LeakIX - Host hub.mika.vin

Domain hub.mika.vin

Seychelles

FD-298-8796

Software information

openresty

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 156.238.252.143
Domain: hub.mika.vin
Port: 443
URL: https://hub.mika.vin

First seen 2025-12-07 13:14

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff43340c51c6930c093d70a6a2f31178bebce9c34621

Public Swagger UI/API detected at path: /swagger.json - sample paths:
DELETE /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/labels/{label_id}
DELETE /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/tags/{tag_name}
GET /audit-logs
GET /auditlog-exts
GET /auditlog-exts/events
GET /configurations
GET /export/cve/download/{execution_id}
GET /export/cve/execution/{execution_id}
GET /export/cve/executions
GET /health
GET /icons/{digest}
GET /internalconfig
GET /jobservice/jobs/{job_id}/log
GET /jobservice/pools
GET /jobservice/pools/{pool_id}/workers
GET /jobservice/queues
GET /labels
GET /labels/{label_id}
GET /ldap/groups/search
GET /ldap/users/search
GET /p2p/preheat/instances
GET /p2p/preheat/instances/{preheat_instance_name}
GET /p2p/preheat/providers
GET /permissions
GET /ping
GET /projects
GET /projects/{project_name_or_id}
GET /projects/{project_name_or_id}/_deletable
GET /projects/{project_name_or_id}/artifacts
GET /projects/{project_name_or_id}/immutabletagrules
GET /projects/{project_name_or_id}/members
GET /projects/{project_name_or_id}/members/{mid}
GET /projects/{project_name_or_id}/metadatas/
GET /projects/{project_name_or_id}/metadatas/{meta_name}
GET /projects/{project_name_or_id}/scanner
GET /projects/{project_name_or_id}/scanner/candidates
GET /projects/{project_name_or_id}/summary
GET /projects/{project_name_or_id}/webhook/events
GET /projects/{project_name_or_id}/webhook/jobs
GET /projects/{project_name_or_id}/webhook/lasttrigger
GET /projects/{project_name_or_id}/webhook/policies
GET /projects/{project_name_or_id}/webhook/policies/{webhook_policy_id}
GET /projects/{project_name_or_id}/webhook/policies/{webhook_policy_id}/executions
GET /projects/{project_name_or_id}/webhook/policies/{webhook_policy_id}/executions/{execution_id}/tasks
GET /projects/{project_name_or_id}/webhook/policies/{webhook_policy_id}/executions/{execution_id}/tasks/{task_id}/log
GET /projects/{project_name}/auditlog-exts
GET /projects/{project_name}/logs
GET /projects/{project_name}/preheat/policies
GET /projects/{project_name}/preheat/policies/{preheat_policy_name}
GET /projects/{project_name}/preheat/policies/{preheat_policy_name}/executions
GET /projects/{project_name}/preheat/policies/{preheat_policy_name}/executions/{execution_id}
GET /projects/{project_name}/preheat/policies/{preheat_policy_name}/executions/{execution_id}/tasks
GET /projects/{project_name}/preheat/policies/{preheat_policy_name}/executions/{execution_id}/tasks/{task_id}/logs
GET /projects/{project_name}/preheat/providers
GET /projects/{project_name}/repositories
GET /projects/{project_name}/repositories/{repository_name}
GET /projects/{project_name}/repositories/{repository_name}/artifacts
GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}
GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/accessories
GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/additions/vulnerabilities
GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/additions/{addition}
GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan/{report_id}/log
GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/tags
GET /quotas
GET /quotas/{id}
GET /registries
GET /registries/{id}
GET /registries/{id}/info
GET /replication/adapterinfos
GET /replication/adapters
GET /replication/executions
GET /replication/executions/{id}
GET /replication/executions/{id}/tasks
GET /replication/executions/{id}/tasks/{task_id}/log
GET /replication/policies
GET /replication/policies/{id}
GET /repositories
GET /retentions/metadatas
GET /retentions/{id}
GET /retentions/{id}/executions
GET /retentions/{id}/executions/{eid}/tasks
GET /retentions/{id}/executions/{eid}/tasks/{tid}
GET /robots
GET /robots/{robot_id}
GET /scanners
GET /scanners/{registration_id}
GET /scanners/{registration_id}/metadata
GET /scans/all/metrics
GET /scans/schedule/metrics
GET /schedules
GET /schedules/{job_type}/paused
GET /search
GET /security/summary
GET /security/vul
GET /statistics
GET /system/CVEAllowlist
GET /system/gc
GET /system/gc/schedule
GET /system/gc/{gc_id}
GET /system/gc/{gc_id}/log
GET /system/purgeaudit
GET /system/purgeaudit/schedule
GET /system/purgeaudit/{purge_id}
GET /system/purgeaudit/{purge_id}/log
GET /system/scanAll/schedule
GET /systeminfo
GET /systeminfo/getcert
GET /systeminfo/volumes
GET /usergroups
GET /usergroups/search
GET /usergroups/{group_id}
GET /users
GET /users/current
GET /users/current/permissions
GET /users/search
GET /users/{user_id}
PATCH /retentions/{id}/executions/{eid}
POST /export/cve
POST /ldap/ping
POST /ldap/users/import
POST /p2p/preheat/instances/ping
POST /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/labels
POST /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan
POST /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan/stop
POST /registries/ping
POST /retentions
POST /scanners/ping
POST /system/oidc/ping
POST /system/scanAll/stop
PUT /jobservice/jobs/{job_id}
PUT /jobservice/queues/{job_type}
PUT /projects/{project_name_or_id}/immutabletagrules/{immutable_rule_id}
PUT /users/{user_id}/cli_secret
PUT /users/{user_id}/password
PUT /users/{user_id}/sysadmin

Found on 2025-12-07 13:14

Create report

Open service 156.238.252.143:443 · hub.mika.vin

2026-01-22 21:34

HTTP/1.1 400 Bad Request
Server: openresty
Date: Thu, 22 Jan 2026 21:34:54 GMT
Content-Type: text/html
Content-Length: 252
Connection: close

Page title: 400 The plain HTTP request was sent to HTTPS port

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>openresty</center>
</body>
</html>

Found 2026-01-22 by HttpPlugin

Create report

Domain summary

hub.mika.vin 1

1 recorded

IP summary

156.238.252.143 2

1 recorded