Domain payments-test.api.rgcore.com
United Kingdom
Software information
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.90.134.43
Domain: payments-test.api.rgcore.com
Port: 443
URL: https://payments-test.api.rgcore.comFirst seen 2026-01-13 05:40
Last seen 2026-01-22 11:57
Open for 9 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b6c8b80f24a29d9c0bbda5c6ccc4a9dba967ab4bPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v1/Payments/Delete GET /api/v1/Payments GET /api/v1/Payments/Accounts GET /api/v1/Payments/DirectDebitDelays GET /api/v1/Payments/EventHistory GET /api/v1/Payments/Events/{eventId} GET /api/v1/Payments/Summary GET /api/v1/Payments/{aRef}/{gtRef}/AutoCollect POST /api/v1/Payments/AddBankAccount POST /api/v1/Payments/AddElectronicPayment POST /api/v1/Payments/ExternalEvents POST /api/v1/Payments/GetSessionToken POST /api/v1/Payments/New POST /api/v1/Payments/NewAccount POST /api/v1/Payments/ProcessPayment POST /api/v1/Payments/Refund POST /api/v1/Payments/TakePayment/PaymentId POST /api/v1/Payments/TestMe/{lenderId}/{paymentId}/{days} POST /api/v1/Payments/TokeniseCard POST /api/v1/Payments/Transaction/{paymentId} POST /api/v1/Payments/UpdateDirectDebitDelays POST /api/v1/Processor/worldpay/authenticate3ds POST /api/v1/Processor/worldpay/devicedatainit/{paymentId} POST /api/v1/Processor/worldpay/verifyandattemptpayment/{paymentId} PUT /api/v1/Payments/ActiveAccounts PUT /api/v1/Payments/Deactivate PUT /api/v1/Payments/PayoutFound on 2026-01-22 11:57
-
-
Open service 20.90.134.43:443 · payments-test.api.rgcore.com
2026-01-22 11:57
HTTP/1.1 200 OK Content-Length: 633 Connection: close Content-Type: text/html Date: Thu, 22 Jan 2026 11:57:35 GMT Server: Kestrel Accept-Ranges: bytes ETag: "1dc7f217520b9f9" Last-Modified: Tue, 06 Jan 2026 15:30:59 GMT Request-Context: appId=cid-v1:9be49af0-c50d-4341-9f06-37b8c3699ffb Page title: Richmond Group <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <title>Richmond Group</title> <style> body { font-family: 'Libre Baskerville', 'Plantin', 'Mrs Eaves'; } .text { font-size: 70px; text-align: center; position: relative; display: inline-block; margin: 19px 0px 0px 0px; width: 100%; } </style> <link rel="shortcut icon" href="#"> </head> <body> <div class="text"> <span><strong>Richmond</strong> Group</span> </div> </body> </html> <script> console.log("v0.0.1") </script>Found 2026-01-22 by HttpPluginCreate report