Domain api-sdp.canpl.ca
Germany
Software information
istio-envoy
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-19 06:37
Last seen 2026-01-09 20:39
Open for 51 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549bd9305b2c7752b168fafad5f8b131a9b0ba36abcPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /Health GET /v1/{projectCode}/football/competitions GET /v1/{projectCode}/football/competitions/{competitionId} GET /v1/{projectCode}/football/competitions/{competitionId}/players/{playerId}/Career GET /v1/{projectCode}/football/competitions/{competitionId}/seasons GET /v1/{projectCode}/football/match/{matchId}/FIFAstandardEvents GET /v1/{projectCode}/football/players/profile GET /v1/{projectCode}/football/players/{playerId}/profile GET /v1/{projectCode}/football/season/{seasonId}/match/{matchId}/commentary GET /v1/{projectCode}/football/seasons/multipleSeasonMatches GET /v1/{projectCode}/football/seasons/stats/players GET /v1/{projectCode}/football/seasons/{seasonId} GET /v1/{projectCode}/football/seasons/{seasonId}/group/{groupId}/matches GET /v1/{projectCode}/football/seasons/{seasonId}/groups/{groupId}/standings GET /v1/{projectCode}/football/seasons/{seasonId}/kpi/players GET /v1/{projectCode}/football/seasons/{seasonId}/kpi/teams GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/VAR GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/action GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/advancedMatchEvents GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/averageFormations GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/idMapping GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/kpi/aggregated GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/kpi/kpiactions/summary GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/kpi/kpiheatmaps GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/kpi/live GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/kpi/{kpi} GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/matchfacts GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/matchpreview GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/momentum GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/player/{playerId}/heatmapandtrackingrun GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/player/{playerId}/stats GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/player/{playerId}/type/{heatmapType}/heatmapData GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/player/{playerId}/type/{heatmapType}/heatmapImage GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/playerAdvanced GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/playerstats GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/ranking GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/shotMap GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/summary GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/teamAdvanced GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/teamstats GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/trackingHeatmap GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/type/{heatmapType}/heatmapData GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/type/{heatmapType}/heatmapFiles GET /v1/{projectCode}/football/seasons/{seasonId}/match/{matchId}/winprobability GET /v1/{projectCode}/football/seasons/{seasonId}/matchdays GET /v1/{projectCode}/football/seasons/{seasonId}/matches GET /v1/{projectCode}/football/seasons/{seasonId}/matches/current GET /v1/{projectCode}/football/seasons/{seasonId}/matches/{matchId}/feed GET /v1/{projectCode}/football/seasons/{seasonId}/matches/{matchId}/header GET /v1/{projectCode}/football/seasons/{seasonId}/matches/{matchId}/lineups GET /v1/{projectCode}/football/seasons/{seasonId}/matches/{matchId}/live GET /v1/{projectCode}/football/seasons/{seasonId}/seasonMatchSchedule GET /v1/{projectCode}/football/seasons/{seasonId}/stadiums GET /v1/{projectCode}/football/seasons/{seasonId}/stage/{stageId}/matches GET /v1/{projectCode}/football/seasons/{seasonId}/stages GET /v1/{projectCode}/football/seasons/{seasonId}/stages/{stageId}/groups GET /v1/{projectCode}/football/seasons/{seasonId}/standings GET /v1/{projectCode}/football/seasons/{seasonId}/standings/overall GET /v1/{projectCode}/football/seasons/{seasonId}/stats/advanced GET /v1/{projectCode}/football/seasons/{seasonId}/stats/players GET /v1/{projectCode}/football/seasons/{seasonId}/stats/players/compare GET /v1/{projectCode}/football/seasons/{seasonId}/stats/players/multipleTeams GET /v1/{projectCode}/football/seasons/{seasonId}/stats/players/statAggregation GET /v1/{projectCode}/football/seasons/{seasonId}/stats/players/{playerId}/matchBreakdown GET /v1/{projectCode}/football/seasons/{seasonId}/stats/players/{playerId}/penalties GET /v1/{projectCode}/football/seasons/{seasonId}/stats/ranking/expectedgoals/lastfivematches/players GET /v1/{projectCode}/football/seasons/{seasonId}/stats/ranking/expectedgoals/lastfivematches/teams GET /v1/{projectCode}/football/seasons/{seasonId}/stats/ranking/expectedgoals/season/players GET /v1/{projectCode}/football/seasons/{seasonId}/stats/ranking/expectedgoals/season/teams GET /v1/{projectCode}/football/seasons/{seasonId}/stats/rankings/multiStats GET /v1/{projectCode}/football/seasons/{seasonId}/stats/setPiecePerformance GET /v1/{projectCode}/football/seasons/{seasonId}/stats/shotSpeedRankings GET /v1/{projectCode}/football/seasons/{seasonId}/stats/teams GET /v1/{projectCode}/football/seasons/{seasonId}/stats/teams/compare GET /v1/{projectCode}/football/seasons/{seasonId}/stats/teams/goalBreakdown GET /v1/{projectCode}/football/seasons/{seasonId}/stats/teams/statAggregation GET /v1/{projectCode}/football/seasons/{seasonId}/stats/teams/{teamId} GET /v1/{projectCode}/football/seasons/{seasonId}/teams GET /v1/{projectCode}/football/seasons/{seasonId}/tournamentsimulation GET /v1/{projectCode}/football/teams GET /v1/{projectCode}/football/teams/{seasonId}/rosters GET /v1/{projectCode}/football/teams/{teamId}/coaches GET /v1/{projectCode}/football/teams/{teamId}/profile GET /v1/{projectCode}/football/teams/{teamId}/roster GET /v2/{projectCode}/football/seasons/{seasonId}/teams/{teamId}/rosterFound on 2026-01-09 20:39
-
-
Open service 2.16.206.135:443 · api-sdp.canpl.ca
2026-01-09 20:39
HTTP/1.1 404 Not Found Content-Length: 0 Server: istio-envoy x-envoy-upstream-service-time: 1 Cache-Control: private, max-age=20 Expires: Fri, 09 Jan 2026 20:40:00 GMT Date: Fri, 09 Jan 2026 20:39:40 GMT Connection: close Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=46 Server-Timing: origin; dur=0 Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: X-Expose-Header Access-Control-Allow-Headers: X-Custom-Header, content-type Access-Control-Allow-Methods: POST,GET,OPTIONS Access-Control-Allow-Origin: * Server-Timing: ak_p; desc="1767991180565_34655623_2150135488_4505_970_147_185_-";dur=1
Found 2026-01-09 by HttpPluginCreate report
-
Open service 2.16.206.135:443 · api-sdp.canpl.ca
2026-01-03 00:28
HTTP/1.1 404 Not Found Content-Length: 0 Server: istio-envoy x-envoy-upstream-service-time: 1 Cache-Control: private, max-age=20 Expires: Sat, 03 Jan 2026 00:28:24 GMT Date: Sat, 03 Jan 2026 00:28:04 GMT Connection: close Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=32 Server-Timing: origin; dur=0 Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: X-Expose-Header Access-Control-Allow-Headers: X-Custom-Header, content-type Access-Control-Allow-Methods: POST,GET,OPTIONS Access-Control-Allow-Origin: * Server-Timing: ak_p; desc="1767400084166_34655623_157563898_3187_848_168_188_-";dur=1
Found 2026-01-03 by HttpPluginCreate report
-
Open service 2.16.206.135:443 · api-sdp.canpl.ca
2025-12-23 07:41
HTTP/1.1 404 Not Found Content-Length: 0 Server: istio-envoy x-envoy-upstream-service-time: 1 Cache-Control: private, max-age=20 Expires: Tue, 23 Dec 2025 07:41:40 GMT Date: Tue, 23 Dec 2025 07:41:20 GMT Connection: close Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=35 Server-Timing: origin; dur=0 Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: X-Expose-Header Access-Control-Allow-Headers: X-Custom-Header, content-type Access-Control-Allow-Methods: POST,GET,OPTIONS Access-Control-Allow-Origin: * Server-Timing: ak_p; desc="1766475679846_34655627_3828980020_3504_763_93_192_-";dur=1
Found 2025-12-23 by HttpPluginCreate report
-
Open service 2.16.206.135:443 · api-sdp.canpl.ca
2025-12-21 05:26
HTTP/1.1 404 Not Found Content-Length: 0 Server: istio-envoy x-envoy-upstream-service-time: 5 Cache-Control: private, max-age=20 Expires: Sun, 21 Dec 2025 05:27:07 GMT Date: Sun, 21 Dec 2025 05:26:47 GMT Connection: close Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=1 Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: X-Expose-Header Access-Control-Allow-Headers: X-Custom-Header, content-type Access-Control-Allow-Methods: POST,GET,OPTIONS Access-Control-Allow-Origin: * Server-Timing: ak_p; desc="1766294807195_34655623_976459014_9_662_85_94_-";dur=1
Found 2025-12-21 by HttpPluginCreate report
-
Open service 2.16.206.135:443 · api-sdp.canpl.ca
2025-12-19 04:14
HTTP/1.1 404 Not Found Content-Length: 0 Server: istio-envoy x-envoy-upstream-service-time: 1 Cache-Control: private, max-age=20 Expires: Fri, 19 Dec 2025 04:15:16 GMT Date: Fri, 19 Dec 2025 04:14:56 GMT Connection: close Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=1 Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: X-Expose-Header Access-Control-Allow-Headers: X-Custom-Header, content-type Access-Control-Allow-Methods: POST,GET,OPTIONS Access-Control-Allow-Origin: * Server-Timing: ak_p; desc="1766117695968_34655623_411287586_9_633_96_107_-";dur=1
Found 2025-12-19 by HttpPluginCreate report