Domain api.fxnx.com
United Kingdom
Software information
Microsoft-IIS 10.0
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-12 04:42
Last seen 2026-01-22 19:47
Open for 10 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d600cb93d536ce58343de2495f4cf71975864f5499fPublic Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /api/Deal/get_all GET /api/Deal/get_batch GET /api/Deal/get_page GET /api/Deal/get_total GET /api/History/get_batch GET /api/History/get_page GET /api/Order/get_page GET /api/Order/get_total GET /api/Position/get_page GET /api/Position/get_total GET /api/Symbol/getGroup GET /api/Symbol/getlist GET /api/Symbol/getsymbolsbygroup GET /api/Symbol/getsymbolsbymask GET /api/Symbol/getsymbolsbyname GET /api/Test/getServerTime GET /api/Test/getUTCTime GET /api/Tick/get GET /api/Tick/get1Dbars GET /api/Tick/last GET /api/Tick/last_group GET /api/Trade/get_request_result GET /api/User/get GET /api/User/get_trade_state POST /api/Authentication/GetLoginDetails POST /api/Trade/send_request POST /api/User/apply-so-compensation POST /api/User/change-group POST /api/User/update-balance POST /api/User/update-credit
Found on 2026-01-22 19:47 -
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d600cb93d536ce58343de2495f4cf719758ccab2690Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /api/Deal/get_all GET /api/Deal/get_batch GET /api/Deal/get_page GET /api/Deal/get_total GET /api/History/get_batch GET /api/History/get_page GET /api/Order/get_page GET /api/Order/get_total GET /api/Position/get_page GET /api/Position/get_total GET /api/Symbol/getGroup GET /api/Symbol/getlist GET /api/Symbol/getsymbolsbygroup GET /api/Symbol/getsymbolsbymask GET /api/Symbol/getsymbolsbyname GET /api/Test/getServerTime GET /api/Test/getUTCTime GET /api/Tick/get GET /api/Tick/get1Dbars GET /api/Tick/last GET /api/Tick/last_group GET /api/Trade/get_request_result GET /api/User/get GET /api/User/get_trade_state POST /api/Authentication/GetLoginDetails POST /api/Trade/send_request POST /api/User/change-group
Found on 2026-01-17 01:37
-
-
Open service 51.104.28.87:443 · api.fxnx.com
2026-01-22 19:47
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Thu, 22 Jan 2026 19:47:45 GMT Server: Microsoft-IIS/10.0 Location: index.html Set-Cookie: ARRAffinity=778dfe68ccfb9d96be57f2be2d452ca51e5e6a3c3d5f01ded1c44784ae5a5f31;Path=/;HttpOnly;Secure;Domain=api.fxnx.com Set-Cookie: ARRAffinitySameSite=778dfe68ccfb9d96be57f2be2d452ca51e5e6a3c3d5f01ded1c44784ae5a5f31;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.fxnx.com Request-Context: appId=cid-v1:458f7e82-9c4a-4f17-8f0b-37d06fff8e70 X-Powered-By: ASP.NET
Found 2026-01-22 by HttpPluginCreate report
-
Open service 51.104.28.87:80 · api.fxnx.com
2026-01-12 04:42
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 12 Jan 2026 04:43:12 GMT Location: https://api.fxnx.com/
Found 2026-01-12 by HttpPluginCreate report
-
Open service 51.104.28.87:443 · api.fxnx.com
2026-01-12 04:42
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 12 Jan 2026 04:43:13 GMT Server: Microsoft-IIS/10.0 Location: index.html Set-Cookie: ARRAffinity=47ed4454503496bc155d9516df80033e0e5b75aa1e700298afc6a2941eb48a75;Path=/;HttpOnly;Secure;Domain=api.fxnx.com Set-Cookie: ARRAffinitySameSite=47ed4454503496bc155d9516df80033e0e5b75aa1e700298afc6a2941eb48a75;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.fxnx.com Request-Context: appId=cid-v1:458f7e82-9c4a-4f17-8f0b-37d06fff8e70 X-Powered-By: ASP.NET
Found 2026-01-12 by HttpPluginCreate report