Domain backend.app.allactivity.com
United States
Software information
Heroku
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
IP: 99.83.185.157
Domain: backend.app.allactivity.com
Port: 443
URL: https://backend.app.allactivity.comFirst seen 2025-11-23 00:51
Last seen 2026-01-02 15:37
Open for 40 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3f8d4510df5121a2f9ba0029b9865c0bcf74e9a04GraphQL introspection enabled at /graphql Types: 213 (by kind: ENUM: 10, INPUT_OBJECT: 45, OBJECT: 149, SCALAR: 9) Operations: - Query: Query | fields: address, addresses, addressesMeta, billingGeneral, checkInviteAcceptToken - Mutation: Mutation | fields: acceptShareRules, activateClient, activateProject, activateUser, archiveProject Directives: deprecated, include, skip (total: 3)
Found on 2026-01-02 15:37332.9 kBytes
-
-
Open service 99.83.185.157:443 · backend.app.allactivity.com
2026-01-09 12:19
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: sentry-trace, baggage Access-Control-Allow-Origin: https://app.allactivity.com Content-Length: 15 Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' 'cdn.jsdelivr.net';img-src 'self' data: 'cdn.jsdelivr.net';frame-ancestors 'none';default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 12:19:09 GMT Etag: W/"f-t4IpH7tYUEoEIuFUzSQsxU/5hI8" Expect-Ct: max-age=0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=GzCteAdL3dtJQz3OPhLnucNsbgJcWUm7TV7XUbhjZy0%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767961149"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=GzCteAdL3dtJQz3OPhLnucNsbgJcWUm7TV7XUbhjZy0%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767961149" Request-Log-Id: 58831640-57b6-49ec-9071-2097a0698dba Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin, Accept-Encoding Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close <div>API</div>Found 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.185.157:443 · backend.app.allactivity.com
2026-01-02 15:37
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: sentry-trace, baggage Access-Control-Allow-Origin: https://app.allactivity.com Content-Length: 15 Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' 'cdn.jsdelivr.net';img-src 'self' data: 'cdn.jsdelivr.net';frame-ancestors 'none';default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 15:37:17 GMT Etag: W/"f-t4IpH7tYUEoEIuFUzSQsxU/5hI8" Expect-Ct: max-age=0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=S%2FxNz46p855cbpMKRv3RjGb%2BjnwLuT81q%2BxmQ3Lw1%2Fc%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767368237"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=S%2FxNz46p855cbpMKRv3RjGb%2BjnwLuT81q%2BxmQ3Lw1%2Fc%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767368237" Request-Log-Id: 584e69fb-03f2-4f04-a87a-0e5439dd266f Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin, Accept-Encoding Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close <div>API</div>Found 2026-01-02 by HttpPluginCreate report
-
Open service 99.83.185.157:443 · backend.app.allactivity.com
2025-12-26 22:34
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: sentry-trace, baggage Access-Control-Allow-Origin: https://app.allactivity.com Content-Length: 15 Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' 'cdn.jsdelivr.net';img-src 'self' data: 'cdn.jsdelivr.net';frame-ancestors 'none';default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 26 Dec 2025 22:34:03 GMT Etag: W/"f-t4IpH7tYUEoEIuFUzSQsxU/5hI8" Expect-Ct: max-age=0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=agSBgjj7HuUP1vGYio6ZD4IknVMmrUJDideLZC2WFRM%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766788443"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=agSBgjj7HuUP1vGYio6ZD4IknVMmrUJDideLZC2WFRM%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766788443" Request-Log-Id: cebc07e3-17a2-44bf-88ab-65dac4aab771 Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin, Accept-Encoding Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close <div>API</div>Found 2025-12-26 by HttpPluginCreate report
-
Open service 99.83.185.157:443 · backend.app.allactivity.com
2025-12-23 01:13
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: sentry-trace, baggage Access-Control-Allow-Origin: https://app.allactivity.com Content-Length: 15 Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' 'cdn.jsdelivr.net';img-src 'self' data: 'cdn.jsdelivr.net';frame-ancestors 'none';default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 23 Dec 2025 01:13:44 GMT Etag: W/"f-t4IpH7tYUEoEIuFUzSQsxU/5hI8" Expect-Ct: max-age=0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=K4Lm7DrHUuWpliAxQMG4%2B7zrO1pBrjeLw%2B0RK596t04%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766452424"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=K4Lm7DrHUuWpliAxQMG4%2B7zrO1pBrjeLw%2B0RK596t04%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766452424" Request-Log-Id: daebe667-08d8-46a9-a527-866fa605c457 Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin, Accept-Encoding Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close <div>API</div>Found 2025-12-23 by HttpPluginCreate report
-
Open service 99.83.185.157:443 · backend.app.allactivity.com
2025-12-21 09:15
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: sentry-trace, baggage Access-Control-Allow-Origin: https://app.allactivity.com Content-Length: 15 Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' 'cdn.jsdelivr.net';img-src 'self' data: 'cdn.jsdelivr.net';frame-ancestors 'none';default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sun, 21 Dec 2025 09:15:13 GMT Etag: W/"f-t4IpH7tYUEoEIuFUzSQsxU/5hI8" Expect-Ct: max-age=0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=vCjbFmVO3egxWsddfS5iWcke3fHr9GGvV0nb4wninWs%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766308513"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=vCjbFmVO3egxWsddfS5iWcke3fHr9GGvV0nb4wninWs%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766308513" Request-Log-Id: 8d4ef92e-9f49-4f30-b0cf-e5323e1f00b3 Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin, Accept-Encoding Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close <div>API</div>Found 2025-12-21 by HttpPluginCreate report
-
Open service 99.83.185.157:443 · backend.app.allactivity.com
2025-12-19 02:19
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: sentry-trace, baggage Access-Control-Allow-Origin: https://app.allactivity.com Content-Length: 15 Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' 'cdn.jsdelivr.net';img-src 'self' data: 'cdn.jsdelivr.net';frame-ancestors 'none';default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 19 Dec 2025 02:19:59 GMT Etag: W/"f-t4IpH7tYUEoEIuFUzSQsxU/5hI8" Expect-Ct: max-age=0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=2Tp824hITpu8mhfmoUuiIZJq5Rzjxz0H4LUQGDqUuaI%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766110799"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=2Tp824hITpu8mhfmoUuiIZJq5Rzjxz0H4LUQGDqUuaI%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766110799" Request-Log-Id: d49126cb-056a-4d91-9760-466c34e4d963 Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin, Accept-Encoding Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close <div>API</div>Found 2025-12-19 by HttpPluginCreate report