Create report

api-dev.bid2board.com

Fingerprint:

74eef8afeefeb7270d0971987dd62eaf26aff015bc0405f8b1b6ea5d6bb41cb1

CN:

api-dev.bid2board.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-14 02:24

Not after:

2026-02-12 02:24

Domain summary

api-dev.bid2board.com 9

1 recorded

IP summary

15.197.253.240 1 52.223.53.203 1

2 recorded

Domain api-dev.bid2board.com

United States

Software information

GraphQL introspection is enabled.

GraphQL introspection is enabled.

api-dev.bid2board.com

Domain summary

IP summary