LeakIX - Host auth.ticnine.com

Domain auth.ticnine.com

The Netherlands

GOOGLE-CLOUD-PLATFORM

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 34.32.211.156
Domain: auth.ticnine.com
Port: 443
URL: https://auth.ticnine.com

First seen 2025-11-14 07:50
Last seen 2026-01-13 06:52
Open for 59 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4305c2e18ce9f09c3088a0ea5b63fc9f8ff9f608b3

Public Swagger UI/API detected at path: /swagger.json - sample paths:
ANY /
ANY /v1/admin/billing/logs
ANY /v1/admin/billing/purshase-history
ANY /v1/admin/billing/purshase-history/list
ANY /v1/admin/billing/purshase-history/{company}
ANY /v1/admin/companies
ANY /v1/admin/companies/customisations/manage
ANY /v1/admin/companies/{company}
ANY /v1/admin/companies/{company}/billing-purchases
ANY /v1/admins
ANY /v1/admins/2fa/totp
ANY /v1/admins/2fa/validate
ANY /v1/admins/ap-permissions
ANY /v1/admins/ap-permissions/ap-roles
ANY /v1/admins/ap-permissions/{id}
ANY /v1/admins/ap-permissions/{id}/ap-roles
ANY /v1/admins/ap-roles
ANY /v1/admins/ap-roles/ap-permissions
ANY /v1/admins/ap-roles/{id}
ANY /v1/admins/ap-roles/{id}/ap-permissions
ANY /v1/admins/auth/login
ANY /v1/admins/auth/refresh
ANY /v1/admins/change-password
ANY /v1/admins/create/new
ANY /v1/admins/reset-password
ANY /v1/admins/reset-password/confirmation
ANY /v1/admins/reset-password/save
ANY /v1/admins/tokens/validate
ANY /v1/admins/{id}
ANY /v1/auth/2fa/totp
ANY /v1/auth/2fa/totp/validate
ANY /v1/auth/change-password
ANY /v1/auth/email-confirmation/{token}
ANY /v1/auth/google/signin
ANY /v1/auth/refresh-token
ANY /v1/auth/register
ANY /v1/auth/register-partner
ANY /v1/auth/register/partner/sub-company
ANY /v1/auth/reset-password/email-confirmation/{token}
ANY /v1/auth/reset-password/init/{email}
ANY /v1/auth/reset-password/save
ANY /v1/auth/signin
ANY /v1/auth/signup/resend
ANY /v1/auth/tokens/access-token/{token}
ANY /v1/auth/tokens/refresh-token/{token}
ANY /v1/auth/tokens/validate
ANY /v1/auth/user-details
ANY /v1/billing/plan-types
ANY /v1/billing/plan-types/{code}
ANY /v1/billing/plans
ANY /v1/billing/plans/companies/{company}
ANY /v1/billing/plans/enterprise/allocate-credits/{company}
ANY /v1/billing/plans/enterprise/assign
ANY /v1/billing/plans/enterprise/assign/{company}
ANY /v1/billing/plans/enterprise/companies/{company}
ANY /v1/billing/plans/enterprise/create
ANY /v1/billing/plans/enterprise/credit-factor/{company}
ANY /v1/billing/plans/migrate
ANY /v1/billing/plans/{id}
ANY /v1/companies
ANY /v1/companies/admin/delete
ANY /v1/companies/billing/{company}
ANY /v1/companies/convert/main
ANY /v1/companies/customer/tour
ANY /v1/companies/duplicate
ANY /v1/companies/switch/parent
ANY /v1/company-and-user
ANY /v1/company-and-user/details
ANY /v1/external/emails/parse/{company}
ANY /v1/external/super-user
ANY /v1/external/user-count
ANY /v1/external/user-count/{company}
ANY /v1/external/user-details
ANY /v1/external/users/avatar-image
ANY /v1/external/users/avatar/{image}
ANY /v1/external/users/companies/{company}
ANY /v1/external/users/creator
ANY /v1/external/users/email-confirmation/{token}
ANY /v1/external/users/register
ANY /v1/external/users/{id}
ANY /v1/fields/receivers/custom
ANY /v1/fields/request/{entity}/{company}
ANY /v1/fields/{entity}/{company}
ANY /v1/files/images/{image}
ANY /v1/meta/hasSeenNewUI
ANY /v1/op/send-email
ANY /v1/signup/partner/token
ANY /v1/signup/partner/{partner}/token
ANY /v1/subscriptions/custom
ANY /v1/users/add/revoke
ANY /v1/users/delete
ANY /v1/users/remove
ANY /v1/users/restore
ANY /v1/users/roles
ANY /v1/users/roles/permissions
ANY /v2/auth/signup
ANY /v2/auth/signup/ws

Found on 2026-01-13 06:52

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4305c2e18ce9f09c304ed4a2aefd9f6aea29c21f26

Public Swagger UI/API detected at path: /swagger.json - sample paths:
ANY /
ANY /v1/admin/billing/logs
ANY /v1/admin/companies
ANY /v1/admin/companies/customisations/manage
ANY /v1/admin/companies/{company}
ANY /v1/admin/companies/{company}/billing-purchases
ANY /v1/auth/2fa/totp
ANY /v1/auth/2fa/totp/validate
ANY /v1/auth/change-password
ANY /v1/auth/email-confirmation/{token}
ANY /v1/auth/google/signin
ANY /v1/auth/refresh-token
ANY /v1/auth/register
ANY /v1/auth/register-partner
ANY /v1/auth/register/partner/sub-company
ANY /v1/auth/reset-password/email-confirmation/{token}
ANY /v1/auth/reset-password/init/{email}
ANY /v1/auth/reset-password/save
ANY /v1/auth/signin
ANY /v1/auth/signup/resend
ANY /v1/auth/tokens/access-token/{token}
ANY /v1/auth/tokens/refresh-token/{token}
ANY /v1/auth/tokens/validate
ANY /v1/auth/user-details
ANY /v1/billing/plan-types
ANY /v1/billing/plan-types/{code}
ANY /v1/billing/plans
ANY /v1/billing/plans/companies/{company}
ANY /v1/billing/plans/enterprise/allocate/{company}
ANY /v1/billing/plans/enterprise/assign
ANY /v1/billing/plans/enterprise/assign/{company}
ANY /v1/billing/plans/enterprise/companies/{company}
ANY /v1/billing/plans/enterprise/create
ANY /v1/billing/plans/enterprise/credit-factor/{company}
ANY /v1/billing/plans/migrate
ANY /v1/billing/plans/{id}
ANY /v1/companies
ANY /v1/companies/admin/delete
ANY /v1/companies/billing/{company}
ANY /v1/companies/convert/main
ANY /v1/companies/customer/tour
ANY /v1/companies/duplicate
ANY /v1/companies/switch/parent
ANY /v1/company-and-user
ANY /v1/company-and-user/details
ANY /v1/external/emails/parse/{company}
ANY /v1/external/super-user
ANY /v1/external/user-count
ANY /v1/external/user-count/{company}
ANY /v1/external/user-details
ANY /v1/external/users/avatar-image
ANY /v1/external/users/avatar/{image}
ANY /v1/external/users/companies/{company}
ANY /v1/external/users/creator
ANY /v1/external/users/email-confirmation/{token}
ANY /v1/external/users/register
ANY /v1/external/users/{id}
ANY /v1/fields/receivers/custom
ANY /v1/fields/request/{entity}/{company}
ANY /v1/fields/{entity}/{company}
ANY /v1/files/images/{image}
ANY /v1/meta/hasSeenNewUI
ANY /v1/op/send-email
ANY /v1/signup/partner/token
ANY /v1/signup/partner/{partner}/token
ANY /v1/subscriptions/custom
ANY /v1/users/add/revoke
ANY /v1/users/delete
ANY /v1/users/remove
ANY /v1/users/restore
ANY /v1/users/roles
ANY /v1/users/roles/permissions
ANY /v2/auth/signup
ANY /v2/auth/signup/ws

Found on 2025-12-20 05:41

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4305c2e18ce9f09c304ed4a2aefd9f6aea4b4d8518

Public Swagger UI/API detected at path: /swagger.json - sample paths:
ANY /
ANY /v1/admin/billing/logs
ANY /v1/admin/companies
ANY /v1/admin/companies/customisations/manage
ANY /v1/admin/companies/{company}
ANY /v1/admin/companies/{company}/billing-purchases
ANY /v1/auth/2fa/totp
ANY /v1/auth/2fa/totp/validate
ANY /v1/auth/change-password
ANY /v1/auth/email-confirmation/{token}
ANY /v1/auth/google/signin
ANY /v1/auth/refresh-token
ANY /v1/auth/register
ANY /v1/auth/register-partner
ANY /v1/auth/register/partner/sub-company
ANY /v1/auth/reset-password/email-confirmation/{token}
ANY /v1/auth/reset-password/init/{email}
ANY /v1/auth/reset-password/save
ANY /v1/auth/signin
ANY /v1/auth/signup/resend
ANY /v1/auth/tokens/access-token/{token}
ANY /v1/auth/tokens/refresh-token/{token}
ANY /v1/auth/tokens/validate
ANY /v1/auth/user-details
ANY /v1/billing/plan-types
ANY /v1/billing/plan-types/{code}
ANY /v1/billing/plans
ANY /v1/billing/plans/companies/{company}
ANY /v1/billing/plans/enterprise/allocate/{company}
ANY /v1/billing/plans/enterprise/assign
ANY /v1/billing/plans/enterprise/assign/{company}
ANY /v1/billing/plans/enterprise/companies/{company}
ANY /v1/billing/plans/enterprise/create
ANY /v1/billing/plans/enterprise/credit-factor/{company}
ANY /v1/billing/plans/migrate
ANY /v1/billing/plans/{id}
ANY /v1/companies
ANY /v1/companies/admin/delete
ANY /v1/companies/billing/{company}
ANY /v1/companies/convert/main
ANY /v1/companies/duplicate
ANY /v1/companies/switch/parent
ANY /v1/company-and-user
ANY /v1/company-and-user/details
ANY /v1/external/emails/parse/{company}
ANY /v1/external/super-user
ANY /v1/external/user-count
ANY /v1/external/user-count/{company}
ANY /v1/external/user-details
ANY /v1/external/users/avatar-image
ANY /v1/external/users/avatar/{image}
ANY /v1/external/users/companies/{company}
ANY /v1/external/users/creator
ANY /v1/external/users/email-confirmation/{token}
ANY /v1/external/users/register
ANY /v1/external/users/{id}
ANY /v1/fields/receivers/custom
ANY /v1/fields/request/{entity}/{company}
ANY /v1/fields/{entity}/{company}
ANY /v1/files/images/{image}
ANY /v1/meta/hasSeenNewUI
ANY /v1/op/send-email
ANY /v1/signup/partner/token
ANY /v1/signup/partner/{partner}/token
ANY /v1/subscriptions/custom
ANY /v1/users/add/revoke
ANY /v1/users/delete
ANY /v1/users/remove
ANY /v1/users/restore
ANY /v1/users/roles
ANY /v1/users/roles/permissions
ANY /v2/auth/signup
ANY /v2/auth/signup/ws

Found on 2025-12-02 05:38

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4305c2e18ce9f09c304ed4a2aefd9f6aea13c2a5c8

Public Swagger UI/API detected at path: /swagger.json - sample paths:
ANY /
ANY /v1/admin/billing/logs
ANY /v1/admin/companies
ANY /v1/admin/companies/customisations/manage
ANY /v1/admin/companies/{company}
ANY /v1/admin/companies/{company}/billing-purchases
ANY /v1/auth/2fa/totp
ANY /v1/auth/2fa/totp/validate
ANY /v1/auth/change-password
ANY /v1/auth/email-confirmation/{token}
ANY /v1/auth/google/signin
ANY /v1/auth/refresh-token
ANY /v1/auth/register
ANY /v1/auth/register-partner
ANY /v1/auth/register/partner/sub-company
ANY /v1/auth/reset-password/email-confirmation/{token}
ANY /v1/auth/reset-password/init/{email}
ANY /v1/auth/reset-password/save
ANY /v1/auth/signin
ANY /v1/auth/signup/resend
ANY /v1/auth/tokens/access-token/{token}
ANY /v1/auth/tokens/refresh-token/{token}
ANY /v1/auth/tokens/validate
ANY /v1/auth/user-details
ANY /v1/billing/plan-types
ANY /v1/billing/plan-types/{code}
ANY /v1/billing/plans
ANY /v1/billing/plans/companies/{company}
ANY /v1/billing/plans/enterprise/allocate/{company}
ANY /v1/billing/plans/enterprise/assign
ANY /v1/billing/plans/enterprise/assign/{company}
ANY /v1/billing/plans/enterprise/companies/{company}
ANY /v1/billing/plans/enterprise/create
ANY /v1/billing/plans/enterprise/credit-factor/{company}
ANY /v1/billing/plans/migrate
ANY /v1/billing/plans/{id}
ANY /v1/companies
ANY /v1/companies/admin/delete
ANY /v1/companies/billing/{company}
ANY /v1/companies/convert/main
ANY /v1/companies/switch/parent
ANY /v1/company-and-user
ANY /v1/company-and-user/details
ANY /v1/external/emails/parse/{company}
ANY /v1/external/super-user
ANY /v1/external/user-count
ANY /v1/external/user-count/{company}
ANY /v1/external/user-details
ANY /v1/external/users/avatar-image
ANY /v1/external/users/avatar/{image}
ANY /v1/external/users/companies/{company}
ANY /v1/external/users/creator
ANY /v1/external/users/email-confirmation/{token}
ANY /v1/external/users/register
ANY /v1/external/users/{id}
ANY /v1/fields/receivers/custom
ANY /v1/fields/request/{entity}/{company}
ANY /v1/fields/{entity}/{company}
ANY /v1/files/images/{image}
ANY /v1/meta/hasSeenNewUI
ANY /v1/op/send-email
ANY /v1/signup/partner/token
ANY /v1/signup/partner/{partner}/token
ANY /v1/subscriptions/custom
ANY /v1/users/add/revoke
ANY /v1/users/delete
ANY /v1/users/remove
ANY /v1/users/restore
ANY /v1/users/roles
ANY /v1/users/roles/permissions
ANY /v2/auth/signup
ANY /v2/auth/signup/ws

Found on 2025-11-16 07:41

Create report

Open service 34.32.211.156:443 · auth.ticnine.com

2026-01-09 05:01

HTTP/1.1 200 OK
Date: Fri, 09 Jan 2026 05:01:23 GMT
Content-Type: application/json
Content-Length: 65
Connection: close
Vary: Origin
Strict-Transport-Security: max-age=15724800; includeSubDomains


{"message":"LOGIN-SERVICE-API v8.10.8 Running..","success":true}

Found 2026-01-09 by HttpPlugin

Create report

Open service 34.32.211.156:443 · auth.ticnine.com

2026-01-02 09:49

HTTP/1.1 200 OK
Date: Fri, 02 Jan 2026 09:49:25 GMT
Content-Type: application/json
Content-Length: 65
Connection: close
Vary: Origin
Strict-Transport-Security: max-age=15724800; includeSubDomains


{"message":"LOGIN-SERVICE-API v8.10.5 Running..","success":true}

Found 2026-01-02 by HttpPlugin

Create report

Open service 34.32.211.156:443 · auth.ticnine.com

2025-12-22 23:39

HTTP/1.1 200 OK
Date: Mon, 22 Dec 2025 23:39:51 GMT
Content-Type: application/json
Content-Length: 65
Connection: close
Vary: Origin
Strict-Transport-Security: max-age=15724800; includeSubDomains


{"message":"LOGIN-SERVICE-API v8.10.1 Running..","success":true}

Found 2025-12-22 by HttpPlugin

Create report

Open service 34.32.211.156:443 · auth.ticnine.com

2025-12-20 05:41

HTTP/1.1 200 OK
Date: Sat, 20 Dec 2025 05:41:09 GMT
Content-Type: application/json
Content-Length: 64
Connection: close
Vary: Origin
Strict-Transport-Security: max-age=15724800; includeSubDomains


{"message":"LOGIN-SERVICE-API v8.9.1 Running..","success":true}

Found 2025-12-20 by HttpPlugin

Create report

auth.ticnine.com

Fingerprint:

34c3cdccaa8ff2244880a58da03627d122d1edd8f2ef06ed5fe6b2e77d4240e3

CN:

auth.ticnine.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-14 06:51

Not after:

2026-02-12 06:51

Domain summary

auth.ticnine.com 7

1 recorded

IP summary

34.32.211.156 2

1 recorded