Domain app.api.dev.build.handicaptour.co
Ireland
MICROSOFT-CORP-MSN-AS-BLOCK
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.123.23.34
Domain: app.api.dev.build.handicaptour.co
Port: 443
URL: https://app.api.dev.build.handicaptour.coFirst seen 2025-12-04 22:37
Last seen 2026-02-02 21:39
Open for 59 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d11e71572dea451ba26ca43e1f50e24abf3cabc7Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /eventEntries/playingPartner/{groupId} GET /account GET /account/balance GET /account/orders GET /account/transactions GET /account/winnings GET /application/{platform}/version GET /clubs GET /clubs/{id} GET /device/channel/{id} GET /eventEntries GET /eventEntries/hnaSettingDate GET /eventEntries/{id} GET /eventEntries/{id}/playingPartners GET /eventResult GET /eventResult/eventEntry/{eventEntryId} GET /eventResult/{id} GET /eventResultVerification/{id} GET /eventTeamResult GET /events GET /events/{id} GET /golferSubscription GET /leaderboards/event/{eventId}/golfer/{golferId} GET /leaderboards/event/{eventId}/team/{teamId} GET /leaderboards/events GET /leaderboards/events-with-ranks GET /leaderboards/events/teams GET /leaderboards/tournament/{tournamentId}/golfer/{golferId} GET /leaderboards/tournament/{tournamentId}/team/{teamId} GET /leaderboards/tournaments GET /leaderboards/tournaments/teams GET /notifications GET /order/{id}/status GET /participatingClubs/{clubId}/{eventId} GET /payoutRequests GET /payoutRequests/config GET /payoutRequests/golfer GET /payoutRequests/{id} GET /product GET /product/{code} GET /profile GET /profile/howToLink GET /profile/lookupByEmail GET /references/countries GET /references/countries/{code} GET /references/currencies GET /references/currencies/{code} GET /social/google/login GET /social/google/login/redirect GET /supportTicket/completedEvents GET /supportTicket/types GET /supportTicket/{id} GET /teamGolfers GET /teamGolfers/{id} GET /teams GET /teams/entry GET /teams/name-availability GET /teams/{id} GET /tournamentGolferRank GET /tournamentGolferRank/extendedList GET /tournamentTeamRank GET /tournaments GET /tournaments/{id} GET /transaction/buy/{productCode} POST /assets/upload POST /assets/uploadJson POST /clubs/search POST /device/authenticate POST /device/channel/register POST /device/credentials POST /device/push/register POST /device/register POST /device/token POST /device/validate POST /eventEntries/playingPartners/confirm/{eventEntryId} POST /eventEntries/round/close POST /eventEntries/round/open POST /eventEntries/{id}/cancel POST /eventEntries/{id}/playingPartner/{golferReference} POST /events/search POST /notifications/{id}/markAsRead POST /order POST /order/subscriptions POST /participatingClubs/search POST /profile/activate POST /profile/changeEmailWithPin POST /profile/changePassword POST /profile/changePasswordWithPin POST /profile/delete POST /profile/jwt/refresh POST /profile/login POST /profile/loginWithSocial POST /profile/register POST /profile/sendConfirmEmailPin POST /profile/sendPasswordResetEmail POST /profile/unique/{nickName} POST /profile/validateGolfer POST /profile/verify POST /profile/verifyPasswordChangePin POST /pushDevices/register POST /supportTicket POST /teamGolfers/deactivate/{teamGolferId} POST /teamGolfers/remove/{teamGolferId} POST /teams/deactivate/{teamId} POST /teams/join/{reference} POST /teams/{id}/invite/accept POST /teams/{id}/invite/declineFound on 2026-02-02 21:39 -
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d11e71572dea451ba26ca43e1f50e24a04e8e8faPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /eventEntries/playingPartner/{groupId} GET /account GET /account/balance GET /account/orders GET /account/transactions GET /account/winnings GET /clubs GET /clubs/{id} GET /device/channel/{id} GET /eventEntries GET /eventEntries/{id} GET /eventEntries/{id}/playingPartners GET /eventResult GET /eventResult/eventEntry/{eventEntryId} GET /eventResult/{id} GET /eventResultVerification/{id} GET /eventTeamResult GET /events GET /events/{id} GET /golferSubscription GET /leaderboards/event/{eventId}/golfer/{golferId} GET /leaderboards/event/{eventId}/team/{teamId} GET /leaderboards/events GET /leaderboards/events-with-ranks GET /leaderboards/events/teams GET /leaderboards/tournament/{tournamentId}/golfer/{golferId} GET /leaderboards/tournament/{tournamentId}/team/{teamId} GET /leaderboards/tournaments GET /leaderboards/tournaments/teams GET /notifications GET /order/{id}/status GET /participatingClubs/{clubId}/{eventId} GET /payoutRequests GET /payoutRequests/config GET /payoutRequests/golfer GET /payoutRequests/{id} GET /product GET /product/{code} GET /profile GET /profile/howToLink GET /profile/lookupByEmail GET /references/countries GET /references/countries/{code} GET /references/currencies GET /references/currencies/{code} GET /social/google/login GET /social/google/login/redirect GET /supportTicket/completedEvents GET /supportTicket/types GET /supportTicket/{id} GET /teamGolfers GET /teamGolfers/{id} GET /teams GET /teams/entry GET /teams/name-availability GET /teams/{id} GET /tournamentGolferRank GET /tournamentGolferRank/extendedList GET /tournamentTeamRank GET /tournaments GET /tournaments/{id} GET /transaction/buy/{productCode} POST /assets/upload POST /assets/uploadJson POST /clubs/search POST /device/authenticate POST /device/channel/register POST /device/credentials POST /device/push/register POST /device/register POST /device/token POST /device/validate POST /eventEntries/playingPartners/confirm/{eventEntryId} POST /eventEntries/round/close POST /eventEntries/round/open POST /eventEntries/{id}/cancel POST /eventEntries/{id}/playingPartner/{golferReference} POST /events/search POST /notifications/{id}/markAsRead POST /order POST /order/subscriptions POST /participatingClubs/search POST /profile/activate POST /profile/changeEmailWithPin POST /profile/changePassword POST /profile/changePasswordWithPin POST /profile/delete POST /profile/jwt/refresh POST /profile/login POST /profile/loginWithSocial POST /profile/register POST /profile/sendConfirmEmailPin POST /profile/sendPasswordResetEmail POST /profile/unique/{nickName} POST /profile/validateGolfer POST /profile/verify POST /profile/verifyPasswordChangePin POST /pushDevices/register POST /supportTicket POST /teamGolfers/deactivate/{teamGolferId} POST /teamGolfers/remove/{teamGolferId} POST /teams/deactivate/{teamId} POST /teams/join/{reference} POST /teams/{id}/invite/accept POST /teams/{id}/invite/declineFound on 2026-01-16 10:08 -
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d11e71572dea451ba26ca43e1f50e24a2aac9dc8Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /eventEntries/playingPartner/{groupId} GET /account GET /account/balance GET /account/orders GET /account/transactions GET /account/winnings GET /clubs GET /clubs/{id} GET /device/channel/{id} GET /eventEntries GET /eventEntries/{id} GET /eventEntries/{id}/playingPartners GET /eventResult GET /eventResult/eventEntry/{eventEntryId} GET /eventResult/{id} GET /eventResultVerification/{id} GET /eventTeamResult GET /events GET /events/{id} GET /golferSubscription GET /leaderboards/event/{eventId}/golfer/{golferId} GET /leaderboards/event/{eventId}/team/{teamId} GET /leaderboards/events GET /leaderboards/events-with-ranks GET /leaderboards/events/teams GET /leaderboards/tournament/{tournamentId}/golfer/{golferId} GET /leaderboards/tournament/{tournamentId}/team/{teamId} GET /leaderboards/tournaments GET /leaderboards/tournaments/teams GET /notifications GET /order/{id}/status GET /participatingClubs/{clubId}/{eventId} GET /payoutRequests GET /payoutRequests/config GET /payoutRequests/golfer GET /payoutRequests/{id} GET /product GET /product/{code} GET /profile GET /profile/howToLink GET /profile/lookupByEmail GET /references/countries GET /references/countries/{code} GET /references/currencies GET /references/currencies/{code} GET /social/google/login GET /social/google/login/redirect GET /supportTicket/completedEvents GET /supportTicket/types GET /supportTicket/{id} GET /teamGolfers GET /teamGolfers/{id} GET /teams GET /teams/entry GET /teams/name-availability GET /teams/{id} GET /tournamentGolferRank GET /tournamentGolferRank/extendedList GET /tournamentTeamRank GET /tournaments GET /tournaments/{id} GET /transaction/buy/{productCode} POST /assets/upload POST /assets/uploadJson POST /clubs/search POST /device/authenticate POST /device/channel/register POST /device/credentials POST /device/push/register POST /device/register POST /device/token POST /device/validate POST /eventEntries/playingPartners/confirm/{eventEntryId} POST /eventEntries/round/close POST /eventEntries/round/open POST /eventEntries/{id}/cancel POST /eventEntries/{id}/playingPartner/{golferReference} POST /events/search POST /notifications/{id}/markAsRead POST /order POST /order/subscriptions POST /participatingClubs/search POST /profile/activate POST /profile/changeEmailWithPin POST /profile/changePassword POST /profile/changePasswordWithPin POST /profile/delete POST /profile/jwt/refresh POST /profile/login POST /profile/loginWithSocial POST /profile/register POST /profile/sendConfirmEmailPin POST /profile/sendPasswordResetEmail POST /profile/unique/{nickName} POST /profile/validateGolfer POST /profile/verify POST /profile/verifyPasswordChangePin POST /pushDevices/register POST /supportTicket POST /teamGolfers/remove/{teamGolferId} POST /teams/join/{reference} POST /teams/{id}/invite/accept POST /teams/{id}/invite/declineFound on 2026-01-09 12:55
-