LeakIX - Host api-prod.hiper.uy

Domain api-prod.hiper.uy

Brazil

MICROSOFT-CORP-MSN-AS-BLOCK

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.206.176.5
Domain: api-prod.hiper.uy
Port: 80
URL: http://api-prod.hiper.uy

First seen 2025-11-13 20:53
Last seen 2026-01-16 02:50
Open for 63 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493d50b5fa3ea9019c5382c75e2cd099c40450628c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Accounts/account/{id}
GET /api/Accounts/check-email
GET /api/Accounts/check-phone
GET /api/Accounts/profile
GET /api/Accounts/recovery-options
GET /api/Admin/locations/pending
GET /api/Admin/screens/{screenId}/logs
GET /api/Admin/stats
GET /api/Admin/videos/pending
GET /api/Analytics/campaigns/{campaignId}/live-status
GET /api/Analytics/screens/{screenId}/now-playing
GET /api/Business
GET /api/Business/{businessId}/brands
GET /api/Campaigns/brands/{brandId}/campaigns
GET /api/Campaigns/brands/{brandId}/campaigns/{campaignId}
GET /api/Campaigns/brands/{brandId}/videos
GET /api/Commercial/cards
GET /api/Commercial/subscriptions
GET /api/Health
GET /api/Inventory/locations
GET /api/Inventory/screens
GET /api/Inventory/zones
GET /api/Player/pairing-status/{sessionId}
GET /api/Player/playlist
POST /api/Accounts/change-password
POST /api/Accounts/confirm-email
POST /api/Accounts/forgot-password
POST /api/Accounts/profile-image
POST /api/Accounts/register/advertiser
POST /api/Accounts/register/business
POST /api/Accounts/request-phone-verification
POST /api/Accounts/reset-password
POST /api/Accounts/verify-phone
POST /api/Admin/locations/review
POST /api/Admin/videos/review
POST /api/Auth/login
POST /api/Auth/logout
POST /api/Auth/refresh-token
POST /api/Business/{businessId}/brands/{brandId}/image
POST /api/Business/{businessId}/logo
POST /api/Commercial/subscriptions/purchase
POST /api/Inventory/locations/{locationId}/proof
POST /api/Inventory/screens/{screenId}/pairing-code
POST /api/Inventory/screens/{screenId}/report-ad
POST /api/Inventory/screens/{screenId}/unpair
POST /api/Player/claim-session
POST /api/Player/heartbeat
POST /api/Player/pair
POST /api/Player/pairing-session
PUT /api/Business/{businessId}
PUT /api/Business/{businessId}/brands/{brandId}

Found on 2026-01-16 02:50

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493d50b5fa3ea9019c5382c75e2cd099c4741c54a3

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Accounts/account/{id}
GET /api/Accounts/check-email
GET /api/Accounts/check-phone
GET /api/Accounts/profile
GET /api/Accounts/recovery-options
GET /api/Admin/locations/pending
GET /api/Admin/screens/{screenId}/logs
GET /api/Admin/videos/pending
GET /api/Analytics/campaigns/{campaignId}/live-status
GET /api/Analytics/screens/{screenId}/now-playing
GET /api/Business
GET /api/Business/{businessId}/brands
GET /api/Campaigns/brands/{brandId}/campaigns
GET /api/Campaigns/brands/{brandId}/campaigns/{campaignId}
GET /api/Campaigns/brands/{brandId}/videos
GET /api/Commercial/cards
GET /api/Commercial/subscriptions
GET /api/Health
GET /api/Inventory/locations
GET /api/Inventory/screens
GET /api/Inventory/zones
GET /api/Player/pairing-status/{sessionId}
GET /api/Player/playlist
POST /api/Accounts/change-password
POST /api/Accounts/confirm-email
POST /api/Accounts/forgot-password
POST /api/Accounts/profile-image
POST /api/Accounts/register/advertiser
POST /api/Accounts/register/business
POST /api/Accounts/request-phone-verification
POST /api/Accounts/reset-password
POST /api/Accounts/verify-phone
POST /api/Admin/locations/review
POST /api/Admin/videos/review
POST /api/Auth/login
POST /api/Auth/logout
POST /api/Auth/refresh-token
POST /api/Business/{businessId}/brands/{brandId}/image
POST /api/Business/{businessId}/logo
POST /api/Commercial/subscriptions/purchase
POST /api/Inventory/locations/{locationId}/proof
POST /api/Inventory/screens/{screenId}/pairing-code
POST /api/Inventory/screens/{screenId}/report-ad
POST /api/Inventory/screens/{screenId}/unpair
POST /api/Player/claim-session
POST /api/Player/heartbeat
POST /api/Player/pair
POST /api/Player/pairing-session
PUT /api/Business/{businessId}
PUT /api/Business/{businessId}/brands/{brandId}

Found on 2025-12-08 06:46

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493d50b5fa2831cbf8bba8d4c449b3d09b1f4806c2

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Accounts/account/{id}
GET /api/Accounts/profile
GET /api/Admin/locations/pending
GET /api/Admin/screens/{screenId}/logs
GET /api/Admin/videos/pending
GET /api/Analytics/campaigns/{campaignId}/live-status
GET /api/Analytics/screens/{screenId}/now-playing
GET /api/Business
GET /api/Business/{businessId}/brands
GET /api/Campaigns/brands/{brandId}/campaigns
GET /api/Campaigns/brands/{brandId}/campaigns/{campaignId}
GET /api/Campaigns/brands/{brandId}/videos
GET /api/Commercial/cards
GET /api/Commercial/subscriptions
GET /api/Health
GET /api/Inventory/locations
GET /api/Inventory/screens
GET /api/Inventory/zones
GET /api/Player/pairing-status/{sessionId}
GET /api/Player/playlist
POST /api/Accounts/change-password
POST /api/Accounts/confirm-email
POST /api/Accounts/forgot-password
POST /api/Accounts/profile-image
POST /api/Accounts/register/advertiser
POST /api/Accounts/register/business
POST /api/Accounts/request-phone-verification
POST /api/Accounts/reset-password
POST /api/Accounts/verify-phone
POST /api/Admin/locations/review
POST /api/Admin/videos/review
POST /api/Auth/login
POST /api/Auth/logout
POST /api/Auth/refresh-token
POST /api/Business/{businessId}/brands/{brandId}/image
POST /api/Business/{businessId}/logo
POST /api/Commercial/subscriptions/purchase
POST /api/Inventory/locations/{locationId}/proof
POST /api/Inventory/screens/{screenId}/pairing-code
POST /api/Inventory/screens/{screenId}/report-ad
POST /api/Inventory/screens/{screenId}/unpair
POST /api/Player/claim-session
POST /api/Player/heartbeat
POST /api/Player/pair
POST /api/Player/pairing-session
PUT /api/Business/{businessId}
PUT /api/Business/{businessId}/brands/{brandId}

Found on 2025-12-01 16:08

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549eb5cdc9beb5cdc9beb5cdc9beb5cdc9beb5cdc9b
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /WeatherForecast
```
Found on 2025-11-27 08:06

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.206.176.5
Domain: api-prod.hiper.uy
Port: 443
URL: https://api-prod.hiper.uy

First seen 2025-11-13 20:53
Last seen 2026-01-16 04:31
Open for 63 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493d50b5fa3ea9019c5382c75e2cd099c40450628c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Accounts/account/{id}
GET /api/Accounts/check-email
GET /api/Accounts/check-phone
GET /api/Accounts/profile
GET /api/Accounts/recovery-options
GET /api/Admin/locations/pending
GET /api/Admin/screens/{screenId}/logs
GET /api/Admin/stats
GET /api/Admin/videos/pending
GET /api/Analytics/campaigns/{campaignId}/live-status
GET /api/Analytics/screens/{screenId}/now-playing
GET /api/Business
GET /api/Business/{businessId}/brands
GET /api/Campaigns/brands/{brandId}/campaigns
GET /api/Campaigns/brands/{brandId}/campaigns/{campaignId}
GET /api/Campaigns/brands/{brandId}/videos
GET /api/Commercial/cards
GET /api/Commercial/subscriptions
GET /api/Health
GET /api/Inventory/locations
GET /api/Inventory/screens
GET /api/Inventory/zones
GET /api/Player/pairing-status/{sessionId}
GET /api/Player/playlist
POST /api/Accounts/change-password
POST /api/Accounts/confirm-email
POST /api/Accounts/forgot-password
POST /api/Accounts/profile-image
POST /api/Accounts/register/advertiser
POST /api/Accounts/register/business
POST /api/Accounts/request-phone-verification
POST /api/Accounts/reset-password
POST /api/Accounts/verify-phone
POST /api/Admin/locations/review
POST /api/Admin/videos/review
POST /api/Auth/login
POST /api/Auth/logout
POST /api/Auth/refresh-token
POST /api/Business/{businessId}/brands/{brandId}/image
POST /api/Business/{businessId}/logo
POST /api/Commercial/subscriptions/purchase
POST /api/Inventory/locations/{locationId}/proof
POST /api/Inventory/screens/{screenId}/pairing-code
POST /api/Inventory/screens/{screenId}/report-ad
POST /api/Inventory/screens/{screenId}/unpair
POST /api/Player/claim-session
POST /api/Player/heartbeat
POST /api/Player/pair
POST /api/Player/pairing-session
PUT /api/Business/{businessId}
PUT /api/Business/{businessId}/brands/{brandId}

Found on 2026-01-16 04:31

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493d50b5fa2831cbf8bba8d4c449b3d09b1f4806c2

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Accounts/account/{id}
GET /api/Accounts/profile
GET /api/Admin/locations/pending
GET /api/Admin/screens/{screenId}/logs
GET /api/Admin/videos/pending
GET /api/Analytics/campaigns/{campaignId}/live-status
GET /api/Analytics/screens/{screenId}/now-playing
GET /api/Business
GET /api/Business/{businessId}/brands
GET /api/Campaigns/brands/{brandId}/campaigns
GET /api/Campaigns/brands/{brandId}/campaigns/{campaignId}
GET /api/Campaigns/brands/{brandId}/videos
GET /api/Commercial/cards
GET /api/Commercial/subscriptions
GET /api/Health
GET /api/Inventory/locations
GET /api/Inventory/screens
GET /api/Inventory/zones
GET /api/Player/pairing-status/{sessionId}
GET /api/Player/playlist
POST /api/Accounts/change-password
POST /api/Accounts/confirm-email
POST /api/Accounts/forgot-password
POST /api/Accounts/profile-image
POST /api/Accounts/register/advertiser
POST /api/Accounts/register/business
POST /api/Accounts/request-phone-verification
POST /api/Accounts/reset-password
POST /api/Accounts/verify-phone
POST /api/Admin/locations/review
POST /api/Admin/videos/review
POST /api/Auth/login
POST /api/Auth/logout
POST /api/Auth/refresh-token
POST /api/Business/{businessId}/brands/{brandId}/image
POST /api/Business/{businessId}/logo
POST /api/Commercial/subscriptions/purchase
POST /api/Inventory/locations/{locationId}/proof
POST /api/Inventory/screens/{screenId}/pairing-code
POST /api/Inventory/screens/{screenId}/report-ad
POST /api/Inventory/screens/{screenId}/unpair
POST /api/Player/claim-session
POST /api/Player/heartbeat
POST /api/Player/pair
POST /api/Player/pairing-session
PUT /api/Business/{businessId}
PUT /api/Business/{businessId}/brands/{brandId}

Found on 2025-12-01 20:57

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f6160b28b0390daaf824531e87f97e55a5151c35

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Accounts/account
GET /api/Accounts/profile
GET /api/Admin/locations/pending
GET /api/Admin/screens/{screenId}/logs
GET /api/Admin/videos/pending
GET /api/Analytics/campaigns/{campaignId}/live-status
GET /api/Analytics/screens/{screenId}/now-playing
GET /api/Business
GET /api/Business/{businessId}/brands
GET /api/Campaigns/brands/{brandId}/campaigns
GET /api/Campaigns/brands/{brandId}/campaigns/{campaignId}
GET /api/Campaigns/brands/{brandId}/videos
GET /api/Commercial/cards
GET /api/Commercial/subscriptions
GET /api/Health
GET /api/Inventory/locations
GET /api/Inventory/screens
GET /api/Player/pairing-status/{sessionId}
GET /api/Player/playlist
POST /api/Accounts/change-password
POST /api/Accounts/profile-image
POST /api/Admin/locations/review
POST /api/Admin/videos/review
POST /api/Auth/confirm-email
POST /api/Auth/forgot-password
POST /api/Auth/login
POST /api/Auth/refresh-token
POST /api/Auth/register
POST /api/Auth/register/advertiser
POST /api/Auth/register/business
POST /api/Auth/request-phone-verification
POST /api/Auth/reset-password
POST /api/Auth/verify-phone
POST /api/Business/{businessId}/brands/{brandId}/image
POST /api/Business/{businessId}/logo
POST /api/Commercial/subscriptions/purchase
POST /api/Inventory/locations/{locationId}/proof
POST /api/Inventory/screens/{screenId}/pairing-code
POST /api/Inventory/screens/{screenId}/report-ad
POST /api/Inventory/screens/{screenId}/unpair
POST /api/Player/claim-session
POST /api/Player/heartbeat
POST /api/Player/pair
POST /api/Player/pairing-session
PUT /api/Business/{businessId}
PUT /api/Business/{businessId}/brands/{brandId}

Found on 2025-11-28 15:12

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549eb5cdc9beb5cdc9beb5cdc9beb5cdc9beb5cdc9b
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /WeatherForecast
```
Found on 2025-11-26 21:37

Create report

Open service 20.206.176.5:443 · api-prod.hiper.uy

2026-01-22 22:07

HTTP/1.1 404 Site Not Found
Content-Length: 2667
Connection: close
Content-Type: text/html
Date: Thu, 22 Jan 2026 22:07:47 GMT

Page title: Microsoft Azure Web App - Error 404

<!DOCTYPE html>
<html>
<head>
    <title>Microsoft Azure Web App - Error 404</title>
    <style type="text/css">
        html {
            height: 100%;
            width: 100%;
        }

        #feature {
            width: 960px;
            margin: 75px auto 0 auto;
            overflow: auto;
        }

        #content {
            font-family: "Segoe UI";
            font-weight: normal;
            font-size: 22px;
            color: #ffffff;
            float: left;
            margin-top: 68px;
            margin-left: 0px;
            vertical-align: middle;
        }

            #content h1 {
                font-family: "Segoe UI Light";
                color: #ffffff;
                font-weight: normal;
                font-size: 60px;
                line-height: 48pt;
                width: 800px;
            }

        a, a:visited, a:active, a:hover {
            color: #ffffff;
        }

        #content a.button {
            background: #0DBCF2;
            border: 1px solid #FFFFFF;
            color: #FFFFFF;
            display: inline-block;
            font-family: Segoe UI;
            font-size: 24px;
            line-height: 46px;
            margin-top: 10px;
            padding: 0 15px 3px;
            text-decoration: none;
        }

            #content a.button img {
                float: right;
                padding: 10px 0 0 15px;
            }

            #content a.button:hover {
                background: #1C75BC;
            }
    </style>
    <script type="text/javascript">
        function toggle_visibility(id) {
            var e = document.getElementById(id);
            if (e.style.display == 'block')
                e.style.display = 'none';
            else
                e.style.display = 'block';
        }
    </script>
</head>
<body bgcolor="#00abec">
    <div id="feature">
        <div id="content">
            <h1>404 Web Site not found.</h1>
            <p>You may be seeing this error due to one of the reasons listed below :</p>
            <ul>
                <li>Custom domain has not been configured inside Azure. See <a href="https://go.microsoft.com/fwlink/?linkid=2194614">how to map an existing domain</a> to resolve this.</li>
                <li>Client cache is still pointing the domain to old IP address. Clear the cache by running the command <i>ipconfig/flushdns.</i></li>
            </ul>
            <p>Checkout <a href="https://go.microsoft.com/fwlink/?linkid=2194451">App Service Domain FAQ</a> for more questions.</p>
        </div>
     </div>
</body>
</html>

Found 2026-01-22 by HttpPlugin

Create report

.azurewebsites.net.scm.azurewebsites.net.sso.azurewebsites.net.brazilsouth-01.azurewebsites.net.scm.brazilsouth-01.azurewebsites.net.sso.brazilsouth-01.azurewebsites.net.brazilsouth.c.azurewebsites.net.scm.brazilsouth.c.azurewebsites.net.sso.brazilsouth.c.azurewebsites.net.azure-mobile.net*.scm.azure-mobile.net

Fingerprint:

0880bd12823f7f421c3e3ddf0d50cec952d658c5697d8817fa962fdd38001607

CN:

*.azurewebsites.net

Key:

RSA-2048

Issuer:

Microsoft Azure RSA TLS Issuing CA 07

Not before:

2025-12-26 01:39

Not after:

2026-06-24 01:39

Domain summary

api-prod.hiper.uy 8

1 recorded

IP summary

20.206.176.5 2

1 recorded