LeakIX - Host api.projectmaven.io

Domain api.projectmaven.io

Germany

GOOGLE

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 142.250.114.121
Domain: api.projectmaven.io
Port: 443
URL: https://api.projectmaven.io

First seen 2025-12-13 14:54
Last seen 2026-02-09 21:36
Open for 58 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-02-09 21:36
Create report

Open service 2a00:1450:4001:804::2013:80 · api.projectmaven.io

2026-01-26 02:42

HTTP/1.1 302 Found
location: https://api.projectmaven.io/
x-cloud-trace-context: 9a58d1a7505713881ab4c6a5cb467c92
date: Mon, 26 Jan 2026 02:42:53 GMT
content-type: text/html
server: Google Frontend
Content-Length: 0
Connection: close

Found 2026-01-26 by HttpPlugin

Create report

Open service 2a00:1450:4001:804::2013:443 · api.projectmaven.io

2026-01-26 02:42

HTTP/1.1 200 OK
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
vary: Origin
access-control-allow-credentials: true
content-type: text/html; charset=utf-8
etag: W/"e-BiSpDb485bDLqzv3ha63FZS1NY0"
x-cloud-trace-context: 98ad30bc6aed6516e50c905b1b3d6522
date: Mon, 26 Jan 2026 02:42:23 GMT
server: Google Frontend
Content-Length: 14
Connection: close


API is running

Found 2026-01-26 by HttpPlugin

Create report

Open service 142.251.140.179:443 · api.projectmaven.io

2026-01-26 02:42

HTTP/1.1 200 OK
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
vary: Origin
access-control-allow-credentials: true
content-type: text/html; charset=utf-8
etag: W/"e-BiSpDb485bDLqzv3ha63FZS1NY0"
x-cloud-trace-context: 9a8a5aed8ff888c5ded3897de3c283d5
date: Mon, 26 Jan 2026 02:42:23 GMT
server: Google Frontend
Content-Length: 14
Connection: close


API is running

Found 2026-01-26 by HttpPlugin

Create report

Open service 142.251.140.179:80 · api.projectmaven.io

2026-01-26 02:42

HTTP/1.1 302 Found
location: https://api.projectmaven.io/
x-cloud-trace-context: 2d768543806a6970d8b72858ae9e58f4
date: Mon, 26 Jan 2026 02:42:52 GMT
content-type: text/html
server: Google Frontend
Content-Length: 0
Connection: close

Found 2026-01-26 by HttpPlugin

Create report

Open service 142.250.114.121:443 · api.projectmaven.io

2026-01-23 16:02

HTTP/1.1 200 OK
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
vary: Origin
access-control-allow-credentials: true
content-type: text/html; charset=utf-8
etag: W/"e-BiSpDb485bDLqzv3ha63FZS1NY0"
x-cloud-trace-context: 6a4552cedad42fc2f3cc9b53fa6e3ac9
date: Fri, 23 Jan 2026 16:02:26 GMT
server: Google Frontend
Content-Length: 14
Connection: close


API is running

Found 2026-01-23 by HttpPlugin

Create report

api.projectmaven.io

Fingerprint:

6d6c1e1d0e372ca77848645998c1566646f6e0ccd8f0f560260ad3ed1151f1df

CN:

api.projectmaven.io

Key:

RSA-2048

Issuer:

WR3

Not before:

2025-12-03 08:16

Not after:

2026-03-03 09:07

Domain summary

api.projectmaven.io 5

1 recorded

IP summary

2a00:1450:4001:804::2013 2 142.251.140.179 1 142.250.114.121 1

3 recorded

Domain api.projectmaven.io

Germany

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Create report

api.projectmaven.io

Domain summary

IP summary