Microsoft-IIS 10.0
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d608b2a63760a4e05caf55a6848f55a6848f55a6848
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: POST /api/AutomationTasks/GenerateDailyFeed POST /api/AutomationTasks/RecoverIssuerOrbisNumbers POST /api/AutomationTasks/SyncOrbisData
Open service 40.85.96.208:443 · ardsync-automation.midroog.co.il
2026-01-23 13:35
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 13:35:53 GMT Server: Microsoft-IIS/10.0 Location: index.html Set-Cookie: ARRAffinity=fe39474fd320864877f5e92bc600d00c5ef5d6b4ffae686e24f349eddd4e1e7f;Path=/;HttpOnly;Secure;Domain=ardsync-automation.midroog.co.il Set-Cookie: ARRAffinitySameSite=fe39474fd320864877f5e92bc600d00c5ef5d6b4ffae686e24f349eddd4e1e7f;Path=/;HttpOnly;SameSite=None;Secure;Domain=ardsync-automation.midroog.co.il Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Powered-By: ASP.NET X-Frame-Options: DENY Content-Security-Policy: frame-ancestors 'none'; default-src 'self'; script-src 'self' https://trusted.cdn.com; style-src 'self' 'unsafe-inline' X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin
Open service 40.85.96.208:443 · ardsync-automation.midroog.co.il
2026-01-12 21:19
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 12 Jan 2026 21:20:25 GMT Server: Microsoft-IIS/10.0 Location: index.html Set-Cookie: ARRAffinity=4ab9d0aa67a0f17126ea798d5e6155be6051d6119635d3133e6a262f96e8ec7a;Path=/;HttpOnly;Secure;Domain=ardsync-automation.midroog.co.il Set-Cookie: ARRAffinitySameSite=4ab9d0aa67a0f17126ea798d5e6155be6051d6119635d3133e6a262f96e8ec7a;Path=/;HttpOnly;SameSite=None;Secure;Domain=ardsync-automation.midroog.co.il Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Powered-By: ASP.NET X-Frame-Options: DENY Content-Security-Policy: frame-ancestors 'none'; default-src 'self'; script-src 'self' https://trusted.cdn.com; style-src 'self' 'unsafe-inline' X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin
Open service 40.85.96.208:80 · ardsync-automation.midroog.co.il
2026-01-12 21:19
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 12 Jan 2026 21:20:25 GMT Location: https://ardsync-automation.midroog.co.il/