LeakIX - Host api-staging.maximomes.app

Domain api-staging.maximomes.app

United States

AMAZON-02

Software information

Heroku

tcp/443

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 15.197.129.158
Domain: api-staging.maximomes.app
Port: 443
URL: https://api-staging.maximomes.app

First seen 2025-11-03 09:04
Last seen 2026-01-02 14:06
Open for 60 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3fdfcbd6b4b001829a9433755b1d507f00d51b571

GraphQL introspection enabled at /graphql
Types: 269 (by kind: ENUM: 13, INPUT_OBJECT: 106, INTERFACE: 2, OBJECT: 73, SCALAR: 75)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 14:06

264.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3e1614c57cd654b85505aab1100a28164d16706a5

GraphQL introspection enabled at /graphql
Types: 267 (by kind: ENUM: 13, INPUT_OBJECT: 104, INTERFACE: 2, OBJECT: 73, SCALAR: 75)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-02 00:13

262.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e298c7f2a80af71f8c64af1d0c0f32bb9b2279ddec

GraphQL introspection enabled at /graphql/api
Types: 267 (by kind: ENUM: 13, INPUT_OBJECT: 104, INTERFACE: 2, OBJECT: 73, SCALAR: 75)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-29 05:28

262.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e271fbc2d4c5e99d186f9b84380521e7ff132ad580

GraphQL introspection enabled at /graphql/api
Types: 265 (by kind: ENUM: 13, INPUT_OBJECT: 102, INTERFACE: 2, OBJECT: 73, SCALAR: 75)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-27 05:44

261.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e24619f22e3b6106de17cff00a451a1d79558322da

GraphQL introspection enabled at /graphql/api
Types: 264 (by kind: ENUM: 13, INPUT_OBJECT: 101, INTERFACE: 2, OBJECT: 73, SCALAR: 75)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-22 17:20

259.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa36f747e3dab42d8df2ee822471b1a6e7225b3d99b

GraphQL introspection enabled at /graphql
Types: 264 (by kind: ENUM: 13, INPUT_OBJECT: 101, INTERFACE: 2, OBJECT: 73, SCALAR: 75)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-14 15:16

259.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2
```
GraphQL introspection enabled at /graphql/api
```
Found on 2025-11-12 14:13

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3a120b6f80324881c1acc411cb52239abe473eb1c

GraphQL introspection enabled at /graphql
Types: 259 (by kind: ENUM: 13, INPUT_OBJECT: 98, INTERFACE: 2, OBJECT: 72, SCALAR: 74)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-05 07:27

255.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa316ba1348e34e28ec1ab3ffac77572fbb2b906fcc

GraphQL introspection enabled at /graphql
Types: 254 (by kind: ENUM: 12, INPUT_OBJECT: 97, INTERFACE: 2, OBJECT: 70, SCALAR: 73)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-03 09:04

249.2 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.217.1
Domain: api-staging.maximomes.app
Port: 80
URL: http://api-staging.maximomes.app

First seen 2025-11-03 09:04
Last seen 2025-12-16 13:29
Open for 43 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3fdfcbd6b4b001829a9433755b1d507f00d51b571

GraphQL introspection enabled at /graphql
Types: 269 (by kind: ENUM: 13, INPUT_OBJECT: 106, INTERFACE: 2, OBJECT: 73, SCALAR: 75)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-16 13:29

265.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3e1614c57cd654b85505aab1100a28164d16706a5

GraphQL introspection enabled at /graphql
Types: 267 (by kind: ENUM: 13, INPUT_OBJECT: 104, INTERFACE: 2, OBJECT: 73, SCALAR: 75)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-02 00:13

262.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa36f747e3dab42d8df2ee822471b1a6e7225b3d99b

GraphQL introspection enabled at /graphql
Types: 264 (by kind: ENUM: 13, INPUT_OBJECT: 101, INTERFACE: 2, OBJECT: 73, SCALAR: 75)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-16 21:16

259.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3a120b6f80324881c1acc411cb52239abe473eb1c

GraphQL introspection enabled at /graphql
Types: 259 (by kind: ENUM: 13, INPUT_OBJECT: 98, INTERFACE: 2, OBJECT: 72, SCALAR: 74)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-05 07:40

255.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa316ba1348e34e28ec1ab3ffac77572fbb2b906fcc

GraphQL introspection enabled at /graphql
Types: 254 (by kind: ENUM: 12, INPUT_OBJECT: 97, INTERFACE: 2, OBJECT: 70, SCALAR: 73)
Operations:
- Query: Query | fields: breadcrumb, checkResetPasswordToken, entries, entry, me
- Mutation: Mutation | fields: bulkUpdateEntries, createEntry, deleteEntry, registerUser, updateEntry
- Subscription: Subscription | fields: entryUpdated, newEntry
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-03 09:04

249.2 kBytes

Create report

Open service 15.197.129.158:443 · api-staging.maximomes.app

2026-01-08 22:04

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Thu, 08 Jan 2026 22:05:07 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=bFA0r8C97tx%2FmGcFrpM9Sx0hl94oECq3D0qcY98P%2FE4%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767909907"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=bFA0r8C97tx%2FmGcFrpM9Sx0hl94oECq3D0qcY98P%2FE4%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767909907"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-08 by HttpPlugin

Create report

Open service 15.197.129.158:443 · api-staging.maximomes.app

2026-01-02 14:06

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jan 2026 14:06:48 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BXFRQMUFafZrgiP%2FufrJ3Yj39Qczr0GW5mcSFLYwkAI%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767362808"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BXFRQMUFafZrgiP%2FufrJ3Yj39Qczr0GW5mcSFLYwkAI%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767362808"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 15.197.129.158:443 · api-staging.maximomes.app

2025-12-30 14:43

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Tue, 30 Dec 2025 14:43:36 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Xh5EcrgZXofGG2tw89Y4DsX2uElDJXUiGW7gOtLNCdE%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767105816"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Xh5EcrgZXofGG2tw89Y4DsX2uElDJXUiGW7gOtLNCdE%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767105816"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-30 by HttpPlugin

Create report

Open service 15.197.129.158:443 · api-staging.maximomes.app

2025-12-22 10:15

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Dec 2025 10:16:00 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=1f7PLpR6haa14AICxPnoRCg5jWWcF5o6T%2BPti02VEb4%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766398560"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=1f7PLpR6haa14AICxPnoRCg5jWWcF5o6T%2BPti02VEb4%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766398560"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 15.197.129.158:443 · api-staging.maximomes.app

2025-12-20 05:47

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Sat, 20 Dec 2025 05:47:46 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=3mWCMbRSnn7HkAvmfBMn6ZCiccQX9dhfAPC12hwgr9M%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766209666"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=3mWCMbRSnn7HkAvmfBMn6ZCiccQX9dhfAPC12hwgr9M%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766209666"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

api-staging.maximomes.app

Fingerprint:

3a953689097b662efa4d399b3c029b826e769ca2cfbffb253d4e0a15d96badb9

CN:

api-staging.maximomes.app

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-01 23:14

Not after:

2026-03-01 23:14

Domain summary

api-staging.maximomes.app 18

1 recorded

IP summary

15.197.129.158 2 75.2.43.161 1 76.223.11.49 1 99.83.217.1 1

4 recorded