LeakIX - Host api.crm.futureworld.ps

Domain api.crm.futureworld.ps

Germany

Hetzner Online GmbH

Software information

nginx nginx

tcp/443

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 116.203.2.207
Domain: api.crm.futureworld.ps
Port: 443
URL: https://api.crm.futureworld.ps

First seen 2025-12-05 09:46
Last seen 2026-02-03 20:46
Open for 60 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3d9181c39a346585bfbe2b3f59676f8159676f815
```
GraphQL introspection enabled at /graphql
Types: 12 (by kind: ENUM: 2, OBJECT: 7, SCALAR: 3)
Operations:
- Query: Query | fields: _empty
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-02-03 20:46
  
  17.2 kBytes
Create report

Open service 116.203.2.207:443 · api.crm.futureworld.ps

2026-01-23 11:22

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 23 Jan 2026 11:22:29 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Connection: close
Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob: https://raw.githubusercontent.com https://avatars.githubusercontent.com;media-src 'self';connect-src 'self' https://* wss://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Powered-By: Directus
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Location: ./admin
Vary: Accept
Strict-Transport-Security: max-age=31536000; includeSubdomains


Found. Redirecting to ./admin

Found 2026-01-23 by HttpPlugin

Create report

Open service 116.203.2.207:443 · api.crm.futureworld.ps

2026-01-09 13:40

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 09 Jan 2026 13:41:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Connection: close
Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob: https://raw.githubusercontent.com https://avatars.githubusercontent.com;media-src 'self';connect-src 'self' https://* wss://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Powered-By: Directus
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Location: ./admin
Vary: Accept
Strict-Transport-Security: max-age=31536000; includeSubdomains


Found. Redirecting to ./admin

Found 2026-01-09 by HttpPlugin

Create report

Open service 116.203.2.207:443 · api.crm.futureworld.ps

2026-01-02 13:39

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Jan 2026 13:39:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Connection: close
Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob: https://raw.githubusercontent.com https://avatars.githubusercontent.com;media-src 'self';connect-src 'self' https://* wss://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Powered-By: Directus
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Location: ./admin
Vary: Accept
Strict-Transport-Security: max-age=31536000; includeSubdomains


Found. Redirecting to ./admin

Found 2026-01-02 by HttpPlugin

Create report

Open service 116.203.2.207:443 · api.crm.futureworld.ps

2025-12-23 06:54

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 23 Dec 2025 06:54:11 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Connection: close
Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob: https://raw.githubusercontent.com https://avatars.githubusercontent.com;media-src 'self';connect-src 'self' https://* wss://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Powered-By: Directus
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Location: ./admin
Vary: Accept
Strict-Transport-Security: max-age=31536000; includeSubdomains


Found. Redirecting to ./admin

Found 2025-12-23 by HttpPlugin

Create report

api.crm.futureworld.pswww.api.crm.futureworld.ps

Fingerprint:

b07904345d34c1f2fd07054f191d9f71134e839be9d9359a3954677d012444cb

CN:

api.crm.futureworld.ps

Key:

ECDSA-256

Issuer:

Not before:

2025-12-05 08:47

Not after:

2026-03-05 08:47

Domain summary

api.crm.futureworld.ps 4

1 recorded

IP summary

116.203.2.207 2

1 recorded

Domain api.crm.futureworld.ps

Germany

Software information

GraphQL introspection is enabled.

Create report

Create report

Create report

Create report

api.crm.futureworld.pswww.api.crm.futureworld.ps

Domain summary

IP summary