LeakIX - Host docs.daraa.io

Domain docs.daraa.io

United States

AMAZON-02

Software information

Vercel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 66.33.60.193
Domain: docs.daraa.io
Port: 443
URL: https://docs.daraa.io

First seen 2025-12-05 23:18
Last seen 2026-01-10 01:53
Open for 35 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43d2030266de75b750e7aecaed74e6196e8ad696e4
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /approval-chains
GET /currencies
GET /purchases
GET /purchases/{id}
GET /shoppers
GET /shoppers/{id}
GET /shoppers/{id}/orders
GET /sku
GET /sku/warehouse/{id}/{merchant}/{sku}
GET /sku/{merchant}/{sku}
GET /sku/{merchant}/{sku}/{zip}
GET /subscriptions
GET /suppliers
GET /suppliers/{id}
GET /suppliers/{id}/compliance
GET /suppliers/{id}/payment-methods
GET /suppliers/{id}/products
GET /suppliers/{id}/relationships
POST /customers
POST /items
POST /merchants/{id}/{store}
POST /orders
POST /purchases/{id}/approve
POST /sku/shippo/{merchant}/{sku}/{qty}
```
  Found on 2026-01-10 01:53
Create report

Open service 66.33.60.193:443 · docs.daraa.io

2026-01-10 01:53

HTTP/1.1 307 Temporary Redirect
Age: 3
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Cf-Cache-Status: HIT
Cf-Ray: 9bb88a827da09bf4-FRA
Content-Security-Policy: worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'none'; form-action 'self' https://codesandbox.io;
Content-Type: text/html; charset=utf-8
Date: Sat, 10 Jan 2026 01:53:29 GMT
Expires: 0
Location: /welcome/introduction
Pragma: no-cache
Server: Vercel
Strict-Transport-Security: max-age=63072000
Vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding
X-Cache-Key: daraainc/3/dpl_8D6tB4pik35SQUezohqEvfSeLqd7/#html=html
X-Frame-Options: DENY
X-Matched-Path: /_sites/[subdomain]/[[...slug]]
X-Mint-Proxy-Version: 1.0.0-prod
X-Mintlify-Client-Version: 0.0.2322
X-Nextjs-Prerender: 1
X-Nextjs-Stale-Time: 60
X-Powered-By: Next.js
X-Served-Version: dpl_8D6tB4pik35SQUezohqEvfSeLqd7
X-Vercel-Cache: MISS
X-Vercel-Id: fra1:sin1:iad1::iad1::qdkq9-1768010009970-054f4d5172fd
X-Vercel-Project-Id: prj_3kakCEKDVpOxnQIJmKyTWs83RXEa
X-Version: dpl_8D6tB4pik35SQUezohqEvfSeLqd7
Connection: close
Transfer-Encoding: chunked

Found 2 days ago by HttpPlugin

Create report

Open service 66.33.60.193:443 · docs.daraa.io

2026-01-03 00:14

HTTP/1.1 307 Temporary Redirect
Age: 66663
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Cf-Cache-Status: HIT
Cf-Ray: 9b7e4c24cf7ffdf7-SIN
Content-Security-Policy: worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'none'; form-action 'self' https://codesandbox.io;
Content-Type: text/html; charset=utf-8
Date: Sat, 03 Jan 2026 00:14:41 GMT
Expires: 0
Location: /welcome/introduction
Pragma: no-cache
Server: Vercel
Strict-Transport-Security: max-age=63072000
Vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding
X-Cache-Key: daraainc/3/dpl_4XFBvuQZRbGbGdosGaWHBJ4Yvy2g/#html=html
X-Frame-Options: DENY
X-Matched-Path: /_sites/[subdomain]/[[...slug]]
X-Mint-Proxy-Version: 1.0.0-prod
X-Mintlify-Client-Version: 0.0.2277
X-Nextjs-Prerender: 1
X-Nextjs-Stale-Time: 60
X-Powered-By: Next.js
X-Served-Version: dpl_4XFBvuQZRbGbGdosGaWHBJ4Yvy2g
X-Vercel-Cache: MISS
X-Vercel-Id: sin1:fra1:iad1::iad1::7gsm6-1767399281372-c1b727ea27eb
X-Vercel-Project-Id: prj_3kakCEKDVpOxnQIJmKyTWs83RXEa
X-Version: dpl_4XFBvuQZRbGbGdosGaWHBJ4Yvy2g
Connection: close
Transfer-Encoding: chunked

Found 2026-01-03 by HttpPlugin

Create report

Open service 66.33.60.193:443 · docs.daraa.io

2025-12-23 02:31

HTTP/1.1 307 Temporary Redirect
Age: 0
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Cf-Cache-Status: HIT
Cf-Ray: 9b2471444821787f-SJC
Content-Security-Policy: worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'none'; form-action 'self' https://codesandbox.io;
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Dec 2025 02:31:23 GMT
Expires: 0
Location: /welcome/introduction
Pragma: no-cache
Server: Vercel
Strict-Transport-Security: max-age=63072000
Vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding
X-Cache-Key: daraainc/3/dpl_6ZHVLWyeVP6jWLxpWCYpjoSfdaJC/#html=html
X-Frame-Options: DENY
X-Matched-Path: /_sites/[subdomain]/[[...slug]]
X-Mint-Proxy-Version: 1.0.0-prod
X-Mintlify-Client-Version: 0.0.2260
X-Nextjs-Prerender: 1
X-Nextjs-Stale-Time: 60
X-Powered-By: Next.js
X-Served-Version: dpl_6ZHVLWyeVP6jWLxpWCYpjoSfdaJC
X-Vercel-Cache: MISS
X-Vercel-Id: sfo1:sfo1:iad1::iad1::8j7k6-1766457083532-0b8fbedc027e
X-Vercel-Project-Id: prj_3kakCEKDVpOxnQIJmKyTWs83RXEa
X-Version: dpl_6ZHVLWyeVP6jWLxpWCYpjoSfdaJC
Connection: close
Transfer-Encoding: chunked

Found 2025-12-23 by HttpPlugin

Create report

Open service 66.33.60.193:443 · docs.daraa.io

2025-12-21 09:32

HTTP/1.1 307 Temporary Redirect
Age: 0
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Cf-Cache-Status: HIT
Cf-Ray: 9b165fcccc82cee6-FRA
Content-Security-Policy: worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'none'; form-action 'self' https://codesandbox.io;
Content-Type: text/html; charset=utf-8
Date: Sun, 21 Dec 2025 09:32:47 GMT
Expires: 0
Location: /welcome/introduction
Pragma: no-cache
Server: Vercel
Strict-Transport-Security: max-age=63072000
Vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding
X-Cache-Key: daraainc/3/dpl_Am2MrsnzZG4iGXzGVy3nCQNR1oor/#html=html
X-Frame-Options: DENY
X-Matched-Path: /_sites/[subdomain]/[[...slug]]
X-Mint-Proxy-Version: 1.0.0-prod
X-Mintlify-Client-Version: 0.0.2252
X-Nextjs-Prerender: 1
X-Nextjs-Stale-Time: 60
X-Powered-By: Next.js
X-Served-Version: dpl_Am2MrsnzZG4iGXzGVy3nCQNR1oor
X-Vercel-Cache: HIT
X-Vercel-Cache-Key: GEThttpsmain-ffjhfxym2.mintlify.review/daraainc.main.mintlify.me_sites/[subdomain]/[[...slug]]:nxtPsubdomain=daraainc&nxtPslug=nxtPsubdomain=daraainc:::/_sites/[subdomain]/[[...slug]]|v2|29403672
X-Vercel-Cache-Level: regional
X-Vercel-Cache-Ttl: 31532583
X-Vercel-Debug: pod_id=869fb79d9c-cwt85,retried=false,invoked=true,start_type=hot,dispatcher=n1.lambda
X-Vercel-Debug-Handler-Type: edge-runtime
X-Vercel-Id: fra1:iad1:iad1:iad1::iad1::tfllh-1766309567454-3224b1c349c0
X-Vercel-Lambda-Service: serverless-function-router
X-Vercel-Prerender-Build-Output: expiration=1&group=_sites/[subdomain]/[[...slug]].rsc&initialHeaders=x-vercel-empty-fallback=true&initialHeaders=content-type=multipart/x-nextjs-extended-payload; boundary=8d4bcc98a1b6046c&prerenderPath=_sites/[subdomain]/[[...slug]]
X-Vercel-Project-Id: prj_3kakCEKDVpOxnQIJmKyTWs83RXEa
X-Version: dpl_Am2MrsnzZG4iGXzGVy3nCQNR1oor
Connection: close
Transfer-Encoding: chunked

Found 2025-12-21 by HttpPlugin

Create report

Open service 66.33.60.193:443 · docs.daraa.io

2025-12-19 11:21

HTTP/1.1 307 Temporary Redirect
Age: 0
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Cf-Cache-Status: HIT
Cf-Ray: 9b068448eda71c26-FRA
Content-Security-Policy: worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'none'; form-action 'self' https://codesandbox.io;
Content-Type: text/html; charset=utf-8
Date: Fri, 19 Dec 2025 11:21:29 GMT
Expires: 0
Location: /welcome/introduction
Pragma: no-cache
Server: Vercel
Strict-Transport-Security: max-age=63072000
Vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding
X-Cache-Key: daraainc/3/dpl_9WYRH15mVdxtTQT7LY8nRxjQZypJ/#html=html
X-Frame-Options: DENY
X-Matched-Path: /_sites/[subdomain]/[[...slug]]
X-Mint-Proxy-Version: 1.0.0-prod
X-Mintlify-Client-Version: 0.0.2239
X-Nextjs-Prerender: 1
X-Nextjs-Stale-Time: 60
X-Powered-By: Next.js
X-Served-Version: dpl_9WYRH15mVdxtTQT7LY8nRxjQZypJ
X-Vercel-Cache: MISS
X-Vercel-Id: fra1:iad1:iad1::iad1::bmvpw-1766143289682-5d22cb9a6274
X-Vercel-Project-Id: prj_3kakCEKDVpOxnQIJmKyTWs83RXEa
X-Version: dpl_9WYRH15mVdxtTQT7LY8nRxjQZypJ
Connection: close
Transfer-Encoding: chunked

Found 2025-12-19 by HttpPlugin

Create report

docs.daraa.io

Fingerprint:

36521f78270d738cfab9b055a8d468e0e5306855f830384f1cac6492633d5cc6

CN:

docs.daraa.io

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-09 23:43

Not after:

2026-03-09 23:43

Domain summary

docs.daraa.io 5

1 recorded

IP summary

66.33.60.193 2

1 recorded

Domain docs.daraa.io

United States

Software information

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Create report

docs.daraa.io

Domain summary

IP summary