Domain ercddash.tva.gov
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-17 08:35
Last seen 2026-02-02 05:02
Open for 107 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497af57842be721beba0aa0fe2e121c4786f2cbfb4Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/Customers GET /api/Customers/CustomerDetail/{customerId} GET /api/Customers/GetEmployees/{customerId} GET /api/Customers/GetVoiceOfTheCustomer/{customerId} GET /api/Customers/HighestRankingMember/{customerId} GET /api/Customers/HighestRankingMemberPhoto/{customerId} GET /api/LocalPowerCompany/GetBoardMembers/{customerId} GET /api/LocalPowerCompany/GetInformation/{customerId} GET /api/LocalPowerCompany/GetRevenue/{customerId} GET /api/LocalPowerCompany/GetStatistics/{customerId}Found on 2026-02-02 05:02
-
-
Open service 172.65.90.27:443 · ercddash.tva.gov
2026-01-22 22:10
HTTP/1.1 200 OK Date: Thu, 22 Jan 2026 22:10:54 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Server: cloudflare Set-Cookie: ARRAffinity=8fa63380c42bc2ac16adb14e87992b74cda4f334978317f2692036e79787d4ca;Path=/;HttpOnly;Secure;Domain=ercddash.tva.gov Set-Cookie: ARRAffinitySameSite=8fa63380c42bc2ac16adb14e87992b74cda4f334978317f2692036e79787d4ca;Path=/;HttpOnly;SameSite=None;Secure;Domain=ercddash.tva.gov set-cookie: __cf_bm=d2v1yrWHjBfuVAwAemjEYg.f_JoiyOnSNIPZbjwLFb8-1769119854.020944-1.0.1.1-T6.7up1KwkDjhPsXwRWrj2DWojJ1x4kHo67lZVUPBOlYW_a.2hus_qt7He5cPbXAJx8ZYPnj_2QLMPHmfjun0yGJNxxxfbsaTDRXQt.ziq65234qcGC.nh3gJvn7qibp; HttpOnly; Secure; Path=/; Domain=tva.gov; Expires=Thu, 22 Jan 2026 22:40:54 GMT Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=td%2Frg3jmsom8UKiBsvVP%2F1trrC4ldvJxxvMw9peowpXeGCOOfdtsSJfmd%2BNjh4B9djiVI4H27mXXN3hEmvdwB1r8Eg7uUzO2wyAs8G5x9w%3D%3D"}]} last-modified: Thu, 12 Dec 2024 03:18:08 GMT Nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800} vary: Accept-Encoding strict-transport-security: max-age=31536000 request-context: appId=cid-v1:7996fbbd-f46a-4e6f-8425-5db86541f005 x-powered-by: ASP.NET cf-cache-status: DYNAMIC CF-RAY: 9c22624fa8677a38-EWR <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> </head> <body> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9c22624fa8677a38',t:'MTc2OTExOTg1NA=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></body> </html>Found 2026-01-22 by HttpPluginCreate report