LeakIX - Host dev1-eo.kekker.com

Domain dev1-eo.kekker.com

Ireland

AMAZON-02

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 52.19.111.245
Domain: dev1-eo.kekker.com
Port: 80
URL: http://dev1-eo.kekker.com

First seen 2025-11-25 10:18

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c895363007ed29f76d04b3ebfdd7e9131afe659c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/auth/check
GET /api/v1/auth/stsloginurl
GET /api/v1/auth/stslogouturl
GET /api/v1/clientdocuments/registertemplates
GET /api/v1/clientdocuments/registertemplates/{id}/download
GET /api/v1/clientdocuments/{id}
GET /api/v1/clientdocuments/{id}/download
GET /api/v1/clientdocuments/{id}/printedForm
GET /api/v1/clientdocuments/{id}/sings
GET /api/v1/clients
GET /api/v1/clients/profiles/{clientProfileId}
GET /api/v1/clients/{clientId}
GET /api/v1/dfa
GET /api/v1/dfa/issued
GET /api/v1/dfa/myissues/cutlist
GET /api/v1/dfa/requests
GET /api/v1/dfa/requests/{requestUid}/orders
GET /api/v1/dfa/requests/{uid}
GET /api/v1/dfa/shares
GET /api/v1/dfa/shares/{uid}
GET /api/v1/dfa/{dfaUid}/orders/burning
GET /api/v1/dfa/{oisKey}
GET /api/v1/dfa/{uid}/orders
GET /api/v1/dfa/{uid}/orders/profit/{type}
GET /api/v1/dfa/{uid}/{clientkey}
GET /api/v1/dicts/dfa-settings
GET /api/v1/dicts/dfa-status-ext
GET /api/v1/dicts/dfa-types
GET /api/v1/dicts/reports/periods
GET /api/v1/dicts/reports/statuses
GET /api/v1/dicts/reports/types
GET /api/v1/dicts/requests/doc/kinds
GET /api/v1/dicts/requests/kinds
GET /api/v1/dicts/trasferjustifications
GET /api/v1/dicts/trasferjustifications/{uid}
GET /api/v1/files/{id}/download
GET /api/v1/orders
GET /api/v1/orders/exchange
GET /api/v1/orders/short
GET /api/v1/orders/{id}/documents/archive
GET /api/v1/orders/{orderUid}/matched
GET /api/v1/orders/{uid}
GET /api/v1/participants
GET /api/v1/profile
GET /api/v1/profile/qualification
GET /api/v1/reports
GET /api/v1/reports/types/{type}/settings
GET /api/v1/reports/{uid}
GET /api/v1/system/info
PATCH /api/v1/dfa/{uid}/burning
PATCH /api/v1/orders/{id}
PATCH /api/v1/orders/{orderUid}/rejectpayment
POST /api/v1/auth/refreshtokens
POST /api/v1/auth/tokens
POST /api/v1/clientdocuments/{clientId}
POST /api/v1/dfa/requests/offer
POST /api/v1/dfa/requests/{key}/send/confirm
POST /api/v1/orders/{orderUid}/action
POST /api/v1/orders/{orderUid}/revoke
POST /api/v1/payments/orders/{uid}/pay

Found on 2025-11-25 10:18

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 52.19.111.245
Domain: dev1-eo.kekker.com
Port: 443
URL: https://dev1-eo.kekker.com

First seen 2025-11-25 10:18

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c895363007ed29f76d04b3ebfdd7e9131afe659c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/auth/check
GET /api/v1/auth/stsloginurl
GET /api/v1/auth/stslogouturl
GET /api/v1/clientdocuments/registertemplates
GET /api/v1/clientdocuments/registertemplates/{id}/download
GET /api/v1/clientdocuments/{id}
GET /api/v1/clientdocuments/{id}/download
GET /api/v1/clientdocuments/{id}/printedForm
GET /api/v1/clientdocuments/{id}/sings
GET /api/v1/clients
GET /api/v1/clients/profiles/{clientProfileId}
GET /api/v1/clients/{clientId}
GET /api/v1/dfa
GET /api/v1/dfa/issued
GET /api/v1/dfa/myissues/cutlist
GET /api/v1/dfa/requests
GET /api/v1/dfa/requests/{requestUid}/orders
GET /api/v1/dfa/requests/{uid}
GET /api/v1/dfa/shares
GET /api/v1/dfa/shares/{uid}
GET /api/v1/dfa/{dfaUid}/orders/burning
GET /api/v1/dfa/{oisKey}
GET /api/v1/dfa/{uid}/orders
GET /api/v1/dfa/{uid}/orders/profit/{type}
GET /api/v1/dfa/{uid}/{clientkey}
GET /api/v1/dicts/dfa-settings
GET /api/v1/dicts/dfa-status-ext
GET /api/v1/dicts/dfa-types
GET /api/v1/dicts/reports/periods
GET /api/v1/dicts/reports/statuses
GET /api/v1/dicts/reports/types
GET /api/v1/dicts/requests/doc/kinds
GET /api/v1/dicts/requests/kinds
GET /api/v1/dicts/trasferjustifications
GET /api/v1/dicts/trasferjustifications/{uid}
GET /api/v1/files/{id}/download
GET /api/v1/orders
GET /api/v1/orders/exchange
GET /api/v1/orders/short
GET /api/v1/orders/{id}/documents/archive
GET /api/v1/orders/{orderUid}/matched
GET /api/v1/orders/{uid}
GET /api/v1/participants
GET /api/v1/profile
GET /api/v1/profile/qualification
GET /api/v1/reports
GET /api/v1/reports/types/{type}/settings
GET /api/v1/reports/{uid}
GET /api/v1/system/info
PATCH /api/v1/dfa/{uid}/burning
PATCH /api/v1/orders/{id}
PATCH /api/v1/orders/{orderUid}/rejectpayment
POST /api/v1/auth/refreshtokens
POST /api/v1/auth/tokens
POST /api/v1/clientdocuments/{clientId}
POST /api/v1/dfa/requests/offer
POST /api/v1/dfa/requests/{key}/send/confirm
POST /api/v1/orders/{orderUid}/action
POST /api/v1/orders/{orderUid}/revoke
POST /api/v1/payments/orders/{uid}/pay

Found on 2025-11-25 10:18

Create report

Domain summary

dev1-eo.kekker.com 2

1 recorded

IP summary

52.19.111.245 1

1 recorded