LeakIX - Host test.api.intergasxpert.nl

Domain test.api.intergasxpert.nl

United States

AMAZON-02

Software information

Heroku

tcp/443

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 76.223.11.49
Domain: test.api.intergasxpert.nl
Port: 443
URL: https://test.api.intergasxpert.nl

First seen 2025-12-02 00:52
Last seen 2026-01-02 23:38
Open for 31 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa390791a358f929cb7685db2d13acaeabce5cb7398

GraphQL introspection enabled at /graphql
Types: 190 (by kind: ENUM: 28, INPUT_OBJECT: 30, INTERFACE: 7, OBJECT: 117, SCALAR: 6, UNION: 2)
Operations:
- Query: Query | fields: faq, getCountries, lookupDutchAddress, randomFaq, searchFaqs
- Mutation: Mutation | fields: addOrUpdateTrainingRelation, deleteTrainingRelation, redeemCoupon, registerForTraining, signUpForTraining
Directives: auth, deprecated, include, oneOf, skip, specifiedBy, trim (total: 7)

Found on 2026-01-02 23:38

264.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db84e0e350b2f9387ac031512a87f20fe29145a9433ed33d47

GraphQL introspection enabled at /api
Types: 190 (by kind: ENUM: 28, INPUT_OBJECT: 30, INTERFACE: 7, OBJECT: 117, SCALAR: 6, UNION: 2)
Operations:
- Query: Query | fields: faq, getCountries, lookupDutchAddress, randomFaq, searchFaqs
- Mutation: Mutation | fields: addOrUpdateTrainingRelation, deleteTrainingRelation, redeemCoupon, registerForTraining, signUpForTraining
Directives: auth, deprecated, include, oneOf, skip, specifiedBy, trim (total: 7)

Found on 2025-12-05 00:00

264.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
Found on 2025-12-05 00:00

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3e41399e61e08b8968a0c3716da7567af6bda3693

GraphQL introspection enabled at /graphql
Types: 189 (by kind: ENUM: 28, INPUT_OBJECT: 30, INTERFACE: 7, OBJECT: 116, SCALAR: 6, UNION: 2)
Operations:
- Query: Query | fields: faq, getCountries, lookupDutchAddress, randomFaq, searchFaqs
- Mutation: Mutation | fields: addOrUpdateTrainingRelation, deleteTrainingRelation, redeemCoupon, registerForTraining, signUpForTraining
Directives: auth, deprecated, include, oneOf, skip, specifiedBy, trim (total: 7)

Found on 2025-12-02 00:52

262.9 kBytes

Create report

Open service 76.223.11.49:443 · test.api.intergasxpert.nl

2026-01-10 02:15

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 406
Content-Type: application/json; charset=utf-8
Date: Sat, 10 Jan 2026 02:15:40 GMT
Etag: W/"196-HUCJKwlQurC5GNaaJnH0d+HOnRw"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=jetYGI05tTp1RUPPCIpsbEjSn6YeWgO%2B8GAc21Ok99w%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1768011340"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=jetYGI05tTp1RUPPCIpsbEjSn6YeWgO%2B8GAc21Ok99w%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1768011340"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST"}}]}

Found 2026-01-10 by HttpPlugin

Create report

Open service 76.223.11.49:443 · test.api.intergasxpert.nl

2026-01-02 23:38

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 406
Content-Type: application/json; charset=utf-8
Date: Fri, 02 Jan 2026 23:38:22 GMT
Etag: W/"196-HUCJKwlQurC5GNaaJnH0d+HOnRw"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=jfLVuCfr6SQJH6MglKsOaHm6oY%2FIjMw1zrnkUwHeLu4%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767397102"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=jfLVuCfr6SQJH6MglKsOaHm6oY%2FIjMw1zrnkUwHeLu4%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767397102"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST"}}]}

Found 2026-01-02 by HttpPlugin

Create report

Open service 76.223.11.49:443 · test.api.intergasxpert.nl

2025-12-23 09:33

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 406
Content-Type: application/json; charset=utf-8
Date: Tue, 23 Dec 2025 09:33:51 GMT
Etag: W/"196-HUCJKwlQurC5GNaaJnH0d+HOnRw"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=W4Ruyf8SndU7B3A3izoDwFSQwdVty3oGEMnZ5syIAqE%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766482431"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=W4Ruyf8SndU7B3A3izoDwFSQwdVty3oGEMnZ5syIAqE%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766482431"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST"}}]}

Found 2025-12-23 by HttpPlugin

Create report

Open service 76.223.11.49:443 · test.api.intergasxpert.nl

2025-12-21 04:52

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Content-Length: 406
Content-Type: application/json; charset=utf-8
Date: Sun, 21 Dec 2025 04:52:45 GMT
Etag: W/"196-HUCJKwlQurC5GNaaJnH0d+HOnRw"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=0uc%2BaiqMrsLt0Dbfi%2FhYdjwpvKkwA92nhBkHKQhxGHg%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766292765"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=0uc%2BaiqMrsLt0Dbfi%2FhYdjwpvKkwA92nhBkHKQhxGHg%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766292765"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST"}}]}

Found 2025-12-21 by HttpPlugin

Create report

test.api.intergasxpert.nl

Fingerprint:

8705bca4a7188cc5f5eaebff9853d3375d506747daf3c7aa9856f16baa33f2bf

CN:

test.api.intergasxpert.nl

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-01 23:54

Not after:

2026-03-01 23:54

Domain summary

test.api.intergasxpert.nl 7

1 recorded

IP summary

76.223.11.49 2 75.2.43.161 1 15.197.129.158 1

3 recorded