LeakIX - Host it.staging24.gymbeam.dev

Domain it.staging24.gymbeam.dev

CLOUDFLARENET

Software information

cloudflare

tcp/443

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 188.114.97.3
Domain: it.staging24.gymbeam.dev
Port: 443
URL: https://it.staging24.gymbeam.dev

First seen 2025-10-19 01:59
Last seen 2026-01-16 16:52
Open for 89 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa374c2942e74c2942e74c2942e74c2942e74c2942e
```
GraphQL introspection enabled at /graphql
Detected: Magento
```
  Found on 2026-01-16 16:52
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2025-12-11 13:39
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a7edf4f1b1e35dd9d9b3c9a7b2b4097b0a1b0df
```
GraphQL introspection enabled at /graphql
Types: 1018 (by kind: ENUM: 81, INPUT_OBJECT: 256, INTERFACE: 34, OBJECT: 637, SCALAR: 5, UNION: 5)
Operations:
- Query: Query | fields: MpRewardConfig, MpRewardIcon, MpRewardShoppingCartSpendingRules, NewestBlogPosts, RelatedBlogPosts
- Mutation: Mutation | fields: AmxnotifStockSubscribe, MpRewardInvite, MpRewardRefer, MpRewardSpendingPoint, MpRewardSubscribe
Directives: deprecated, include, oneOf, skip (total: 4)
```
  Found on 2025-12-01 04:06
  
  1.6 MBytes
- Severity: medium
  Fingerprint: c2db3a1c40d490dbf8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2
```
GraphQL introspection enabled at /graphql/api
```
  Found on 2025-11-10 17:55
Create report

Open service 188.114.97.3:443 · it.staging24.gymbeam.dev

2026-01-09 06:18

HTTP/1.1 200 OK
Date: Fri, 09 Jan 2026 06:18:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Server: cloudflare
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=sy7GoHORXybIHelTF4MS9fxVFw5HfUvaELVRY2e0GHffyZoj5sXnWJJ098egzpxx0DnMukTtgWYD191VPHMOtWPFwD4TM06xPQ09sgbdmyl4p%2BHwy0Of"}]}
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
store: gymbeamit
strict-transport-security: max-age=631138519; includeSubDomains
user-agent: Mozilla/5.0 (l9scan/2.0.33e27393e2431313e2838313; +https://leakix.net)
vary: Accept-Encoding
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
x-content-type-options: nosniff
x-customer-segment: 0db377921f4ce762c62526131097968f
x-download-options: noopen
x-forwarded-url: https://it.staging24.gymbeam.dev/
x-frame-options: SAMEORIGIN
x-magento-tags: store,cms_b,mp_smtp_script,cat_c,cms_b_footer_block_link_customer_service,cms_b_footer_block_link_social_media,cms_b_footer_block_link_certifications,cms_b_footer_block_link_contact,cms_p_8246,react_homepage
x-middleware-rewrite: /it
x-permitted-cross-domain-policies: none
x-powered-by: Next.js
x-trace-id: 5HXbBZsDnf77oaEefg_-T
x-xss-protection: 0
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=7,cfOrigin;dur=207
CF-RAY: 9bb1d0ed48ba2e7a-EWR

Found 2026-01-09 by HttpPlugin

Create report

Open service 188.114.97.3:443 · it.staging24.gymbeam.dev

2026-01-02 04:32

HTTP/1.1 200 OK
Date: Fri, 02 Jan 2026 04:32:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Server: cloudflare
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=IpSZM4OMGkv1UdKsYX%2BCwCnsQ80UgF1%2BzfpKt0Sjf5nw6L6BaBAQC3zRe53Jp2kW7JDxCguJ1y4rabpIWDSeHphao1g2X35fVts2AiNWapqXXgmbepAe"}]}
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
store: gymbeamit
strict-transport-security: max-age=631138519; includeSubDomains
user-agent: Mozilla/5.0 (l9scan/2.0.33e27393e2431313e2838313; +https://leakix.net)
vary: Accept-Encoding
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
x-content-type-options: nosniff
x-customer-segment: 0db377921f4ce762c62526131097968f
x-download-options: noopen
x-forwarded-url: https://it.staging24.gymbeam.dev/
x-frame-options: SAMEORIGIN
x-magento-tags: store,cms_b,mp_smtp_script,cat_c,cms_b_footer_block_link_customer_service,cms_b_footer_block_link_social_media,cms_b_footer_block_link_certifications,cms_b_footer_block_link_contact,cms_p_8246,react_homepage
x-middleware-rewrite: /it
x-permitted-cross-domain-policies: none
x-powered-by: Next.js
x-trace-id: 5SdMSWbGzKNryd2w8V5fj
x-xss-protection: 0
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=10,cfOrigin;dur=232
CF-RAY: 9b7788ed5fe7239e-SJC

Found 2026-01-02 by HttpPlugin

Create report

Open service 188.114.97.3:443 · it.staging24.gymbeam.dev

2025-12-22 10:54

HTTP/1.1 200 OK
Date: Mon, 22 Dec 2025 10:54:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Server: cloudflare
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=UGU8YjBI8MGBR%2FDyTe8jvHcDt7ZaiYaLHiSnv1OD8cihCz1uzjPsTBTdOLcdtwu5CP0QuGd6Gi7%2BAcmy1Sp%2FXon86%2B3bNz0dTbNm5JuHVSvhvKOUQ5UV"}]}
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
store: gymbeamit
strict-transport-security: max-age=631138519; includeSubDomains
user-agent: Mozilla/5.0 (l9scan/2.0.33e27393e2431313e2838313; +https://leakix.net)
vary: Accept-Encoding
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
x-content-type-options: nosniff
x-customer-segment: 0db377921f4ce762c62526131097968f
x-download-options: noopen
x-forwarded-url: https://it.staging24.gymbeam.dev/
x-frame-options: SAMEORIGIN
x-magento-tags: store,cms_b,mp_smtp_script,cat_c,cms_b_footer_block_link_customer_service,cms_b_footer_block_link_social_media,cms_b_footer_block_link_certifications,cms_b_footer_block_link_contact,cms_p_8246,react_homepage
x-middleware-rewrite: /it
x-permitted-cross-domain-policies: none
x-powered-by: Next.js
x-trace-id: 2n9mlIdCfs9cQC5IV3YWa
x-xss-protection: 0
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=11,cfOrigin;dur=117
CF-RAY: 9b1f154e6d7ecbe0-FRA

Found 2025-12-22 by HttpPlugin

Create report

it.staging24.gymbeam.dev

Fingerprint:

67860c873772d1293c5cae73a9ce9d0e9c368028fafb1b3f0bc21efc88a52436

CN:

it.staging24.gymbeam.dev

Key:

ECDSA-256

Issuer:

Not before:

2025-11-16 19:12

Not after:

2026-02-14 19:12

Domain summary

it.staging24.gymbeam.dev 6

1 recorded

IP summary

188.114.97.3 2

1 recorded

Domain it.staging24.gymbeam.dev

Software information

GraphQL introspection is enabled.

Create report

Create report

Create report

it.staging24.gymbeam.dev

Domain summary

IP summary