Domain bazaar.averjoe.com
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-06 23:03
Last seen 2026-01-23 00:22
Open for 16 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f5e22fb4b3faa6fb800a144cc50c7a0de4e65933d07c4d39Public Swagger UI/API detected at path: /api/swagger.json - sample paths: GET /badges GET /episodes GET /episodes/blacklist GET /episodes/history GET /episodes/wanted GET /files GET /files/radarr GET /files/sonarr GET /history/stats GET /movies GET /movies/blacklist GET /movies/history GET /movies/wanted GET /plex/autopulse/config GET /plex/oauth/libraries GET /plex/oauth/pin GET /plex/oauth/pin/{pin_id}/check GET /plex/oauth/servers GET /plex/oauth/validate GET /plex/select-server GET /plex/test-connection GET /plex/webhook/list GET /providers GET /providers/episodes GET /providers/movies GET /series GET /subtitles GET /subtitles/info GET /system/announcements GET /system/backups GET /system/health GET /system/jobs GET /system/languages GET /system/languages/profiles GET /system/logs GET /system/ping GET /system/releases GET /system/searches GET /system/status GET /system/tasks POST /episodes/subtitles POST /movies/subtitles POST /plex/apikey POST /plex/encrypt-apikey POST /plex/oauth/logout POST /plex/webhook/create POST /plex/webhook/delete POST /system/webhooks/test POST /webhooks/plex POST /webhooks/radarr POST /webhooks/sonarrFound on 2026-01-23 00:22
-
-
Open service 172.67.130.14:443 · bazaar.averjoe.com
2026-01-23 00:22
HTTP/1.1 200 OK Date: Fri, 23 Jan 2026 00:22:48 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding vary: Accept-Encoding access-control-allow-origin: * x-dns-prefetch-control: off x-content-type-options: nosniff x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin x-frame-options: SAMEORIGIN Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=z79glW7HddgY1XFdH4%2FKC1U74%2FxYztJs0oKjglnVa3Ykta3ZskwBIP6fHZBJ6OQpjfuYsdetnoZeS0GHn0Sz63cHekJYTbZiGgCAYrIy1SY%3D"}]} cf-cache-status: DYNAMIC Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} Server: cloudflare CF-RAY: 9c23238a3a52c35b-EWR alt-svc: h3=":443"; ma=86400 Page title: Bazarr <!doctype html> <html lang="en"> <head> <title>Bazarr</title> <base href="/" /> <meta charset="utf-8" /> <link rel="icon" type="image/x-icon" href="./images/favicon.ico" /> <link rel="apple-touch-icon" href="./images/apple-touch-icon-180x180.png" sizes="180x180" /> <link rel="mask-icon" href="./images/maskable-icon-512x512.png" color="#FFFFFF" /> <meta name="theme-color" content="#be4bdb" /> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1" /> <meta name="description" content="Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements. You define your preferences by TV show or movie and Bazarr takes care of everything for you." /> <script type="module" crossorigin src="./assets/index-BXVwVped.js"></script> <link rel="modulepreload" crossorigin href="./assets/vendors-B1NZBNAx.js"> <link rel="modulepreload" crossorigin href="./assets/utils-Jd9mttLe.js"> <link rel="modulepreload" crossorigin href="./assets/ui-CHVy8zjG.js"> <link rel="modulepreload" crossorigin href="./assets/query-Cm1bYAZz.js"> <link rel="modulepreload" crossorigin href="./assets/react-timeago-LLfEHYGM.js"> <link rel="stylesheet" crossorigin href="./assets/index-BuFk3XKC.css"> <link rel="manifest" href="./manifest.webmanifest"><script id="vite-plugin-pwa:register-sw" src="./registerSW.js"></script></head> <body> <noscript>You need to enable JavaScript to run this app.</noscript> <div id="root"></div> <script> try { window.Bazarr = JSON.parse(`{"apiKey": "3929332d6dbc114ad21c77661dd7cd3e", "baseUrl": "", "canUpdate": true, "hasUpdate": false}`); } catch (error) {} </script> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9c23238a3a52c35b',t:'MTc2OTEyNzc2OA=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></body> </html>Found 2026-01-23 by HttpPluginCreate report
-
Open service 172.67.130.14:443 · bazaar.averjoe.com
2026-01-10 02:43
HTTP/1.1 521 <none> Date: Sat, 10 Jan 2026 02:43:51 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 9bb8d4485b8ce0c6-EWR alt-svc: h3=":443"; ma=86400 error code: 521
Found 2026-01-10 by HttpPluginCreate report