Domain api-mtsh.ru
Russia
Software information
Kestrel
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-21 02:26
Last seen 2026-01-16 11:05
Open for 87 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491e6f0e61a59bb5e527fab360201ff04d07c8a689Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/v{version}/AccountTypes/list GET /api/v{version}/Auth/check_inn GET /api/v{version}/Auth/email_confirm GET /api/v{version}/Auth/refresh GET /api/v{version}/Auth/signout GET /api/v{version}/Bids GET /api/v{version}/Companies GET /api/v{version}/Companies/{id} GET /api/v{version}/Competencies/list GET /api/v{version}/Competencies/test GET /api/v{version}/Contacts/{id} GET /api/v{version}/Default GET /api/v{version}/EPrograms GET /api/v{version}/EPrograms/areas GET /api/v{version}/EPrograms/areas/{areaId} GET /api/v{version}/EPrograms/areas_open GET /api/v{version}/EPrograms/bids GET /api/v{version}/EPrograms/bids/{bidId} GET /api/v{version}/EPrograms/bids_statuses/{bidId} GET /api/v{version}/EPrograms/bids_statuses_base GET /api/v{version}/EPrograms/competencies GET /api/v{version}/EPrograms/competencies/{id} GET /api/v{version}/EPrograms/for_group_formation/{programId} GET /api/v{version}/EPrograms/group_statuses/{groupId} GET /api/v{version}/EPrograms/groups GET /api/v{version}/EPrograms/groups/{groupId} GET /api/v{version}/EPrograms/groups_statuses_base GET /api/v{version}/EPrograms/new GET /api/v{version}/EPrograms/new_count GET /api/v{version}/EPrograms/on_first_page GET /api/v{version}/EPrograms/open GET /api/v{version}/EPrograms/open/{programId} GET /api/v{version}/EPrograms/program_results GET /api/v{version}/EPrograms/tags GET /api/v{version}/EPrograms/tags/{tagId} GET /api/v{version}/EPrograms/time_table GET /api/v{version}/EPrograms/timetable/{timetableId} GET /api/v{version}/EPrograms/{programId} GET /api/v{version}/Files GET /api/v{version}/Files/file_link GET /api/v{version}/Files/slides GET /api/v{version}/Files/slides/{id} GET /api/v{version}/Files/users_to_xlsx GET /api/v{version}/Files/video_lesson_video GET /api/v{version}/Files/{fileId} GET /api/v{version}/FilesHTC GET /api/v{version}/Institutions GET /api/v{version}/Institutions/get_accreditation/{fileId} GET /api/v{version}/Institutions/get_license/{fileId} GET /api/v{version}/Institutions/open GET /api/v{version}/Institutions/{id} GET /api/v{version}/News GET /api/v{version}/News/photo={name} GET /api/v{version}/News/{id} GET /api/v{version}/Profile GET /api/v{version}/Roles/list GET /api/v{version}/Users GET /api/v{version}/Users/get_educations GET /api/v{version}/Users/get_employments GET /api/v{version}/Users/get_roles GET /api/v{version}/Users/new_users GET /api/v{version}/Users/new_users_count GET /api/v{version}/Users/new_users_for_control GET /api/v{version}/Users/test GET /api/v{version}/Users/user_types GET /api/v{version}/Users/users_count GET /api/v{version}/Users/{id} GET /api/v{version}/VideoLessons GET /api/v{version}/VideoLessons/lessons_types GET /api/v{version}/VideoLessons/{id} POST /api/v{version}/Auth/change_password POST /api/v{version}/Auth/forgot_password POST /api/v{version}/Auth/register_via_json POST /api/v{version}/Auth/signin POST /api/v{version}/Bids/open_bid POST /api/v{version}/Bids/tech_support POST /api/v{version}/Companies/AddAddress/{companyID} POST /api/v{version}/Companies/RemoveAddress/{companyID} POST /api/v{version}/Contacts/add_contact POST /api/v{version}/EPrograms/teachers/{programId} POST /api/v{version}/EPrograms/timetable POST /api/v{version}/Files/upload_file POST /api/v{version}/Files/upload_news_photo POST /api/v{version}/Institutions/AddAddress/{institutionId} POST /api/v{version}/Institutions/RemoveAddress/{institutionId} POST /api/v{version}/News/test POST /api/v{version}/Users/add_user PUT /api/v{version}/Companies/approve/{companyId} PUT /api/v{version}/Companies/new_reg_data/{companyId} PUT /api/v{version}/Companies/set_delete/{companyId} PUT /api/v{version}/Companies/{companyID} PUT /api/v{version}/EPrograms/add_group_students/{groupId} PUT /api/v{version}/EPrograms/approve/{eProgramId} PUT /api/v{version}/EPrograms/bids/{bidid} PUT /api/v{version}/EPrograms/bids_status/{bidId} PUT /api/v{version}/EPrograms/favorite/{programId}/{isFavorite} PUT /api/v{version}/EPrograms/group_end_education/{groupId} PUT /api/v{version}/EPrograms/group_start_education/{groupId} PUT /api/v{version}/EPrograms/group_status/{groupId} PUT /api/v{version}/EPrograms/is_on_first_page/{eProgramId}/{yn} PUT /api/v{version}/EPrograms/program_results/{id} PUT /api/v{version}/EPrograms/publish/{eProgramId}/{yn} PUT /api/v{version}/EPrograms/{eProgramId} PUT /api/v{version}/Institutions/approve/{institutionId} PUT /api/v{version}/Institutions/new_reg_data/{institutionId} PUT /api/v{version}/Institutions/set_delete PUT /api/v{version}/Institutions/update_accreditation/{institutionId} PUT /api/v{version}/Institutions/update_license/{institutionId} PUT /api/v{version}/Institutions/{institutionId} PUT /api/v{version}/News/test/{id} PUT /api/v{version}/Users/approve/{id} PUT /api/v{version}/Users/block/{id} PUT /api/v{version}/Users/change_password PUT /api/v{version}/Users/refuse/{id} PUT /api/v{version}/Users/set_delete/{id} PUT /api/v{version}/Users/update/{id}Found on 2026-01-16 11:05 -
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2025-12-18 19:28
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-21 02:26
Last seen 2026-02-09 17:36
Open for 111 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491e6f0e61a59bb5e527fab360201ff04d07c8a689Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/v{version}/AccountTypes/list GET /api/v{version}/Auth/check_inn GET /api/v{version}/Auth/email_confirm GET /api/v{version}/Auth/refresh GET /api/v{version}/Auth/signout GET /api/v{version}/Bids GET /api/v{version}/Companies GET /api/v{version}/Companies/{id} GET /api/v{version}/Competencies/list GET /api/v{version}/Competencies/test GET /api/v{version}/Contacts/{id} GET /api/v{version}/Default GET /api/v{version}/EPrograms GET /api/v{version}/EPrograms/areas GET /api/v{version}/EPrograms/areas/{areaId} GET /api/v{version}/EPrograms/areas_open GET /api/v{version}/EPrograms/bids GET /api/v{version}/EPrograms/bids/{bidId} GET /api/v{version}/EPrograms/bids_statuses/{bidId} GET /api/v{version}/EPrograms/bids_statuses_base GET /api/v{version}/EPrograms/competencies GET /api/v{version}/EPrograms/competencies/{id} GET /api/v{version}/EPrograms/for_group_formation/{programId} GET /api/v{version}/EPrograms/group_statuses/{groupId} GET /api/v{version}/EPrograms/groups GET /api/v{version}/EPrograms/groups/{groupId} GET /api/v{version}/EPrograms/groups_statuses_base GET /api/v{version}/EPrograms/new GET /api/v{version}/EPrograms/new_count GET /api/v{version}/EPrograms/on_first_page GET /api/v{version}/EPrograms/open GET /api/v{version}/EPrograms/open/{programId} GET /api/v{version}/EPrograms/program_results GET /api/v{version}/EPrograms/tags GET /api/v{version}/EPrograms/tags/{tagId} GET /api/v{version}/EPrograms/time_table GET /api/v{version}/EPrograms/timetable/{timetableId} GET /api/v{version}/EPrograms/{programId} GET /api/v{version}/Files GET /api/v{version}/Files/file_link GET /api/v{version}/Files/slides GET /api/v{version}/Files/slides/{id} GET /api/v{version}/Files/users_to_xlsx GET /api/v{version}/Files/video_lesson_video GET /api/v{version}/Files/{fileId} GET /api/v{version}/FilesHTC GET /api/v{version}/Institutions GET /api/v{version}/Institutions/get_accreditation/{fileId} GET /api/v{version}/Institutions/get_license/{fileId} GET /api/v{version}/Institutions/open GET /api/v{version}/Institutions/{id} GET /api/v{version}/News GET /api/v{version}/News/photo={name} GET /api/v{version}/News/{id} GET /api/v{version}/Profile GET /api/v{version}/Roles/list GET /api/v{version}/Users GET /api/v{version}/Users/get_educations GET /api/v{version}/Users/get_employments GET /api/v{version}/Users/get_roles GET /api/v{version}/Users/new_users GET /api/v{version}/Users/new_users_count GET /api/v{version}/Users/new_users_for_control GET /api/v{version}/Users/test GET /api/v{version}/Users/user_types GET /api/v{version}/Users/users_count GET /api/v{version}/Users/{id} GET /api/v{version}/VideoLessons GET /api/v{version}/VideoLessons/lessons_types GET /api/v{version}/VideoLessons/{id} POST /api/v{version}/Auth/change_password POST /api/v{version}/Auth/forgot_password POST /api/v{version}/Auth/register_via_json POST /api/v{version}/Auth/signin POST /api/v{version}/Bids/open_bid POST /api/v{version}/Bids/tech_support POST /api/v{version}/Companies/AddAddress/{companyID} POST /api/v{version}/Companies/RemoveAddress/{companyID} POST /api/v{version}/Contacts/add_contact POST /api/v{version}/EPrograms/teachers/{programId} POST /api/v{version}/EPrograms/timetable POST /api/v{version}/Files/upload_file POST /api/v{version}/Files/upload_news_photo POST /api/v{version}/Institutions/AddAddress/{institutionId} POST /api/v{version}/Institutions/RemoveAddress/{institutionId} POST /api/v{version}/News/test POST /api/v{version}/Users/add_user PUT /api/v{version}/Companies/approve/{companyId} PUT /api/v{version}/Companies/new_reg_data/{companyId} PUT /api/v{version}/Companies/set_delete/{companyId} PUT /api/v{version}/Companies/{companyID} PUT /api/v{version}/EPrograms/add_group_students/{groupId} PUT /api/v{version}/EPrograms/approve/{eProgramId} PUT /api/v{version}/EPrograms/bids/{bidid} PUT /api/v{version}/EPrograms/bids_status/{bidId} PUT /api/v{version}/EPrograms/favorite/{programId}/{isFavorite} PUT /api/v{version}/EPrograms/group_end_education/{groupId} PUT /api/v{version}/EPrograms/group_start_education/{groupId} PUT /api/v{version}/EPrograms/group_status/{groupId} PUT /api/v{version}/EPrograms/is_on_first_page/{eProgramId}/{yn} PUT /api/v{version}/EPrograms/program_results/{id} PUT /api/v{version}/EPrograms/publish/{eProgramId}/{yn} PUT /api/v{version}/EPrograms/{eProgramId} PUT /api/v{version}/Institutions/approve/{institutionId} PUT /api/v{version}/Institutions/new_reg_data/{institutionId} PUT /api/v{version}/Institutions/set_delete PUT /api/v{version}/Institutions/update_accreditation/{institutionId} PUT /api/v{version}/Institutions/update_license/{institutionId} PUT /api/v{version}/Institutions/{institutionId} PUT /api/v{version}/News/test/{id} PUT /api/v{version}/Users/approve/{id} PUT /api/v{version}/Users/block/{id} PUT /api/v{version}/Users/change_password PUT /api/v{version}/Users/refuse/{id} PUT /api/v{version}/Users/set_delete/{id} PUT /api/v{version}/Users/update/{id}Found on 2026-02-09 17:36
-
-
Open service 90.156.201.47:443 · api-mtsh.ru
2026-02-02 10:20
HTTP/1.1 404 Not Found Date: Mon, 02 Feb 2026 10:20:28 GMT Content-Length: 0 Connection: close Server: Kestrel X-Powered-By: ASP.NET
Found 2026-02-02 by HttpPluginCreate report
-
Open service 90.156.201.47:80 · api-mtsh.ru
2026-01-23 11:14
HTTP/1.1 404 Not Found Date: Fri, 23 Jan 2026 11:14:17 GMT Content-Length: 0 Connection: close Server: Kestrel X-Powered-By: ASP.NET
Found 2026-01-23 by HttpPluginCreate report