Domain alumni.ryan.com
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-10 09:18
Last seen 2026-02-09 20:38
Open for 61 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Found on 2026-02-09 20:38
-
-
Open service 18.245.31.114:443 · alumni.ryan.com
2026-01-23 10:25
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Date: Fri, 23 Jan 2026 10:25:15 GMT X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Cache-Control: no-store, no-cache Content-Security-Policy: object-src 'none'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; child-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; ETag: "18246e7hl1ry6u" Expires: 0 Permissions-Policy: geolocation=(self), camera=(), microphone=(), payment=(), usb=(), bluetooth=(), accelerometer=(), gyroscope=(), magnetometer=(), clipboard-read=(), clipboard-write=(), encrypted-media=(), notifications=(), push=(), sync-xhr=(), vibrate=(); Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 edfa50bbeda89838b4ee2ce6eaea1b04.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P8 X-Amz-Cf-Id: 0mth9hX08q8-pzVmwBHoQ69Iukp-VL_4D4h0oBJFJCkJyB7Nqcw1Fg==
Found 2026-01-23 by HttpPluginCreate report
-
Open service 18.245.31.114:443 · alumni.ryan.com
2026-01-09 11:13
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Date: Fri, 09 Jan 2026 11:13:22 GMT X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Cache-Control: no-store, no-cache Content-Security-Policy: object-src 'none'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; child-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; ETag: "lphp8rpa3dy6u" Expires: 0 Permissions-Policy: geolocation=(self), camera=(), microphone=(), payment=(), usb=(), bluetooth=(), accelerometer=(), gyroscope=(), magnetometer=(), clipboard-read=(), clipboard-write=(), encrypted-media=(), notifications=(), push=(), sync-xhr=(), vibrate=(); Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 1e0f88a39289286be3e03ff93487da80.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P8 X-Amz-Cf-Id: BGeJOLg_vHesKlMuHl2CxjQuxzW4OmRGE7n1p0yurOJVCcy_MBABuw==
Found 2026-01-09 by HttpPluginCreate report
-
Open service 18.245.31.114:443 · alumni.ryan.com
2026-01-02 17:10
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Date: Fri, 02 Jan 2026 17:10:55 GMT X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Cache-Control: no-store, no-cache Content-Security-Policy: object-src 'none'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; child-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; ETag: "fyuudw21hky2f" Expires: 0 Permissions-Policy: geolocation=(self), camera=(), microphone=(), payment=(), usb=(), bluetooth=(), accelerometer=(), gyroscope=(), magnetometer=(), clipboard-read=(), clipboard-write=(), encrypted-media=(), notifications=(), push=(), sync-xhr=(), vibrate=(); Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 90d4d7d1a3cebe66392e229fd5792ae0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P8 X-Amz-Cf-Id: jaYdBUy0VBikoSTjgeXRSKm8-bz5dZZ3bRva_1TFQ_qglEAFnKDtlQ==
Found 2026-01-02 by HttpPluginCreate report
-
Open service 18.245.31.114:443 · alumni.ryan.com
2025-12-23 09:29
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Date: Tue, 23 Dec 2025 09:29:13 GMT X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Cache-Control: no-store, no-cache Content-Security-Policy: object-src 'none'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; child-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; ETag: "fyuudw21hky2f" Expires: 0 Permissions-Policy: geolocation=(self), camera=(), microphone=(), payment=(), usb=(), bluetooth=(), accelerometer=(), gyroscope=(), magnetometer=(), clipboard-read=(), clipboard-write=(), encrypted-media=(), notifications=(), push=(), sync-xhr=(), vibrate=(); Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P8 X-Amz-Cf-Id: rspgO39cw0fFs57TvmebXV7pONnvcw0pUJAj79pQjXVSnCnEkhokeQ==
Found 2025-12-23 by HttpPluginCreate report