Domain scan.thegiftcardcafe.com
United States
Software information
nginx
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-10-27 00:01
Last seen 2026-02-16 03:37
Open for 112 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3893ac6fc385c5b40c357bb4f4ae358cea9f0a5b2GraphQL introspection enabled at /graphql Types: 35 (by kind: ENUM: 1, INPUT_OBJECT: 4, INTERFACE: 1, OBJECT: 25, SCALAR: 4) Operations: - Query: RootQueryType | fields: allLeads, leadStats, node - Mutation: RootMutationType | fields: createBusinessSearch, deleteLead Directives: include, skip (total: 2)
Found on 2026-02-16 03:3730.0 kBytes
-
-
Open service 34.209.57.169:443 · scan.thegiftcardcafe.com
2026-01-23 14:21
HTTP/1.1 500 Internal Server Error Cache-Control: max-age=0, private, must-revalidate Content-Length: 21 Content-Security-Policy: form-action 'self'; object-src 'self'; Content-Type: text/html; charset=utf-8 Date: Fri, 23 Jan 2026 14:21:09 GMT Server: Caddy Server: nginx Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Content-Type-Options: nosniff X-Frame-Options: ALLOWALL X-Request-Id: 74cvjtlf4mha406irj7g0oaggarobitp X-Xss-Protection: 1; mode=block Connection: close Server internal error
Found 2026-01-23 by HttpPluginCreate report
-
Open service 34.209.57.169:443 · scan.thegiftcardcafe.com
2026-01-09 22:14
HTTP/1.1 500 Internal Server Error Cache-Control: max-age=0, private, must-revalidate Content-Length: 21 Content-Security-Policy: form-action 'self'; object-src 'self'; Content-Type: text/html; charset=utf-8 Date: Fri, 09 Jan 2026 22:14:20 GMT Server: Caddy Server: nginx Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Content-Type-Options: nosniff X-Frame-Options: ALLOWALL X-Request-Id: t56694jmf6490fgt4jq5didjqbq1c7os X-Xss-Protection: 1; mode=block Connection: close Server internal error
Found 2026-01-09 by HttpPluginCreate report