LeakIX - Host api.insights.archamenity.com

Domain api.insights.archamenity.com

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Microsoft-IIS 10.0

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.118.48.5
Domain: api.insights.archamenity.com
Port: 443
URL: https://api.insights.archamenity.com

First seen 2026-01-13 08:42
Last seen 2026-02-09 17:34
Open for 27 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493a31763d4c186cad72de8cc770cbea8efa539357

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Payroll/DeletePayee/{id}
DELETE /api/Payroll/DeletePayrollDetailById
GET /api/Activity/InsertOrUpdateGuestTypes
GET /api/Appointment/InsertOrUpdateAppointments
GET /api/Authentication/GetMenuItems
GET /api/Authentication/GetTenantDetails
GET /api/Book4TimeDepositLog/B4TDepositLogExcel
GET /api/Book4TimeDepositLog/GetDepositLogAmenities
GET /api/CorporateInvoice/GetInvoiceAmenities
GET /api/CorporateInvoice/InvoiceZipDownload
GET /api/CorporateInvoice/SendCorporateInvoices
GET /api/Customer/GetCustomerDetails
GET /api/Dashboard/ClassSchedule
GET /api/Dashboard/Classes
GET /api/Dashboard/DashboardGroupExerciseDetails
GET /api/Dashboard/GetApimData
GET /api/Dashboard/GetAppointmentsByGuestType
GET /api/Dashboard/GetAppointmentsByStatus
GET /api/Dashboard/GetAverageTickets
GET /api/Dashboard/GetCancelledAppointments
GET /api/Dashboard/GetCurrentYearRevenue
GET /api/Dashboard/GetEventData
GET /api/Dashboard/GetInsightsClubsInfo
GET /api/Dashboard/GetLastYearRevenue
GET /api/Dashboard/GetMemberList
GET /api/Dashboard/GetMemberVisitsData
GET /api/Dashboard/GetMembersDetails
GET /api/Dashboard/GetPaceReportRevenueData
GET /api/Dashboard/GetProgramData
GET /api/Dashboard/GetSalesByProductType
GET /api/Dashboard/GetSalesByServiceGroups
GET /api/Dashboard/GetSalesDetails
GET /api/Dashboard/GetSameTimeLastYearRevenue
GET /api/Dashboard/GetServiceToProductRatio
GET /api/Dashboard/GetTotalGroup
GET /api/Dashboard/GetTotalRevenue
GET /api/Dashboard/GetTurnawayDetails
GET /api/Dashboard/GetVisitsComparision
GET /api/Dashboard/GetVisitsCounts
GET /api/Data/InsertOrUpdateLocations
GET /api/DepositLog/DepositLogExcel
GET /api/DepositLog/GetDepositLog
GET /api/MindBody/GetAPIActivationCode
GET /api/Payroll/GetAllEarningCodes
GET /api/Payroll/GetAllPayees
GET /api/Payroll/GetB4TLogData
GET /api/Payroll/GetPayPeriods
GET /api/Payroll/GetPayeesFullName
GET /api/Payroll/GetPayrollDetailsByAmenityId
GET /api/Payroll/GetPayrollSummary
GET /api/Payroll/GetServiceCategories
GET /api/Payroll/IsPayrollExist
GET /api/Payroll/SendInmomentLocationsWithoutApiAccess
GET /api/Pdf/GeneratePdf
GET /api/SalesSummary/GetB4TSalesSummaryByProductReport
GET /api/SalesSummary/GetMBSalesSummaryByProductReport
GET /api/SalesSummary/GetSalesSummaryAmenities
GET /api/Service/InsertOrUpdateAddOnServices
GET /api/Service/InsertOrUpdateServiceGroups
GET /api/Service/InsertOrUpdateServiceTypeByID
GET /api/Service/InsertOrUpdateServiceTypes
GET /api/ServiceCategory/GetAdpCodeCategories
GET /api/ServiceCategory/GetMissingServiceTypeMappingsByAmenityId
GET /api/ServiceCategory/GetMissingServiceTypesByAmenityId
GET /api/ServiceCategory/GetServiceCategoriesByAmenityId
GET /api/ServiceCategory/GetServiceCategoryMappingsByAmenityId
GET /api/Task/RefreshMemberList
GET /api/Task/RefreshMemberListFromSnowFlake
GET /api/Technician/GetTechnicianSchedules
GET /api/Technician/SpaTokenGeneration
GET /api/TokenHelper/GetTokens
GET /api/Transaction/InsertOrUpdateTranscations
GET /api/User/GetAmenities
GET /api/User/GetGroupedAmenities
GET /api/User/GetGroups
GET /api/User/GetUserAmenities
GET /api/User/GetUserDetails
GET /api/User/GetUserMappedAmenities
GET /api/User/GetUserSpaFitnessAmenities
GET /api/User/GetUserStatus
GET /api/User/SendSsoUpgrademail
POST /api/Appointment/AppointmentWebhook
POST /api/Appointment/UpdateAppointmentWebhook
POST /api/Authentication/ChangePassword
POST /api/Authentication/ForgotPassword
POST /api/Authentication/Login
POST /api/Authentication/ResetPasswordWithEmail
POST /api/Authentication/SetPassword
POST /api/Authentication/SsoLogin
POST /api/Authentication/TokenGeneration
POST /api/Authentication/UserRegistration
POST /api/Authentication/ValidateForgotPassword
POST /api/Authentication/ValidateSetPassword
POST /api/Authentication/ValidateUserPassword
POST /api/Dashboard/GetAllCities
POST /api/Dashboard/GetAllFacilities
POST /api/Dashboard/GetAllRegions
POST /api/Dashboard/GetAllStates
POST /api/Dashboard/GetEmployerData
POST /api/Dashboard/GetUserSpas
POST /api/Data/InsertOrUpdateTurnaways
POST /api/Hubspot/FacilityDataFromHubspot
POST /api/Hubspot/GetAmenitiesDataFromHubspot
POST /api/Hubspot/GetOwnersDataFromHubspot
POST /api/Hubspot/InsertAmenityCategoriesFromHubspot
POST /api/Payroll/DeleteSplitPayrollDetails
POST /api/Payroll/InsertPayrollDetailWithAmenity
POST /api/Payroll/InsertSplitPayrollDetails
POST /api/Payroll/UpdatePayrollDetailById
POST /api/Payroll/UpdateSplitPayrollDetails
POST /api/Service/InsertOrUpdateServiceTypesByLocation
POST /api/ServiceCategory/InsertOrUpdateMissingServiceTypeMappings/InsertOrUpdate
POST /api/ServiceCategory/InsertOrUpdateServiceCategoryMappingsByAmenityId/InsertOrUpdate
POST /api/User/CheckIfEmailExists
POST /api/User/DisableUserByAdmin
POST /api/User/RegisterUser
POST /api/User/TrackUserAuditDetails
POST /api/User/UpdateUser
POST /{clubCode}/swipe/{cardID}

Found on 2026-02-09 17:34

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-16 22:35

Create report

Open service 20.118.48.5:443 · api.insights.archamenity.com

2026-01-23 14:04

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Fri, 23 Jan 2026 14:05:18 GMT
Server: Microsoft-IIS/10.0
Set-Cookie: ARRAffinity=0422a4dadbc118f9867df7ce19b008b709e8d292e137797ec5a3992788831d23;Path=/;HttpOnly;Secure;Domain=api.insights.archamenity.com
Set-Cookie: ARRAffinitySameSite=0422a4dadbc118f9867df7ce19b008b709e8d292e137797ec5a3992788831d23;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.insights.archamenity.com
Request-Context: appId=cid-v1:7119d95d-f813-4d8a-91d8-0c9dd02463dd
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';
X-Powered-By: ASP.NET

Found 2026-01-23 by HttpPlugin

Create report

api.insights.archamenity.com

Fingerprint:

ee41e9b2c8c289100fc492b65d1052dc00433a265acc78e8e0b1d00bd9892770

CN:

api.insights.archamenity.com

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2026-01-13 00:00

Not after:

2026-04-14 23:59

Domain summary

api.insights.archamenity.com 2

1 recorded

IP summary

20.118.48.5 2

1 recorded