LeakIX - Host qa.back.bula.ache.com.br

Domain qa.back.bula.ache.com.br

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 135.224.194.19
Domain: qa.back.bula.ache.com.br
Port: 443
URL: https://qa.back.bula.ache.com.br

First seen 2026-01-05 20:46
Last seen 2026-01-23 13:22
Open for 17 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035492dd51c27a88ffb5393e309fa91564b3850554f5e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/Indicator/Image/{id}
GET /api/v1/Alert/GetAlertPage
GET /api/v1/Alert/ListLeafletsForAlerts
GET /api/v1/Alert/{id}
GET /api/v1/AlertType
GET /api/v1/Category
GET /api/v1/Category/ByCompany
GET /api/v1/Category/Ordering
GET /api/v1/Category/Public
GET /api/v1/Category/{id}
GET /api/v1/Companies
GET /api/v1/Company/ListCompany
GET /api/v1/Diagnostics/ProductSchema
GET /api/v1/Indicator
GET /api/v1/Indicator/Public
GET /api/v1/Indicator/{id}
GET /api/v1/Leaflet
GET /api/v1/Leaflet/Draft/{leafletId}
GET /api/v1/Leaflet/Review/{id}
GET /api/v1/Leaflet/{id}
GET /api/v1/LeafletComment
GET /api/v1/LeafletComment/{id}
GET /api/v1/LeafletDetail
GET /api/v1/LeafletDetail/{id}
GET /api/v1/PharmaForm/ListPharmaForm
GET /api/v1/PharmacyPopularPage
GET /api/v1/PharmacyPopularPage/Backoffice
GET /api/v1/PharmacyPopularPage/Manage
GET /api/v1/PharmacyPopularPage/Manage/{id}
GET /api/v1/Product/Catalog
GET /api/v1/Product/Catalog/Public
GET /api/v1/Product/Catalog/Public/{idOrSlug}
GET /api/v1/Product/Catalog/{idOrSlug}
GET /api/v1/Product/GetTemplate
GET /api/v1/Product/{id}
PATCH /api/v1/Alert/UpdateAlertStatus
PATCH /api/v1/Category/UpdateCategoryStatus
PATCH /api/v1/Leaflet/UpdateLeafletStatus
PATCH /api/v1/Leaflet/UpdateLeafletStep
PATCH /api/v1/Product/Approve/{id}
POST /api/v1/Alert
POST /api/v1/Alert/ListAlerts
POST /api/v1/Auditory/ListAuditory
POST /api/v1/Auditory/Login
POST /api/v1/Auditory/Logout
POST /api/v1/Cache
POST /api/v1/Category/ListCategories
POST /api/v1/Category/UploadImage
POST /api/v1/Indicator/Batch
POST /api/v1/Indicator/UploadImage
POST /api/v1/Leaflet/CreateLeafletProducts
POST /api/v1/Leaflet/DuplicateLeaflet
POST /api/v1/Leaflet/ListLeaflet
POST /api/v1/Leaflet/ReadLeafletFromWord
POST /api/v1/PharmacyPopularPage/Refresh
POST /api/v1/PharmacyPopularPage/UploadHeaderImage
POST /api/v1/Product
POST /api/v1/Product/Catalog/Paginated
POST /api/v1/Product/ImportProducts
POST /api/v1/Product/ListProducts
POST /api/v1/Product/ListProductsFiltered
POST /api/v1/Product/UploadPack
POST /api/v1/Product/ValidateCsv
PUT /api/v1/Leaflet/Draft

Found on 2026-01-23 13:22

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035492dd51c27a88ffb5393e309fa91564b3873a63330

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/Indicator/Image/{id}
GET /api/v1/Alert/GetAlertPage
GET /api/v1/Alert/ListLeafletsForAlerts
GET /api/v1/Alert/{id}
GET /api/v1/AlertType
GET /api/v1/Category
GET /api/v1/Category/Ordering
GET /api/v1/Category/Public
GET /api/v1/Category/{id}
GET /api/v1/Company/ListCompany
GET /api/v1/Diagnostics/ProductSchema
GET /api/v1/Indicator
GET /api/v1/Indicator/Public
GET /api/v1/Indicator/{id}
GET /api/v1/Leaflet
GET /api/v1/Leaflet/{id}
GET /api/v1/LeafletComment
GET /api/v1/LeafletComment/{id}
GET /api/v1/LeafletDetail
GET /api/v1/LeafletDetail/{id}
GET /api/v1/PharmaForm/ListPharmaForm
GET /api/v1/Product/Catalog
GET /api/v1/Product/Catalog/Public
GET /api/v1/Product/Catalog/Public/{idOrSlug}
GET /api/v1/Product/Catalog/{idOrSlug}
GET /api/v1/Product/GetTemplate
GET /api/v1/Product/{id}
PATCH /api/v1/Alert/UpdateAlertStatus
PATCH /api/v1/Category/UpdateCategoryStatus
PATCH /api/v1/Indicator/Values
PATCH /api/v1/Leaflet/UpdateLeafletStatus
PATCH /api/v1/Leaflet/UpdateLeafletStep
PATCH /api/v1/Product/Approve/{id}
POST /api/v1/Alert
POST /api/v1/Alert/ListAlerts
POST /api/v1/Auditory/ListAuditory
POST /api/v1/Auditory/Login
POST /api/v1/Auditory/Logout
POST /api/v1/Cache
POST /api/v1/Category/ListCategories
POST /api/v1/Category/UploadImage
POST /api/v1/Indicator/UploadImage
POST /api/v1/Leaflet/CreateLeafletProducts
POST /api/v1/Leaflet/DuplicateLeaflet
POST /api/v1/Leaflet/ListLeaflet
POST /api/v1/Leaflet/ReadLeafletFromWord
POST /api/v1/Product
POST /api/v1/Product/Catalog/Paginated
POST /api/v1/Product/ImportProducts
POST /api/v1/Product/ListProducts
POST /api/v1/Product/ListProductsFiltered
POST /api/v1/Product/UploadPack
POST /api/v1/Product/ValidateCsv

Found on 2026-01-09 22:32

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549674ccd85f61a572c9937fa52822a490269680918

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Alert/GetAlertPage
GET /api/v1/Alert/ListLeafletsForAlerts
GET /api/v1/Alert/{id}
GET /api/v1/AlertType
GET /api/v1/Category
GET /api/v1/Category/{id}
GET /api/v1/Company/ListCompany
GET /api/v1/Diagnostics/ProductSchema
GET /api/v1/Leaflet
GET /api/v1/Leaflet/{id}
GET /api/v1/LeafletComment
GET /api/v1/LeafletComment/{id}
GET /api/v1/LeafletDetail
GET /api/v1/LeafletDetail/{id}
GET /api/v1/PharmaForm/ListPharmaForm
GET /api/v1/Product/Catalog
GET /api/v1/Product/Catalog/{idOrSlug}
GET /api/v1/Product/GetTemplate
GET /api/v1/Product/{id}
PATCH /api/v1/Alert/UpdateAlertStatus
PATCH /api/v1/Category/UpdateCategoryStatus
PATCH /api/v1/Leaflet/UpdateLeafletStatus
PATCH /api/v1/Leaflet/UpdateLeafletStep
PATCH /api/v1/Product/Approve/{id}
POST /api/v1/Alert
POST /api/v1/Alert/ListAlerts
POST /api/v1/Auditory/ListAuditory
POST /api/v1/Auditory/Login
POST /api/v1/Auditory/Logout
POST /api/v1/Cache
POST /api/v1/Category/ListCategories
POST /api/v1/Category/UploadImage
POST /api/v1/Leaflet/CreateLeafletProducts
POST /api/v1/Leaflet/DuplicateLeaflet
POST /api/v1/Leaflet/ListLeaflet
POST /api/v1/Leaflet/ReadLeafletFromWord
POST /api/v1/Product
POST /api/v1/Product/Catalog/Paginated
POST /api/v1/Product/ImportProducts
POST /api/v1/Product/ListProducts
POST /api/v1/Product/ListProductsFiltered
POST /api/v1/Product/UploadPack
POST /api/v1/Product/ValidateCsv

Found on 2026-01-05 20:46

Create report

Open service 135.224.194.19:443 · qa.back.bula.ache.com.br

2026-01-23 13:22

HTTP/1.1 401 Unauthorized
Date: Fri, 23 Jan 2026 13:22:51 GMT
Content-Length: 0
Connection: close
WWW-Authenticate: Bearer
Strict-Transport-Security: max-age=31536000; includeSubDomains

Found 2026-01-23 by HttpPlugin

Create report

Open service 135.224.194.19:443 · qa.back.bula.ache.com.br

2026-01-09 22:32

HTTP/1.1 401 Unauthorized
Date: Fri, 09 Jan 2026 22:32:33 GMT
Content-Length: 0
Connection: close
WWW-Authenticate: Bearer
Strict-Transport-Security: max-age=31536000; includeSubDomains

Found 2026-01-09 by HttpPlugin

Create report

qa.back.bula.ache.com.br

Fingerprint:

af935a2492c8b24805a0463c069f109bb43ff677b9dc862ca3cba6e96aac2e68

CN:

qa.back.bula.ache.com.br

Key:

RSA-2048

Issuer:

R12

Not before:

2026-01-05 19:46

Not after:

2026-04-05 19:46

Domain summary

qa.back.bula.ache.com.br 4

1 recorded

IP summary

135.224.194.19 2

1 recorded