LeakIX - Host api.textbasedadventures.com

Domain api.textbasedadventures.com

United States

GOOGLE-CLOUD-PLATFORM

Software information

deno gcp-europe-west2

tcp/443

deno gcp-us-east4

tcp/443

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 34.120.54.55
Domain: www.api.textbasedadventures.com
Port: 443
URL: https://www.api.textbasedadventures.com

First seen 2025-10-18 08:00
Last seen 2026-02-11 16:25
Open for 116 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3a3d27671a9660cf3d4f276dce602bf017e016d85

GraphQL introspection enabled at /graphql
Types: 35 (by kind: ENUM: 8, OBJECT: 23, SCALAR: 4)
Operations:
- Query: Query | fields: adminData, adventure, currentUser, edge, instance
- Mutation: Mutation | fields: createAdventure, createEdge, createNode, deleteAdventure, deleteCurrentUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 0

Found on 2026-02-11 16:25

47.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db84e0e350ea72115ca13ed1e0f36600e39cfc8fd671f870d6

GraphQL introspection enabled at /api
Types: 35 (by kind: ENUM: 8, OBJECT: 23, SCALAR: 4)
Operations:
- Query: Query | fields: adminData, adventure, currentUser, edge, instance
- Mutation: Mutation | fields: createAdventure, createEdge, createNode, deleteAdventure, deleteCurrentUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 0

Found on 2025-11-01 03:39

47.8 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 34.120.54.55
Domain: api.textbasedadventures.com
Port: 443
URL: https://api.textbasedadventures.com

First seen 2025-10-18 07:51
Last seen 2026-02-09 19:27
Open for 114 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3a3d27671a9660cf3d4f276dce602bf017e016d85

GraphQL introspection enabled at /graphql
Types: 35 (by kind: ENUM: 8, OBJECT: 23, SCALAR: 4)
Operations:
- Query: Query | fields: adminData, adventure, currentUser, edge, instance
- Mutation: Mutation | fields: createAdventure, createEdge, createNode, deleteAdventure, deleteCurrentUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 0

Found on 2026-02-09 19:27

47.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db84e0e350ea72115ca13ed1e0f36600e39cfc8fd671f870d6

GraphQL introspection enabled at /api
Types: 35 (by kind: ENUM: 8, OBJECT: 23, SCALAR: 4)
Operations:
- Query: Query | fields: adminData, adventure, currentUser, edge, instance
- Mutation: Mutation | fields: createAdventure, createEdge, createNode, deleteAdventure, deleteCurrentUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 0

Found on 2025-12-24 14:18

47.8 kBytes

Create report

Open service 34.120.54.55:443 · www.api.textbasedadventures.com

2026-01-23 06:35

HTTP/1.1 400 Bad Request
x-powered-by: Express
access-control-allow-origin: *
x-clerk-auth-reason: session-token-and-uat-missing
x-clerk-auth-status: signed-out
content-type: application/json; charset=utf-8
content-length: 1420
etag: W/"58c-ZzELaSM9oyh1LiWo/0kHSQMbFUQ"
vary: Accept-Encoding
connection: close
date: Fri, 23 Jan 2026 06:35:03 GMT
via: http/1.1 edgeproxy-h
server: deno/gcp-europe-west2


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST","stacktrace":["BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight","","    at new GraphQLErrorWithCode (file:///node_modules/.deno/@apollo+server@4.11.2/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)","    at new BadRequestError (file:///node_modules/.deno/@apollo+server@4.11.2/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)","    at preventCsrf (file:///node_modules/.deno/@apollo+server@4.11.2/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)","    at ApolloServer.executeHTTPGraphQLRequest (file:///node_modules/.deno/@apollo+server@4.11.2/node_modules/@apollo/server/dist/esm/ApolloServer.js:507:17)","    at eventLoopTick (ext:core/01_core.js:178:7)"]}}]}

Found 2026-01-23 by HttpPlugin

Create report

Open service 34.120.54.55:443 · api.textbasedadventures.com

2026-01-23 05:55

HTTP/1.1 400 Bad Request
x-powered-by: Express
access-control-allow-origin: *
x-clerk-auth-reason: session-token-and-uat-missing
x-clerk-auth-status: signed-out
content-type: application/json; charset=utf-8
content-length: 1420
etag: W/"58c-ZzELaSM9oyh1LiWo/0kHSQMbFUQ"
vary: Accept-Encoding
connection: close
date: Fri, 23 Jan 2026 05:55:21 GMT
via: http/1.1 edgeproxy-h
server: deno/gcp-us-east4


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST","stacktrace":["BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight","","    at new GraphQLErrorWithCode (file:///node_modules/.deno/@apollo+server@4.11.2/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)","    at new BadRequestError (file:///node_modules/.deno/@apollo+server@4.11.2/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)","    at preventCsrf (file:///node_modules/.deno/@apollo+server@4.11.2/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)","    at ApolloServer.executeHTTPGraphQLRequest (file:///node_modules/.deno/@apollo+server@4.11.2/node_modules/@apollo/server/dist/esm/ApolloServer.js:507:17)","    at eventLoopTick (ext:core/01_core.js:178:7)"]}}]}

Found 2026-01-23 by HttpPlugin

Create report

www.api.textbasedadventures.com

Fingerprint:

628531c61c299a3da899b89e70aef2f427fc22eb563188d4de2eaa771c9bacd2

CN:

www.api.textbasedadventures.com

Key:

ECDSA-256

Issuer:

Not before:

2025-12-13 15:28

Not after:

2026-03-13 15:28

api.textbasedadventures.com

Fingerprint:

f49f44b1345cfa73bb860ad59bb4c893e3efe90ff0565f0c3279e6fc713d3fcf

CN:

api.textbasedadventures.com

Key:

ECDSA-256

Issuer:

Not before:

2025-12-13 15:27

Not after:

2026-03-13 15:27

Domain summary

www.api.textbasedadventures.com 2 api.textbasedadventures.com 2

2 recorded

IP summary

34.120.54.55 4

1 recorded