LeakIX - Host app.drimain.com

Domain app.drimain.com

United States

RAILWAY

Software information

railway-edge

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 66.33.22.101
Domain: app.drimain.com
Port: 443
URL: https://app.drimain.com

First seen 2025-11-27 16:30
Last seen 2026-01-09 08:26
Open for 42 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b3ddf145f75556010ac50ea1595b747c636fcc0d9

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/attachments/{attachmentId}
GET /api/admin/dzialy
GET /api/admin/maszyny
GET /api/admin/modules
GET /api/admin/osoby
GET /api/admin/users
GET /api/attachments/{attachmentId}/download
GET /api/auth/me
GET /api/czesci
GET /api/czesci/{id}
GET /api/harmonogramy
GET /api/harmonogramy/{id}
GET /api/instrukcje
GET /api/instrukcje/attachments/{attachmentId}/download
GET /api/instrukcje/{id}
GET /api/instrukcje/{id}/attachments
GET /api/maszyny
GET /api/maszyny/select
GET /api/meta/dzialy-simple
GET /api/meta/maszyny
GET /api/meta/maszyny-simple
GET /api/meta/osoby-simple
GET /api/meta/statusy/raporty
GET /api/meta/statusy/zgloszenia
GET /api/notifications
GET /api/notifications/raw
GET /api/parts
GET /api/parts/{id}
GET /api/raporty
GET /api/raporty/{id}
GET /api/users/me
GET /api/zgloszenia
GET /api/zgloszenia/stream
GET /api/zgloszenia/stream/status
GET /api/zgloszenia/{id}
GET /api/zgloszenia/{id}/attachments
PATCH /api/czesci/{id}/ilosc
PATCH /api/parts/{id}/ilosc
POST /api/auth/login
POST /api/auth/logout
POST /api/auth/refresh
POST /api/auth/register
POST /api/notifications/mark-all-read
POST /api/notifications/test
POST /api/raporty/backfill-from-zgloszenia
PUT /api/admin/dzialy/{id}
PUT /api/admin/maszyny/{id}
PUT /api/admin/osoby/{id}
PUT /api/admin/users/{id}

Found on 2026-01-09 08:26

Create report

Open service 66.33.22.101:443 · app.drimain.com

2026-01-09 08:26

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Length: 1281
Content-Security-Policy: default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval';
Content-Type: text/html;charset=UTF-8
Date: Fri, 09 Jan 2026 08:26:42 GMT
Expires: 0
Last-Modified: Thu, 20 Nov 2025 08:52:10 GMT
Pragma: no-cache
Referrer-Policy: no-referrer
Server: railway-edge
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Railway-Edge: railway/us-east4-eqdc4a
X-Railway-Request-Id: Eg8X_6DpTei7iG8tAax-fw
X-Xss-Protection: 0
Connection: close

Page title: drimain_mobile

<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8" />
    <meta content="IE=Edge" http-equiv="X-UA-Compatible" />
    <meta name="description" content="A new Flutter project." />
    <base href="/" />
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="black" />
    <meta name="apple-mobile-web-app-title" content="drimain_mobile" />
    <link rel="apple-touch-icon" href="icons/Icon-192.png" />
    <link rel="icon" type="image/png" href="favicon.png" />
    <title>drimain_mobile</title>
    <link rel="manifest" href="manifest.json" />
  </head>
  <body>
    <!-- Jednorazowe wyrejestrowanie wszystkich Service Workerów -->
    <script>
      (function() {
        try {
          const KEY = 'sw-cleanup-done';
          if ('serviceWorker' in navigator && !localStorage.getItem(KEY)) {
            navigator.serviceWorker.getRegistrations().then(regs => {
              Promise.all(regs.map(r => r.unregister())).then(() => {
                localStorage.setItem(KEY, '1');
                location.reload();
              });
            }).catch(() => {});
          }
        } catch (e) {}
      })();
    </script>
    <script src="flutter_bootstrap.js" async></script>
  </body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 66.33.22.101:443 · app.drimain.com

2026-01-02 09:05

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Length: 1281
Content-Security-Policy: default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval';
Content-Type: text/html;charset=UTF-8
Date: Fri, 02 Jan 2026 09:05:37 GMT
Expires: 0
Last-Modified: Thu, 20 Nov 2025 08:52:10 GMT
Pragma: no-cache
Referrer-Policy: no-referrer
Server: railway-edge
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Railway-Edge: railway/us-east4-eqdc4a
X-Railway-Request-Id: 2CzlvQ8gRvOIFKPHCx5-qw
X-Xss-Protection: 0
Connection: close

Page title: drimain_mobile

<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8" />
    <meta content="IE=Edge" http-equiv="X-UA-Compatible" />
    <meta name="description" content="A new Flutter project." />
    <base href="/" />
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="black" />
    <meta name="apple-mobile-web-app-title" content="drimain_mobile" />
    <link rel="apple-touch-icon" href="icons/Icon-192.png" />
    <link rel="icon" type="image/png" href="favicon.png" />
    <title>drimain_mobile</title>
    <link rel="manifest" href="manifest.json" />
  </head>
  <body>
    <!-- Jednorazowe wyrejestrowanie wszystkich Service Workerów -->
    <script>
      (function() {
        try {
          const KEY = 'sw-cleanup-done';
          if ('serviceWorker' in navigator && !localStorage.getItem(KEY)) {
            navigator.serviceWorker.getRegistrations().then(regs => {
              Promise.all(regs.map(r => r.unregister())).then(() => {
                localStorage.setItem(KEY, '1');
                location.reload();
              });
            }).catch(() => {});
          }
        } catch (e) {}
      })();
    </script>
    <script src="flutter_bootstrap.js" async></script>
  </body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

app.drimain.com

Fingerprint:

df715ae67f760a4b51152faa5c05680c1ddbe4d2173f6ac4f6e47f07ff443efb

CN:

app.drimain.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-27 15:32

Not after:

2026-02-25 15:32

Domain summary

app.drimain.com 2

1 recorded

IP summary

66.33.22.101 2

1 recorded