Domain hltool.top
Germany
Software information
marco 3.2
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-13 01:28
Last seen 2026-01-21 21:04
Open for 69 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Found on 2026-01-21 21:04
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-13 20:19
Last seen 2026-02-02 01:23
Open for 80 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Found on 2026-02-02 01:23
-
-
Open service 185.232.59.135:443 · www.hltool.top
2026-01-23 15:11
HTTP/1.1 200 OK Server: marco/3.2 Date: Fri, 23 Jan 2026 15:11:47 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS Access-Control-Max-Age: 86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=b59386b1-4cc5-41c7-95ca-6b7f81efac00; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Content-Language: zh-CN Referrer-Policy: strict-origin-when-cross-origin Vary: User-Agent X-Request-Id: 1b258f39d7253214e78038745f75dd1b Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-167, T.133.D, M.gtt-de-fra3-133
Found 2026-01-23 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · hltool.top
2026-01-21 21:04
HTTP/1.1 200 OK Server: marco/3.2 Date: Wed, 21 Jan 2026 21:04:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS Access-Control-Max-Age: 86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=accf7c87-3816-4d7b-92f4-12481d302137; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Content-Language: zh-CN Referrer-Policy: strict-origin-when-cross-origin Vary: User-Agent X-Request-Id: b6d8cfae944a2dc4d069a1578864628f Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-167, T.133.D, M.gtt-de-fra3-133
Found 2026-01-21 by HttpPluginCreate report
-
Open service 185.232.59.135:80 · hltool.top
2026-01-21 21:04
HTTP/1.1 301 Moved Permanently Server: marco/3.2 Date: Wed, 21 Jan 2026 21:04:27 GMT Content-Type: text/html Content-Length: 166 Connection: close Location: https://hltool.top/ Via: M.gtt-de-fra3-133 X-Request-Id: c4ad8a1761ddd24fd27ab21784a53535 Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>marco/3.2</center> </body> </html>
Found 2026-01-21 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · www.hltool.top
2026-01-21 21:04
HTTP/1.1 200 OK Server: marco/3.2 Date: Wed, 21 Jan 2026 21:04:17 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS Access-Control-Max-Age: 86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=960e93de-68a7-444a-a1aa-0db578e343ed; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Content-Language: zh-CN Referrer-Policy: strict-origin-when-cross-origin Vary: User-Agent X-Request-Id: c7e297a525a66acd863b1786979430f8 Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-167, T.133.D, M.gtt-de-fra3-133
Found 2026-01-21 by HttpPluginCreate report
-
Open service 185.232.59.135:80 · www.hltool.top
2026-01-21 21:04
HTTP/1.1 301 Moved Permanently Server: marco/3.2 Date: Wed, 21 Jan 2026 21:04:15 GMT Content-Type: text/html Content-Length: 166 Connection: close Location: https://www.hltool.top/ Via: M.gtt-de-fra3-133 X-Request-Id: 933f42db16b660a76b0d9439b5458601 Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>marco/3.2</center> </body> </html>
Found 2026-01-21 by HttpPluginCreate report
-
Open service 185.232.59.135:80 · cdn.hltool.top
2026-01-11 23:52
HTTP/1.1 301 Moved Permanently Server: marco/3.2 Date: Sun, 11 Jan 2026 23:52:39 GMT Content-Type: text/html Content-Length: 166 Connection: close Location: https://cdn.hltool.top/ Via: M.gtt-de-fra3-133 X-Request-Id: 4e04aa6ba6d7a5b3e0e4910c59c3e2e5 Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>marco/3.2</center> </body> </html>
Found 2026-01-11 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · cdn.hltool.top
2026-01-11 23:52
HTTP/1.1 404 Not Found Server: marco/3.2 Date: Sun, 11 Jan 2026 23:52:38 GMT Content-Type: text/html Content-Length: 569 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH Access-Control-Max-Age: 86400 X-Request-Id: 012c5daf551024c1cfeebd3fb6ad3d80; 41421a5121023f8956a7e9310cd732d4; 473ad67e1290908582e200f67d6995d9 X-Source: U/404 Expires: Sun, 11 Jan 2026 23:53:50 GMT Cache-Control: max-age=300 Age: 228 Via: T.208.L, V.403-zj-fud-200, S.pcw-cn-hkg-166, T.166.H, V.pcw-cn-hkg-167, T.133.H, M.gtt-de-fra3-133 Page title: 404 Not Found <html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>kuzan/0.10</center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page -->
Found 2026-01-11 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · api.hltool.top
2026-01-10 09:47
HTTP/1.1 400 Bad Request Server: marco/3.2 Date: Sat, 10 Jan 2026 09:47:51 GMT Content-Type: text/html Content-Length: 252 Connection: close Page title: 400 The plain HTTP request was sent to HTTPS port <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>marco/3.2</center> </body> </html>
Found 2026-01-10 by HttpPluginCreate report
-
Open service 185.232.59.135:80 · api.hltool.top
2026-01-10 09:47
HTTP/1.1 403 Forbidden Server: marco/3.2 Date: Sat, 10 Jan 2026 09:47:51 GMT Content-Type: text/html Content-Length: 153 Connection: close Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS Access-Control-Max-Age: 86400 X-Source: C/403 Vary: User-Agent X-Request-Id: 268788c25a8b5487919ede5bd0f4eb15 Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-164, T.133.D, M.gtt-de-fra3-133 Page title: 403 Forbidden <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.28.0</center> </body> </html>
Found 2026-01-10 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · www.hltool.top
2026-01-09 23:25
HTTP/1.1 200 OK Server: marco/3.2 Date: Fri, 09 Jan 2026 23:25:51 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS Access-Control-Max-Age: 86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=0c135a2c-886c-4791-9314-4a3384ff4608; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Content-Language: zh-CN Referrer-Policy: strict-origin-when-cross-origin Vary: User-Agent X-Request-Id: e2a4a530640e003fadaaf080d7362444 Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-167, T.133.D, M.gtt-de-fra3-133
Found 2026-01-09 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · hltool.top
2026-01-09 05:22
HTTP/1.1 200 OK Server: marco/3.2 Date: Fri, 09 Jan 2026 05:22:44 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS Access-Control-Max-Age: 86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=93809255-6d1d-4aee-a24f-3b2d95d464ac; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Content-Language: zh-CN Referrer-Policy: strict-origin-when-cross-origin Vary: User-Agent X-Request-Id: 9e0f46fbb976dfa52a15a3ddad92cd3f Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-163, T.133.D, M.gtt-de-fra3-133
Found 2026-01-09 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · hltool.top
2026-01-02 05:12
HTTP/1.1 200 OK Server: marco/3.2 Date: Fri, 02 Jan 2026 05:12:59 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS Access-Control-Max-Age: 86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=4db49d46-d8a7-47db-9013-6d73230cead2; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Content-Language: zh-CN Referrer-Policy: strict-origin-when-cross-origin Vary: User-Agent X-Request-Id: 099168132442577091787fe5439cfbe2 Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-166, T.133.D, M.gtt-de-fra3-133
Found 2026-01-02 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · www.hltool.top
2025-12-23 08:32
HTTP/1.1 200 OK Server: marco/3.2 Date: Tue, 23 Dec 2025 08:32:38 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS Access-Control-Max-Age: 86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=bb1345ee-72ad-445e-a36e-2077544d5dc1; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Content-Language: zh-CN Referrer-Policy: strict-origin-when-cross-origin Vary: User-Agent X-Request-Id: 24607fbe2bf8ae4367903b571a79dfe6 Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-167, T.133.D, M.gtt-de-fra3-133
Found 2025-12-23 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · hltool.top
2025-12-22 16:12
HTTP/1.1 200 OK Server: marco/3.2 Date: Mon, 22 Dec 2025 16:12:22 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: *.cmxz.top Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS Access-Control-Max-Age: 86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=de516259-52b1-404f-afe5-16a68370026a; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Content-Language: zh-CN Referrer-Policy: strict-origin-when-cross-origin Vary: User-Agent X-Request-Id: a2c444cdce17ff5f40bffbde3d3c6eb3 Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-166, T.133.D, M.gtt-de-fra3-133
Found 2025-12-22 by HttpPluginCreate report