Domain api.plumbata.com
United States
Software information
nginx 1.24.0
tcp/443 tcp/80
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-11-13 12:37
Last seen 2026-01-16 08:56
Open for 63 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3fe9a2db3ccc72ab1920c36eae22c697d05e758d9GraphQL introspection enabled at /graphql Types: 125 (by kind: ENUM: 18, INPUT_OBJECT: 64, OBJECT: 35, SCALAR: 8) Operations: - Query: Query | fields: countUsers, findManyUsers, findOneUser, sayHello, user - Mutation: Mutation | fields: createUser, forgotPassword, resetPassword, updateUser, verifyCode Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
Found on 2026-01-16 08:56205.0 kBytes
-
-
Open service 184.73.40.182:80 · api.plumbata.com
2026-01-12 12:16
HTTP/1.1 301 Moved Permanently Server: nginx/1.24.0 (Ubuntu) Date: Mon, 12 Jan 2026 12:16:06 GMT Content-Type: text/html Content-Length: 178 Connection: close Location: https://api.plumbata.com/ Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx/1.24.0 (Ubuntu)</center> </body> </html>
Found 2026-01-12 by HttpPluginCreate report
-
Open service 184.73.40.182:443 · api.plumbata.com
2026-01-12 12:16
HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Mon, 12 Jan 2026 12:16:05 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 ETag: W/"c-Lve95gjOVATpfV8EL5X4nxwjKHE" Vary: Accept-Encoding Hello World!
Found 2026-01-12 by HttpPluginCreate report
-
Open service 184.73.40.182:443 · api.plumbata.com
2026-01-09 12:24
HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Fri, 09 Jan 2026 12:24:33 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 ETag: W/"c-Lve95gjOVATpfV8EL5X4nxwjKHE" Vary: Accept-Encoding Hello World!
Found 2026-01-09 by HttpPluginCreate report
-
Open service 184.73.40.182:443 · api.plumbata.com
2026-01-02 02:28
HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Fri, 02 Jan 2026 02:28:22 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 ETag: W/"c-Lve95gjOVATpfV8EL5X4nxwjKHE" Vary: Accept-Encoding Hello World!
Found 2026-01-02 by HttpPluginCreate report
-
Open service 184.73.40.182:443 · api.plumbata.com
2025-12-23 00:32
HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Tue, 23 Dec 2025 00:32:12 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 ETag: W/"c-Lve95gjOVATpfV8EL5X4nxwjKHE" Vary: Accept-Encoding Hello World!
Found 2025-12-23 by HttpPluginCreate report