LeakIX - Host api.gohadley.com

Domain api.gohadley.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 13.248.132.87
Domain: api.gohadley.com
Port: 443
URL: https://api.gohadley.com

First seen 2025-10-20 01:06
Last seen 2026-01-02 21:12
Open for 74 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3b1c899f79a79abe5216d66ad07b83d5781743367
```
GraphQL introspection enabled at /graphql
Types: 174 (by kind: ENUM: 26, INPUT_OBJECT: 41, OBJECT: 99, SCALAR: 8)
Operations:
- Query: Query | fields: bankAccount, contacts, contributions, deduction, deductions
- Mutation: Mutation | fields: acceptFriendRequest, addBankAccount, archiveUser, confirmEmailAddress, connectOrganizationToFinch
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 21:12
  
  200.7 kBytes
Create report

Open service 13.248.132.87:443 · api.gohadley.com

2026-01-10 00:02

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: https://www.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=QOnAb3o62kDWBs%2FhXfvLqCirAUw6ZppStgVVU4XEjsg%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1768003353"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=QOnAb3o62kDWBs%2FhXfvLqCirAUw6ZppStgVVU4XEjsg%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1768003353"
Server: Heroku
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: cd683260-33da-8c94-ee47-2b61212b30f7
X-Runtime: 0.002217
X-Xss-Protection: 0
Date: Sat, 10 Jan 2026 00:02:33 GMT
Content-Length: 91
Connection: close


<html><body>You are being <a href="https://www.gohadley.com/">redirected</a>.</body></html>

Found 3 days ago by HttpPlugin

Create report

Open service 13.248.132.87:443 · api.gohadley.com

2026-01-02 21:12

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: https://www.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=rd3N1jpNNSOLud07Wk2TA3r%2BvHVJch9H69J0k8uI0jM%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767388374"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=rd3N1jpNNSOLud07Wk2TA3r%2BvHVJch9H69J0k8uI0jM%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767388374"
Server: Heroku
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 4f8c58a9-a0cd-d9a6-77b0-a5141085101b
X-Runtime: 0.002249
X-Xss-Protection: 0
Date: Fri, 02 Jan 2026 21:12:54 GMT
Content-Length: 91
Connection: close


<html><body>You are being <a href="https://www.gohadley.com/">redirected</a>.</body></html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 13.248.132.87:443 · api.gohadley.com

2025-12-23 02:53

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: https://www.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=O693fpDc2%2FXL%2FAy%2FvYL4utFmxbPgSHABjnIBDoS331M%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766458381"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=O693fpDc2%2FXL%2FAy%2FvYL4utFmxbPgSHABjnIBDoS331M%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766458381"
Server: Heroku
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 6b94e02e-0638-0322-964d-4889ab5a13df
X-Runtime: 0.002667
X-Xss-Protection: 0
Date: Tue, 23 Dec 2025 02:53:01 GMT
Content-Length: 91
Connection: close


<html><body>You are being <a href="https://www.gohadley.com/">redirected</a>.</body></html>

Found 2025-12-23 by HttpPlugin

Create report

Open service 13.248.132.87:443 · api.gohadley.com

2025-12-20 18:07

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: https://www.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=FxQeby5aS6Q423l454hlC%2F6qXisjhBQO8EGSEZ9mUHc%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766254039"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=FxQeby5aS6Q423l454hlC%2F6qXisjhBQO8EGSEZ9mUHc%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766254039"
Server: Heroku
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: e4326c26-4d3f-db87-5492-d58fd2e65e8c
X-Runtime: 0.003133
X-Xss-Protection: 0
Date: Sat, 20 Dec 2025 18:07:19 GMT
Content-Length: 91
Connection: close


<html><body>You are being <a href="https://www.gohadley.com/">redirected</a>.</body></html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 35.71.145.101:80 · api.gohadley.com

2025-12-20 00:08

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Location: https://api.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=enwGid9DeRRx7MrzDggqx05el%2FJcx3S2lqJkKNIWYqU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766189288"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=enwGid9DeRRx7MrzDggqx05el%2FJcx3S2lqJkKNIWYqU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766189288"
Server: Heroku
Via: 1.1 heroku-router
Date: Sat, 20 Dec 2025 00:08:08 GMT
Content-Length: 0
Connection: close

Found 2025-12-20 by HttpPlugin

Create report

Open service 99.83.151.71:80 · api.gohadley.com

2025-12-20 00:08

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Location: https://api.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=enwGid9DeRRx7MrzDggqx05el%2FJcx3S2lqJkKNIWYqU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766189288"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=enwGid9DeRRx7MrzDggqx05el%2FJcx3S2lqJkKNIWYqU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766189288"
Server: Heroku
Via: 1.1 heroku-router
Date: Sat, 20 Dec 2025 00:08:08 GMT
Content-Length: 0
Connection: close

Found 2025-12-20 by HttpPlugin

Create report

Open service 99.83.151.71:443 · api.gohadley.com

2025-12-20 00:08

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: https://www.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Hz7Ifq4VS2UmS3vtnkTMCu2fv8HDyvgOdKPhE0jA60Y%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766189286"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Hz7Ifq4VS2UmS3vtnkTMCu2fv8HDyvgOdKPhE0jA60Y%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766189286"
Server: Heroku
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 72805362-afbb-02ea-9df7-ce728c16c602
X-Runtime: 0.002110
X-Xss-Protection: 0
Date: Sat, 20 Dec 2025 00:08:06 GMT
Content-Length: 91
Connection: close


<html><body>You are being <a href="https://www.gohadley.com/">redirected</a>.</body></html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 13.248.132.87:80 · api.gohadley.com

2025-12-20 00:08

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Location: https://api.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=enwGid9DeRRx7MrzDggqx05el%2FJcx3S2lqJkKNIWYqU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766189288"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=enwGid9DeRRx7MrzDggqx05el%2FJcx3S2lqJkKNIWYqU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766189288"
Server: Heroku
Via: 1.1 heroku-router
Date: Sat, 20 Dec 2025 00:08:08 GMT
Content-Length: 0
Connection: close

Found 2025-12-20 by HttpPlugin

Create report

Open service 75.2.97.79:443 · api.gohadley.com

2025-12-20 00:08

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: https://www.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=kXz75hIMoJwGD41QRggPp62rqnIyJJgHZi63fq8v%2BT4%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766189284"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=kXz75hIMoJwGD41QRggPp62rqnIyJJgHZi63fq8v%2BT4%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766189284"
Server: Heroku
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 2820c6dc-3a65-2604-9c6f-603f01bc1a97
X-Runtime: 0.002856
X-Xss-Protection: 0
Date: Sat, 20 Dec 2025 00:08:04 GMT
Content-Length: 91
Connection: close


<html><body>You are being <a href="https://www.gohadley.com/">redirected</a>.</body></html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 75.2.97.79:80 · api.gohadley.com

2025-12-20 00:08

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Location: https://api.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=enwGid9DeRRx7MrzDggqx05el%2FJcx3S2lqJkKNIWYqU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766189288"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=enwGid9DeRRx7MrzDggqx05el%2FJcx3S2lqJkKNIWYqU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766189288"
Server: Heroku
Via: 1.1 heroku-router
Date: Sat, 20 Dec 2025 00:08:08 GMT
Content-Length: 0
Connection: close

Found 2025-12-20 by HttpPlugin

Create report

Open service 13.248.132.87:443 · api.gohadley.com

2025-12-20 00:08

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: https://www.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=kXz75hIMoJwGD41QRggPp62rqnIyJJgHZi63fq8v%2BT4%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766189284"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=kXz75hIMoJwGD41QRggPp62rqnIyJJgHZi63fq8v%2BT4%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766189284"
Server: Heroku
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: cbf5640f-a25b-ea0d-0f7d-8a77b5d37bb1
X-Runtime: 0.004684
X-Xss-Protection: 0
Date: Sat, 20 Dec 2025 00:08:04 GMT
Content-Length: 91
Connection: close


<html><body>You are being <a href="https://www.gohadley.com/">redirected</a>.</body></html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 35.71.145.101:443 · api.gohadley.com

2025-12-20 00:08

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: https://www.gohadley.com/
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=%2BHRKkmMXi2w9uMOT0yd4DzaHtrFaZrWwCfUbfjzNxAA%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766189285"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=%2BHRKkmMXi2w9uMOT0yd4DzaHtrFaZrWwCfUbfjzNxAA%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766189285"
Server: Heroku
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: c17ab70b-c820-e4d8-a5d3-e12c7a5a20c6
X-Runtime: 0.002121
X-Xss-Protection: 0
Date: Sat, 20 Dec 2025 00:08:05 GMT
Content-Length: 91
Connection: close


<html><body>You are being <a href="https://www.gohadley.com/">redirected</a>.</body></html>

Found 2025-12-20 by HttpPlugin

Create report

api.gohadley.com

Fingerprint:

17835b50ec1f1e65efb3cbeb21422bdb3069d05f68efdb16bab1ee689472254b

CN:

api.gohadley.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-19 23:09

Not after:

2026-03-19 23:09

Domain summary

api.gohadley.com 12

1 recorded

IP summary

13.248.132.87 2 35.71.145.101 1 99.83.151.71 1 75.2.97.79 1

4 recorded

Domain api.gohadley.com

United States

Software information

GraphQL introspection is enabled.

api.gohadley.com

Domain summary

IP summary