Domain billing.demo.workai.cloud
The Netherlands
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-25 00:09
Last seen 2026-01-23 08:31
Open for 90 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549939d29424bd6f5581ddd325ab1bdc380ab994697Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /BySubscription(uuid={uuid}) GET /GeneratePdf(invoiceNumber={invoiceNumber}) GET /api/About/Version GET /v1/Coupons({key}) GET /v1/Coupons/{key} GET /v1/Invoices GET /v1/Invoices/$count GET /v1/Invoices/BySubscription(uuid={uuid}) GET /v1/Invoices/Elastic.Billing.API.BySubscription(uuid={uuid}) GET /v1/Invoices/Elastic.Billing.API.GeneratePdf(invoiceNumber={invoiceNumber}) GET /v1/Invoices/GeneratePdf(invoiceNumber={invoiceNumber}) GET /v1/Offers GET /v1/Offers/$count GET /v1/Organizations({key}) GET /v1/Organizations/{key} GET /v1/Subscriptions GET /v1/Subscriptions/$count POST /v1/Organizations POST /v1/Subscriptions({key})/AddLicenses POST /v1/Subscriptions({key})/Cancel POST /v1/Subscriptions({key})/Elastic.Billing.API.AddLicenses POST /v1/Subscriptions({key})/Elastic.Billing.API.Cancel POST /v1/Subscriptions/{key}/AddLicenses POST /v1/Subscriptions/{key}/Cancel POST /v1/Subscriptions/{key}/Elastic.Billing.API.AddLicenses POST /v1/Subscriptions/{key}/Elastic.Billing.API.CancelFound on 2026-01-23 08:31
-
-
Open service 13.69.68.16:443 ยท billing.demo.workai.cloud
2026-01-23 08:31
HTTP/1.1 200 OK Connection: close Content-Type: text/plain; charset=utf-8 Date: Fri, 23 Jan 2026 08:31:31 GMT Set-Cookie: ARRAffinity=cd65eecb78f3b5d85f93f8c6ab30a80a8ba28d68531769e86e4d284cc7411840;Path=/;HttpOnly;Secure;Domain=billing.demo.workai.cloud Set-Cookie: ARRAffinitySameSite=cd65eecb78f3b5d85f93f8c6ab30a80a8ba28d68531769e86e4d284cc7411840;Path=/;HttpOnly;SameSite=None;Secure;Domain=billing.demo.workai.cloud Transfer-Encoding: chunked Strict-Transport-Security: max-age=2592000 x-trace-id: 36c285fa19e8a32ce0576abc9c99629b healthy
Found 2026-01-23 by HttpPluginCreate report