Domain xlingran.com
China
Software information
SLT-MID
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-13 09:50
Last seen 2026-02-09 13:33
Open for 88 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Found on 2026-02-09 13:33
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-13 09:50
Last seen 2026-02-08 18:00
Open for 87 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Found on 2026-02-08 18:00
-
-
Open service 42.56.64.131:443 · www.xlingran.com
2026-01-23 10:03
HTTP/1.1 200 OK Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Content-Type: text/html Content-Language: zh-CN Pragma: no-cache Expires: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 Referrer-Policy: strict-origin-when-cross-origin set-cookie: XSRF-TOKEN=d257ad19-65b8-4464-9fe8-62e240ad7ff5; Path=/; HTTPOnly Server: SLT-MID Date: Fri, 23 Jan 2026 10:04:05 GMT X-Cache-Lookup: Cache Miss Cache-Control: must-revalidate, no-cache, no-store, max-age=0 Age: 0 Transfer-Encoding: chunked X-NWS-LOG-UUID: 15781366276431566229 Connection: close X-Cache-Lookup: Cache Miss
Found 2026-01-23 by HttpPluginCreate report
-
Open service 42.56.64.131:443 · www.xlingran.com
2026-01-09 09:13
HTTP/1.1 200 OK Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Content-Type: text/html Content-Language: zh-CN Pragma: no-cache Expires: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 Referrer-Policy: strict-origin-when-cross-origin set-cookie: XSRF-TOKEN=716a8a0a-63ff-46e1-a4be-1133287635de; Path=/; HTTPOnly Server: SLT-MID Date: Fri, 09 Jan 2026 09:14:17 GMT X-Cache-Lookup: Cache Miss Cache-Control: must-revalidate, no-cache, no-store, max-age=0 Age: 0 Transfer-Encoding: chunked X-NWS-LOG-UUID: 2281123637829979734 Connection: close X-Cache-Lookup: Cache Miss
Found 2026-01-09 by HttpPluginCreate report
-
Open service 42.56.64.131:443 · www.xlingran.com
2026-01-02 12:51
HTTP/1.1 200 OK Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Content-Type: text/html Content-Language: zh-CN Pragma: no-cache Expires: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 Referrer-Policy: strict-origin-when-cross-origin set-cookie: XSRF-TOKEN=a76223fe-1378-4238-b0b0-1f4ede0cb3fe; Path=/; HTTPOnly Server: SLT-MID Date: Fri, 02 Jan 2026 12:51:22 GMT X-Cache-Lookup: Cache Miss Cache-Control: must-revalidate, no-cache, no-store, max-age=0 Age: 0 Transfer-Encoding: chunked X-NWS-LOG-UUID: 11130390441259292464 Connection: close X-Cache-Lookup: Cache Miss
Found 2026-01-02 by HttpPluginCreate report
-
Open service 42.56.64.131:443 · www.xlingran.com
2025-12-22 18:49
HTTP/1.1 200 OK Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Content-Type: text/html Content-Language: en-US Pragma: no-cache Expires: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 Referrer-Policy: strict-origin-when-cross-origin set-cookie: XSRF-TOKEN=9f58cf93-1435-424a-a00e-438ed7891f90; Path=/; HTTPOnly Server: SLT-MID Date: Mon, 22 Dec 2025 18:49:26 GMT X-Cache-Lookup: Cache Miss Cache-Control: must-revalidate, no-cache, no-store, max-age=0 Age: 0 Transfer-Encoding: chunked X-NWS-LOG-UUID: 789969934222256686 Connection: close X-Cache-Lookup: Cache Miss
Found 2025-12-22 by HttpPluginCreate report