Host 3.90.27.140
United States
AMAZON-AES
Ubuntu
Software information

nginx nginx 1.24.0

tcp/443 tcp/80

  • GraphQL introspection is enabled.
    First seen 2025-11-12 11:24
    Last seen 2026-02-02 09:32
    Open for 81 days

    • Severity: medium
      Fingerprint: c2db3a1c40d490db1a0bbaa3fe9a2db3ccc72ab1920c36eae22c697d05e758d9

      GraphQL introspection enabled at /graphql
Types: 125 (by kind: ENUM: 18, INPUT_OBJECT: 64, OBJECT: 35, SCALAR: 8)
Operations:
- Query: Query | fields: countUsers, findManyUsers, findOneUser, sayHello, user
- Mutation: Mutation | fields: createUser, forgotPassword, resetPassword, updateUser, verifyCode
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
      Found on 2026-02-02 09:32
      205.0 kBytes
    Create report

  • Open service 3.90.27.140:443 · staging-api.plumbata.com

    2026-01-23 10:28 

    HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Fri, 23 Jan 2026 10:28:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12
Connection: close
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
ETag: W/"c-Lve95gjOVATpfV8EL5X4nxwjKHE"
Vary: Accept-Encoding


Hello World!
    Found 2026-01-23 by HttpPlugin
    Create report

  • Open service 3.90.27.140:80 · staging-api.plumbata.com

    2026-01-11 19:13 

    HTTP/1.1 301 Moved Permanently
Server: nginx/1.24.0 (Ubuntu)
Date: Sun, 11 Jan 2026 19:13:44 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: https://staging-api.plumbata.com/

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.24.0 (Ubuntu)</center>
</body>
</html>
    Found 2026-01-11 by HttpPlugin
    Create report

  • Open service 3.90.27.140:443 · staging-api.plumbata.com

    2026-01-11 19:13 

    HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Sun, 11 Jan 2026 19:13:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12
Connection: close
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
ETag: W/"c-Lve95gjOVATpfV8EL5X4nxwjKHE"
Vary: Accept-Encoding


Hello World!
    Found 2026-01-11 by HttpPlugin
    Create report

  • Open service 3.90.27.140:443 · staging-api.plumbata.com

    2025-12-23 02:11 

    HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Tue, 23 Dec 2025 02:11:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12
Connection: close
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
ETag: W/"c-Lve95gjOVATpfV8EL5X4nxwjKHE"
Vary: Accept-Encoding


Hello World!
    Found 2025-12-23 by HttpPlugin
    Create report
staging-api.plumbata.com
Fingerprint:
3fe308a1e94ee7d833061ad4a857785bf6cef5ef5922ac21fd007f369c8ba73e
CN:
staging-api.plumbata.com
Key:
ECDSA-256
Issuer:
E8
Not before:
2026-01-11 18:15
Not after:
2026-04-11 18:15
staging-api.plumbata.com
Fingerprint:
68a9542d87c51815bcb73732a33ddea150f6f4f42e73ce96b92b355693b3ecad
CN:
staging-api.plumbata.com
Key:
ECDSA-256
Issuer:
E7
Not before:
2025-11-12 10:25
Not after:
2026-02-10 10:25
Domain summary

staging-api.plumbata.com 4

1 recorded

© 2026 LeakIX v2.0.49
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice