Domain pr.location-tool.com
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-06 23:11
Last seen 2026-01-09 15:55
Open for 33 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1a5b21685a5b21685a5b21685a5b21685a5b21685a5b21685Public Swagger UI/API detected at path: /swagger/v1/swagger.json
Found on 2026-01-09 15:55
-
-
Open service 172.66.43.149:443 · pr.location-tool.com
2026-01-09 15:55
HTTP/1.1 403 Forbidden Date: Fri, 09 Jan 2026 15:55:55 GMT Content-Type: application/json; charset=utf-8 Content-Length: 29 Connection: close Server: cloudflare CF-Ray: 9bb51f298a7043a5-EWR CF-Cache-Status: DYNAMIC ETag: W/"1d-8djvAhRUKZT8p0dTJs0KHH1aUhs" Set-Cookie: user_country=US; Path=/; Expires=Fri, 31 Dec 9999 00:00:00 GMT; Secure; SameSite=Lax Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Authorization, x-site, x-language Access-Control-Allow-Methods: GET, POST, PUT, DELETE Access-Control-Expose-Headers: x-site Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 speculation-rules: "/cdn-cgi/speculation" alt-svc: h3=":443"; ma=86400 {"message":"Origin Required"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 172.66.43.149:443 · pr.location-tool.com
2026-01-02 09:34
HTTP/1.1 403 Forbidden Date: Fri, 02 Jan 2026 09:34:00 GMT Content-Type: application/json; charset=utf-8 Content-Length: 29 Connection: close Server: cloudflare CF-Ray: 9b7942160ea8ef4e-LHR CF-Cache-Status: DYNAMIC ETag: W/"1d-8djvAhRUKZT8p0dTJs0KHH1aUhs" Set-Cookie: user_country=GB; Path=/; Expires=Fri, 31 Dec 9999 00:00:00 GMT; Secure; SameSite=Lax Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Authorization, x-site, x-language Access-Control-Allow-Methods: GET, POST, PUT, DELETE Access-Control-Expose-Headers: x-site Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 speculation-rules: "/cdn-cgi/speculation" alt-svc: h3=":443"; ma=86400 {"message":"Origin Required"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 172.66.43.149:443 · pr.location-tool.com
2025-12-24 23:19
HTTP/1.1 403 Forbidden Date: Wed, 24 Dec 2025 23:19:36 GMT Content-Type: application/json; charset=utf-8 Content-Length: 29 Connection: close Server: cloudflare CF-Ray: 9b33d317bb1a443e-EWR CF-Cache-Status: DYNAMIC ETag: W/"1d-8djvAhRUKZT8p0dTJs0KHH1aUhs" Set-Cookie: user_country=US; Path=/; Expires=Fri, 31 Dec 9999 00:00:00 GMT; Secure; SameSite=Lax Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Authorization, x-site, x-language Access-Control-Allow-Methods: GET, POST, PUT, DELETE Access-Control-Expose-Headers: x-site Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 speculation-rules: "/cdn-cgi/speculation" alt-svc: h3=":443"; ma=86400 {"message":"Origin Required"}Found 2025-12-24 by HttpPluginCreate report
-
Open service 172.66.43.149:443 · pr.location-tool.com
2025-12-22 23:55
HTTP/1.1 403 Forbidden Date: Mon, 22 Dec 2025 23:55:22 GMT Content-Type: application/json; charset=utf-8 Content-Length: 29 Connection: close Server: cloudflare CF-Ray: 9b238cb9ec57e85a-FRA CF-Cache-Status: DYNAMIC ETag: W/"1d-8djvAhRUKZT8p0dTJs0KHH1aUhs" Set-Cookie: user_country=DE; Path=/; Expires=Fri, 31 Dec 9999 00:00:00 GMT; Secure; SameSite=Lax Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Authorization, x-site, x-language Access-Control-Allow-Methods: GET, POST, PUT, DELETE Access-Control-Expose-Headers: x-site Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 speculation-rules: "/cdn-cgi/speculation" alt-svc: h3=":443"; ma=86400 {"message":"Origin Required"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 172.66.43.149:443 · pr.location-tool.com
2025-12-20 05:31
HTTP/1.1 403 Forbidden Date: Sat, 20 Dec 2025 05:31:51 GMT Content-Type: application/json; charset=utf-8 Content-Length: 29 Connection: close Server: cloudflare CF-Ray: 9b0cc17b9bdc9f37-FRA CF-Cache-Status: DYNAMIC ETag: W/"1d-8djvAhRUKZT8p0dTJs0KHH1aUhs" Set-Cookie: user_country=DE; Path=/; Expires=Fri, 31 Dec 9999 00:00:00 GMT; Secure; SameSite=Lax Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Authorization, x-site, x-language Access-Control-Allow-Methods: GET, POST, PUT, DELETE Access-Control-Expose-Headers: x-site Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer X-Content-Type-Options: nosniff X-DNS-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 speculation-rules: "/cdn-cgi/speculation" alt-svc: h3=":443"; ma=86400 {"message":"Origin Required"}Found 2025-12-20 by HttpPluginCreate report