Domain carpafamily.com
Brazil
Software information
Microsoft-IIS 10.0
tcp/443 tcp/80
nginx
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 191.235.228.32
Domain: api-koimfo.carpafamily.com
Port: 80
URL: http://api-koimfo.carpafamily.comFirst seen 2026-01-05 02:01
Last seen 2026-02-09 14:39
Open for 35 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-02-09 14:39
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 191.235.228.32
Domain: api-koimfo.carpafamily.com
Port: 443
URL: https://api-koimfo.carpafamily.comFirst seen 2026-01-05 02:01
Last seen 2026-02-09 14:39
Open for 35 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-02-09 14:39
-
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
IP: 191.235.228.32
Domain: api.koiwms.carpafamily.com
Port: 443
URL: https://api.koiwms.carpafamily.comFirst seen 2026-01-16 06:12
Last seen 2026-02-02 07:56
Open for 17 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa36fa9087bdaec3b790d5090ed3dc5b0fd3dc5b0fdGraphQL introspection enabled at /graphql Types: 21 (by kind: ENUM: 2, OBJECT: 13, SCALAR: 6) Operations: - Query: QueryContainer | fields: organizationUnits, roles, users Directives: deprecated, include, skip (total: 3)
Found on 2026-02-02 07:5626.3 kBytes
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 191.235.228.32
Domain: api.koiwms.carpafamily.com
Port: 443
URL: https://api.koiwms.carpafamily.comFirst seen 2026-01-06 00:19
Last seen 2026-02-02 07:56
Open for 27 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-02-02 07:56
-
-
Open service 20.206.176.5:80 · carpafamily.com
2026-01-25 11:01
HTTP/1.1 200 OK Connection: close Content-Type: text/html; charset=UTF-8 Date: Sun, 25 Jan 2026 11:01:33 GMT Server: nginx Cache-Control: no-cache Last-Modified: Sun, 25 Jan 2026 08:52:13 GMT Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Powered-By: PHP/8.0.30 WPO-Cache-Status: cached X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Found 2026-01-25 by HttpPluginCreate report
-
Open service 20.206.176.5:443 · carpafamily.com
2026-01-25 11:01
HTTP/1.1 200 OK Connection: close Content-Type: text/html; charset=UTF-8 Date: Sun, 25 Jan 2026 11:01:33 GMT Server: nginx Cache-Control: no-cache Last-Modified: Sun, 25 Jan 2026 08:52:13 GMT Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Powered-By: PHP/8.0.30 WPO-Cache-Status: cached X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Found 2026-01-25 by HttpPluginCreate report
-
Open service 191.235.228.32:443 · api.koiwms.carpafamily.com
2026-01-23 05:30
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 05:30:56 GMT Server: Microsoft-IIS/10.0 Location: /index.html Set-Cookie: ARRAffinity=ea8a911b4a312003d434931f011b6384ec21f3d6e34f39a401f025d7b3197676;Path=/;HttpOnly;Secure;Domain=api.koiwms.carpafamily.com Set-Cookie: ARRAffinitySameSite=ea8a911b4a312003d434931f011b6384ec21f3d6e34f39a401f025d7b3197676;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.koiwms.carpafamily.com X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Powered-By: ASP.NET
Found 2026-01-23 by HttpPluginCreate report
-
Open service 191.235.228.32:443 · api.koiwms.carpafamily.com
2026-01-23 05:30
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 05:30:58 GMT Server: Microsoft-IIS/10.0 Location: /index.html Set-Cookie: ARRAffinity=ea8a911b4a312003d434931f011b6384ec21f3d6e34f39a401f025d7b3197676;Path=/;HttpOnly;Secure;Domain=api.koiwms.carpafamily.com Set-Cookie: ARRAffinitySameSite=ea8a911b4a312003d434931f011b6384ec21f3d6e34f39a401f025d7b3197676;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.koiwms.carpafamily.com X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Powered-By: ASP.NET
Found 2026-01-23 by HttpPluginCreate report
-
Open service 191.235.228.32:443 · api-koimfo.carpafamily.com
2026-01-23 04:01
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 04:01:53 GMT Server: Microsoft-IIS/10.0 Location: /index.html Set-Cookie: ARRAffinity=ea8a911b4a312003d434931f011b6384ec21f3d6e34f39a401f025d7b3197676;Path=/;HttpOnly;Secure;Domain=api-koimfo.carpafamily.com Set-Cookie: ARRAffinitySameSite=ea8a911b4a312003d434931f011b6384ec21f3d6e34f39a401f025d7b3197676;Path=/;HttpOnly;SameSite=None;Secure;Domain=api-koimfo.carpafamily.com X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Powered-By: ASP.NET
Found 2026-01-23 by HttpPluginCreate report
-
Open service 191.235.228.32:80 · api-koimfo.carpafamily.com
2026-01-23 04:01
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 04:01:51 GMT Server: Microsoft-IIS/10.0 Location: /index.html Set-Cookie: ARRAffinity=ea8a911b4a312003d434931f011b6384ec21f3d6e34f39a401f025d7b3197676;Path=/;HttpOnly;Domain=api-koimfo.carpafamily.com X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Powered-By: ASP.NET
Found 2026-01-23 by HttpPluginCreate report
-
Open service 23.96.13.243:443 · mellonnotificationservice.carpafamily.com
2026-01-11 15:15
HTTP/1.1 200 OK Content-Length: 2526 Connection: close Content-Type: text/html Date: Sun, 11 Jan 2026 15:16:08 GMT Server: Microsoft-IIS/10.0 Accept-Ranges: bytes ETag: "98328ae04896d41:0" Last-Modified: Mon, 17 Dec 2018 20:41:24 GMT Set-Cookie: ARRAffinity=ee244e50f500fb8b8b314e0e13b49bd52be6ec78d6021fe24f2e864f733cd36a;Path=/;HttpOnly;Secure;Domain=mellonnotificationservice.carpafamily.com Set-Cookie: ARRAffinitySameSite=ee244e50f500fb8b8b314e0e13b49bd52be6ec78d6021fe24f2e864f733cd36a;Path=/;HttpOnly;SameSite=None;Secure;Domain=mellonnotificationservice.carpafamily.com X-Powered-By: ASP.NET Page title: Microsoft Azure App Service - Welcome <!DOCTYPE html><html><head> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8;IE=edge"> <title>Microsoft Azure App Service - Welcome</title> <link rel="shortcut icon" href="https://appservice.azureedge.net/images/favicon.ico" type="image/x-icon"><style type="text/css"> @font-face{font-family: 'SegoeLight'; src: url(//:) format('no404'), url(https://appservice.azureedge.net/fonts/segoe-ui-light-latest.woff2); font-weight: normal; font-style: normal;}html{height: 100%; width: 100%}.holder{width: 100vw; height: 100vh; position: relative}.frame{width: 100vw; height: 100vh; border: none; overflow: hidden;}body{background-color: #0078d7; color: #fff; font-family: 'SegoeLight', helvetica, sans-serif; font-size: 2.7vmin; margin: 0; padding: 0; overflow: hidden;}.content{position: absolute; left: 3.8vw; top: 5.5vh; height: 30vh;}.content .azureLogo{height: 2.7vmin; width: 2.7vmin; position: relative; top: 0.3vmin;}.content .azureBrand{margin: 0 0 6.5vh .2vh; font-family: 'Segoe UI', helvetica, sans-serif; font-size: 2.7vmin;}.content .bodyHeadline{margin: 3.5vh 0 1vh 0; font-size: 5.1vmin;}.content .bodyContent{margin: 1.5vh 0 3.5vh 0; font-family: 'Segoe UI', helvetica, sans-serif; font-size: 2.7vmin;}.content .bodyContent a{color: #fff; text-decoration: underline;}.content .bodyContent a:hover{opacity: .7;}</style> <script type="text/javascript">window.onload=function(){try{var a=window.location.hostname; if (a.includes(".azurewebsites.net")){a=a.replace(".azurewebsites.net", "")}var b=document.getElementById("quickStartLink"); b.setAttribute("href", b.getAttribute("href") + "&sitename=" + a);}catch (d){}}</script> <link rel="stylesheet" type="text/css" href="https://appservice.azureedge.net/css/main.min.css"></head><body> <iframe src="https://appservicelandingpage.trafficmanager.net/V2" scrolling="no" frameborder="0" width="100vh" allowfullscreen="" class="frame"></iframe> <div class="content"> <img class="azureLogo" src="https://appservice.azureedge.net/images/azureLogo.svg"> <span class="azureBrand">Microsoft Azure</span> <div class="bodyHeadline">Your App Service app is up and running</div><div class="bodyContent">Go to your app's <a id='quickStartLink' href='https://go.microsoft.com/fwlink/?linkid=838467'>Quick Start</a> guide in the Azure portal to get started or read our <a id='docsLink' href='https://go.microsoft.com/fwlink/?linkid=837503'>deployment documentation</a>.</div></div></body></html>Found 2026-01-11 by HttpPluginCreate report
-
Open service 23.96.13.243:80 · mellonnotificationservice.carpafamily.com
2026-01-11 15:15
HTTP/1.1 200 OK Content-Length: 2526 Connection: close Content-Type: text/html Date: Sun, 11 Jan 2026 15:16:07 GMT Server: Microsoft-IIS/10.0 Accept-Ranges: bytes ETag: "98328ae04896d41:0" Last-Modified: Mon, 17 Dec 2018 20:41:24 GMT Set-Cookie: ARRAffinity=ee244e50f500fb8b8b314e0e13b49bd52be6ec78d6021fe24f2e864f733cd36a;Path=/;HttpOnly;Domain=mellonnotificationservice.carpafamily.com X-Powered-By: ASP.NET Page title: Microsoft Azure App Service - Welcome <!DOCTYPE html><html><head> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8;IE=edge"> <title>Microsoft Azure App Service - Welcome</title> <link rel="shortcut icon" href="https://appservice.azureedge.net/images/favicon.ico" type="image/x-icon"><style type="text/css"> @font-face{font-family: 'SegoeLight'; src: url(//:) format('no404'), url(https://appservice.azureedge.net/fonts/segoe-ui-light-latest.woff2); font-weight: normal; font-style: normal;}html{height: 100%; width: 100%}.holder{width: 100vw; height: 100vh; position: relative}.frame{width: 100vw; height: 100vh; border: none; overflow: hidden;}body{background-color: #0078d7; color: #fff; font-family: 'SegoeLight', helvetica, sans-serif; font-size: 2.7vmin; margin: 0; padding: 0; overflow: hidden;}.content{position: absolute; left: 3.8vw; top: 5.5vh; height: 30vh;}.content .azureLogo{height: 2.7vmin; width: 2.7vmin; position: relative; top: 0.3vmin;}.content .azureBrand{margin: 0 0 6.5vh .2vh; font-family: 'Segoe UI', helvetica, sans-serif; font-size: 2.7vmin;}.content .bodyHeadline{margin: 3.5vh 0 1vh 0; font-size: 5.1vmin;}.content .bodyContent{margin: 1.5vh 0 3.5vh 0; font-family: 'Segoe UI', helvetica, sans-serif; font-size: 2.7vmin;}.content .bodyContent a{color: #fff; text-decoration: underline;}.content .bodyContent a:hover{opacity: .7;}</style> <script type="text/javascript">window.onload=function(){try{var a=window.location.hostname; if (a.includes(".azurewebsites.net")){a=a.replace(".azurewebsites.net", "")}var b=document.getElementById("quickStartLink"); b.setAttribute("href", b.getAttribute("href") + "&sitename=" + a);}catch (d){}}</script> <link rel="stylesheet" type="text/css" href="https://appservice.azureedge.net/css/main.min.css"></head><body> <iframe src="https://appservicelandingpage.trafficmanager.net/V2" scrolling="no" frameborder="0" width="100vh" allowfullscreen="" class="frame"></iframe> <div class="content"> <img class="azureLogo" src="https://appservice.azureedge.net/images/azureLogo.svg"> <span class="azureBrand">Microsoft Azure</span> <div class="bodyHeadline">Your App Service app is up and running</div><div class="bodyContent">Go to your app's <a id='quickStartLink' href='https://go.microsoft.com/fwlink/?linkid=838467'>Quick Start</a> guide in the Azure portal to get started or read our <a id='docsLink' href='https://go.microsoft.com/fwlink/?linkid=837503'>deployment documentation</a>.</div></div></body></html>Found 2026-01-11 by HttpPluginCreate report
-
Open service 191.235.228.32:443 · api-koimfo.carpafamily.com
2026-01-05 02:01
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Mon, 05 Jan 2026 02:01:34 GMT Server: Microsoft-IIS/10.0 Location: /index.html Set-Cookie: ARRAffinity=df6c12efcc41be54c3e76a86846a7b35a0f37f3653ba537c103a1935d494d782;Path=/;HttpOnly;Secure;Domain=api-koimfo.carpafamily.com Set-Cookie: ARRAffinitySameSite=df6c12efcc41be54c3e76a86846a7b35a0f37f3653ba537c103a1935d494d782;Path=/;HttpOnly;SameSite=None;Secure;Domain=api-koimfo.carpafamily.com X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Powered-By: ASP.NET
Found 2026-01-05 by HttpPluginCreate report
-
Open service 20.206.176.5:80 · carpafamily.com
2026-01-04 23:16
HTTP/1.1 200 OK Connection: close Content-Type: text/html; charset=UTF-8 Date: Sun, 04 Jan 2026 23:16:36 GMT Server: nginx Cache-Control: no-cache Last-Modified: Sun, 04 Jan 2026 18:43:21 GMT Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Powered-By: PHP/8.0.30 WPO-Cache-Status: cached X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Found 2026-01-04 by HttpPluginCreate report
-
Open service 20.206.176.5:443 · carpafamily.com
2026-01-04 23:16
HTTP/1.1 200 OK Connection: close Content-Type: text/html; charset=UTF-8 Date: Sun, 04 Jan 2026 23:16:37 GMT Server: nginx Cache-Control: no-cache Last-Modified: Sun, 04 Jan 2026 18:43:21 GMT Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Powered-By: PHP/8.0.30 WPO-Cache-Status: cached X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Found 2026-01-04 by HttpPluginCreate report