LeakIX - Host graphql.td.org

Domain graphql.td.org

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 75.2.60.68
Domain: graphql.td.org
Port: 443
URL: https://graphql.td.org

First seen 2025-12-02 00:52
Last seen 2026-01-02 22:16
Open for 31 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3c1ce71c0d8dfba0404fd84bcc66bf77513a91101
```
GraphQL introspection enabled at /graphql
Types: 236 (by kind: ENUM: 27, INPUT_OBJECT: 54, INTERFACE: 8, OBJECT: 141, SCALAR: 6)
Operations:
- Query: Query | fields: order, orderInfo, orderInvoiceUrl, orders, user
- Mutation: Mutation | fields: updateEmail, userEducationUpsert, userJobUpdate, userProfileUpdate, userUpsert
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 22:16
  
  335.5 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.220.108
Domain: graphql.td.org
Port: 80
URL: http://graphql.td.org

First seen 2025-12-02 00:52
Last seen 2026-01-02 02:38
Open for 31 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3c1ce71c0d8dfba0404fd84bcc66bf77513a91101
```
GraphQL introspection enabled at /graphql
Types: 236 (by kind: ENUM: 27, INPUT_OBJECT: 54, INTERFACE: 8, OBJECT: 141, SCALAR: 6)
Operations:
- Query: Query | fields: order, orderInfo, orderInvoiceUrl, orders, user
- Mutation: Mutation | fields: updateEmail, userEducationUpsert, userJobUpdate, userProfileUpdate, userUpsert
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 02:38
  
  335.5 kBytes
Create report

Open service 75.2.60.68:443 · graphql.td.org

2026-01-09 19:40

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Jan 2026 19:40:24 GMT
Etag: W/"155-i0kS0ZxJHXUiOj0lodWvBLh17Z8"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=oiLiFWDxc3gv7Ut7j6%2BNLDHK8mcFjwx9YiX7ZZ6kFcE%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767987624"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=oiLiFWDxc3gv7Ut7j6%2BNLDHK8mcFjwx9YiX7ZZ6kFcE%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767987624"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
Connection: close


This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight

Found 2026-01-09 by HttpPlugin

Create report

Open service 99.83.220.108:80 · graphql.td.org

2026-01-09 12:13

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Jan 2026 12:14:16 GMT
Etag: W/"155-i0kS0ZxJHXUiOj0lodWvBLh17Z8"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=wd5SFQeHXDg12VLnjgPO21raOi4K8FtoIw2WVU%2BKCd0%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767960856"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=wd5SFQeHXDg12VLnjgPO21raOi4K8FtoIw2WVU%2BKCd0%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767960856"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
Connection: close


This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight

Found 2026-01-09 by HttpPlugin

Create report

Open service 75.2.60.68:443 · graphql.td.org

2026-01-02 22:16

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jan 2026 22:17:00 GMT
Etag: W/"155-i0kS0ZxJHXUiOj0lodWvBLh17Z8"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=jftyuynLic5ncicI%2BEB7bJ7D4uJ4YBZWMgKo9Tra81g%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767392220"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=jftyuynLic5ncicI%2BEB7bJ7D4uJ4YBZWMgKo9Tra81g%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767392220"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
Connection: close


This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.220.108:80 · graphql.td.org

2026-01-02 02:38

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jan 2026 02:38:27 GMT
Etag: W/"155-i0kS0ZxJHXUiOj0lodWvBLh17Z8"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=jvKRoGrVqgRz659te13VuuzUEBk%2B7WaWpYnohw1VbvI%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767321507"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=jvKRoGrVqgRz659te13VuuzUEBk%2B7WaWpYnohw1VbvI%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767321507"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
Connection: close


This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.220.108:80 · graphql.td.org

2025-12-30 10:50

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Tue, 30 Dec 2025 10:50:20 GMT
Etag: W/"155-i0kS0ZxJHXUiOj0lodWvBLh17Z8"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hy7nVZ81jBL%2FQa58Ok1iwUxSgJMmWTl0hsK0lo9bKZc%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767091820"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hy7nVZ81jBL%2FQa58Ok1iwUxSgJMmWTl0hsK0lo9bKZc%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767091820"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
Connection: close


This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight

Found 2025-12-30 by HttpPlugin

Create report

Open service 75.2.60.68:443 · graphql.td.org

2025-12-23 06:52

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Dec 2025 06:52:12 GMT
Etag: W/"155-i0kS0ZxJHXUiOj0lodWvBLh17Z8"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=YCz8uqdw1WtcSy%2FGYwM9EXGPg%2F61pe8XbqSrCkGU7bU%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766472732"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=YCz8uqdw1WtcSy%2FGYwM9EXGPg%2F61pe8XbqSrCkGU7bU%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766472732"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
Connection: close


This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight

Found 2025-12-23 by HttpPlugin

Create report

Open service 99.83.220.108:80 · graphql.td.org

2025-12-23 00:44

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Dec 2025 00:44:25 GMT
Etag: W/"155-i0kS0ZxJHXUiOj0lodWvBLh17Z8"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=7eDBQ0rGVg06TxfdAm1oLHiEG0ctqfy0scZg9qJExn4%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766450665"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=7eDBQ0rGVg06TxfdAm1oLHiEG0ctqfy0scZg9qJExn4%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766450665"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
Connection: close


This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight

Found 2025-12-23 by HttpPlugin

Create report

Open service 75.2.60.68:443 · graphql.td.org

2025-12-21 00:31

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Sun, 21 Dec 2025 00:31:07 GMT
Etag: W/"155-i0kS0ZxJHXUiOj0lodWvBLh17Z8"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=8rWALeeH0l70aU73uAlwzGdsstPje7241xXEzOZw6%2B8%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766277067"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=8rWALeeH0l70aU73uAlwzGdsstPje7241xXEzOZw6%2B8%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766277067"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
Connection: close


This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight

Found 2025-12-21 by HttpPlugin

Create report

Open service 99.83.220.108:80 · graphql.td.org

2025-12-20 23:04

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Sat, 20 Dec 2025 23:04:04 GMT
Etag: W/"155-i0kS0ZxJHXUiOj0lodWvBLh17Z8"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=o11vsWXSbAif4soqp2m%2BtfyemBwoBN8OwpM2ID%2BLPoI%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766271844"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=o11vsWXSbAif4soqp2m%2BtfyemBwoBN8OwpM2ID%2BLPoI%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766271844"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
Connection: close


This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight

Found 2025-12-20 by HttpPlugin

Create report

graphql.td.org

Fingerprint:

b8ce1068497b8e7887e9178028daf96391683283309b16f46eb2d6a4145f24c3

CN:

graphql.td.org

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-01 23:54

Not after:

2026-03-01 23:54

Domain summary

graphql.td.org 10

1 recorded

IP summary

75.2.60.68 1 99.83.220.108 1

2 recorded

Domain graphql.td.org

United States

Software information

GraphQL introspection is enabled.

GraphQL introspection is enabled.

graphql.td.org

Domain summary

IP summary