Domain qa-adminutil.sims.co.uk
United Kingdom
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-14 19:44
Last seen 2026-01-23 08:13
Open for 8 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497d34e27a263400d0763d1d8042b4fcbc363f58dbPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/SchoolAlert/SystemStatusAlert/{orgId}/{toEmailId} GET /api/TrainingDB/GetSyncStatus/{orgId} GET /api/TrainingDB/PreCheckStatus/{orgId} GET /api/ping POST /api/SchoolAlert/UpsertAlertEmail POST /api/TrainingDB/ProcessNGDeletion POST /api/TrainingDB/SchoolDetailsDR POST /api/TrainingDB/SyncCompletedSeenStatusUpdateFound on 2026-01-23 08:13
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-14 19:44
Last seen 2026-02-09 08:24
Open for 25 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497d34e27a263400d0763d1d8042b4fcbc363f58dbPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/SchoolAlert/SystemStatusAlert/{orgId}/{toEmailId} GET /api/TrainingDB/GetSyncStatus/{orgId} GET /api/TrainingDB/PreCheckStatus/{orgId} GET /api/ping POST /api/SchoolAlert/UpsertAlertEmail POST /api/TrainingDB/ProcessNGDeletion POST /api/TrainingDB/SchoolDetailsDR POST /api/TrainingDB/SyncCompletedSeenStatusUpdateFound on 2026-02-09 08:24
-
-
Open service 51.104.28.87:443 · qa-adminutil.sims.co.uk
2026-01-23 08:13
HTTP/1.1 401 Unauthorized Connection: close Content-Type: application/json Date: Fri, 23 Jan 2026 08:14:19 GMT Transfer-Encoding: chunked Strict-Transport-Security: max-age=15768000; includeSubDomains; preload Request-Context: appId=cid-v1:fee682c8-cac4-42a1-9516-b4eb4880b4a2 Content-Security-Policy-Report-Only: default-src 'self' X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: no-referrer Feature-Policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; X-XSS-Protection: 1 {"error":"Request not authenticated."}Found 2026-01-23 by HttpPluginCreate report
-
Open service 51.104.28.87:80 · qa-adminutil.sims.co.uk
2026-01-23 03:07
HTTP/1.1 307 Temporary Redirect Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 03:07:44 GMT Location: https://qa-adminutil.sims.co.uk/ Strict-Transport-Security: max-age=15768000; includeSubDomains; preload Request-Context: appId=cid-v1:fee682c8-cac4-42a1-9516-b4eb4880b4a2 Content-Security-Policy-Report-Only: default-src 'self' X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: no-referrer Feature-Policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; X-XSS-Protection: 1
Found 2026-01-23 by HttpPluginCreate report