Domain portal.hmctrader.com
United States
Software information
nginx 1.14.0
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-30 15:27
Last seen 2026-02-10 00:27
Open for 102 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-02-10 00:27
-
-
Open service 3.216.42.100:443 · portal.hmctrader.com
2026-01-23 03:56
HTTP/1.1 302 Found Server: nginx/1.14.0 (Ubuntu) Date: Fri, 23 Jan 2026 03:56:23 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Connection: close X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept Location: /v2/app Vary: Accept, Accept-Encoding Set-Cookie: connect.sid=s%3AwlYhHjHvjlzmeLggLnuUmzAC-9TLBKFP.Jm3L71Jeixymu2XRNzxpbI3fRCmYF6AwknaHdZnT4y4; Path=/; HttpOnly Found. Redirecting to /v2/app
Found 2026-01-23 by HttpPluginCreate report
-
Open service 3.216.42.100:443 · portal.hmctrader.com
2026-01-10 00:31
HTTP/1.1 302 Found Server: nginx/1.14.0 (Ubuntu) Date: Sat, 10 Jan 2026 00:31:34 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Connection: close X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept Location: /v2/app Vary: Accept, Accept-Encoding Set-Cookie: connect.sid=s%3AtMoEkn1QXIpAF2blcK1szio97GvFfG8u.K8pRFsDU81nHzExkq7glUryC3yiM5dU2jI0mQ8C5vdo; Path=/; HttpOnly Found. Redirecting to /v2/app
Found 2026-01-10 by HttpPluginCreate report
-
Open service 3.216.42.100:443 · portal.hmctrader.com
2026-01-02 20:15
HTTP/1.1 302 Found Server: nginx/1.14.0 (Ubuntu) Date: Fri, 02 Jan 2026 20:15:35 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Connection: close X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept Location: /v2/app Vary: Accept, Accept-Encoding Set-Cookie: connect.sid=s%3AaMyjk8tnokvQtcZ_CCS7y4XNaSlbs5V3.%2BXLltdhhatX6KeOycQvlRGw41Nn1tVBgsEloqnvmtLk; Path=/; HttpOnly Found. Redirecting to /v2/app
Found 2026-01-02 by HttpPluginCreate report
-
Open service 3.216.42.100:443 · portal.hmctrader.com
2025-12-23 03:15
HTTP/1.1 302 Found Server: nginx/1.14.0 (Ubuntu) Date: Tue, 23 Dec 2025 03:15:46 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Connection: close X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept Location: /v2/app Vary: Accept, Accept-Encoding Set-Cookie: connect.sid=s%3A2ijTp6MaIdNSblAVPdkvFCQYM7CNuCz8.EVCLIe5Nh0QFFxztvo%2Fi4TgImEni%2FxdgQSIWRlvbbe0; Path=/; HttpOnly Found. Redirecting to /v2/app
Found 2025-12-23 by HttpPluginCreate report