LeakIX - Host async.aslot.io

Domain async.aslot.io

CLOUDFLARENET

Software information

cloudflare

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 172.67.172.77
Domain: async.aslot.io
Port: 443
URL: https://async.aslot.io

First seen 2025-11-28 20:03
Last seen 2026-01-23 13:41
Open for 55 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43714a58ce12db6a8b9a84c2fcc0f68ffd17875504
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /
GET /emails/verify/link/{id}/{token}
GET /emails/verify/send
GET /health
GET /ready
POST /emails/send/creds
POST /emails/verify/emailcode
POST /emails/verify/emailcode/forgot
POST /emails/verify/promo
POST /emails/verify/send/forgot
POST /ips/load/details
POST /win-bets
POST /win-bets/process
```
  Found on 2026-01-23 13:41
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff433fac9c02a8f3703711d1b5f49556da2c02f89e30
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /emails/verify/link/{id}/{token}
GET /emails/verify/send
GET /health
GET /ready
GET /swagger.json
POST /emails/send/creds
POST /emails/verify/emailcode
POST /emails/verify/emailcode/forgot
POST /emails/verify/promo
POST /emails/verify/send/forgot
POST /ips/load/details
```
  Found on 2025-12-01 13:35
Create report

Open service 172.67.172.77:443 · async.aslot.io

2026-01-23 13:41

HTTP/1.1 200 OK
Date: Fri, 23 Jan 2026 13:41:22 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2
Connection: close
vary: Origin
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-ratelimit-limit-global: 50
x-ratelimit-remaining-global: 49
x-ratelimit-reset-global: 1
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=4,cfOrigin;dur=83
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=CcbwxZQtn2xZL5c%2BI25ODQX4RoCN2wLQsw96xrHqyEO2wQB1qTAVV2qoRlPbGo6hIQdUjOrolBnLetTDiJfg9ysk6EBpfC2NfssCflsb"}]}
Server: cloudflare
CF-RAY: 9c27b54d5883de97-EWR
alt-svc: h3=":443"; ma=86400


OK

Found 2026-01-23 by HttpPlugin

Create report

Open service 172.67.172.77:443 · async.aslot.io

2026-01-09 13:45

HTTP/1.1 200 OK
Date: Fri, 09 Jan 2026 13:45:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2
Connection: close
vary: Origin
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-ratelimit-limit-global: 50
x-ratelimit-remaining-global: 49
x-ratelimit-reset-global: 1
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=8,cfOrigin;dur=252
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=isvI%2BQr2Quxpyr%2FyLmDQn6SBpxaCVXYswkS9PaFlnhkz70dQ0zWxIAD9lvR0C9M8PEieVsoHjXE9moLOVtFupOledhuuZcLLliXj6dkD"}]}
Server: cloudflare
CF-RAY: 9bb4602518f77aea-EWR
alt-svc: h3=":443"; ma=86400


OK

Found 2026-01-09 by HttpPlugin

Create report

Open service 172.67.172.77:443 · async.aslot.io

2026-01-02 13:33

HTTP/1.1 200 OK
Date: Fri, 02 Jan 2026 13:33:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2
Connection: close
vary: Origin
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-ratelimit-limit-global: 50
x-ratelimit-remaining-global: 48
x-ratelimit-reset-global: 1
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=7,cfOrigin;dur=248
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lWv7p8Qlh%2BX%2BsJS6WtBr4bd%2Blr4gDYthyp2PSc69YMwGLK89JY6cJ3V2QS08GioPqbnk8tTDpVWdrZnu5YGr%2Fouk2S0cTD349yzo0dsL"}]}
Server: cloudflare
CF-RAY: 9b7aa19eedfb5f74-EWR
alt-svc: h3=":443"; ma=86400


OK

Found 2026-01-02 by HttpPlugin

Create report

aslot.io*.aslot.io

Fingerprint:

b8f4c9d5742f99bef911581c946f57ae2d144b9c816c2b91208d4d9e94aa6308

CN:

aslot.io

Key:

ECDSA-256

Issuer:

WE1

Not before:

2025-11-26 15:45

Not after:

2026-02-24 16:44

Domain summary

async.aslot.io 4

1 recorded

IP summary

172.67.172.77 2

1 recorded

Domain async.aslot.io

Software information

Swagger API description is publicly available

Create report

Create report

Create report

aslot.io*.aslot.io

Domain summary

IP summary