LeakIX - Host api.titaniumfxpro.com

Domain api.titaniumfxpro.com

United States

AMAZON-02

Software information

heroku-router

tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.151.71
Domain: api.titaniumfxpro.com
Port: 80
URL: http://api.titaniumfxpro.com

First seen 2025-10-27 01:00
Last seen 2025-11-03 07:40
Open for 7 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5727e04f7562e519d1237e0a3efdcf449a5a60a19

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /v1/contracts/{hash}
DELETE /v1/orders/{hash}
DELETE /v1/robots/{hash}
GET /v1/actives
GET /v1/actives/{ativoId}
GET /v1/asset-history
GET /v1/cities
GET /v1/cities/{cidadeId}
GET /v1/contracts
GET /v1/contracts/{contratoId}
GET /v1/grupos
GET /v1/grupos/{grupoId}
GET /v1/grupos/{grupoId}/permissoes
GET /v1/investments
GET /v1/markets
GET /v1/markets/sse
GET /v1/markets/{symbols}
GET /v1/news
GET /v1/operations
GET /v1/orders
GET /v1/orders/total-operations
GET /v1/orders/{hash}/hash
GET /v1/orders/{ordemId}
GET /v1/permissoes
GET /v1/professions
GET /v1/quotas
GET /v1/quotas/total-paid
GET /v1/quotas/{parcelaId}
GET /v1/releases
GET /v1/releases/total-releases
GET /v1/releases/{hash}/hash
GET /v1/robots
GET /v1/robots/total-operations
GET /v1/robots/{hash}/hash
GET /v1/robots/{hash}/hash-model
GET /v1/states
GET /v1/states/{estadoId}
GET /v1/tokens
GET /v1/users
GET /v1/users/brokers
GET /v1/users/full
GET /v1/users/{hash}/annotation
GET /v1/users/{hash}/balance
GET /v1/users/{hash}/balances
GET /v1/users/{hash}/hash
GET /v1/users/{hash}/password-decrypted
GET /v1/users/{usuarioId}
GET /v1/users/{usuarioId}/photo
GET /v1/users/{usuarioId}/photo/{tipoFoto}
GET /v1/usuarios/{usuarioId}/grupos
POST /v1/releases/{accessKey}
POST /v1/users/home-created
POST /v1/users/{accessKey}
PUT /v1/actives/{id}
PUT /v1/contracts/{hash}/sign
PUT /v1/contracts/{id}
PUT /v1/grupos/{grupoId}/permissoes/{permissaoId}
PUT /v1/orders/{hash}/close
PUT /v1/orders/{hash}/crash-operation
PUT /v1/quotas/{parcelaId}/paid
PUT /v1/releases/{lancamentoHash}
PUT /v1/releases/{lancamentoHash}/authorized
PUT /v1/releases/{lancamentoHash}/canceled
PUT /v1/releases/{lancamentoHash}/confirmed
PUT /v1/robots/{hash}/allow-transfer
PUT /v1/robots/{hash}/transfer-balance
PUT /v1/users/reset-password/{email}
PUT /v1/users/{hash}/logged-in
PUT /v1/users/{usuarioId}/allow-transfer
PUT /v1/users/{usuarioId}/close-order-allowed
PUT /v1/users/{usuarioId}/demo-balance
PUT /v1/users/{usuarioId}/open-order-allowed
PUT /v1/users/{usuarioId}/score
PUT /v1/users/{usuarioId}/senha
PUT /v1/usuarios/{usuarioId}/grupos/{grupoId}

Found on 2025-11-03 07:40

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.248.132.87
Domain: api.titaniumfxpro.com
Port: 443
URL: https://api.titaniumfxpro.com

First seen 2025-10-27 01:00
Last seen 2025-11-03 07:40
Open for 7 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5727e04f7562e519d1237e0a3efdcf449a5a60a19

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /v1/contracts/{hash}
DELETE /v1/orders/{hash}
DELETE /v1/robots/{hash}
GET /v1/actives
GET /v1/actives/{ativoId}
GET /v1/asset-history
GET /v1/cities
GET /v1/cities/{cidadeId}
GET /v1/contracts
GET /v1/contracts/{contratoId}
GET /v1/grupos
GET /v1/grupos/{grupoId}
GET /v1/grupos/{grupoId}/permissoes
GET /v1/investments
GET /v1/markets
GET /v1/markets/sse
GET /v1/markets/{symbols}
GET /v1/news
GET /v1/operations
GET /v1/orders
GET /v1/orders/total-operations
GET /v1/orders/{hash}/hash
GET /v1/orders/{ordemId}
GET /v1/permissoes
GET /v1/professions
GET /v1/quotas
GET /v1/quotas/total-paid
GET /v1/quotas/{parcelaId}
GET /v1/releases
GET /v1/releases/total-releases
GET /v1/releases/{hash}/hash
GET /v1/robots
GET /v1/robots/total-operations
GET /v1/robots/{hash}/hash
GET /v1/robots/{hash}/hash-model
GET /v1/states
GET /v1/states/{estadoId}
GET /v1/tokens
GET /v1/users
GET /v1/users/brokers
GET /v1/users/full
GET /v1/users/{hash}/annotation
GET /v1/users/{hash}/balance
GET /v1/users/{hash}/balances
GET /v1/users/{hash}/hash
GET /v1/users/{hash}/password-decrypted
GET /v1/users/{usuarioId}
GET /v1/users/{usuarioId}/photo
GET /v1/users/{usuarioId}/photo/{tipoFoto}
GET /v1/usuarios/{usuarioId}/grupos
POST /v1/releases/{accessKey}
POST /v1/users/home-created
POST /v1/users/{accessKey}
PUT /v1/actives/{id}
PUT /v1/contracts/{hash}/sign
PUT /v1/contracts/{id}
PUT /v1/grupos/{grupoId}/permissoes/{permissaoId}
PUT /v1/orders/{hash}/close
PUT /v1/orders/{hash}/crash-operation
PUT /v1/quotas/{parcelaId}/paid
PUT /v1/releases/{lancamentoHash}
PUT /v1/releases/{lancamentoHash}/authorized
PUT /v1/releases/{lancamentoHash}/canceled
PUT /v1/releases/{lancamentoHash}/confirmed
PUT /v1/robots/{hash}/allow-transfer
PUT /v1/robots/{hash}/transfer-balance
PUT /v1/users/reset-password/{email}
PUT /v1/users/{hash}/logged-in
PUT /v1/users/{usuarioId}/allow-transfer
PUT /v1/users/{usuarioId}/close-order-allowed
PUT /v1/users/{usuarioId}/demo-balance
PUT /v1/users/{usuarioId}/open-order-allowed
PUT /v1/users/{usuarioId}/score
PUT /v1/users/{usuarioId}/senha
PUT /v1/usuarios/{usuarioId}/grupos/{grupoId}

Found on 2025-11-03 07:40

Create report

Open service 99.83.151.71:80 · api.titaniumfxpro.com

2026-01-02 00:44

HTTP/1.1 404 Not Found
Content-Length: 548
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: 2026-01-02 00:44:07.671444976 +0000 UTC
Server: heroku-router

Page title: No such app

<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="utf-8">
    <title>No such app</title>
    <style media="screen">
      html,body,iframe {
        margin: 0;
        padding: 0;
      }
      html,body {
        height: 100%;
        overflow: hidden;
      }
      iframe {
        width: 100%;
        height: 100%;
        border: 0;
      }
    </style>
  </head>
  <body>
    <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>
  </body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.151.71:80 · api.titaniumfxpro.com

2025-12-30 08:16

HTTP/1.1 404 Not Found
Content-Length: 548
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: 2025-12-30 08:16:14.511262694 +0000 UTC
Server: heroku-router

Page title: No such app

<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="utf-8">
    <title>No such app</title>
    <style media="screen">
      html,body,iframe {
        margin: 0;
        padding: 0;
      }
      html,body {
        height: 100%;
        overflow: hidden;
      }
      iframe {
        width: 100%;
        height: 100%;
        border: 0;
      }
    </style>
  </head>
  <body>
    <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>
  </body>
</html>

Found 2025-12-30 by HttpPlugin

Create report

Open service 99.83.151.71:80 · api.titaniumfxpro.com

2025-12-22 08:34

HTTP/1.1 404 Not Found
Content-Length: 548
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: 2025-12-22 08:34:40.487254523 +0000 UTC
Server: heroku-router

Page title: No such app

<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="utf-8">
    <title>No such app</title>
    <style media="screen">
      html,body,iframe {
        margin: 0;
        padding: 0;
      }
      html,body {
        height: 100%;
        overflow: hidden;
      }
      iframe {
        width: 100%;
        height: 100%;
        border: 0;
      }
    </style>
  </head>
  <body>
    <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>
  </body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 99.83.151.71:80 · api.titaniumfxpro.com

2025-12-20 09:06

HTTP/1.1 404 Not Found
Content-Length: 548
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: 2025-12-20 09:06:20.380751692 +0000 UTC
Server: heroku-router

Page title: No such app

<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="utf-8">
    <title>No such app</title>
    <style media="screen">
      html,body,iframe {
        margin: 0;
        padding: 0;
      }
      html,body {
        height: 100%;
        overflow: hidden;
      }
      iframe {
        width: 100%;
        height: 100%;
        border: 0;
      }
    </style>
  </head>
  <body>
    <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>
  </body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

Domain summary

api.titaniumfxpro.com 5

1 recorded

IP summary

99.83.151.71 2 13.248.132.87 1

2 recorded