Domain api-backoffice-ait.dev.cuidadospelavida.com.br
Brazil
Software information
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.206.176.5
Domain: api-backoffice-ait.dev.cuidadospelavida.com.br
Port: 443
URL: https://api-backoffice-ait.dev.cuidadospelavida.com.brFirst seen 2026-01-06 20:20
Last seen 2026-01-16 18:47
Open for 9 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494d3fa71c8bd2e9732e0cf56fe90ebfa7d14b8bb8Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v1/doctors/{id} GET /api/v1/accounts/me GET /api/v1/datahub/history GET /api/v1/datahub/importer-types GET /api/v1/doctors GET /api/v1/doctors/coupon-waiting-list/xlsx GET /api/v1/doctors/opt-in/report GET /api/v1/invites/treatments GET /api/v1/products GET /api/v1/products/{id} GET /api/v1/representatives/doctors GET /api/v1/representatives/doctors/{id}/qrcode/pdf GET /api/v1/representatives/qrcode-coupon/pdf GET /api/v1/specialties GET /api/v1/users GET /api/v1/users/me GET /api/v1/users/{id} POST /api/v1/datahub/import/chat POST /api/v1/datahub/import/csv POST /api/v1/datahub/providers PUT /api/v1/invites/treatments/{id}/acceptFound on 2026-01-16 18:47 -
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-01-09 16:26
-
-
Open service 20.206.176.5:443 ยท api-backoffice-ait.dev.cuidadospelavida.com.br
2026-01-09 16:26
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Fri, 09 Jan 2026 16:27:54 GMT Server: Kestrel Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-middleware-request-id: fece8c1f-da3c-495e-8257-9b4b044cdb5b x-correlation-id: 326aac5a43ea4ffdb25c28b799f6964a
Found 2026-01-09 by HttpPluginCreate report