Domain api-dev.letswhiz.com
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-11 07:42
Last seen 2026-01-10 02:00
Open for 59 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549047872807e8353b86008835e4a177916245629d9Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v1/profile/image-remove DELETE /api/v1/projects/forecast/{id}/scenario/adjustment DELETE /api/v1/superadmin/override DELETE /api/v1/users/invitation/{invitationId} DELETE /api/v1/users/{id}/delete DELETE /api/v1/users/{userId} GET /api/v1/auditlogs GET /api/v1/auditlogs/app-access-changes GET /api/v1/auditlogs/role-changes GET /api/v1/auditlogs/subscriptions GET /api/v1/auditlogs/user/{userId} GET /api/v1/logs/audits GET /api/v1/logs/seq GET /api/v1/plans GET /api/v1/plans/bundles GET /api/v1/plans/by-product/{productType} GET /api/v1/plans/compare GET /api/v1/plans/group-by-product-type GET /api/v1/plans/limits/active GET /api/v1/plans/{planId} GET /api/v1/profile GET /api/v1/projects GET /api/v1/projects/forecast/shared-with-me GET /api/v1/projects/forecast/{id} GET /api/v1/projects/forecast/{id}/scenario GET /api/v1/projects/forecast/{id}/share GET /api/v1/projects/{id} GET /api/v1/projects/{id}/shared-forecasts GET /api/v1/projects/{id}/{columnName} GET /api/v1/resourceusages GET /api/v1/roles GET /api/v1/roles/permissions GET /api/v1/roles/{id} GET /api/v1/subscriptions/current-active GET /api/v1/subscriptions/trial-status GET /api/v1/subscriptions/usage GET /api/v1/superadmin/override/current GET /api/v1/superadmin/plans GET /api/v1/superadmin/plans/{planId} GET /api/v1/superadmin/tenants GET /api/v1/superadmin/tenants/{tenantId}/users GET /api/v1/users GET /api/v1/users/exist-by-email GET /api/v1/users/pending GET /api/v1/users/reviewers GET /api/v1/users/tenant/members GET /api/v1/users/{id} GET /api/v1/users/{id}/roles PATCH /api/v1/profile/disable-2fa-authentication PATCH /api/v1/tenants/update/name-and-organization PATCH /api/v1/users/status POST /api/planchange/change POST /api/planchange/validate POST /api/v1/auth/forgot-password POST /api/v1/auth/login POST /api/v1/auth/login-using-social-account POST /api/v1/auth/login-with-2fa POST /api/v1/auth/refresh-token POST /api/v1/auth/reset-password POST /api/v1/auth/sign-in POST /api/v1/plans/seed POST /api/v1/profile/enable-2fa-authentication POST /api/v1/profile/verify-2fa-authentication POST /api/v1/projects/forecast POST /api/v1/projects/forecast/business-analysis POST /api/v1/projects/forecast/compare POST /api/v1/projects/forecast/compare/{comparisonId}/share-review POST /api/v1/projects/forecast/overview POST /api/v1/projects/forecast/scenario-comparison POST /api/v1/projects/forecast/shared-by-user POST /api/v1/projects/forecast/shared-for-review POST /api/v1/projects/forecast/shared-for-reviewer POST /api/v1/projects/forecast/version/{versionId}/approve POST /api/v1/projects/forecast/version/{versionId}/publish POST /api/v1/projects/forecast/{forecastId}/comment POST /api/v1/projects/forecast/{forecastId}/comments POST /api/v1/projects/forecast/{id}/approve POST /api/v1/projects/forecast/{id}/draft POST /api/v1/projects/forecast/{id}/drafts POST /api/v1/projects/forecast/{id}/reject POST /api/v1/projects/forecast/{id}/review-versions POST /api/v1/projects/forecast/{id}/share-review POST /api/v1/subscriptions POST /api/v1/subscriptions/activate POST /api/v1/subscriptions/cancel POST /api/v1/subscriptions/initiate-trial POST /api/v1/subscriptions/reactivate POST /api/v1/subscriptions/update-payment POST /api/v1/subscriptions/webhook/stripe/checkout-session POST /api/v1/subscriptions/webhook/stripe/subscription POST /api/v1/superadmin/plans/{planId}/activate POST /api/v1/superadmin/plans/{planId}/deactivate POST /api/v1/superadmin/tenants/{tenantId}/activate POST /api/v1/superadmin/tenants/{tenantId}/deactivate POST /api/v1/users/accept-invitation POST /api/v1/users/invite POST /api/v1/users/resend-verification-email POST /api/v1/users/verify-email POST /api/v1/users/{userId}/app-access POST /api/v1/users/{userId}/roles POST /api/v1/webhooks/static-dataset PUT /api/v1/profile/change-password PUT /api/v1/profile/image-upload PUT /api/v1/projects/forecast/compare/version/{versionId} PUT /api/v1/projects/forecast/version/{versionId} PUT /api/v1/superadmin/tenant/{tenantId}/override PUT /api/v1/users/{userId}/role-and-accessFound on 2026-01-10 02:00 -
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549047872807e8353b8d2fade18a5ced4eb219598d6Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v1/profile/image-remove DELETE /api/v1/projects/forecast/{id}/scenario/adjustment DELETE /api/v1/users/invitation/{invitationId} DELETE /api/v1/users/{id}/delete DELETE /api/v1/users/{userId} GET /api/v1/auditlogs GET /api/v1/auditlogs/app-access-changes GET /api/v1/auditlogs/role-changes GET /api/v1/auditlogs/user/{userId} GET /api/v1/logs/audits GET /api/v1/logs/seq GET /api/v1/plans/group-by-product-type GET /api/v1/profile GET /api/v1/projects GET /api/v1/projects/forecast/shared-with-me GET /api/v1/projects/forecast/{id} GET /api/v1/projects/forecast/{id}/scenario GET /api/v1/projects/forecast/{id}/share GET /api/v1/projects/{id} GET /api/v1/projects/{id}/shared-forecasts GET /api/v1/projects/{id}/{columnName} GET /api/v1/resourceusages GET /api/v1/roles GET /api/v1/roles/permissions GET /api/v1/roles/{id} GET /api/v1/superadmin/tenants GET /api/v1/superadmin/tenants/{tenantId}/users GET /api/v1/users GET /api/v1/users/exist-by-email GET /api/v1/users/pending GET /api/v1/users/reviewers GET /api/v1/users/tenant/members GET /api/v1/users/{id} GET /api/v1/users/{id}/roles PATCH /api/v1/profile/disable-2fa-authentication PATCH /api/v1/tenants/update/name-and-organization PATCH /api/v1/users/status POST /api/v1/auth/forgot-password POST /api/v1/auth/login POST /api/v1/auth/login-using-social-account POST /api/v1/auth/login-with-2fa POST /api/v1/auth/refresh-token POST /api/v1/auth/reset-password POST /api/v1/auth/sign-in POST /api/v1/plans POST /api/v1/plans/seed POST /api/v1/profile/enable-2fa-authentication POST /api/v1/profile/verify-2fa-authentication POST /api/v1/projects/forecast POST /api/v1/projects/forecast/compare POST /api/v1/projects/forecast/compare/{comparisonId}/share-review POST /api/v1/projects/forecast/shared-by-user POST /api/v1/projects/forecast/shared-for-review POST /api/v1/projects/forecast/shared-for-reviewer POST /api/v1/projects/forecast/version/{versionId}/approve POST /api/v1/projects/forecast/version/{versionId}/publish POST /api/v1/projects/forecast/{forecastId}/comment POST /api/v1/projects/forecast/{forecastId}/comments POST /api/v1/projects/forecast/{id}/approve POST /api/v1/projects/forecast/{id}/business-analysis/scenario-comparison POST /api/v1/projects/forecast/{id}/draft POST /api/v1/projects/forecast/{id}/drafts POST /api/v1/projects/forecast/{id}/reject POST /api/v1/projects/forecast/{id}/review-versions POST /api/v1/projects/forecast/{id}/share-review POST /api/v1/subscriptions POST /api/v1/subscriptions/webhook/stripe/checkout-session POST /api/v1/superadmin/tenants/{tenantId}/activate POST /api/v1/superadmin/tenants/{tenantId}/deactivate POST /api/v1/users/accept-invitation POST /api/v1/users/invite POST /api/v1/users/resend-verification-email POST /api/v1/users/verify-email POST /api/v1/users/{userId}/app-access POST /api/v1/users/{userId}/roles POST /api/v1/webhooks/static-dataset PUT /api/v1/profile/change-password PUT /api/v1/profile/image-upload PUT /api/v1/projects/forecast/compare/version/{versionId} PUT /api/v1/projects/forecast/version/{versionId} PUT /api/v1/users/{userId}/role-and-accessFound on 2025-11-30 14:06 -
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549047872807e8353b8d2fade18a5ced4ebd167db3dPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v1/profile/image-remove DELETE /api/v1/projects/forecast/{id}/scenario/adjustment DELETE /api/v1/users/invitation/{invitationId} DELETE /api/v1/users/{id}/delete DELETE /api/v1/users/{userId} GET /api/v1/auditlogs GET /api/v1/auditlogs/app-access-changes GET /api/v1/auditlogs/role-changes GET /api/v1/auditlogs/user/{userId} GET /api/v1/logs/audits GET /api/v1/logs/seq GET /api/v1/plans/group-by-product-type GET /api/v1/profile GET /api/v1/projects GET /api/v1/projects/forecast/shared-with-me GET /api/v1/projects/forecast/{id} GET /api/v1/projects/forecast/{id}/scenario GET /api/v1/projects/forecast/{id}/share GET /api/v1/projects/{id} GET /api/v1/projects/{id}/shared-forecasts GET /api/v1/projects/{id}/{columnName} GET /api/v1/resourceusages GET /api/v1/roles GET /api/v1/roles/permissions GET /api/v1/roles/{id} GET /api/v1/superadmin/tenants GET /api/v1/superadmin/tenants/{tenantId}/users GET /api/v1/users GET /api/v1/users/exist-by-email GET /api/v1/users/pending GET /api/v1/users/reviewers GET /api/v1/users/tenant/members GET /api/v1/users/{id} GET /api/v1/users/{id}/roles PATCH /api/v1/profile/disable-2fa-authentication PATCH /api/v1/tenants/update/name-and-organization PATCH /api/v1/users/status POST /api/v1/auth/forgot-password POST /api/v1/auth/login POST /api/v1/auth/login-using-social-account POST /api/v1/auth/login-with-2fa POST /api/v1/auth/refresh-token POST /api/v1/auth/reset-password POST /api/v1/auth/sign-in POST /api/v1/plans POST /api/v1/plans/seed POST /api/v1/profile/enable-2fa-authentication POST /api/v1/profile/verify-2fa-authentication POST /api/v1/projects/forecast POST /api/v1/projects/forecast/{id}/approve POST /api/v1/projects/forecast/{id}/business-analysis/scenario-comparison POST /api/v1/projects/forecast/{id}/reject POST /api/v1/subscriptions POST /api/v1/subscriptions/webhook/stripe/checkout-session POST /api/v1/superadmin/tenants/{tenantId}/activate POST /api/v1/superadmin/tenants/{tenantId}/deactivate POST /api/v1/users/accept-invitation POST /api/v1/users/invite POST /api/v1/users/resend-verification-email POST /api/v1/users/verify-email POST /api/v1/users/{userId}/app-access POST /api/v1/users/{userId}/roles POST /api/v1/webhooks/static-dataset PUT /api/v1/profile/change-password PUT /api/v1/profile/image-upload PUT /api/v1/users/{userId}/role-and-accessFound on 2025-11-14 23:16
-
-
Open service 142.251.141.115:443 · api-dev.letswhiz.com
2026-01-10 02:00
HTTP/1.1 404 Not Found x-cloud-trace-context: edbed40c1a7a77b36f1d1ebccccf7b2a date: Sat, 10 Jan 2026 02:00:58 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2 days ago by HttpPluginCreate report
-
Open service 142.251.141.115:443 · api-dev.letswhiz.com
2026-01-03 00:01
HTTP/1.1 404 Not Found x-cloud-trace-context: ad4aa56a8c3265ea2e4c340c26da1e6c date: Sat, 03 Jan 2026 00:01:26 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2026-01-03 by HttpPluginCreate report
-
Open service 142.251.141.115:443 · api-dev.letswhiz.com
2025-12-23 04:00
HTTP/1.1 404 Not Found x-cloud-trace-context: 5a716c6f0c06670ae6869a27867a1c3f date: Tue, 23 Dec 2025 04:00:01 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2025-12-23 by HttpPluginCreate report
-
Open service 2a00:1450:4001:807::2013:80 · api-dev.letswhiz.com
2025-12-23 04:00
HTTP/1.1 302 Found location: https://api-dev.letswhiz.com/ x-cloud-trace-context: 87b9ad2ae803478cfaaa9cd0c0e86af3 date: Tue, 23 Dec 2025 04:00:01 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2025-12-23 by HttpPluginCreate report
-
Open service 142.251.141.115:80 · api-dev.letswhiz.com
2025-12-23 04:00
HTTP/1.1 302 Found location: https://api-dev.letswhiz.com/ x-cloud-trace-context: ead454e3986c86fa119d4b30afaa8d17 date: Tue, 23 Dec 2025 04:00:00 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2025-12-23 by HttpPluginCreate report
-
Open service 2a00:1450:4001:807::2013:443 · api-dev.letswhiz.com
2025-12-23 04:00
HTTP/1.1 404 Not Found x-cloud-trace-context: 0939998ad69c21cd16cb4b128e7541b1 date: Tue, 23 Dec 2025 04:00:01 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Found 2025-12-23 by HttpPluginCreate report