============================================================= AL MAYADEEN API ENDPOINT PROBE RESULTS Date: 2026-02-28 ~08:14 UTC ============================================================= ------------------------------------------------------------- PROBE 1: https://portal-api.almayadeen.net/api/ ------------------------------------------------------------- METHOD: HEAD STATUS: 200 OK Content-Type: text/html Server: cloudflare Last-Modified: Fri, 27 Feb 2026 19:14:22 GMT X-Content-Type-Options: nosniff X-Frame-Options: DENY, SAMEORIGIN X-XSS-Protection: 1; mode=block Referrer-Policy: strict-origin-when-cross-origin BODY: Returns the MangoX Portal API Testing Interface HTML page (same as portal-api.almayadeen.net root — "MangoX Portal API - Testing Interface") Full page includes login form, API testing UI with endpoint forms (GET/POST/PUT/DELETE) Loads /upload.js and /script.js Bootstrap 5.0.2, jQuery 3.6.0, Font Awesome 6.0.0 NOTABLE: All sub-paths (/api/, /api/v1/, /swagger/, /docs/, /graphql) serve the SAME root page. This suggests a single-page app with client-side routing, or a catch-all route. ------------------------------------------------------------- PROBE 2: https://portal-api.almayadeen.net/api/v1/ ------------------------------------------------------------- METHOD: HEAD STATUS: 200 OK Content-Type: text/html Server: cloudflare Last-Modified: Fri, 27 Feb 2026 19:14:22 GMT BODY: Same MangoX Portal API Testing Interface page as /api/ ------------------------------------------------------------- PROBE 3: https://portal-api.almayadeen.net/swagger/ ------------------------------------------------------------- METHOD: HEAD STATUS: 200 OK Content-Type: text/html Server: cloudflare Last-Modified: Fri, 27 Feb 2026 19:14:22 GMT BODY: Same MangoX Portal API Testing Interface page as /api/ ------------------------------------------------------------- PROBE 4: https://portal-api.almayadeen.net/docs/ ------------------------------------------------------------- METHOD: HEAD STATUS: 200 OK Content-Type: text/html Server: cloudflare Last-Modified: Fri, 27 Feb 2026 19:14:22 GMT BODY: Same MangoX Portal API Testing Interface page as /api/ ------------------------------------------------------------- PROBE 5: https://portal-api.almayadeen.net/graphql ------------------------------------------------------------- METHOD: HEAD STATUS: 200 OK Content-Type: text/html Server: cloudflare Last-Modified: Fri, 27 Feb 2026 19:14:22 GMT BODY: Same MangoX Portal API Testing Interface page as /api/ ------------------------------------------------------------- PROBE 6: https://ai.almayadeen.net/api/ ------------------------------------------------------------- METHOD: HEAD STATUS: 200 OK Content-Type: text/html; charset=utf-8 Server: cloudflare Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate BODY: Returns the AI Editor page (same as ai.almayadeen.net root) Title: "محرر الميادين الذكي | Mayadeen AI Editor" Arabic-language AI content editor tool Features: content writing, content improvement, SEO optimization, text summarization Uses jQuery 3.6.0, Axios, Tailwind CSS 2.2.19 Font: Almarai (Arabic web font) ------------------------------------------------------------- PROBE 7: https://media.almayadeen.net/api/ ------------------------------------------------------------- METHOD: HEAD STATUS: 302 Found Location: /image/default.png Server: cloudflare X-Powered-By: ASP.NET strict-transport-security: max-age=2592000 BODY (after following redirect): PNG image (default.png placeholder) FINAL URL: https://media.almayadeen.net/image/default.png NOTABLE: ASP.NET backend revealed via X-Powered-By header ------------------------------------------------------------- PROBE 8: https://media.almayadeen.net/swagger/ ------------------------------------------------------------- METHOD: HEAD STATUS: 302 Found Location: /image/default.png Server: cloudflare X-Powered-By: ASP.NET strict-transport-security: max-age=2592000 BODY (after following redirect): PNG image (default.png placeholder) FINAL URL: https://media.almayadeen.net/image/default.png NOTABLE: Same redirect as /api/ — all unknown paths redirect to default image ============================================================= SUMMARY ============================================================= ACCESSIBLE ENDPOINTS: [200] ai.almayadeen.net - AI Editor (Arabic content tool) [200] portal-api.almayadeen.net - MangoX Portal API Testing Interface (with login) [200] portal-beta-api.almayadeen.net - Same MangoX Portal API (beta mirror) [200] interactions.almayadeen.net - Vue/React SPA (Vite-built) [302] media.almayadeen.net - Media CDN (ASP.NET), redirects unknown paths TECHNOLOGY STACK INDICATORS: - portal-api: Node.js/Express likely (Bootstrap, jQuery, Cloudflare Rocket Loader tokens) - ai.almayadeen.net: Vite/modern SPA, Tailwind CSS, Axios - interactions.almayadeen.net: Vite-built SPA (hashed assets) - media.almayadeen.net: ASP.NET (X-Powered-By header) - All behind Cloudflare (cf-cache-status, CF-RAY headers) SECURITY OBSERVATIONS: - portal-api: Exposes full API testing interface publicly (login required but page loads) - portal-api: Same HTML served for /api/, /api/v1/, /swagger/, /docs/, /graphql (catch-all) - portal-api: script.js (17KB) and upload.js (2.4KB) contain API endpoint definitions - ai.almayadeen.net: Access-Control-Allow-Origin: * (wide open CORS) - media.almayadeen.net: X-Powered-By: ASP.NET header leaks server technology - All portal-api paths have duplicate security headers (X-Content-Type-Options, X-Frame-Options, etc.)