Domain api-staging.joinu.io
United States
Software information
Vercel
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-11-21 04:51
Last seen 2025-11-29 01:12
Open for 7 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d1a6176a0d77b0dac908f63a066f3d32b243cfceGraphQL introspection enabled at /graphql Types: 77 (by kind: ENUM: 8, INPUT_OBJECT: 30, INTERFACE: 1, OBJECT: 30, SCALAR: 8) Operations: - Query: Query | fields: health, me, roles, user, users - Mutation: Mutation | fields: _empty, changePassword, login, signup, updateProfile Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
Found on 2025-11-29 01:1299.7 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3f1141dd0645fb91411c457d89948b924ccfaa684GraphQL introspection enabled at /graphql Types: 73 (by kind: ENUM: 8, INPUT_OBJECT: 27, INTERFACE: 1, OBJECT: 29, SCALAR: 8) Operations: - Query: Query | fields: health, me, roles, user, users - Mutation: Mutation | fields: _empty, changePassword, login, signup, updateProfile Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
Found on 2025-11-23 03:0896.5 kBytes
-
-
Open service 216.150.16.65:443 · api-staging.joinu.io
2026-01-09 05:45
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Headers,Access-Control-Allow-Methods Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 141 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 05:45:59 GMT Etag: W/"8d-tGSDjZNE4mMBKCVgK0+LTJ2rhYk" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::27xjm-1767937559582-59e8ff09f521 X-Xss-Protection: 0 Connection: close {"message":"Invitaciones API Server - Users Only","version":"1.0.0","endpoints":{"graphql":"/graphql","health":"/health","auth":"/api/auth"}}Found 2026-01-09 by HttpPluginCreate report
-
Open service 216.150.16.65:443 · api-staging.joinu.io
2026-01-02 06:16
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Headers,Access-Control-Allow-Methods Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 141 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 06:16:56 GMT Etag: W/"8d-tGSDjZNE4mMBKCVgK0+LTJ2rhYk" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::qbt6v-1767334616109-890d88f84a43 X-Xss-Protection: 0 Connection: close {"message":"Invitaciones API Server - Users Only","version":"1.0.0","endpoints":{"graphql":"/graphql","health":"/health","auth":"/api/auth"}}Found 2026-01-02 by HttpPluginCreate report
-
Open service 216.150.16.65:443 · api-staging.joinu.io
2025-12-30 13:49
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Headers,Access-Control-Allow-Methods Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 141 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 30 Dec 2025 13:49:56 GMT Etag: W/"8d-tGSDjZNE4mMBKCVgK0+LTJ2rhYk" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::fcsd5-1767102596470-1ebfcdffadaf X-Xss-Protection: 0 Connection: close {"message":"Invitaciones API Server - Users Only","version":"1.0.0","endpoints":{"graphql":"/graphql","health":"/health","auth":"/api/auth"}}Found 2025-12-30 by HttpPluginCreate report
-
Open service 216.150.16.65:443 · api-staging.joinu.io
2025-12-22 17:04
HTTP/1.1 404 Not Found Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Date: Mon, 22 Dec 2025 17:04:46 GMT Server: Vercel Strict-Transport-Security: max-age=63072000 X-Content-Type-Options: nosniff X-Vercel-Cache: MISS X-Vercel-Id: sfo1::iad1::b4ggr-1766423086710-d776c2f909ab Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>
Found 2025-12-22 by HttpPluginCreate report
-
Open service 216.150.16.65:443 · api-staging.joinu.io
2025-12-20 20:05
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Headers,Access-Control-Allow-Methods Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 141 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 20:05:57 GMT Etag: W/"8d-tGSDjZNE4mMBKCVgK0+LTJ2rhYk" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::4xnmt-1766261157524-e86984915d30 X-Xss-Protection: 0 Connection: close {"message":"Invitaciones API Server - Users Only","version":"1.0.0","endpoints":{"graphql":"/graphql","health":"/health","auth":"/api/auth"}}Found 2025-12-20 by HttpPluginCreate report