LeakIX - Host 35.154.151.243

Host 35.154.151.243

India

AMAZON-02

Ubuntu

Software information

nginx nginx 1.24.0

tcp/443

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 35.154.151.243
Domain: jambocard.directus.agpro.co.in
Port: 443
URL: https://jambocard.directus.agpro.co.in

First seen 2025-11-30 07:21
Last seen 2026-02-01 18:35
Open for 63 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31b26e8feca52fc2ec8d577803c2ff1251961bf27

GraphQL introspection enabled at /graphql
Types: 361 (by kind: ENUM: 3, INPUT_OBJECT: 88, OBJECT: 260, SCALAR: 10)
Operations:
- Query: Query | fields: direct_social_accounts, direct_social_accounts_aggregated, direct_social_accounts_by_id, direct_social_accounts_by_version, engagement
- Mutation: Mutation | fields: create_engagement_item, create_engagement_items, create_fcm_tokens_items, create_kyc_item, create_kyc_items
- Subscription: Subscription | fields: direct_social_accounts_mutated, engagement_mutated, facebook_mutated, fcm_tokens_mutated, kyc_mutated
Directives: deprecated, include, skip (total: 3)

Readable stores: 0

Found on 2026-02-01 18:35

877.7 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa363502fb3ca3c80b1b1ec44eff0c7a35a7029835a

GraphQL introspection enabled at /graphql
Types: 369 (by kind: ENUM: 3, INPUT_OBJECT: 90, OBJECT: 266, SCALAR: 10)
Operations:
- Query: Query | fields: profile_types, profile_types_aggregated, profile_types_by_id, profile_types_by_version, showcase
- Mutation: Mutation | fields: create_engagement_items, create_profile_types_item, create_profile_types_items, create_social_accounts_item, create_social_accounts_items
- Subscription: Subscription | fields: card_mutated, directus_files_mutated, directus_users_mutated, profile_types_mutated, showcase_mutated
Directives: deprecated, include, skip (total: 3)

Readable stores: 0

Found on 2026-01-23 01:42

896.7 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31deae71e22e2560e1241566ea73f5bb73d094adf

GraphQL introspection enabled at /graphql
Types: 354 (by kind: ENUM: 3, INPUT_OBJECT: 87, OBJECT: 254, SCALAR: 10)
Operations:
- Query: Query | fields: profile_types, profile_types_aggregated, profile_types_by_id, profile_types_by_version, showcase
- Mutation: Mutation | fields: create_engagement_items, create_profile_types_item, create_profile_types_items, create_social_accounts_item, create_social_accounts_items
- Subscription: Subscription | fields: card_mutated, directus_files_mutated, directus_users_mutated, profile_types_mutated, showcase_mutated
Directives: deprecated, include, skip (total: 3)

Readable stores: 0

Found on 2026-01-16 17:48

860.5 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3e2b0dc59d95b7f3b87d9edc44516cb29b9f9564d

GraphQL introspection enabled at /graphql
Types: 318 (by kind: ENUM: 3, INPUT_OBJECT: 80, OBJECT: 225, SCALAR: 10)
Operations:
- Query: Query | fields: card, profile_types, profile_types_aggregated, profile_types_by_id, profile_types_by_version
- Mutation: Mutation | fields: create_engagement_items, create_profile_types_item, create_profile_types_items, create_social_accounts_item, create_social_accounts_items
- Subscription: Subscription | fields: card_account_type_mutated, card_mutated, directus_files_mutated, directus_users_mutated, profile_types_mutated
Directives: deprecated, include, skip (total: 3)

Readable stores: 0

Found on 2026-01-02 09:11

753.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa326d7be88e2234fac8f1c1b1d67ec90acea9e47b6

GraphQL introspection enabled at /graphql
Types: 312 (by kind: ENUM: 3, INPUT_OBJECT: 79, OBJECT: 220, SCALAR: 10)
Operations:
- Query: Query | fields: card, profile_types, profile_types_aggregated, profile_types_by_id, profile_types_by_version
- Mutation: Mutation | fields: create_engagement_items, create_profile_types_item, create_profile_types_items, create_social_accounts_item, create_social_accounts_items
- Subscription: Subscription | fields: card_account_type_mutated, card_mutated, directus_files_mutated, directus_users_mutated, profile_types_mutated
Directives: deprecated, include, skip (total: 3)

Readable stores: 0

Found on 2025-12-26 16:23

736.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa35e4e9e2df7cbee8ff88a8700dded9e9d04625ba9

GraphQL introspection enabled at /graphql
Types: 279 (by kind: ENUM: 3, INPUT_OBJECT: 74, OBJECT: 192, SCALAR: 10)
Operations:
- Query: Query | fields: card, profile_types, profile_types_aggregated, profile_types_by_id, profile_types_by_version
- Mutation: Mutation | fields: create_engagement_items, create_profile_types_item, create_profile_types_items, create_social_accounts_item, create_social_accounts_items
- Subscription: Subscription | fields: card_account_type_mutated, card_mutated, directus_files_mutated, directus_users_mutated, profile_types_mutated
Directives: deprecated, include, skip (total: 3)

Readable stores: 0

Found on 2025-11-30 07:21

637.6 kBytes

Create report

Open service 35.154.151.243:443 · dev.api.jambocard.com

2026-01-23 16:38

HTTP/1.1 302 Found
Server: nginx/1.24.0 (Ubuntu)
Date: Fri, 23 Jan 2026 16:38:20 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Connection: close
Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob: https://raw.githubusercontent.com https://avatars.githubusercontent.com;media-src 'self';connect-src 'self' https://* wss://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Powered-By: Directus
Vary: Origin, Accept
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Location: ./admin


Found. Redirecting to ./admin

Found 2026-01-23 by HttpPlugin

Create report

Open service 35.154.151.243:443 · jambocard.directus.agpro.co.in

2026-01-23 01:42

HTTP/1.1 302 Found
Server: nginx/1.24.0 (Ubuntu)
Date: Fri, 23 Jan 2026 01:42:54 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Connection: close
Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob: https://raw.githubusercontent.com https://avatars.githubusercontent.com;media-src 'self';connect-src 'self' https://* wss://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Powered-By: Directus
Vary: Origin, Accept
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Location: ./admin


Found. Redirecting to ./admin

Found 2026-01-23 by HttpPlugin

Create report

Open service 35.154.151.243:443 · jambocard.directus.agpro.co.in

2026-01-09 23:26

HTTP/1.1 302 Found
Server: nginx/1.24.0 (Ubuntu)
Date: Fri, 09 Jan 2026 23:26:27 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Connection: close
Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob: https://raw.githubusercontent.com https://avatars.githubusercontent.com;media-src 'self';connect-src 'self' https://* wss://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Powered-By: Directus
Vary: Origin, Accept
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Location: ./admin


Found. Redirecting to ./admin

Found 2026-01-09 by HttpPlugin

Create report

Open service 35.154.151.243:443 · jambocard.directus.agpro.co.in

2026-01-02 09:11

HTTP/1.1 302 Found
Server: nginx/1.24.0 (Ubuntu)
Date: Fri, 02 Jan 2026 09:11:39 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Connection: close
Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob: https://raw.githubusercontent.com https://avatars.githubusercontent.com;media-src 'self';connect-src 'self' https://* wss://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Powered-By: Directus
Vary: Origin, Accept
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Location: ./admin


Found. Redirecting to ./admin

Found 2026-01-02 by HttpPlugin

Create report

Open service 35.154.151.243:443 · jambocard.directus.agpro.co.in

2025-12-22 13:15

HTTP/1.1 302 Found
Server: nginx/1.24.0 (Ubuntu)
Date: Mon, 22 Dec 2025 13:15:36 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 29
Connection: close
Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob: https://raw.githubusercontent.com https://avatars.githubusercontent.com;media-src 'self';connect-src 'self' https://* wss://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Powered-By: Directus
Vary: Origin, Accept
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range
Location: ./admin


Found. Redirecting to ./admin

Found 2025-12-22 by HttpPlugin

Create report

dev.api.jambocard.com

Fingerprint:

453aa5fbb72e6e2f0c4b569cad16326d651b2518723fcabb7085ea81a05f352c

CN:

dev.api.jambocard.com

Key:

ECDSA-256

Issuer:

Not before:

2026-01-18 23:53

Not after:

2026-04-18 23:53

dev.api.jambocard.com

Fingerprint:

1992558cc5bfd2221674a5d38749264c7d1113c65e395aefb28c482b463bd8db

CN:

dev.api.jambocard.com

Key:

ECDSA-256

Issuer:

Not before:

2025-11-19 21:48

Not after:

2026-02-17 21:48

Domain summary

jambocard.directus.agpro.co.in 9 dev.api.jambocard.com 0

2 recorded