Domain bheapi.finvixglobal.com
Brazil
Software information
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-05 07:59
Last seen 2026-02-02 00:07
Open for 27 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035498829dc037db6378a5fbaa6d1a07ed6758b9c6d3aPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v1/Invoice/cancel/{taxPayer}/{folio} GET /api/v1/Invoice GET /api/v1/Invoice/Batch/Report/{id} GET /api/v1/Invoice/Batch/{id} GET /api/v1/Invoice/Cancel/Batch/Report/{id} GET /api/v1/Invoice/Cancel/Batch/{id} GET /api/v1/Invoice/cancel GET /api/v1/Invoice/{id} GET /api/v1/Invoice/{id}/Pdf GET /api/v1/Validation GET /api/v1/Validation/Batch/Report/{id} GET /api/v1/Validation/Batch/{id} GET /api/v1/Validation/{id} GET /api/v1/rules/{ruleCompanyId} POST /api/v1/Auth/LoginFound on 2026-02-02 00:07
-
-
Open service 20.206.176.5:443 · bheapi.finvixglobal.com
2026-01-22 21:50
HTTP/1.1 200 OK Connection: close Content-Type: application/json; charset=utf-8 Date: Thu, 22 Jan 2026 21:50:58 GMT Server: Kestrel Set-Cookie: ARRAffinity=96b438874cc1b96972d140d84c089a2c5147aeaeb9674a2a2205954a5b58a526;Path=/;HttpOnly;Secure;Domain=bheapi.finvixglobal.com Set-Cookie: ARRAffinitySameSite=96b438874cc1b96972d140d84c089a2c5147aeaeb9674a2a2205954a5b58a526;Path=/;HttpOnly;SameSite=None;Secure;Domain=bheapi.finvixglobal.com Transfer-Encoding: chunked Request-Context: appId=cid-v1:17b4b281-15e5-4ed4-85b2-9690e8b021ef x-correlation-id: 25c8ded6-5159-4081-b6f3-85b77b74bd0a "Ok"
Found 2026-01-22 by HttpPluginCreate report
-
Open service 20.206.176.5:443 · bheapi.finvixglobal.com
2026-01-05 07:59
HTTP/1.1 200 OK Connection: close Content-Type: application/json; charset=utf-8 Date: Mon, 05 Jan 2026 07:59:06 GMT Server: Kestrel Set-Cookie: ARRAffinity=96b438874cc1b96972d140d84c089a2c5147aeaeb9674a2a2205954a5b58a526;Path=/;HttpOnly;Secure;Domain=bheapi.finvixglobal.com Set-Cookie: ARRAffinitySameSite=96b438874cc1b96972d140d84c089a2c5147aeaeb9674a2a2205954a5b58a526;Path=/;HttpOnly;SameSite=None;Secure;Domain=bheapi.finvixglobal.com Transfer-Encoding: chunked Request-Context: appId=cid-v1:17b4b281-15e5-4ed4-85b2-9690e8b021ef x-correlation-id: b21fcab1-af50-424d-a514-aa4ab40b15fc "Ok"
Found 2026-01-05 by HttpPluginCreate report
-
Open service 20.206.176.5:80 · bheapi.finvixglobal.com
2026-01-05 07:59
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 05 Jan 2026 07:59:05 GMT Location: https://bheapi.finvixglobal.com/
Found 2026-01-05 by HttpPluginCreate report