Domain ichtyscashflow.alpha-cr.com
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.40.202.29
Domain: ichtyscashflow.alpha-cr.com
Port: 443
URL: https://ichtyscashflow.alpha-cr.comFirst seen 2026-01-13 08:13
Last seen 2026-02-16 09:05
Open for 34 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491d5bc99c39ae7b74e49b83b229c81b9b6ffd5007Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /accounts GET /accounts/movements/{AccountMovementId} GET /accounts/{AccountId} GET /accounts/{AccountId}/movements GET /debts/creditor/{CreditorId} GET /debts/debtor/{DebtorId} GET /debts/movements/{debtMovementId} GET /debts/settlements/{SettlementId} GET /debts/{DebtId} GET /debts/{DebtId}/movements GET /debts/{DebtorId} GET /info GET /movement GET /movement-types GET /movement-types/{MovementTypeId} GET /paymentmovement/debt/{debtId} GET /paymentmovement/payment/{paymentId} GET /payments GET /payments/chart-info GET /payments/pending-imputation GET /payments/{PaymentId} GET /system-movements GET /system-movements/{SystemMovementId} POST /accounts/movements POST /debts POST /debts/movements POST /debts/{debtId}/adjustment POST /debts/{debtId}/forgiveness POST /debts/{debtId}/rollback POST /payments/{paymentId}/adjustment POST /payments/{paymentId}/rollback-creation POST /payments/{paymentId}/rollback-imputationsFound on 2026-02-16 09:05
-