LeakIX - Host api.abroad.finance

Domain api.abroad.finance

United States

GOOGLE

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 142.250.201.83
Domain: api.abroad.finance
Port: 443
URL: https://api.abroad.finance

First seen 2025-10-20 09:05
Last seen 2026-02-06 03:37
Open for 108 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff43de3784a4da895f7325d78353471198011944923e

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /ops/crypto-assets
GET /ops/flows/corridors
GET /ops/flows/definitions
GET /ops/flows/instances
GET /ops/flows/instances/{flowInstanceId}
GET /partner
GET /partnerUser
GET /payments/liquidity
GET /public/corridors
GET /qr-decoder/br
GET /transaction/{transactionId}
GET /transactions/list
PATCH /ops/flows/definitions/{flowId}
PATCH /partnerUser/{userId}
POST /celo/payments/notify
POST /ops/flows/instances/{flowInstanceId}/steps/{stepInstanceId}/requeue
POST /ops/flows/instances/{flowInstanceId}/steps/{stepInstanceId}/retry
POST /payments/notify
POST /quote
POST /quote/reverse
POST /solana/payments/notify
POST /transaction
POST /transactions/check-expired
POST /transactions/check-unprocessed-stellar
POST /walletAuth/challenge
POST /walletAuth/refresh
POST /walletAuth/verify

Found on 2026-02-06 03:37

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff437cb009dc01035afaf389f9b53120dfb91dff7893

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /partner
GET /partnerUser
GET /payments/liquidity
GET /qr-decoder/br
GET /transaction/{transactionId}
GET /transactions/list
PATCH /partnerUser/{userId}
POST /conversions/brl/trigger
POST /quote
POST /quote/reverse
POST /solana/payments/notify
POST /transaction
POST /transactions/check-expired
POST /transactions/check-unprocessed-stellar
POST /walletAuth/challenge
POST /walletAuth/refresh
POST /walletAuth/verify

Found on 2026-01-23 09:34

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff437cb009dc01035afa73d82cd0ee6093132b15fa59

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /partner
GET /partnerUser
GET /payments/banks
GET /payments/liquidity
GET /qr-decoder/br
GET /transaction/{transactionId}
GET /transactions/list
PATCH /partnerUser/{userId}
POST /conversions/brl/trigger
POST /quote
POST /quote/reverse
POST /solana/payments/notify
POST /transaction
POST /transactions/check-expired
POST /transactions/check-unprocessed-stellar
POST /walletAuth/challenge
POST /walletAuth/refresh
POST /walletAuth/verify

Found on 2025-12-16 13:45

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff437cb009dc01035afa73d82cd0ee609313c96cbb17

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /partner
GET /partnerUser
GET /payments/banks
GET /payments/liquidity
GET /qr-decoder/br
GET /transaction/{transactionId}
GET /transactions/list
PATCH /partnerUser/{userId}
POST /conversions/brl/trigger
POST /quote
POST /quote/reverse
POST /transaction
POST /transactions/check-expired
POST /walletAuth/challenge
POST /walletAuth/refresh
POST /walletAuth/verify

Found on 2025-11-30 13:22

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff437cb009dc01035afa73d82cd0ee609313794f286e

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /partner
GET /partnerUser
GET /payments/banks
GET /payments/liquidity
GET /qr-decoder/br
GET /transaction/{transactionId}
GET /transactions/list
PATCH /partnerUser/{userId}
POST /conversions/brl/trigger
POST /quote
POST /quote/reverse
POST /transaction
POST /walletAuth/challenge
POST /walletAuth/refresh
POST /walletAuth/verify

Found on 2025-10-28 23:02

Create report

Open service 142.250.186.147:443 · api.abroad.finance

2026-01-23 09:34

HTTP/1.1 200 OK
x-powered-by: Express
access-control-allow-origin: *
vary: Accept
content-type: application/json; charset=utf-8
etag: W/"96-bLGjeI7IquxX7i0r9ZlvmxOO5II"
x-cloud-trace-context: 512ab13e47c222908965464f03dc375b
date: Fri, 23 Jan 2026 09:34:08 GMT
server: Google Frontend
Content-Length: 150
Connection: close


{"documentation":"http://api.abroad.finance/docs","message":"Welcome to the API","swagger":"http://api.abroad.finance/swagger.json","version":"1.0.0"}

Found 2026-01-23 by HttpPlugin

Create report

Open service 142.250.186.147:443 · api.abroad.finance

2026-01-09 13:26

HTTP/1.1 200 OK
x-powered-by: Express
access-control-allow-origin: *
vary: Accept
content-type: application/json; charset=utf-8
etag: W/"96-bLGjeI7IquxX7i0r9ZlvmxOO5II"
x-cloud-trace-context: ef56ab32e2499145dd0a213eaf5d5076
date: Fri, 09 Jan 2026 13:26:10 GMT
server: Google Frontend
Content-Length: 150
Connection: close


{"documentation":"http://api.abroad.finance/docs","message":"Welcome to the API","swagger":"http://api.abroad.finance/swagger.json","version":"1.0.0"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 142.250.186.147:443 · api.abroad.finance

2026-01-02 19:41

HTTP/1.1 200 OK
x-powered-by: Express
access-control-allow-origin: *
vary: Accept
content-type: application/json; charset=utf-8
etag: W/"96-bLGjeI7IquxX7i0r9ZlvmxOO5II"
x-cloud-trace-context: 75fc7accf61565e9f878665805cc3040
date: Fri, 02 Jan 2026 19:41:20 GMT
server: Google Frontend
Content-Length: 150
Connection: close


{"documentation":"http://api.abroad.finance/docs","message":"Welcome to the API","swagger":"http://api.abroad.finance/swagger.json","version":"1.0.0"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 142.250.186.147:443 · api.abroad.finance

2025-12-23 07:02

HTTP/1.1 200 OK
x-powered-by: Express
access-control-allow-origin: *
vary: Accept
content-type: application/json; charset=utf-8
etag: W/"96-bLGjeI7IquxX7i0r9ZlvmxOO5II"
x-cloud-trace-context: 30af8634512d07f2748c8146c045250f
date: Tue, 23 Dec 2025 07:02:57 GMT
server: Google Frontend
Content-Length: 150
Connection: close


{"documentation":"http://api.abroad.finance/docs","message":"Welcome to the API","swagger":"http://api.abroad.finance/swagger.json","version":"1.0.0"}

Found 2025-12-23 by HttpPlugin

Create report

api.abroad.finance

Fingerprint:

b89b90f86d1b1e99d42cfb9af0e89c1cd283455aecf2696ce624011bc765e923

CN:

api.abroad.finance

Key:

RSA-2048

Issuer:

WR3

Not before:

2025-12-12 09:11

Not after:

2026-03-12 10:03

Domain summary

api.abroad.finance 8

1 recorded

IP summary

142.250.186.147 2 142.250.201.83 1

2 recorded