Domain api.stompsli.de
United Kingdom
Software information
nginx 1.23.2
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-12-08 05:01
Last seen 2026-01-02 04:10
Open for 24 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3f5376f70762a0b74d244149538b35d57524f2e43GraphQL introspection enabled at /graphql Types: 104 (by kind: ENUM: 2, INPUT_OBJECT: 27, OBJECT: 65, SCALAR: 10) Operations: - Query: Query | fields: cities, cities_aggregated, cities_by_id, collectives, collectives_by_id - Mutation: Mutation | fields: create_feedback_item, create_feedback_items, create_user_settings_item, create_user_settings_items Directives: deprecated, include, skip (total: 3) Readable stores: 0
Found on 2026-01-02 04:10232.1 kBytes
-
-
Open service 178.79.140.200:443 · api.stompsli.de
2026-01-09 10:54
HTTP/1.1 302 Found Server: nginx/1.23.2 Date: Fri, 09 Jan 2026 10:54:14 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Connection: close Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob:;media-src 'self';connect-src 'self' https://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' X-Powered-By: Directus Vary: Origin, Accept Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Content-Range Location: ./admin Found. Redirecting to ./admin
Found 3 days ago by HttpPluginCreate report
-
Open service 178.79.140.200:443 · api.stompsli.de
2026-01-02 04:10
HTTP/1.1 302 Found Server: nginx/1.23.2 Date: Fri, 02 Jan 2026 04:10:02 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Connection: close Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob:;media-src 'self';connect-src 'self' https://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' X-Powered-By: Directus Vary: Origin, Accept Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Content-Range Location: ./admin Found. Redirecting to ./admin
Found 2026-01-02 by HttpPluginCreate report
-
Open service 178.79.140.200:443 · api.stompsli.de
2025-12-22 14:07
HTTP/1.1 302 Found Server: nginx/1.23.2 Date: Mon, 22 Dec 2025 14:07:07 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Connection: close Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob:;media-src 'self';connect-src 'self' https://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' X-Powered-By: Directus Vary: Origin, Accept Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Content-Range Location: ./admin Found. Redirecting to ./admin
Found 2025-12-22 by HttpPluginCreate report
-
Open service 178.79.140.200:443 · api.stompsli.de
2025-12-20 14:19
HTTP/1.1 302 Found Server: nginx/1.23.2 Date: Sat, 20 Dec 2025 14:19:18 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Connection: close Content-Security-Policy: script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob:;media-src 'self';connect-src 'self' https://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' X-Powered-By: Directus Vary: Origin, Accept Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Content-Range Location: ./admin Found. Redirecting to ./admin
Found 2025-12-20 by HttpPluginCreate report