Domain app.firsthand.fund
Software information
cloudflare
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-10-20 05:33
Last seen 2026-01-02 10:36
Open for 74 days-
Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d615a7ce47725a717528f1c71b2ca310f9c158c049GraphQL introspection enabled at /api/graphql Types: 183 (by kind: ENUM: 43, INPUT_OBJECT: 11, INTERFACE: 5, OBJECT: 116, SCALAR: 7, UNION: 1) Operations: - Query: Query | fields: config, featuredEntities, multiTenantConfig, multiTenantDomain, tenants - Mutation: Mutation | fields: createMultiTenantDomain, createNetworkRootUser, createTenant, deleteFeaturedEntity, storeFeaturedEntity Directives: deprecated, include, skip (total: 3)
Found on 2026-01-02 10:36256.9 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d62337d3d62337d3d62337d3d62337d3d62337d3d6GraphQL introspection enabled at /api/graphql
Found on 2025-11-23 12:15
-
-
Open service 104.18.40.51:443 · app.firsthand.fund
2026-01-09 03:16
HTTP/1.1 200 OK Date: Fri, 09 Jan 2026 03:16:23 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close CF-RAY: 9bb0c6896c7ddcac-FRA content-security-policy: default-src blob: 'self' *.minds.com; script-src blob: data: 'self' *.minds.com 'sha256-vVbHgirIBntVQFzMb5A2pHMuUeV4ODC0qhmiEQgVMo0='; style-src *.minds.com data: 'self' 'unsafe-inline'; frame-src *; connect-src data: 'self' *.minds.com *.cloudflarestream.com idgmyygwvm9a.objectstorage.us-ashburn-1.oci.customer-oci.com; img-src data: blob: 'self' *.minds.com; block-all-mixed-content; upgrade-insecure-requests; report-uri https://www.minds.com/p/contact; permissions-policy: autoplay=(), camera=(self), clipboard-read=(self), clipboard-write=(self), fullscreen=(self), geolocation=(self), microphone=(self), payment=(), picture-in-picture=(self); referrer-policy: strict-origin-when-cross-origin strict-transport-security: max-age=31536000; includeSubdomains; preload vary: Accept-Encoding x-content-type-options: nosniff x-powered-by: Express cf-cache-status: DYNAMIC X-Frame-Options: SAMEORIGIN Server: cloudflare
Found 2026-01-09 by HttpPluginCreate report
-
Open service 104.18.40.51:443 · app.firsthand.fund
2026-01-02 10:36
HTTP/1.1 200 OK Date: Fri, 02 Jan 2026 10:36:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close CF-RAY: 9b799daf4fa3d22b-FRA content-security-policy: default-src blob: 'self' *.minds.com; script-src blob: data: 'self' *.minds.com 'sha256-vVbHgirIBntVQFzMb5A2pHMuUeV4ODC0qhmiEQgVMo0='; style-src *.minds.com data: 'self' 'unsafe-inline'; frame-src *; connect-src data: 'self' *.minds.com *.cloudflarestream.com idgmyygwvm9a.objectstorage.us-ashburn-1.oci.customer-oci.com; img-src data: blob: 'self' *.minds.com; block-all-mixed-content; upgrade-insecure-requests; report-uri https://www.minds.com/p/contact; permissions-policy: autoplay=(), camera=(self), clipboard-read=(self), clipboard-write=(self), fullscreen=(self), geolocation=(self), microphone=(self), payment=(), picture-in-picture=(self); referrer-policy: strict-origin-when-cross-origin strict-transport-security: max-age=31536000; includeSubdomains; preload vary: Accept-Encoding x-content-type-options: nosniff x-powered-by: Express cf-cache-status: DYNAMIC X-Frame-Options: SAMEORIGIN Server: cloudflare
Found 2026-01-02 by HttpPluginCreate report
-
Open service 104.18.40.51:443 · app.firsthand.fund
2025-12-22 19:13
HTTP/1.1 200 OK Date: Mon, 22 Dec 2025 19:13:22 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close CF-RAY: 9b21ef97af01c487-SJC content-security-policy: default-src blob: 'self' *.minds.com; script-src blob: data: 'self' *.minds.com 'sha256-vVbHgirIBntVQFzMb5A2pHMuUeV4ODC0qhmiEQgVMo0='; style-src *.minds.com data: 'self' 'unsafe-inline'; frame-src *; connect-src data: 'self' *.minds.com *.cloudflarestream.com idgmyygwvm9a.objectstorage.us-ashburn-1.oci.customer-oci.com; img-src data: blob: 'self' *.minds.com; block-all-mixed-content; upgrade-insecure-requests; report-uri https://www.minds.com/p/contact; permissions-policy: autoplay=(), camera=(self), clipboard-read=(self), clipboard-write=(self), fullscreen=(self), geolocation=(self), microphone=(self), payment=(), picture-in-picture=(self); referrer-policy: strict-origin-when-cross-origin strict-transport-security: max-age=31536000; includeSubdomains; preload vary: Accept-Encoding x-content-type-options: nosniff x-powered-by: Express cf-cache-status: DYNAMIC X-Frame-Options: SAMEORIGIN Server: cloudflare
Found 2025-12-22 by HttpPluginCreate report
-
Open service 104.18.40.51:443 · app.firsthand.fund
2025-12-20 20:36
HTTP/1.1 200 OK Date: Sat, 20 Dec 2025 20:36:06 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close CF-RAY: 9b11ee086f1daf3d-BLR content-security-policy: default-src blob: 'self' *.minds.com; script-src blob: data: 'self' *.minds.com 'sha256-vVbHgirIBntVQFzMb5A2pHMuUeV4ODC0qhmiEQgVMo0='; style-src *.minds.com data: 'self' 'unsafe-inline'; frame-src *; connect-src data: 'self' *.minds.com *.cloudflarestream.com idgmyygwvm9a.objectstorage.us-ashburn-1.oci.customer-oci.com; img-src data: blob: 'self' *.minds.com; block-all-mixed-content; upgrade-insecure-requests; report-uri https://www.minds.com/p/contact; permissions-policy: autoplay=(), camera=(self), clipboard-read=(self), clipboard-write=(self), fullscreen=(self), geolocation=(self), microphone=(self), payment=(), picture-in-picture=(self); referrer-policy: strict-origin-when-cross-origin strict-transport-security: max-age=31536000; includeSubdomains; preload vary: Accept-Encoding x-content-type-options: nosniff x-powered-by: Express cf-cache-status: DYNAMIC X-Frame-Options: SAMEORIGIN Server: cloudflare
Found 2025-12-20 by HttpPluginCreate report