Domain api.botbot.appcentral.dev
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 142.250.186.115
Domain: api.botbot.appcentral.dev
Port: 443
URL: https://api.botbot.appcentral.devFirst seen 2025-11-12 19:41
Last seen 2026-01-13 15:52
Open for 61 days-
Severity: info
Fingerprint: 5733ddf49ff49cd17bbffd8668a19fb2a6b5378b1e21934cddebcd626ac946cePublic Swagger UI/API detected at path: /swagger/swagger-ui.html - sample paths: POST /openai/chat POST /openai/contains-job-and-location POST /openai/extract-job-titles POST /openai/extract-locations POST /openai/introduction POST /openai/prompt POST /openai/questions-from-job-ad
Found on 2026-01-13 15:52
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 142.250.185.211
Domain: dev.api.botbot.appcentral.dev
Port: 443
URL: https://dev.api.botbot.appcentral.devFirst seen 2025-10-27 05:55
Last seen 2026-01-09 09:31
Open for 74 days-
Severity: info
Fingerprint: 5733ddf49ff49cd17bbffd8668a19fb2a6b5378b1e21934cddebcd626ac946cePublic Swagger UI/API detected at path: /swagger/swagger-ui.html - sample paths: POST /openai/chat POST /openai/contains-job-and-location POST /openai/extract-job-titles POST /openai/extract-locations POST /openai/introduction POST /openai/prompt POST /openai/questions-from-job-ad
Found on 2026-01-09 09:31
-
-
Open service 142.250.185.211:443 · dev.api.botbot.appcentral.dev
2026-01-09 09:31
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: caf0273a27a33773780e5b537abfd8d9 set-cookie: GAESA=CpoBMDAwN2UyNmQ2ODJjMzA0YzZjOGE5ZDEyYTg0YjhkMjUwOWMyM2M3ZTFjMDMyYWJlNDBhZjAxMDUwZjQ5Zjc4YTM4MDI5ODE0Y2M1MzUxYWRhMTVjM2U1ZjRlYTZjODg0NWZiYWY1ZTJjOTZkY2MyMDE2MDQ1MTMwOGRlMmM2YjVmM2JiNmIzNWM2NDk3YjIwY2NmOGUzZDczZBDhxuKQujM; expires=Sun, 08-Feb-2026 09:31:22 GMT; path=/ date: Fri, 09 Jan 2026 09:31:22 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2026-01-09 by HttpPluginCreate report
-
Open service 142.250.186.115:443 · api.botbot.appcentral.dev
2026-01-08 20:21
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: 411ddb3b85bbc59390465b7ba40b0a87 set-cookie: GAESA=Cp4BMDAwN2UyNmQ2OGY3ZTRlYjM2ZjM4OTAzYWQ4ZTBhZTA3NDA1MGViYWI0MTQ4ZTNmYjNjOWYyNWJjZjM5YWU5NWI0YWI2ODU3MDdkYjQ2ODk5ZjM5ODc3MmNhN2FkMmE5YTlmYzIzZTE0NTFmM2I0M2MxYmJkZTI1MmMzMWYwYTE0OTUyNjc4YzA0ZTY0Mjk4OTJiMjA3NWQ1YzJlMWEQgs-U-rkz; expires=Sat, 07-Feb-2026 20:21:08 GMT; path=/ date: Thu, 08 Jan 2026 20:21:08 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2026-01-08 by HttpPluginCreate report
-
Open service 2a00:1450:4001:807::2013:443 · api.botbot.appcentral.dev
2026-01-05 04:58
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: b6ef5fac60cde06d914f877273b64d47 set-cookie: GAESA=Cp4BMDAwN2UyNmQ2ODJiYjBjYjQxMDFlMjgzMzUwOTM1MzgyNzQwOTFiZmY0ZjRjZTQzMDZjNTk0ZmNiNzE5MmZkMzBlYzcxODQ5N2E2M2IxZDRhNzNkYTFkZDMwNTZmMDNhNDJmM2Y0NzRkNjVjZjM2ZGZjNzMyNzcwNWNkZmNhMGQ4YjYwYmIwYjU5YWQwZGU3YjU0Y2RlYjQ5ZWJkOWUQs9GV5Lgz; expires=Wed, 04-Feb-2026 04:58:31 GMT; path=/ date: Mon, 05 Jan 2026 04:58:31 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2026-01-05 by HttpPluginCreate report
-
Open service 142.251.141.115:443 · api.botbot.appcentral.dev
2026-01-05 04:58
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: 06f08b5d8933b6461720d86c23f3c30d set-cookie: GAESA=Cp4BMDAwN2UyNmQ2ODJiYjBjYjQxMDFlMjgzMzUwOTM1MzgyNzQwOTFiZmY0ZjRjZTQzMDZjNTk0ZmNiNzE5MmZkMzBlYzcxODQ5N2E2M2IxZDRhNzNkYTFkZDMwNTZmMDNhNDJmM2Y0NzRkNjVjZjM2ZGZjNzMyNzcwNWNkZmNhMGQ4YjYwYmIwYjU5YWQwZGU3YjU0Y2RlYjQ5ZWJkOWUQltGV5Lgz; expires=Wed, 04-Feb-2026 04:58:31 GMT; path=/ date: Mon, 05 Jan 2026 04:58:31 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2026-01-05 by HttpPluginCreate report
-
Open service 142.251.141.115:80 · api.botbot.appcentral.dev
2026-01-05 04:58
HTTP/1.1 302 Found location: https://api.botbot.appcentral.dev/ x-cloud-trace-context: c1214060bcadc1178605656ed3774159 date: Mon, 05 Jan 2026 04:58:34 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-05 by HttpPluginCreate report
-
Open service 2a00:1450:4001:807::2013:80 · api.botbot.appcentral.dev
2026-01-05 04:58
HTTP/1.1 302 Found location: https://api.botbot.appcentral.dev/ x-cloud-trace-context: f9cbcc5e0c6e2af03fc66a9861b9e454 date: Mon, 05 Jan 2026 04:58:32 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-05 by HttpPluginCreate report
-
Open service 142.250.185.211:443 · dev.api.botbot.appcentral.dev
2026-01-02 07:56
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: 0bf5ae8e258404670d80bc98f3d45d32 set-cookie: GAESA=Cp4BMDAwN2UyNmQ2ODlhNWU2ZGE3MDEyMzEyZjBlYzhjMWE1YTg0ZDFhYTk4MWY1ZjRkYmU1NTE3MTdhMGFmMjJmYmI4ZTY2ODcwYmM3NzI2ODk2YjI1MTM1NmQ4NTdiYjllODI1YzEzM2JlNjFjMDg1YWU1YWUxNjU3MTNjMTQ1YzU5ZjEzNzU1ZDg0NDM0ZTgzZTZiYTg2MTZjNjk3YjcQofLV7bcz; expires=Sun, 01-Feb-2026 07:56:43 GMT; path=/ date: Fri, 02 Jan 2026 07:56:43 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2026-01-02 by HttpPluginCreate report
-
Open service 142.250.186.115:443 · api.botbot.appcentral.dev
2026-01-02 04:08
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: 63f132e23e1dc70d0da2d11d0102b6ac set-cookie: GAESA=Cp4BMDAwN2UyNmQ2ODAwOWNmNDllMjcwZDVhYmYwOGFkMGQ4OTIyZGZhZDY3OTUxNzVhMjc5MTczYzlhYmVjMzk3NTFhMzljNzdmMTRlZGQzYzY1YmE3MjM1MDdmYTFjNGVjYjNjOTc1ODI1ZmY4OGZiYTA4Yzk5NzgxZjM4MDk4ZmY3ZjE2N2E0MmQwZTBlODMwN2Q5YzkyMzBmYTZhNGMQ8omT57cz; expires=Sun, 01-Feb-2026 04:08:46 GMT; path=/ date: Fri, 02 Jan 2026 04:08:46 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2026-01-02 by HttpPluginCreate report
-
Open service 142.250.185.211:443 · dev.api.botbot.appcentral.dev
2025-12-23 03:30
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: 4b4cd4ead254ac8aed08d78c027ed3ca set-cookie: GAESA=Cp4BMDAwN2UyNmQ2OGYzMzkxMTk3MjIxYmJkMjQ1MmRjYzc1ZTFkMjFkMDY4Y2IxNjA1NDM4ZDZlNGNiODg4YTY0MGVhNGNhNDhmYmM4YTUzNTNlZDg2ZjZjNDJiZThhNTU2ODZiNmMzZWYzNjk1ZGE5NTRkMGIyYzI3YTRkMzk1OGNiNDFkZWMzOTEyMjEwNGIyMTI5YjY1NGE4ZGQyNjMQje2JyrQz; expires=Thu, 22-Jan-2026 03:30:51 GMT; path=/ date: Tue, 23 Dec 2025 03:30:51 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2025-12-23 by HttpPluginCreate report
-
Open service 142.250.186.115:443 · api.botbot.appcentral.dev
2025-12-22 14:17
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: 546568f83a97f75854b42c4319fe3357 set-cookie: GAESA=Cp4BMDAwN2UyNmQ2ODM4NDFhZGI5YTRiYWVhMTFkNDU2NjZkMmEwYzc3NDI1MTljNjU3NTVmMTVmNmIwY2IzYzVkNWRjODllYzhjZmVlZDdlMzU1MzA4ZmJmNThjYTFhMDY5NTA5YmUxNWRmMjBkYjJjZWQ2MTg3ZDUwYWY4ZGI2YWI4ZDBjZjYxNmE4NGJlNTg3ZDk4ZjYzNTdmYmVkZjkQ-bmxs7Qz; expires=Wed, 21-Jan-2026 14:17:45 GMT; path=/ date: Mon, 22 Dec 2025 14:17:45 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2025-12-22 by HttpPluginCreate report
-
Open service 142.250.185.211:443 · dev.api.botbot.appcentral.dev
2025-12-21 01:57
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: c69ed2d3f800e5f8b55b338d60437deb set-cookie: GAESA=Cp4BMDAwN2UyNmQ2ODVlZWJjZTNjOWU0OTUzMTRiNzg4NmM1MjNiNGM4ZDBkNzgxOTZkZDEzM2M0ZDJjYWIyOGQ0NjA5MzUyODg5MDQ5OTNlMGVmYzg1ZTdkMDgyOWI1NWY4ZGEyODFmYmNkZjUxNGFiYTE1MTQ2ZTc4ZjMzZjcwYTgyZDgxZjhkMTkzNWU5NDI3ZWM0NmJhZjBlNDcxZDIQ1ISB9bMz; expires=Tue, 20-Jan-2026 01:57:28 GMT; path=/ date: Sun, 21 Dec 2025 01:57:28 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2025-12-21 by HttpPluginCreate report
-
Open service 142.250.186.115:443 · api.botbot.appcentral.dev
2025-12-20 13:48
HTTP/1.1 404 Not Found content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin x-dns-prefetch-control: off x-frame-options: SAMEORIGIN strict-transport-security: max-age=15552000; includeSubDomains x-download-options: noopen x-content-type-options: nosniff origin-agent-cluster: ?1 x-permitted-cross-domain-policies: none referrer-policy: no-referrer x-xss-protection: 0 access-control-allow-origin: * content-type: application/json; charset=utf-8 etag: W/"2f-JPJpHjWMfGfrCf4idAPJbvh5wzs" vary: Accept-Encoding x-cloud-trace-context: f4ad9175491365bd4754f9098c4402cd set-cookie: GAESA=Cp4BMDAwN2UyNmQ2ODQzZmZhNzZlNzMwYzVmZTY5OGU1ZmM2ODlkNzgxNDJlOGJkNWRjZjQ5OTM2NTE2MDA2M2M1ZTFkODY5NTU5OGUwMDU1MGQ4ZDM5YjU3YTI0MjhjYjEyYzJjYzRjMzEyNzIzYTYzMDQ0NmJhYjliZmIxZTQxM2FhYzE0MTMyNjFkODdiYTljZDk4YmZhMzk5MWQ0YzkQm-qU4LMz; expires=Mon, 19-Jan-2026 13:48:52 GMT; path=/ date: Sat, 20 Dec 2025 13:48:52 GMT server: Google Frontend Content-Length: 47 Connection: close {"status":404,"message":"404, page not found."}Found 2025-12-20 by HttpPluginCreate report