Domain bff.develop.cp4l.ecpplatform.com
United States
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
IP: 52.85.65.88
Domain: bff.develop.cp4l.ecpplatform.com
Port: 443
URL: https://bff.develop.cp4l.ecpplatform.comFirst seen 2025-10-20 05:06
Last seen 2026-01-03 01:00
Open for 74 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa34dd291ac342ac9b0ed71c42e51d0f256c0a1ac28GraphQL introspection enabled at /graphql Types: 276 (by kind: ENUM: 18, INPUT_OBJECT: 87, INTERFACE: 1, OBJECT: 158, SCALAR: 7, UNION: 5) Operations: - Query: Query | fields: componentListByPlateNumber, findByPlateNumber, manufactures, models, vehicleLookup - Mutation: Mutation | fields: addToShoppingList, backInStockNotification, createShoppingList, removeFromShoppingList, submitReturnRequest Directives: auth, cacheControl, deprecated, include, key, recaptcha, skip, specifiedBy (total: 8) Detected: Magento
Found on 2026-01-03 01:00276.9 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa34dd291ac342ac9b0ed71c42e51d0f2561bced215GraphQL introspection enabled at /graphql Types: 276 (by kind: ENUM: 18, INPUT_OBJECT: 87, INTERFACE: 1, OBJECT: 158, SCALAR: 7, UNION: 5) Operations: - Query: Query | fields: componentListByPlateNumber, findByPlateNumber, manufactures, models, vehicleLookup - Mutation: Mutation | fields: addToShoppingList, backInStockNotification, createShoppingList, removeFromShoppingList, submitReturnRequest Directives: auth, cacheControl, deprecated, include, key, recaptcha, skip, specifiedBy (total: 8)
Found on 2025-12-01 15:04276.3 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3GraphQL introspection enabled at /graphql
Found on 2025-11-22 19:36 -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa385e585740e1d29788ff401b6e7cd0a1ef33e4fbdGraphQL introspection enabled at /graphql Types: 275 (by kind: ENUM: 18, INPUT_OBJECT: 87, INTERFACE: 1, OBJECT: 157, SCALAR: 7, UNION: 5) Operations: - Query: Query | fields: componentListByPlateNumber, findByPlateNumber, manufactures, models, vehicleLookup - Mutation: Mutation | fields: addToShoppingList, backInStockNotification, createShoppingList, removeFromShoppingList, submitReturnRequest Directives: auth, cacheControl, deprecated, include, key, recaptcha, skip, specifiedBy (total: 8)
Found on 2025-11-16 06:18275.4 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d8e3c7c8f0163a6cc3f49492743f8ab201c633b9GraphQL introspection enabled at /graphql Types: 273 (by kind: ENUM: 18, INPUT_OBJECT: 86, INTERFACE: 1, OBJECT: 156, SCALAR: 7, UNION: 5) Operations: - Query: Query | fields: componentListByPlateNumber, findByPlateNumber, manufactures, models, vehicleLookup - Mutation: Mutation | fields: addToShoppingList, backInStockNotification, createShoppingList, removeFromShoppingList, submitReturnRequest Directives: auth, cacheControl, deprecated, include, key, recaptcha, skip, specifiedBy (total: 8)
Found on 2025-11-12 10:04273.6 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3aa1be501abef14833e3388c737b82e8b4361a4caGraphQL introspection enabled at /graphql Types: 268 (by kind: ENUM: 18, INPUT_OBJECT: 85, INTERFACE: 1, OBJECT: 152, SCALAR: 7, UNION: 5) Operations: - Query: Query | fields: componentListByPlateNumber, findByPlateNumber, manufactures, models, vehicleLookup - Mutation: Mutation | fields: addToShoppingList, backInStockNotification, createShoppingList, removeFromShoppingList, submitReturnRequest Directives: auth, cacheControl, deprecated, include, key, recaptcha, skip, specifiedBy (total: 8)
Found on 2025-11-02 22:16267.6 kBytes
-
-
Open service 52.85.65.88:443 · bff.develop.cp4l.ecpplatform.com
2026-01-09 20:07
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=utf-8 Content-Length: 1664 Connection: close Date: Fri, 09 Jan 2026 20:07:23 GMT ETag: W/"680-oZHj5UwSMJUEBmPz3iTo2LxkPR0" X-Powered-By: Express Access-Control-Allow-Origin: * X-Cache: Error from cloudfront Via: 1.1 46c3758fe9f61dd7b7147a33bc20d9ea.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P6 X-Amz-Cf-Id: uZbtaK6J3f7TGuB4l73OfqndA_Litlvp0CGY-cVKygD_yVVLBF56rQ== Strict-Transport-Security: max-age=63072000; includeSubDomains; preload {"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST","stacktrace":["BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",""," at new GraphQLErrorWithCode (/app/node_modules/.pnpm/@apollo+server@5.2.0_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:10:9)"," at new BadRequestError (/app/node_modules/.pnpm/@apollo+server@5.2.0_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:84:9)"," at preventCsrf (/app/node_modules/.pnpm/@apollo+server@5.2.0_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/preventCsrf.js:36:11)"," at ApolloServer.executeHTTPGraphQLRequest (/app/node_modules/.pnpm/@apollo+server@5.2.0_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/ApolloServer.js:567:50)"," at process.processTicksAndRejections (node:internal/process/task_queues:105:5)"," at async /app/node_modules/.pnpm/@as-integrations+express5@1.0.0_@apollo+server@5.2.0_express@5.0.0/node_modules/@as-integrations/express5/dist/index.js:29:37"]}}]}Found 2026-01-09 by HttpPluginCreate report
-
Open service 52.85.65.88:443 · bff.develop.cp4l.ecpplatform.com
2026-01-03 01:00
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=utf-8 Content-Length: 1503 Connection: close Date: Sat, 03 Jan 2026 01:00:39 GMT ETag: W/"5df-HULXL0WYvuLH9aGFb3ScW/kcdBE" X-Powered-By: Express Access-Control-Allow-Origin: * X-Cache: Error from cloudfront Via: 1.1 aa80856e4ab1425bca16fde063f31814.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P6 X-Amz-Cf-Id: Pe4rQs7kP1jHJbqpX8d9nrGY5pmDJY-G3tljNjEOY9-S01dX5qwn8Q== Strict-Transport-Security: max-age=63072000; includeSubDomains; preload {"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST","stacktrace":["BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",""," at new GraphQLErrorWithCode (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:10:9)"," at new BadRequestError (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:84:9)"," at preventCsrf (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/preventCsrf.js:35:11)"," at ApolloServer.executeHTTPGraphQLRequest (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/ApolloServer.js:536:50)"," at process.processTicksAndRejections (node:internal/process/task_queues:105:5)"]}}]}Found 2026-01-03 by HttpPluginCreate report
-
Open service 52.85.65.88:443 · bff.develop.cp4l.ecpplatform.com
2025-12-30 14:57
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=utf-8 Content-Length: 1503 Connection: close Date: Tue, 30 Dec 2025 14:57:23 GMT ETag: W/"5df-HULXL0WYvuLH9aGFb3ScW/kcdBE" X-Powered-By: Express Access-Control-Allow-Origin: * X-Cache: Error from cloudfront Via: 1.1 9dd3685eb51bb09781f673d8a8f1a6c4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P6 X-Amz-Cf-Id: y1xjb38f0AN64fdo1M-qeWC7qfUc53EGyAJPEwXkaIYk0higqjBWFg== Strict-Transport-Security: max-age=63072000; includeSubDomains; preload {"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST","stacktrace":["BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",""," at new GraphQLErrorWithCode (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:10:9)"," at new BadRequestError (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:84:9)"," at preventCsrf (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/preventCsrf.js:35:11)"," at ApolloServer.executeHTTPGraphQLRequest (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/ApolloServer.js:536:50)"," at process.processTicksAndRejections (node:internal/process/task_queues:105:5)"]}}]}Found 2025-12-30 by HttpPluginCreate report
-
Open service 52.85.65.88:443 · bff.develop.cp4l.ecpplatform.com
2025-12-22 10:11
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=utf-8 Content-Length: 1503 Connection: close Date: Mon, 22 Dec 2025 10:11:28 GMT ETag: W/"5df-HULXL0WYvuLH9aGFb3ScW/kcdBE" X-Powered-By: Express Access-Control-Allow-Origin: * X-Cache: Error from cloudfront Via: 1.1 799a7df2b90bf4910cc065d26b088a04.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P6 X-Amz-Cf-Id: LTe0xcmGHxwrkQDozDnbhR0OEimor3zSXb-qPbeuNre24ujfwVJWXg== Strict-Transport-Security: max-age=63072000; includeSubDomains; preload {"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST","stacktrace":["BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",""," at new GraphQLErrorWithCode (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:10:9)"," at new BadRequestError (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:84:9)"," at preventCsrf (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/preventCsrf.js:35:11)"," at ApolloServer.executeHTTPGraphQLRequest (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/ApolloServer.js:536:50)"," at process.processTicksAndRejections (node:internal/process/task_queues:105:5)"]}}]}Found 2025-12-22 by HttpPluginCreate report
-
Open service 52.85.65.88:443 · bff.develop.cp4l.ecpplatform.com
2025-12-21 11:34
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=utf-8 Content-Length: 1503 Connection: close Date: Sun, 21 Dec 2025 11:34:16 GMT ETag: W/"5df-HULXL0WYvuLH9aGFb3ScW/kcdBE" X-Powered-By: Express Access-Control-Allow-Origin: * X-Cache: Error from cloudfront Via: 1.1 37e423fd0afc1d9345b73ddf180cdd6a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P6 X-Amz-Cf-Id: rj7hMmzt0wH2dm83lbt_AvS9PIgaPj8blJnWxLCJZuZhoHi5NpS8Vg== Strict-Transport-Security: max-age=63072000; includeSubDomains; preload {"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST","stacktrace":["BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",""," at new GraphQLErrorWithCode (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:10:9)"," at new BadRequestError (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:84:9)"," at preventCsrf (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/preventCsrf.js:35:11)"," at ApolloServer.executeHTTPGraphQLRequest (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/ApolloServer.js:536:50)"," at process.processTicksAndRejections (node:internal/process/task_queues:105:5)"]}}]}Found 2025-12-21 by HttpPluginCreate report
-
Open service 52.85.65.88:443 · bff.develop.cp4l.ecpplatform.com
2025-12-19 06:09
HTTP/1.1 400 Bad Request Content-Type: application/json; charset=utf-8 Content-Length: 1503 Connection: close Date: Fri, 19 Dec 2025 06:09:40 GMT ETag: W/"5df-HULXL0WYvuLH9aGFb3ScW/kcdBE" X-Powered-By: Express Access-Control-Allow-Origin: * X-Cache: Error from cloudfront Via: 1.1 0ef755569b0bb31a32a90b7cdddb6f18.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P6 X-Amz-Cf-Id: uGqfuOJ0sZgGpVnQGSMfYfDWp8-S0OuVnuKnUJbcX7q0HZJUavq6eg== Strict-Transport-Security: max-age=63072000; includeSubDomains; preload {"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST","stacktrace":["BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",""," at new GraphQLErrorWithCode (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:10:9)"," at new BadRequestError (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/internalErrorClasses.js:84:9)"," at preventCsrf (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/preventCsrf.js:35:11)"," at ApolloServer.executeHTTPGraphQLRequest (/app/node_modules/.pnpm/@apollo+server@4.11.2_graphql@16.8.1/node_modules/@apollo/server/dist/cjs/ApolloServer.js:536:50)"," at process.processTicksAndRejections (node:internal/process/task_queues:105:5)"]}}]}Found 2025-12-19 by HttpPluginCreate report