LeakIX - Host api.emailsign.io

Domain api.emailsign.io

CLOUDFLARENET

Software information

cloudflare

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 172.67.206.77
Domain: api.emailsign.io
Port: 443
URL: https://api.emailsign.io

First seen 2025-10-15 13:03
Last seen 2026-01-17 00:37
Open for 93 days

Severity: info
Fingerprint: 5733ddf49ff49cd110b5863cc79030722880f52a3f285085433c9c984562951d

Public Swagger UI/API detected at path: /api-docs/swagger.json - sample paths:
DELETE /signature/delete/{signatureId}
GET /auth/info
GET /auth/locationGet
GET /contactQuery/all
GET /contactQuery/info
GET /signature/getsignaturedata
GET /sso/auth/info
GET /subscription/plans
GET /subscription/{userId}
GET /upload/info
GET /users/
GET /users/delete/{userId}
GET /users/info
POST /auth/adminlogin
POST /auth/auth/2fa/disable
POST /auth/auth/2fa/generate
POST /auth/auth/2fa/verify
POST /auth/auth/login_2fa/verify
POST /auth/forgot_password
POST /auth/forgot_password_email
POST /auth/login
POST /auth/register
POST /auth/resendotp
POST /auth/reset_password
POST /auth/verifyotp
POST /contactQuery/create
POST /signature/duplicate/{signatureId}
POST /signature/images
POST /signature/savesignature
POST /sso/auth/google
POST /subscription/create_subscription/
POST /subscription/renew_subscription/
POST /subscription/stripe-products
POST /subscription/update_subscription/
POST /upload/files
POST /upload/images
POST /users/change_password
PUT /signature/update/{signatureId}

Found on 2026-01-17 00:37

Severity: info
Fingerprint: 5733ddf49ff49cd110b5863cc79030722880f52a3f285085433c9c98c74ae25d

Public Swagger UI/API detected at path: /api-docs/swagger.json - sample paths:
DELETE /signature/delete/{signatureId}
GET /auth/info
GET /auth/locationGet
GET /contactQuery/all
GET /contactQuery/info
GET /signature/getsignaturedata
GET /sso/auth/info
GET /subscription/plans
GET /subscription/{userId}
GET /upload/info
GET /users/
GET /users/delete/{userId}
GET /users/info
POST /auth/adminlogin
POST /auth/auth/2fa/disable
POST /auth/auth/2fa/generate
POST /auth/auth/2fa/verify
POST /auth/auth/login_2fa/verify
POST /auth/forgot_password
POST /auth/forgot_password_email
POST /auth/login
POST /auth/register
POST /auth/resendotp
POST /auth/reset_password
POST /auth/verifyotp
POST /contactQuery/create
POST /signature/duplicate/{signatureId}
POST /signature/images
POST /signature/savesignature
POST /sso/auth/google
POST /subscription/create_subscription/
POST /subscription/update_subscription/
POST /upload/files
POST /upload/images
POST /users/change_password
PUT /signature/update/{signatureId}

Found on 2025-12-16 22:53

Create report

Open service 172.67.206.77:443 · api.emailsign.io

2026-01-23 09:10

HTTP/1.1 502 Bad Gateway
Date: Fri, 23 Jan 2026 09:10:06 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Connection: close
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Server: cloudflare
CF-RAY: 9c2627f20af3fdba-SIN
alt-svc: h3=":443"; ma=86400


error code: 502

Found 2026-01-23 by HttpPlugin

Create report

Open service 172.67.206.77:443 · api.emailsign.io

2026-01-10 00:52

HTTP/1.1 404 Not Found
Date: Sat, 10 Jan 2026 00:52:26 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Server: cloudflare
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Content-Security-Policy: default-src 'none'
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: origin, X-Requested-With,Content-Type,Accept, Authorization, baggage
Vary: Accept-Encoding
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GxLkIAy2iBPfdQY8yrUp571hLTopTFt9BRaBY3OjVZMXtnGCYUxwIs4Zsoel1yE4sFZZTZJ1%2BjXHxP19JqZWaDhWLm35qsBK9lqEHbwkSvI%3D"}]}
cf-cache-status: DYNAMIC
CF-RAY: 9bb83110b8fab201-FRA
alt-svc: h3=":443"; ma=86400

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-10 by HttpPlugin

Create report

emailsign.io*.emailsign.io

Fingerprint:

87d50a6511111becd707329b449ef322035971a56d81a73e9b707b9f7df4307b

CN:

emailsign.io

Key:

ECDSA-256

Issuer:

WE1

Not before:

2025-11-29 22:26

Not after:

2026-02-27 23:23

Domain summary

api.emailsign.io 3

1 recorded

IP summary

172.67.206.77 2

1 recorded