Domain engineapi.cloudshelf.ai
United Kingdom
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-11-28 11:53
Last seen 2026-01-14 01:08
Open for 46 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa35dbae3f985cbb59b1e224fb2a54862d8681596b6GraphQL introspection enabled at /graphql Types: 334 (by kind: ENUM: 75, INPUT_OBJECT: 61, OBJECT: 187, SCALAR: 9, UNION: 2) Operations: - Query: Query | fields: allIngestionStats, availablePDPBlocks, buyersGuide, canRegisterDevice, chartAverageSaleValueRecords - Mutation: Mutation | fields: abortPaymentRequest, addProductsToProductGroup, aiGenerateBuyersGuide, aiGenerateBuyersGuideContext, aiGenerateBuyersGuideQuestions - Subscription: Subscription | fields: buyersGuideAiGenerationStatusUpdated, buyersGuideContextStatusUpdated, buyersGuideProductTaggingStatusUpdated, buyersGuideQuestionsStatusUpdated, organisationSyncStatusUpdated Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
Found on 2026-01-14 01:08535.9 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa39b66b5d42f1cee18b7c58fa931eba92ffaee3761GraphQL introspection enabled at /graphql Types: 336 (by kind: ENUM: 75, INPUT_OBJECT: 60, OBJECT: 190, SCALAR: 9, UNION: 2) Operations: - Query: Query | fields: allIngestionStats, availablePDPBlocks, buyersGuide, canRegisterDevice, chartAverageSaleValueRecords - Mutation: Mutation | fields: abortPaymentRequest, addProductsToProductGroup, aiGenerateBuyersGuide, aiGenerateBuyersGuideContext, aiGenerateBuyersGuideQuestions - Subscription: Subscription | fields: buyersGuideAiGenerationStatusUpdated, buyersGuideContextStatusUpdated, buyersGuideProductTaggingStatusUpdated, buyersGuideQuestionsStatusUpdated, organisationSyncStatusUpdated Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
Found on 2026-01-02 16:37539.4 kBytes
-
-
Open service 20.90.134.35:443 · engineapi.cloudshelf.ai
2026-01-09 21:50
HTTP/1.1 404 Not Found Content-Length: 63 Connection: close Content-Type: application/json; charset=utf-8 Date: Fri, 09 Jan 2026 21:51:52 GMT Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id,x-version-number ETag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Vary: Origin, Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' https://*.apollographql.com https://unpkg.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: https:;connect-src 'self' https://*.lottiefiles.com;font-src 'self' https: data:;object-src 'none';media-src 'self';frame-src 'self' https://*.apollographql.com;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() X-Request-ID: gid://cloudshelf/Request/01KEJBX637RQJM7RZGKTB1VA9R X-Version-Number: v3.194.0 (production) {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2026-01-09 by HttpPluginCreate report
-
Open service 20.90.134.35:443 · engineapi.cloudshelf.ai
2026-01-02 16:37
HTTP/1.1 404 Not Found Content-Length: 63 Connection: close Content-Type: application/json; charset=utf-8 Date: Fri, 02 Jan 2026 16:37:15 GMT Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id,x-version-number ETag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Vary: Origin, Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' https://*.apollographql.com https://unpkg.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: https:;connect-src 'self' https://*.lottiefiles.com;font-src 'self' https: data:;object-src 'none';media-src 'self';frame-src 'self' https://*.apollographql.com;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() X-Request-ID: gid://cloudshelf/Request/01KDZS42CM644WJ5TDPZ3W9J27 X-Version-Number: v3.194.0 (production) {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2026-01-02 by HttpPluginCreate report
-
Open service 20.90.134.35:443 · engineapi.cloudshelf.ai
2025-12-30 14:29
HTTP/1.1 404 Not Found Content-Length: 63 Connection: close Content-Type: application/json; charset=utf-8 Date: Tue, 30 Dec 2025 14:29:12 GMT Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id,x-version-number ETag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Vary: Origin, Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' https://*.apollographql.com https://unpkg.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: https:;connect-src 'self' https://*.lottiefiles.com;font-src 'self' https: data:;object-src 'none';media-src 'self';frame-src 'self' https://*.apollographql.com;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() X-Request-ID: gid://cloudshelf/Request/01KDQTKEG7YVS5SZRPT3JM29R0 X-Version-Number: v3.194.0 (production) {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-30 by HttpPluginCreate report
-
Open service 20.90.134.35:443 · engineapi.cloudshelf.ai
2025-12-23 04:47
HTTP/1.1 404 Not Found Content-Length: 63 Connection: close Content-Type: application/json; charset=utf-8 Date: Tue, 23 Dec 2025 04:47:28 GMT Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id,x-version-number ETag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Vary: Origin, Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' https://*.apollographql.com https://unpkg.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: https:;connect-src 'self' https://*.lottiefiles.com;font-src 'self' https: data:;object-src 'none';media-src 'self';frame-src 'self' https://*.apollographql.com;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() X-Request-ID: gid://cloudshelf/Request/01KD4RH74XSFD79DYMMG2XYG3Y X-Version-Number: v3.192.4 (production) {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-23 by HttpPluginCreate report
-
Open service 20.90.134.35:443 · engineapi.cloudshelf.ai
2025-12-20 15:52
HTTP/1.1 404 Not Found Content-Length: 63 Connection: close Content-Type: application/json; charset=utf-8 Date: Sat, 20 Dec 2025 15:52:26 GMT Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id,x-version-number ETag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Vary: Origin, Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' https://*.apollographql.com https://unpkg.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: https:;connect-src 'self' https://*.lottiefiles.com;font-src 'self' https: data:;object-src 'none';media-src 'self';frame-src 'self' https://*.apollographql.com;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() X-Request-ID: gid://cloudshelf/Request/01KCY7CNDJDFYYR7D17MPNE9N5 X-Version-Number: v3.192.4 (production) {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-20 by HttpPluginCreate report