LeakIX - Host athenacms.net

Domain athenacms.net

United States

AMAZON-02

Software information

nginx nginx 1.26.2

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 54.192.35.109
Domain: athenacms.net
Port: 443
URL: https://athenacms.net

First seen 2025-12-28 00:23
Last seen 2026-02-09 17:29
Open for 43 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035492ea769f6f462e834aa907a08bdd0cde1ec3a7eee

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/candidatedisciplineawardunitelementanswer/{id}
DELETE /api/disciplineawardtemplateunitelementanswer/{id}
GET /api/accesslevel
GET /api/accesslevel/byclient/{id}
GET /api/accesslevel/{id}
GET /api/awardnote
GET /api/awardnote/award/{id}
GET /api/awardnote/{id}
GET /api/candidatedisciplineaward
GET /api/candidatedisciplineaward/byuser/{id}
GET /api/candidatedisciplineaward/byuser/{id}/{role}
GET /api/candidatedisciplineaward/{id}
GET /api/candidatedisciplineawardunit
GET /api/candidatedisciplineawardunit/byaward/{id}
GET /api/candidatedisciplineawardunit/{id}
GET /api/candidatedisciplineawardunitelement
GET /api/candidatedisciplineawardunitelement/byunit/{id}
GET /api/candidatedisciplineawardunitelement/{id}
GET /api/candidatedisciplineawardunitelementanswer/answers/{questionId}
GET /api/candidatedisciplineawardunitelementquestion
GET /api/candidatedisciplineawardunitelementquestion/byelement/{id}
GET /api/candidatedisciplineawardunitelementquestion/{id}
GET /api/candidatedocument
GET /api/candidatedocument/byuser/{id}
GET /api/candidatedocument/downloadfile/{id}
GET /api/candidatedocument/{id}
GET /api/candidateelementdocument
GET /api/candidateelementdocument/byelement/{id}/{type}
GET /api/candidateelementdocument/byquestion/{id}
GET /api/candidateelementdocument/downloadfile/{id}
GET /api/candidateelementdocument/{id}
GET /api/candidatepersonaldocument
GET /api/candidatepersonaldocument/byuser/{id}
GET /api/candidatepersonaldocument/downloadfile/{id}
GET /api/candidatepersonaldocument/{id}
GET /api/candidatetrainingdevelopmentplan/byuserid/{id}
GET /api/candidatetrainingdevelopmentplan/{id}
GET /api/candidatetrainingdevelopmentplanarea
GET /api/candidatetrainingdevelopmentplanarea/bycandidatetdpid/{id}
GET /api/candidatetrainingdevelopmentplanspecific
GET /api/candidatetrainingdevelopmentplanspecific/{id}
GET /api/client
GET /api/client/{id}
GET /api/clientdocument
GET /api/clientdocument/client/{clientId}
GET /api/clientdocument/downloadfile/{id}
GET /api/clientdocument/{clientDocumentId}
GET /api/clientkeycontact/byclient/{id}
GET /api/clientkeycontact/keycontacts/{id}
GET /api/clientlicense
GET /api/clientlicense/client/{clientId}
GET /api/clientlicense/{clientLicenseId}
GET /api/course
GET /api/course/{id}
GET /api/disciplineawardtemplate
GET /api/disciplineawardtemplate/active/client/{id}
GET /api/disciplineawardtemplate/client/{id}
GET /api/disciplineawardtemplate/{id}
GET /api/disciplineawardtemplateunit
GET /api/disciplineawardtemplateunit/byaward/{id}
GET /api/disciplineawardtemplateunit/{id}
GET /api/disciplineawardtemplateunitelement
GET /api/disciplineawardtemplateunitelement/byunit/{id}
GET /api/disciplineawardtemplateunitelement/{id}
GET /api/disciplineawardtemplateunitelementanswer/answers/{questionId}
GET /api/disciplineawardtemplateunitelementquestion
GET /api/disciplineawardtemplateunitelementquestion/byelement/{id}
GET /api/disciplineawardtemplateunitelementquestion/{id}
GET /api/excelreport/candidatedisciplineaward
GET /api/excelreport/candidatedisciplineawardfromstoredprocedure
GET /api/excelreport/clients
GET /api/excelreport/courses
GET /api/excelreport/disciplineaward
GET /api/excelreport/users/{clientId}
GET /api/lookup/userroles
GET /api/settings
GET /api/settings/{clientId}
GET /api/tag
GET /api/tag/byclient/{id}
GET /api/tag/{id}
GET /api/trainingdevelopmentplan
GET /api/trainingdevelopmentplan/byclientid/{id}
GET /api/trainingdevelopmentplan/byid/{id}
GET /api/trainingdevelopmentplanarea
GET /api/trainingdevelopmentplanarea/bytdpid/{id}
GET /api/trainingdevelopmentplanspecific
GET /api/trainingdevelopmentplanspecific/bytdpareaid/{id}
GET /api/trainingmatrixitem
GET /api/trainingmatrixitem/byaward/{id}
GET /api/trainingmatrixitem/downloadfile/{id}
GET /api/trainingmatrixitem/sendemail
GET /api/trainingmatrixitem/{id}
GET /api/user
GET /api/user/admins
GET /api/user/assessors
GET /api/user/assessors/{clientId}
GET /api/user/candidates
GET /api/user/candidates/{id}
GET /api/user/subclients
GET /api/user/technicalauthority
GET /api/user/technicalauthority/{clientId}
GET /api/user/technicalauthoritycollection
GET /api/user/user-candidates/{id}
GET /api/user/users/{id}
GET /api/user/verifiers
GET /api/user/verifiers/{clientId}
GET /api/user/{id}
GET /api/userroles
GET /api/userroles/byclient/{id}
GET /api/userroles/currentrole/{userRoleId}
GET /api/userroles/{id}
POST /api/auth/changepassword/{id}
POST /api/auth/refreshtoken
POST /api/auth/resetpassword/{id}
POST /api/auth/sendpasswordreset
POST /api/auth/token
POST /api/candidatedisciplineaward/filter
POST /api/candidatedisciplineawardunitelementanswer
POST /api/candidatedocument/uploadfile/{id}
POST /api/candidateelementdocument/uploadfile/{id}/{type}
POST /api/candidateelementdocument/uploadfile/{id}/{type}/{questionId}
POST /api/candidatepersonaldocument/uploadfile/{id}
POST /api/candidatetrainingdevelopmentplan
POST /api/clientdocument/{clientId}
POST /api/clientkeycontact/{id}
POST /api/disciplineawardtemplate/push
POST /api/disciplineawardtemplateunitelementanswer
POST /api/excelreport/dashboard/disciplineaward
POST /api/trainingmatrixitem/upload/{id}
POST /api/user/{id}/resendonboardingemail
POST /api/user/{id}/resetloginattempts
PUT /api/candidatedisciplineaward/leadership-email/{id}
PUT /api/candidatedisciplineaward/{id}/{clientId}
PUT /api/candidatedisciplineawardunitelementanswer/selected-answer/{answerId}/{elementId}
PUT /api/candidatedisciplineawardunitelementanswer/{answerId}
PUT /api/candidatetrainingdevelopmentplanarea/{id}
PUT /api/clientdocument/archive/{clientDocumentId}
PUT /api/clientdocument/unarchive/{clientDocumentId}
PUT /api/disciplineawardtemplateunitelementanswer/{answerId}
PUT /api/trainingdevelopmentplan/{id}
PUT /api/trainingdevelopmentplanarea/{id}
PUT /api/trainingdevelopmentplanspecific/{id}

Found on 2026-02-09 17:29

Create report

Open service 54.192.35.109:443 · athenacms.net

2026-01-23 11:21

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 900
Connection: close
Date: Fri, 23 Jan 2026 11:21:57 GMT
Last-Modified: Mon, 01 Dec 2025 11:07:08 GMT
Server: nginx/1.26.2
Accept-Ranges: bytes
ETag: "1dc62b2a23ed584"
X-Cache: Miss from cloudfront
Via: 1.1 8cada61dd7719c6c0ad123c11e1964f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P15
X-Amz-Cf-Id: 9F8VQJsaOMyXU6XOnM8gnfeJNo8TDU3tZGUoycKx9eEdNk2PymYnpw==

Page title: Athena

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width,initial-scale=1.0">
    <link rel="icon" href="/assets/favicon-O1D1JRXC.ico">
    <title>Athena</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css">
    <script type="module" crossorigin src="/assets/index-BdyNjb0I.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-Cdi4TgBc.css">
  </head>
  <body>
    <noscript>
      <strong>We're sorry but this app doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
    </noscript>
    <div id="app"></div>

  </body>
</html>

Found 2026-01-23 by HttpPlugin

Create report

Open service 54.192.35.109:443 · athenacms.net

2026-01-09 13:41

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 900
Connection: close
Date: Fri, 09 Jan 2026 13:41:42 GMT
Last-Modified: Mon, 01 Dec 2025 11:07:08 GMT
Server: nginx/1.26.2
Accept-Ranges: bytes
ETag: "1dc62b2a23ed584"
X-Cache: Miss from cloudfront
Via: 1.1 460946b9bf86c48cb663dc3e1d9d233e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P15
X-Amz-Cf-Id: 57xsFdFSmkIZ2ZSHfxTtbanJ-8vkhAoY3oYRRmjz-PsEa6pa7KHGBQ==

Page title: Athena

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width,initial-scale=1.0">
    <link rel="icon" href="/assets/favicon-O1D1JRXC.ico">
    <title>Athena</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css">
    <script type="module" crossorigin src="/assets/index-BdyNjb0I.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-Cdi4TgBc.css">
  </head>
  <body>
    <noscript>
      <strong>We're sorry but this app doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
    </noscript>
    <div id="app"></div>

  </body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 54.192.35.109:443 · athenacms.net

2026-01-02 02:46

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 900
Connection: close
Date: Fri, 02 Jan 2026 02:46:14 GMT
Last-Modified: Mon, 01 Dec 2025 11:07:08 GMT
Server: nginx/1.26.2
Accept-Ranges: bytes
ETag: "1dc62b2a23ed584"
X-Cache: Miss from cloudfront
Via: 1.1 173e1f9e40c2df572d404097afea2570.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P15
X-Amz-Cf-Id: 5thdE_92IGeps9qRmb7pxkBRueLj_gUZStEOPFu1r_baGoMxJQrvjw==

Page title: Athena

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width,initial-scale=1.0">
    <link rel="icon" href="/assets/favicon-O1D1JRXC.ico">
    <title>Athena</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css">
    <script type="module" crossorigin src="/assets/index-BdyNjb0I.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-Cdi4TgBc.css">
  </head>
  <body>
    <noscript>
      <strong>We're sorry but this app doesn't work properly without JavaScript enabled. Please enable it to continue.</strong>
    </noscript>
    <div id="app"></div>

  </body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

athenacms.netwww.athenacms.net

Fingerprint:

0bae9b1f3af728108db59dec2e4886a0b9994aebd36d63827801afe71edbbc9c

CN:

athenacms.net

Key:

RSA-2048

Issuer:

Amazon RSA 2048 M01

Not before:

2025-12-14 00:00

Not after:

2027-01-12 23:59

Domain summary

athenacms.net 3

1 recorded

IP summary

54.192.35.109 2

1 recorded