marco 3.2
tcp/443 tcp/80
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Open service 185.232.59.135:80 · hyx.icu
2026-01-22 21:42
HTTP/1.1 200 OK Server: marco/3.2 Date: Thu, 22 Jan 2026 21:42:45 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Alt-Svc: h3-27=":443"; ma=86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=da0eef80-da90-46f8-893a-e262e9f4b6f6; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Content-Language: en-US X-Request-Id: 7a007bf33aea9c71f68816f11fd63f73 Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-165, T.133.D, M.gtt-de-fra3-133
Open service 185.232.59.135:443 · hyx.icu
2026-01-12 19:31
HTTP/1.1 400 Bad Request Server: marco/3.2 Date: Mon, 12 Jan 2026 19:31:46 GMT Content-Type: text/html Content-Length: 252 Connection: close Page title: 400 The plain HTTP request was sent to HTTPS port <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>marco/3.2</center> </body> </html>
Open service 185.232.59.135:80 · hyx.icu
2026-01-12 19:31
HTTP/1.1 200 OK Server: marco/3.2 Date: Mon, 12 Jan 2026 19:31:47 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Alt-Svc: h3-27=":443"; ma=86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=4e1fce64-88e4-41ce-ad8f-134bf039021c; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Content-Language: en-US X-Request-Id: b19f8fad6704bbe4cf6e0e0bbfd6af81 Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-167, T.133.D, M.gtt-de-fra3-133
Open service 185.232.59.135:80 · hyx.icu
2026-01-09 21:41
HTTP/1.1 200 OK Server: marco/3.2 Date: Fri, 09 Jan 2026 21:41:18 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Alt-Svc: h3-27=":443"; ma=86400 X-Source: C/200 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Set-Cookie: XSRF-TOKEN=f7470c50-e7f2-4f41-bf0f-adc3139e9e4a; Path=/; HTTPOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Expires: 0 Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Content-Language: en-US X-Request-Id: 7e8d3dd811aad306e9cc5c2e2348c987 Via: S.pcw-cn-hkg-167, T.167.D, V.pcw-cn-hkg-167, T.133.D, M.gtt-de-fra3-133