Domain staging.runspace.app
The Netherlands
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-03 07:03
Last seen 2026-01-09 15:10
Open for 37 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60aa87cc500ad7979666d6f7f6eb6d3a97eb6d3a97Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /api/v1/agents GET /api/v1/scripts GET /api/v1/scripts/{id} POST /api/v1/executionsFound on 2026-01-09 15:10
-
-
Open service 20.101.2.157:443 · staging.runspace.app
2026-01-09 15:10
HTTP/1.1 200 OK Content-Length: 503 Connection: close Content-Type: text/html Date: Fri, 09 Jan 2026 15:12:00 GMT Cache-Control: public, max-age=31536000, immutable ETag: "62048829" Last-Modified: Fri, 26 Dec 2025 05:40:54 GMT Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Referrer-Policy: same-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-DNS-Prefetch-Control: off Page title: Runspace <!DOCTYPE html> <html lang="en" class="dark"> <head> <meta charset="UTF-8" /> <link rel="icon" type="image/svg+xml" href="/favicon.svg" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Runspace</title> <script type="module" crossorigin src="/assets/index-CFpy6ScE.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-OiHZkjRP.css"> </head> <body> <div id="root"></div> </body> </html>Found 3 days ago by HttpPluginCreate report
-
Open service 20.101.2.157:443 · staging.runspace.app
2026-01-02 12:17
HTTP/1.1 200 OK Content-Length: 503 Connection: close Content-Type: text/html Date: Fri, 02 Jan 2026 12:17:38 GMT Cache-Control: public, max-age=31536000, immutable ETag: "62048829" Last-Modified: Fri, 26 Dec 2025 05:40:54 GMT Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Referrer-Policy: same-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-DNS-Prefetch-Control: off Page title: Runspace <!DOCTYPE html> <html lang="en" class="dark"> <head> <meta charset="UTF-8" /> <link rel="icon" type="image/svg+xml" href="/favicon.svg" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Runspace</title> <script type="module" crossorigin src="/assets/index-CFpy6ScE.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-OiHZkjRP.css"> </head> <body> <div id="root"></div> </body> </html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 20.101.2.157:443 · staging.runspace.app
2025-12-22 19:00
HTTP/1.1 200 OK Content-Length: 503 Connection: close Content-Type: text/html Date: Mon, 22 Dec 2025 19:00:52 GMT Cache-Control: public, max-age=31536000, immutable ETag: "12929291" Last-Modified: Fri, 12 Dec 2025 05:41:04 GMT Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Referrer-Policy: same-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-DNS-Prefetch-Control: off Page title: Runspace <!DOCTYPE html> <html lang="en" class="dark"> <head> <meta charset="UTF-8" /> <link rel="icon" type="image/svg+xml" href="/favicon.svg" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Runspace</title> <script type="module" crossorigin src="/assets/index-5OozLiEr.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-o19SjJlN.css"> </head> <body> <div id="root"></div> </body> </html>Found 2025-12-22 by HttpPluginCreate report
-
Open service 20.101.2.157:443 · staging.runspace.app
2025-12-20 20:11
HTTP/1.1 200 OK Content-Length: 503 Connection: close Content-Type: text/html Date: Sat, 20 Dec 2025 20:11:15 GMT Cache-Control: public, max-age=31536000, immutable ETag: "12929291" Last-Modified: Fri, 12 Dec 2025 05:41:04 GMT Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Referrer-Policy: same-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-DNS-Prefetch-Control: off Page title: Runspace <!DOCTYPE html> <html lang="en" class="dark"> <head> <meta charset="UTF-8" /> <link rel="icon" type="image/svg+xml" href="/favicon.svg" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Runspace</title> <script type="module" crossorigin src="/assets/index-5OozLiEr.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-o19SjJlN.css"> </head> <body> <div id="root"></div> </body> </html>Found 2025-12-20 by HttpPluginCreate report
-
Open service 20.101.2.157:443 · staging.runspace.app
2025-12-19 00:49
HTTP/1.1 200 OK Content-Length: 503 Connection: close Content-Type: text/html Date: Fri, 19 Dec 2025 00:49:31 GMT Cache-Control: public, max-age=31536000, immutable ETag: "12929291" Last-Modified: Fri, 12 Dec 2025 05:41:04 GMT Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Referrer-Policy: same-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-DNS-Prefetch-Control: off Page title: Runspace <!DOCTYPE html> <html lang="en" class="dark"> <head> <meta charset="UTF-8" /> <link rel="icon" type="image/svg+xml" href="/favicon.svg" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Runspace</title> <script type="module" crossorigin src="/assets/index-5OozLiEr.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-o19SjJlN.css"> </head> <body> <div id="root"></div> </body> </html>Found 2025-12-19 by HttpPluginCreate report