Domain api.toyboy.fun
The Netherlands
Software information
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-07 06:42
Last seen 2026-01-23 08:13
Open for 16 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549049f20307d11019675ed2e1ecb49a6e435684cbePublic Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/Product/{id}/DeleteProductImages GET /api/Address/{id} GET /api/Attribute/value/{id} GET /api/Attribute/{id} GET /api/BankAccount/{id} GET /api/Base3DModelVersion/{id}/downloadUrl GET /api/Base3DModelVersion/{id}/file GET /api/Base3DModelVersion/{id}/metadata GET /api/Blog GET /api/Blog/slug/{slug} GET /api/Blog/table GET /api/Blog/{id} GET /api/Blog/{id}/image GET /api/Country/all GET /api/Country/code/{code} GET /api/Country/countryCodes GET /api/Country/{id} GET /api/Customer/{id} GET /api/DiscountCode/code/{code} GET /api/DiscountCode/{id} GET /api/Franchise/domain/{domain} GET /api/Franchise/{id} GET /api/IndividualOrder/table GET /api/IndividualOrder/{id} GET /api/Language GET /api/Language/code/{code} GET /api/Language/{id} GET /api/Order/table GET /api/Order/{id} GET /api/Order/{id}/finishedModels GET /api/Order/{id}/invoice GET /api/Order/{id}/label GET /api/Order/{id}/modelsExist GET /api/Payment/CheckoutSession/callback GET /api/Payment/CheckoutSession/order/{orderId} GET /api/Payment/CheckoutSession/{sessionId} GET /api/Payment/generate-payment-qr GET /api/Product/country/{countryId}/product-type/{productType} GET /api/Product/{id} GET /api/Product/{id}/ProductImage/{imageId} GET /api/Product/{id}/ProductImages GET /api/ProductCountry/{countryId}/{productId} GET /api/Review/table GET /api/Review/{id} GET /api/User GET /api/User/current GET /api/User/{id} GET /api/User/{id}/role GET /api/VATRate/{id} POST /api/Address POST /api/Address/table POST /api/Attribute POST /api/Attribute/table POST /api/Attribute/value POST /api/BankAccount POST /api/BankAccount/table POST /api/Base3DModelVersion POST /api/Base3DModelVersion/files POST /api/Base3DModelVersion/matchPhoto POST /api/Base3DModelVersion/table POST /api/Country POST /api/Country/table POST /api/Customer POST /api/Customer/table POST /api/DiscountCode POST /api/DiscountCode/table POST /api/Franchise POST /api/Franchise/table POST /api/IndividualOrder POST /api/IndividualOrder/verify-code/{code} POST /api/Order POST /api/Payment/PayU/Notification POST /api/Product POST /api/Product/table POST /api/Product/{id}/UploadProductImageAttachments POST /api/ProductCountry POST /api/ProductCountry/table POST /api/Review POST /api/Review/table/approved POST /api/Shipping/request/{orderId} POST /api/VATRate POST /api/VATRate/table POST /status/{reviewStatus} PUT /api/Order/{id}/status/{orderStatus} PUT /api/Review/{id}/status/{reviewStatus}Found on 2026-01-23 08:13
-
-
Open service 13.69.68.21:443 ยท api.toyboy.fun
2026-01-23 08:13
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 08:14:16 GMT Server: Kestrel Set-Cookie: ARRAffinity=8f7f0ec4f4a341fced10f6269173fcbd9c43d8ffa1a43da06502ac7fb80aeaae;Path=/;HttpOnly;Secure;Domain=api.toyboy.fun Set-Cookie: ARRAffinitySameSite=8f7f0ec4f4a341fced10f6269173fcbd9c43d8ffa1a43da06502ac7fb80aeaae;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.toyboy.fun Request-Context: appId=cid-v1:c9cdf5a4-62ec-47a4-8c10-88df3211b065
Found 2026-01-23 by HttpPluginCreate report