Domain api.gawgo.com
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-18 01:08
Last seen 2026-01-09 14:31
Open for 52 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549eb5cdc9b4b5b8325cb194abb2713556a7dd9db85Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /WeatherForecast GET /api/v1/identity/profile GET /api/v1/identity/thirdparty/profile GET /api/v1/identity/thirdparty/users/all GET /api/v1/identity/thirdparty/users/count GET /api/v1/market/wagers GET /api/v1/wager GET /api/v1/wager/categories/{id}/wagers GET /api/v1/wager/category GET /api/v1/wagers GET /api/v1/wagers/{id}/claim GET /api/v1/wagers/{id}/claims GET /api/v1/wagers/{id}/participants GET /api/v1/wagers/{id}/winners GET /api/v1/wallet GET /api/v1/wallet/admin GET /api/v1/wallet/admin/balance GET /api/v1/wallet/admin/transactions GET /api/v1/wallet/balance GET /api/v1/wallet/disburse/balance GET /api/v1/wallet/disburse/transactions GET /api/v1/wallet/external/flutterwave/banks GET /api/v1/wallet/limit GET /api/v1/wallet/limit/admin/limits GET /api/v1/wallet/reserved/transfer/postings GET /api/v1/wallet/thirdparty/limit/{userid} GET /api/v1/wallet/thirdparty/wallets/{userid} GET /api/v1/wallet/transactions GET /api/v1/wallet/userbanks GET /api/v1/wallets GET /api/v1/wallets/search/{search} POST /api/v1/identity/banner POST /api/v1/identity/displaypicture POST /api/v1/identity/email/initiate POST /api/v1/identity/email/verify POST /api/v1/identity/login POST /api/v1/identity/password/initiatereset POST /api/v1/identity/password/reset POST /api/v1/identity/refresh POST /api/v1/identity/register POST /api/v1/identity/token/verify POST /api/v1/wallet/external/account/validate POST /api/v1/wallet/external/flutter/transaction POST /api/v1/wallet/external/stripe/transaction POST /api/v1/wallet/external/transfer POST /api/v1/wallet/fund POST /api/v1/wallet/fund/stripe/location POST /api/v1/wallet/limit/admin/limit POST /api/v1/wallet/pin POST /api/v1/wallet/thirdparty/disburse POST /api/v1/wallet/thirdparty/limit POST /api/v1/wallet/transfer PUT /api/v1/identity/password/change PUT /api/v1/wager/claim PUT /api/v1/wager/request PUT /api/v1/wager/start PUT /api/v1/wager/win PUT /api/v1/wallet/limit/basic PUT /api/v1/wallet/reserved/transfer/postingFound on 2026-01-09 14:31
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-18 01:08
Last seen 2026-01-02 06:10
Open for 45 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549eb5cdc9b4b5b8325cb194abb2713556a7dd9db85Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /WeatherForecast GET /api/v1/identity/profile GET /api/v1/identity/thirdparty/profile GET /api/v1/identity/thirdparty/users/all GET /api/v1/identity/thirdparty/users/count GET /api/v1/market/wagers GET /api/v1/wager GET /api/v1/wager/categories/{id}/wagers GET /api/v1/wager/category GET /api/v1/wagers GET /api/v1/wagers/{id}/claim GET /api/v1/wagers/{id}/claims GET /api/v1/wagers/{id}/participants GET /api/v1/wagers/{id}/winners GET /api/v1/wallet GET /api/v1/wallet/admin GET /api/v1/wallet/admin/balance GET /api/v1/wallet/admin/transactions GET /api/v1/wallet/balance GET /api/v1/wallet/disburse/balance GET /api/v1/wallet/disburse/transactions GET /api/v1/wallet/external/flutterwave/banks GET /api/v1/wallet/limit GET /api/v1/wallet/limit/admin/limits GET /api/v1/wallet/reserved/transfer/postings GET /api/v1/wallet/thirdparty/limit/{userid} GET /api/v1/wallet/thirdparty/wallets/{userid} GET /api/v1/wallet/transactions GET /api/v1/wallet/userbanks GET /api/v1/wallets GET /api/v1/wallets/search/{search} POST /api/v1/identity/banner POST /api/v1/identity/displaypicture POST /api/v1/identity/email/initiate POST /api/v1/identity/email/verify POST /api/v1/identity/login POST /api/v1/identity/password/initiatereset POST /api/v1/identity/password/reset POST /api/v1/identity/refresh POST /api/v1/identity/register POST /api/v1/identity/token/verify POST /api/v1/wallet/external/account/validate POST /api/v1/wallet/external/flutter/transaction POST /api/v1/wallet/external/stripe/transaction POST /api/v1/wallet/external/transfer POST /api/v1/wallet/fund POST /api/v1/wallet/fund/stripe/location POST /api/v1/wallet/limit/admin/limit POST /api/v1/wallet/pin POST /api/v1/wallet/thirdparty/disburse POST /api/v1/wallet/thirdparty/limit POST /api/v1/wallet/transfer PUT /api/v1/identity/password/change PUT /api/v1/wager/claim PUT /api/v1/wager/request PUT /api/v1/wager/start PUT /api/v1/wager/win PUT /api/v1/wallet/limit/basic PUT /api/v1/wallet/reserved/transfer/postingFound on 2026-01-02 06:10
-
-
Open service 99.83.220.108:443 · api.gawgo.com
2026-01-09 14:31
HTTP/1.1 404 Not Found Content-Length: 0 Date: Fri, 09 Jan 2026 14:31:36 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=%2F%2BEyYFB%2F%2BzsKX5t7s%2F%2B7U02rtMhJ6xUUsKdaEJ0YIkY%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767969096"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=%2F%2BEyYFB%2F%2BzsKX5t7s%2F%2B7U02rtMhJ6xUUsKdaEJ0YIkY%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767969096" Server: Heroku Via: 1.1 heroku-router Connection: closeFound 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.220.108:443 · api.gawgo.com
2026-01-02 13:05
HTTP/1.1 404 Not Found Content-Length: 0 Date: Fri, 02 Jan 2026 13:05:15 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=qgS5CJoabqQlToJkleXuDj2MEkR0AVAn963R3wk4qZ4%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767359116"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=qgS5CJoabqQlToJkleXuDj2MEkR0AVAn963R3wk4qZ4%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767359116" Server: Heroku Via: 1.1 heroku-router Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 35.71.179.82:80 · api.gawgo.com
2026-01-02 06:10
HTTP/1.1 404 Not Found Content-Length: 0 Date: Fri, 02 Jan 2026 06:10:23 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=qlFp7ebciJv49QQkqjEls3ltva%2B6YcQXYas0On7UcXs%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767334224"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=qlFp7ebciJv49QQkqjEls3ltva%2B6YcQXYas0On7UcXs%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767334224" Server: Heroku Via: 1.1 heroku-router Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 99.83.220.108:443 · api.gawgo.com
2025-12-30 14:26
HTTP/1.1 404 Not Found Content-Length: 0 Date: Tue, 30 Dec 2025 14:26:16 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=1Fd1IfuakDfhbJXe99kfCioK3kZkih2ralZ3zkPy95c%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767104776"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=1Fd1IfuakDfhbJXe99kfCioK3kZkih2ralZ3zkPy95c%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767104776" Server: Heroku Via: 1.1 heroku-router Connection: closeFound 2025-12-30 by HttpPluginCreate report
-
Open service 99.83.220.108:443 · api.gawgo.com
2025-12-22 18:28
HTTP/1.1 404 Not Found Content-Length: 0 Date: Mon, 22 Dec 2025 18:28:04 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=PTdqBXM0Z5BWc238UiixgSVqrd%2Bl63EEVZozHsZgoIM%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766428084"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=PTdqBXM0Z5BWc238UiixgSVqrd%2Bl63EEVZozHsZgoIM%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766428084" Server: Heroku Via: 1.1 heroku-router Connection: closeFound 2025-12-22 by HttpPluginCreate report
-
Open service 99.83.220.108:443 · api.gawgo.com
2025-12-20 21:21
HTTP/1.1 404 Not Found Content-Length: 0 Date: Sat, 20 Dec 2025 21:21:36 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=2%2BEIW6bRddLMfcC%2B0LS4DwRRpwwjZeRbR3GjQdE7LD4%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766265697"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=2%2BEIW6bRddLMfcC%2B0LS4DwRRpwwjZeRbR3GjQdE7LD4%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766265697" Server: Heroku Via: 1.1 heroku-router Connection: closeFound 2025-12-20 by HttpPluginCreate report