cloudflare
tcp/443
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3cac1da9f290bb12d9538c48a62f331d673df38b2
GraphQL introspection enabled at /graphql Types: 16 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 9, SCALAR: 4) Operations: - Query: Query | fields: admins, content, contents Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5) Readable stores: 0
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
Public Swagger UI/API detected at path: /api-docs/swagger.json
Open service 104.21.24.129:443 · preview-cms.woo-hoo.ae
2026-01-23 15:37
HTTP/1.1 302 Found
Date: Fri, 23 Jan 2026 15:37:51 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 28
Connection: close
access-control-allow-origin: *
location: /admin
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept
x-frame-options: DENY
x-xss-protection: 0
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=9,cfOrigin;dur=691
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=XmKC4RLRA5%2FuUoWZulaVmq7BvmCo7xvDbUEr%2FyyvWlBbMRVShtNMLWYkQ6anydqW8T5PiXL01mwP619S%2BNk9wfwXYbcPjpjCuvfPQgxZvMZAcVfveLc%3D"}]}
Server: cloudflare
CF-RAY: 9c285fe9fd1e5642-EWR
alt-svc: h3=":443"; ma=86400
Found. Redirecting to /admin
Open service 104.21.24.129:443 · preview-cms.woo-hoo.ae
2026-01-23 12:50
HTTP/1.1 302 Found
Date: Fri, 23 Jan 2026 12:50:04 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 28
Connection: close
access-control-allow-origin: *
location: /admin
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept
x-frame-options: DENY
x-xss-protection: 0
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SAOYpTlOQMp04VOO4b0LR%2FZh%2FkpjBr2W%2FDLRwDkqWXlETgy87bOpFa5wD9vvWdqwoU%2BjtuAoekEmTL4nVieRGdrI%2FzoXNA3InSbyeHwqFlKBKeUryQI%3D"}]}
Server: cloudflare
CF-RAY: 9c276a273b1c9b4e-AMS
alt-svc: h3=":443"; ma=86400
Found. Redirecting to /admin
Open service 104.21.24.129:443 · preview-cms.woo-hoo.ae
2026-01-10 02:22
HTTP/1.1 302 Found
Date: Sat, 10 Jan 2026 02:22:08 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 28
Connection: close
access-control-allow-origin: *
location: /admin
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept
x-frame-options: DENY
x-xss-protection: 0
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=7,cfOrigin;dur=699
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=268JtFrKHaheMvWtlnjBe693nCJUTA%2BFISbvG9AU4Js58mb5DSnuw3LElWyqTZwneR1Ywh%2FlUCjn0%2FyWvBVp4fe%2FuZUYZCAVMUcXQvopEkwKXKSI6LM%3D"}]}
Server: cloudflare
CF-RAY: 9bb8b470281c1705-EWR
alt-svc: h3=":443"; ma=86400
Found. Redirecting to /admin