LeakIX - Host api.stage.affectifi.com

Domain api.stage.affectifi.com

United States

AMAZON-02

Software information

Heroku

tcp/443

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 13.248.132.87
Domain: api.stage.affectifi.com
Port: 443
URL: https://api.stage.affectifi.com

First seen 2025-11-21 04:19
Last seen 2026-01-02 15:37
Open for 42 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa34d09b6c5aea9250722908ad43bad0affb6ac56c3

GraphQL introspection enabled at /graphql
Types: 353 (by kind: ENUM: 2, INPUT_OBJECT: 76, OBJECT: 268, SCALAR: 7)
Operations:
- Query: Query | fields: achievements, action_tendencies, appraisal, appraisals_by_participant, belief
- Mutation: Mutations | fields: action_tendency_delete, action_tendency_save, admin_login, invite_code_activation, sign_up
Directives: include, skip (total: 2)

Found on 2026-01-02 15:37

417.4 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa38dc0c273c368cff15874643aa542c9fd1216f979

GraphQL introspection enabled at /graphql
Types: 352 (by kind: ENUM: 2, INPUT_OBJECT: 75, OBJECT: 268, SCALAR: 7)
Operations:
- Query: Query | fields: achievements, action_tendencies, appraisal, appraisals_by_participant, belief
- Mutation: Mutations | fields: action_tendency_delete, action_tendency_save, admin_login, invite_code_activation, sign_up
Directives: include, skip (total: 2)

Found on 2025-12-24 20:29

415.5 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
Found on 2025-11-24 10:43

Create report

Open service 13.248.132.87:443 · api.stage.affectifi.com

2026-01-09 12:19

HTTP/1.1 404 Not Found
Content-Length: 61
Content-Security-Policy: default-src 'self'; object-src 'none'
Content-Type: application/json
Date: Fri, 09 Jan 2026 12:19:11 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Permissions-Policy: browsing-topics=()
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=kYP%2BfPX71RnNJDVifralDJvLsJv1JQViTD%2FgfZDwkW4%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767961151"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=kYP%2BfPX71RnNJDVifralDJvLsJv1JQViTD%2FgfZDwkW4%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767961151"
Server: Heroku
Strict-Transport-Security: max-age=31556926; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Connection: close


{"message":"The requested URL was not found on the server."}

Found 2026-01-09 by HttpPlugin

Create report

Open service 13.248.132.87:443 · api.stage.affectifi.com

2026-01-02 15:37

HTTP/1.1 404 Not Found
Content-Length: 61
Content-Security-Policy: default-src 'self'; object-src 'none'
Content-Type: application/json
Date: Fri, 02 Jan 2026 15:37:17 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Permissions-Policy: browsing-topics=()
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=tuYYOV0EsB9G2uonY86AeuIxeAyL5RPESj2smzeVnRw%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767368237"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=tuYYOV0EsB9G2uonY86AeuIxeAyL5RPESj2smzeVnRw%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767368237"
Server: Heroku
Strict-Transport-Security: max-age=31556926; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Connection: close


{"message":"The requested URL was not found on the server."}

Found 2026-01-02 by HttpPlugin

Create report

Open service 13.248.132.87:443 · api.stage.affectifi.com

2025-12-26 22:34

HTTP/1.1 404 Not Found
Content-Length: 61
Content-Security-Policy: default-src 'self'; object-src 'none'
Content-Type: application/json
Date: Fri, 26 Dec 2025 22:34:05 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Permissions-Policy: browsing-topics=()
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=jlrnHW4mKZmhf%2F3x4Ft0z176CLvklTRQH0KZbfvcYmo%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766788445"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=jlrnHW4mKZmhf%2F3x4Ft0z176CLvklTRQH0KZbfvcYmo%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766788445"
Server: Heroku
Strict-Transport-Security: max-age=31556926; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Connection: close


{"message":"The requested URL was not found on the server."}

Found 2025-12-26 by HttpPlugin

Create report

Open service 13.248.132.87:443 · api.stage.affectifi.com

2025-12-23 01:13

HTTP/1.1 404 Not Found
Content-Length: 61
Content-Security-Policy: default-src 'self'; object-src 'none'
Content-Type: application/json
Date: Tue, 23 Dec 2025 01:13:47 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Permissions-Policy: browsing-topics=()
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=i5ZssRJFpVpWIPNLVSx8VS%2FlMfv2TyVi9RgKL2r0EQA%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766452427"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=i5ZssRJFpVpWIPNLVSx8VS%2FlMfv2TyVi9RgKL2r0EQA%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766452427"
Server: Heroku
Strict-Transport-Security: max-age=31556926; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Connection: close


{"message":"The requested URL was not found on the server."}

Found 2025-12-23 by HttpPlugin

Create report

Open service 13.248.132.87:443 · api.stage.affectifi.com

2025-12-21 09:15

HTTP/1.1 404 Not Found
Content-Length: 61
Content-Security-Policy: default-src 'self'; object-src 'none'
Content-Type: application/json
Date: Sun, 21 Dec 2025 09:15:11 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Permissions-Policy: browsing-topics=()
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=iIHt7bPZ3ys%2BAK9onFla8ThyocIQIycLdMd5fNljgN0%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766308511"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=iIHt7bPZ3ys%2BAK9onFla8ThyocIQIycLdMd5fNljgN0%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766308511"
Server: Heroku
Strict-Transport-Security: max-age=31556926; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Connection: close


{"message":"The requested URL was not found on the server."}

Found 2025-12-21 by HttpPlugin

Create report

Open service 13.248.132.87:443 · api.stage.affectifi.com

2025-12-19 02:20

HTTP/1.1 404 Not Found
Content-Length: 61
Content-Security-Policy: default-src 'self'; object-src 'none'
Content-Type: application/json
Date: Fri, 19 Dec 2025 02:20:02 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Permissions-Policy: browsing-topics=()
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=VmfDD0qOIWmPTloPsFJrhgcSTM8jbtAvx1cSyUDZhks%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766110802"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=VmfDD0qOIWmPTloPsFJrhgcSTM8jbtAvx1cSyUDZhks%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766110802"
Server: Heroku
Strict-Transport-Security: max-age=31556926; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Connection: close


{"message":"The requested URL was not found on the server."}

Found 2025-12-19 by HttpPlugin

Create report

api.stage.affectifi.com

Fingerprint:

d178728974f1602333ea29a2272af036f8c725334a25bb519015a32e3d3d49cb

CN:

api.stage.affectifi.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-21 03:20

Not after:

2026-02-19 03:20

Domain summary

api.stage.affectifi.com 8

1 recorded

IP summary

13.248.132.87 2

1 recorded

© 2026 LeakIX v2.0.49
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice