Domain api.dev.madartech.app
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-07 19:14
Last seen 2026-01-08 22:16
Open for 32 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-08 22:16
-
-
Open service 172.217.208.121:443 · api.dev.madartech.app
2026-01-08 22:16
HTTP/1.1 200 OK x-powered-by: Express access-control-allow-origin: * access-control-allow-credentials: true content-language: en content-type: application/json; charset=utf-8 etag: W/"54-qLOkICfFOd3Xq9aBtjfAUafGoLA" x-cloud-trace-context: 0ce09707afda031bbdb5dc118a666bfc date: Thu, 08 Jan 2026 22:16:33 GMT server: Google Frontend Content-Length: 84 Connection: close {"status":"ok","message":"Server is running","timestamp":"2026-01-08T22:16:33.244Z"}Found 2026-01-08 by HttpPluginCreate report
-
Open service 172.217.208.121:443 · api.dev.madartech.app
2026-01-02 11:39
HTTP/1.1 200 OK x-powered-by: Express access-control-allow-origin: * access-control-allow-credentials: true content-type: application/json; charset=utf-8 etag: W/"54-LrlIwUcj2JVAVm+tSV2CZATw9Qc" x-cloud-trace-context: ced3508fd11aaa378a613d57d87e58f8 date: Fri, 02 Jan 2026 11:39:54 GMT server: Google Frontend Content-Length: 84 Connection: close {"status":"ok","message":"Server is running","timestamp":"2026-01-02T11:39:54.984Z"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 172.217.208.121:443 · api.dev.madartech.app
2025-12-21 00:30
HTTP/1.1 200 OK x-powered-by: Express access-control-allow-origin: * access-control-allow-credentials: true content-type: application/json; charset=utf-8 etag: W/"54-ewqsPu8PACoF1c6gMLxwaVF1dAM" x-cloud-trace-context: 0217819957bc4ec6321d5928c155e328 date: Sun, 21 Dec 2025 00:30:12 GMT server: Google Frontend Content-Length: 84 Connection: close {"status":"ok","message":"Server is running","timestamp":"2025-12-21T00:30:12.712Z"}Found 2025-12-21 by HttpPluginCreate report