Domain auth-api-test.mfingrosso.it
The Netherlands
Software information
Microsoft-IIS 10.0
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 13.69.68.16
Domain: auth-api-test.mfingrosso.it
Port: 443
URL: https://auth-api-test.mfingrosso.itFirst seen 2026-01-13 00:40
Last seen 2026-01-16 16:11
Open for 3 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d60bf756b04c69c44efb8b72cd1864139ee3e883Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/Identity/users/{clientId}/feature/{feature} DELETE /api/KeyClaims/claimValues/{keyClaimValueId} DELETE /api/Users/{username} GET /api/Adws GET /api/Adws/fillpage GET /api/Adws/search GET /api/ApiScopes GET /api/ApiScopes/{scopeId} GET /api/ApiScopes/{scopeId}/Clients GET /api/Clients GET /api/Clients/{clientId} GET /api/Clients/{clientId}/Scopes GET /api/Clients/{id}/excel GET /api/Features GET /api/Features/{featureId} GET /api/Features/{featureId}/Clients GET /api/KeyClaims GET /api/KeyClaims/{keyClaimId} GET /api/Roles GET /api/Roles/{roleId} GET /api/Roles/{roleId}/Clients GET /api/Roles/{roleId}/Features GET /api/Users GET /api/Users/search PATCH /api/Users/{userName}/ToggleLockout POST /api/Adws/import/{samAccountName} POST /api/Clients/{clientId}/Scopes/{scope} POST /api/Clients/{clientId}/enable POST /api/Features/excel POST /api/Identity/excel POST /api/Identity/users POST /api/Identity/users/{clientId}/2fa POST /api/Identity/users/{clientId}/completeDraft POST /api/Identity/usersFeature POST /api/KeyClaims/{keyClaimId}/claimValues POST /api/Roles/excel POST /api/Roles/{roleId}/Features/{featureId} PUT /api/Adws/changepwd PUT /api/Adws/groupupdate PUT /api/Identity/users/{clientId}Found on 2026-01-16 16:11
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 13.69.68.16
Domain: auth-api-test.mfingrosso.it
Port: 80
URL: http://auth-api-test.mfingrosso.itFirst seen 2026-01-13 00:40
Last seen 2026-02-09 02:26
Open for 27 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d60bf756b04c69c44efb8b72cd1864139ee3e883Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/Identity/users/{clientId}/feature/{feature} DELETE /api/KeyClaims/claimValues/{keyClaimValueId} DELETE /api/Users/{username} GET /api/Adws GET /api/Adws/fillpage GET /api/Adws/search GET /api/ApiScopes GET /api/ApiScopes/{scopeId} GET /api/ApiScopes/{scopeId}/Clients GET /api/Clients GET /api/Clients/{clientId} GET /api/Clients/{clientId}/Scopes GET /api/Clients/{id}/excel GET /api/Features GET /api/Features/{featureId} GET /api/Features/{featureId}/Clients GET /api/KeyClaims GET /api/KeyClaims/{keyClaimId} GET /api/Roles GET /api/Roles/{roleId} GET /api/Roles/{roleId}/Clients GET /api/Roles/{roleId}/Features GET /api/Users GET /api/Users/search PATCH /api/Users/{userName}/ToggleLockout POST /api/Adws/import/{samAccountName} POST /api/Clients/{clientId}/Scopes/{scope} POST /api/Clients/{clientId}/enable POST /api/Features/excel POST /api/Identity/excel POST /api/Identity/users POST /api/Identity/users/{clientId}/2fa POST /api/Identity/users/{clientId}/completeDraft POST /api/Identity/usersFeature POST /api/KeyClaims/{keyClaimId}/claimValues POST /api/Roles/excel POST /api/Roles/{roleId}/Features/{featureId} PUT /api/Adws/changepwd PUT /api/Adws/groupupdate PUT /api/Identity/users/{clientId}Found on 2026-02-09 02:26
-
-
Open service 13.69.68.16:80 · auth-api-test.mfingrosso.it
2026-01-22 11:55
HTTP/1.1 307 Temporary Redirect Content-Length: 0 Connection: close Date: Thu, 22 Jan 2026 11:56:25 GMT Server: Microsoft-IIS/10.0 Location: https://auth-api-test.mfingrosso.it/ Set-Cookie: ARRAffinity=8f34f6436376f83ac80fcd318a5e17380aa993a73269f934accc27d66e80d9a9;Path=/;HttpOnly;Domain=auth-api-test.mfingrosso.it Request-Context: appId=cid-v1:45d5621c-1beb-4e0e-b3a0-849f4798a091 X-Powered-By: ASP.NET
Found 2026-01-22 by HttpPluginCreate report
-
Open service 13.69.68.16:443 · auth-api-test.mfingrosso.it
2026-01-13 00:40
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Tue, 13 Jan 2026 00:41:19 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=8f34f6436376f83ac80fcd318a5e17380aa993a73269f934accc27d66e80d9a9;Path=/;HttpOnly;Secure;Domain=auth-api-test.mfingrosso.it Set-Cookie: ARRAffinitySameSite=8f34f6436376f83ac80fcd318a5e17380aa993a73269f934accc27d66e80d9a9;Path=/;HttpOnly;SameSite=None;Secure;Domain=auth-api-test.mfingrosso.it Request-Context: appId=cid-v1:45d5621c-1beb-4e0e-b3a0-849f4798a091 X-Powered-By: ASP.NET
Found 2026-01-13 by HttpPluginCreate report
-
Open service 13.69.68.16:80 · auth-api-test.mfingrosso.it
2026-01-13 00:40
HTTP/1.1 307 Temporary Redirect Content-Length: 0 Connection: close Date: Tue, 13 Jan 2026 00:41:19 GMT Server: Microsoft-IIS/10.0 Location: https://auth-api-test.mfingrosso.it/ Set-Cookie: ARRAffinity=8f34f6436376f83ac80fcd318a5e17380aa993a73269f934accc27d66e80d9a9;Path=/;HttpOnly;Domain=auth-api-test.mfingrosso.it Request-Context: appId=cid-v1:45d5621c-1beb-4e0e-b3a0-849f4798a091 X-Powered-By: ASP.NET
Found 2026-01-13 by HttpPluginCreate report