Domain s.plurall.net
United States
Software information
AmazonS3
tcp/443
CloudFront
tcp/80
Kestrel
tcp/443 tcp/80
-
Git configuration and history exposed
The following URL (usually
/.git/config) is publicly accessible and is leaking source code and repository configuration.Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.
First seen 2023-11-07 19:13
Last seen 2024-04-22 04:46
Open for 166 days-
Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba91884022e566c81dbbbd673[init] defaultBranch = none [fetch] recurseSubmodules = false [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:64_qzLkfHsgEkQ9hxTYggyf@gitlab.com/sdk12/plurall/site-plurall.git fetch = +refs/heads/*:refs/remotes/origin/*
Found on 2024-04-22 04:46316 Bytes -
Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba91884022e566c81471bd12b[init] defaultBranch = none [fetch] recurseSubmodules = false [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:64_8WNFXomWY3XxTDwCNmbq@gitlab.com/sdk12/plurall/site-plurall.git fetch = +refs/heads/*:refs/remotes/origin/*
Found on 2023-11-24 03:35316 Bytes -
Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba91884022e566c818dd55508[init] defaultBranch = none [fetch] recurseSubmodules = false [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:64_VnzGWtgWy_fQZwCQZirT@gitlab.com/sdk12/plurall/site-plurall.git fetch = +refs/heads/*:refs/remotes/origin/*
Found on 2023-11-07 19:13316 Bytes
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.49.104.52
Domain: apiauth-phidelis.s.plurall.net
Port: 80
URL: http://apiauth-phidelis.s.plurall.netFirst seen 2026-01-12 09:00
Last seen 2026-02-09 01:15
Open for 27 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e06c4adf00342a38858ee05957b516d198af466ePublic Swagger UI/API detected at path: /swagger/index.html - sample paths: POST /api/Identidade/autenticar POST /api/Identidade/autenticar-token-plurall POST /api/Identidade/refresh-token POST /api/Identidade/trocar-contexto-aluno POST /api/Identidade/trocar-contexto-perfil POST /api/Phidelis/autenticar-login-phidelis POST /api/Phidelis/autenticar-token-phidelis
Found on 2026-02-09 01:15
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.49.104.52
Domain: apiatend-phidelis.s.plurall.net
Port: 443
URL: https://apiatend-phidelis.s.plurall.netFirst seen 2026-01-12 09:00
Last seen 2026-02-01 23:56
Open for 20 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035490d88be64b4e7641454b557c44bdefcfa4395b60aPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/Mensagem/mensagens/getSetor/{id} GET /api/Mensagem/mensagens/listarAtendimentos GET /api/Mensagem/mensagens/listarSetores/{unidadeId} POST /api/ImportacaoDados/processarAcessos POST /api/Mensagem/mensagens/salvarArquivoChatFound on 2026-02-01 23:56
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.49.104.52
Domain: apiauth-phidelis.s.plurall.net
Port: 443
URL: https://apiauth-phidelis.s.plurall.netFirst seen 2026-01-12 09:00
Last seen 2026-02-01 23:56
Open for 20 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e06c4adf00342a38858ee05957b516d198af466ePublic Swagger UI/API detected at path: /swagger/index.html - sample paths: POST /api/Identidade/autenticar POST /api/Identidade/autenticar-token-plurall POST /api/Identidade/refresh-token POST /api/Identidade/trocar-contexto-aluno POST /api/Identidade/trocar-contexto-perfil POST /api/Phidelis/autenticar-login-phidelis POST /api/Phidelis/autenticar-token-phidelis
Found on 2026-02-01 23:56
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.49.104.52
Domain: apimens-phidelis.s.plurall.net
Port: 443
URL: https://apimens-phidelis.s.plurall.netFirst seen 2026-01-12 09:01
Last seen 2026-02-01 23:56
Open for 20 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354955a5f21d57b41f6d42c055ee2484224903c6d842Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/agendaonline/{id} GET /api/Agenda/{qtdDias}/{tiposDeEventos} GET /api/Calendario/obterCalendario GET /api/Comunicado/comunicados/{pagina}/{registrosPorPagina} GET /api/Comunicado/detalhesComunicado/{publicacaoId} GET /api/Comunicado/{publicacaoId}/comentario/{pagina}/{registrosPorPagina} GET /api/Dashboard/contadores GET /api/Dashboard/dashboard/{topTipoPublicacao} GET /api/Dashboard/detalhesPublicacao/{publicacaoId} GET /api/Dashboard/home/{pagina}/{registrosPorPagina} GET /api/agendaonline/obterCalendario/{data} GET /api/agendaonlineconfiguracao/{unidadeId} GET /api/integracao/{unidadeId} GET /api/v2/Agenda/obterAgenda/{data} GET /api/v2/Agenda/obterEvento/{id} GET /api/v2/Agenda/obterProgramacao/{pagina}/{registrosPorPagina} GET /api/v2/AgendaOnline/obterAgenda/{UnidadeId}/{Data} GET /api/v2/AgendaOnline/obterDestaques/{unidadeId}/{pagina}/{registrosPorPagina} GET /api/v2/AgendaOnline/obterEvento/{unidadeId}/{id} GET /api/v2/AgendaOnline/obterProgramacao/{unidadeId}/{pagina}/{registrosPorPagina}/{cursoId} GET /api/v2/AgendaOnline/pesquisar/{AnoLetivo}/{TurmaId} POST /api/Comunicado/ativarComentario/{id} POST /api/Comunicado/comentarPublicacao POST /api/Comunicado/curtirPublicacao/{publicacaoId} POST /api/v2/Agenda/responderEnquete POST /api/v2/AgendaOnlineFound on 2026-02-01 23:56
-
-
Open service 20.49.104.52:443 · apimens-phidelis.s.plurall.net
2026-01-22 21:57
HTTP/1.1 200 OK Connection: close Date: Thu, 22 Jan 2026 21:57:36 GMT Server: Kestrel Transfer-Encoding: chunked Request-Context: appId=cid-v1:fbef22b2-36f9-415a-9b8a-74e46e15cc09 API Mensageria (22/01/2026 18:57:37) - Update: 22/01/2026 16:06:20
Found 2026-01-22 by HttpPluginCreate report
-
Open service 20.49.104.52:443 · apiauth-phidelis.s.plurall.net
2026-01-22 21:57
HTTP/1.1 200 OK Connection: close Date: Thu, 22 Jan 2026 21:57:35 GMT Server: Kestrel Transfer-Encoding: chunked API Auth (22/01/2026 18:57:36) - Update: 12/06/2025 11:44:16
Found 2026-01-22 by HttpPluginCreate report
-
Open service 20.49.104.52:443 · apiatend-phidelis.s.plurall.net
2026-01-22 21:57
HTTP/1.1 200 OK Connection: close Date: Thu, 22 Jan 2026 21:57:35 GMT Server: Kestrel Transfer-Encoding: chunked Request-Context: appId=cid-v1:73b51cba-80f2-4ec0-92a3-468d8d44b5c3 API Atendimento (22/01/2026 18:57:35) - Update: 13/10/2025 18:32:48
Found 2026-01-22 by HttpPluginCreate report
-
Open service 20.49.104.52:80 · apiauth-phidelis.s.plurall.net
2026-01-22 21:57
HTTP/1.1 200 OK Connection: close Date: Thu, 22 Jan 2026 21:57:36 GMT Server: Kestrel Transfer-Encoding: chunked API Auth (22/01/2026 18:57:36) - Update: 12/06/2025 11:44:16
Found 2026-01-22 by HttpPluginCreate report
-
Open service 20.49.104.52:80 · apimens-phidelis.s.plurall.net
2026-01-12 09:01
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 12 Jan 2026 09:02:00 GMT Location: https://apimens-phidelis.s.plurall.net/
Found 2026-01-12 by HttpPluginCreate report
-
Open service 20.49.104.52:443 · apimens-phidelis.s.plurall.net
2026-01-12 09:01
HTTP/1.1 200 OK Connection: close Date: Mon, 12 Jan 2026 09:02:00 GMT Server: Kestrel Transfer-Encoding: chunked Request-Context: appId=cid-v1:fbef22b2-36f9-415a-9b8a-74e46e15cc09 API Mensageria (12/01/2026 06:02:00) - Update: 16/12/2025 18:18:48
Found 2026-01-12 by HttpPluginCreate report
-
Open service 20.49.104.52:80 · apiauth-phidelis.s.plurall.net
2026-01-12 09:00
HTTP/1.1 200 OK Connection: close Date: Mon, 12 Jan 2026 09:01:36 GMT Server: Kestrel Transfer-Encoding: chunked API Auth (12/01/2026 06:01:37) - Update: 12/06/2025 11:44:16
Found 2026-01-12 by HttpPluginCreate report
-
Open service 20.49.104.52:443 · apiauth-phidelis.s.plurall.net
2026-01-12 09:00
HTTP/1.1 200 OK Connection: close Date: Mon, 12 Jan 2026 09:01:37 GMT Server: Kestrel Transfer-Encoding: chunked API Auth (12/01/2026 06:01:37) - Update: 12/06/2025 11:44:16
Found 2026-01-12 by HttpPluginCreate report
-
Open service 20.49.104.52:80 · apiatend-phidelis.s.plurall.net
2026-01-12 09:00
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 12 Jan 2026 09:01:23 GMT Location: https://apiatend-phidelis.s.plurall.net/
Found 2026-01-12 by HttpPluginCreate report
-
Open service 20.49.104.52:443 · apiatend-phidelis.s.plurall.net
2026-01-12 09:00
HTTP/1.1 200 OK Connection: close Date: Mon, 12 Jan 2026 09:01:23 GMT Server: Kestrel Transfer-Encoding: chunked Request-Context: appId=cid-v1:73b51cba-80f2-4ec0-92a3-468d8d44b5c3 API Atendimento (12/01/2026 06:01:23) - Update: 13/10/2025 18:32:48
Found 2026-01-12 by HttpPluginCreate report
-
Open service 20.49.104.52:80 · phidelis.s.plurall.net
2026-01-11 10:44
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Sun, 11 Jan 2026 10:45:05 GMT Location: https://phidelis.s.plurall.net/
Found 2026-01-11 by HttpPluginCreate report
-
Open service 20.49.104.52:443 · phidelis.s.plurall.net
2026-01-11 10:44
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Sun, 11 Jan 2026 10:45:04 GMT Server: Kestrel Location: https://phidelis.s.plurall.net/auth/Login/?ReturnUrl=%2F Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:5a7d1b1b-7b51-45c4-aa90-b45d30d06975
Found 2026-01-11 by HttpPluginCreate report
-
Open service 54.230.228.93:443 · menu-assets.s.plurall.net
2026-01-04 03:13
HTTP/1.1 200 OK Content-Type: application/x-directory; charset=UTF-8 Content-Length: 0 Connection: close Date: Sat, 03 Jan 2026 15:23:19 GMT Last-Modified: Mon, 03 Feb 2025 14:29:54 GMT ETag: "224d5f103eea2be85b8f22baef1ea6dc" x-amz-server-side-encryption: aws:kms x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:875815471114:key/mrk-b88aed522d4c4509a5a372623105e753 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 4b3ef7616dbf62f98d54524f0218face.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P5 X-Amz-Cf-Id: 1467ZmtrDCtaLq1FbJ8dnVjLNzqgrKXgT9zUHzOcLAVAdjaV32Z8jg== Age: 42608 Vary: Origin
Found 2026-01-04 by HttpPluginCreate report
-
Open service 54.230.228.12:443 · menu-assets.s.plurall.net
2026-01-04 03:13
HTTP/1.1 200 OK Content-Type: application/x-directory; charset=UTF-8 Content-Length: 0 Connection: close Date: Sat, 03 Jan 2026 15:23:19 GMT Last-Modified: Mon, 03 Feb 2025 14:29:54 GMT ETag: "224d5f103eea2be85b8f22baef1ea6dc" x-amz-server-side-encryption: aws:kms x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:875815471114:key/mrk-b88aed522d4c4509a5a372623105e753 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 8a0110b64ead65f0aff7193e350b2c52.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P5 X-Amz-Cf-Id: h6rynRdpLztJ8bRRSGcSDs6IScZRymSjVpE06WEVOY3AgcJpbtlhMQ== Age: 42607 Vary: Origin
Found 2026-01-04 by HttpPluginCreate report
-
Open service 54.230.228.52:80 · menu-assets.s.plurall.net
2026-01-04 03:13
HTTP/1.1 301 Moved Permanently Server: CloudFront Date: Sun, 04 Jan 2026 03:13:25 GMT Content-Type: text/html Content-Length: 167 Connection: close Location: https://menu-assets.s.plurall.net/ X-Cache: Redirect from cloudfront Via: 1.1 62be04c57195b92a15c9e33c0bb32906.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P5 X-Amz-Cf-Id: Cnnw1cYhxhIjIoCEVvSMDRQJUD93d44nt5s2ICFOVAKWgSjQUA52ow== Vary: Origin Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>CloudFront</center> </body> </html>
Found 2026-01-04 by HttpPluginCreate report
-
Open service 54.230.228.12:80 · menu-assets.s.plurall.net
2026-01-04 03:13
HTTP/1.1 301 Moved Permanently Server: CloudFront Date: Sun, 04 Jan 2026 03:13:25 GMT Content-Type: text/html Content-Length: 167 Connection: close Location: https://menu-assets.s.plurall.net/ X-Cache: Redirect from cloudfront Via: 1.1 b10eef4dff0375003ae9795596a9615c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P5 X-Amz-Cf-Id: RSLcCA4YrQtRGyVDFhAODmAEA1BUTRqUGLRm0xmQai1YFXu9Efwb-A== Vary: Origin Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>CloudFront</center> </body> </html>
Found 2026-01-04 by HttpPluginCreate report
-
Open service 54.230.228.93:80 · menu-assets.s.plurall.net
2026-01-04 03:13
HTTP/1.1 301 Moved Permanently Server: CloudFront Date: Sun, 04 Jan 2026 03:13:25 GMT Content-Type: text/html Content-Length: 167 Connection: close Location: https://menu-assets.s.plurall.net/ X-Cache: Redirect from cloudfront Via: 1.1 64de0e8f28c987c1b81102130781b870.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P5 X-Amz-Cf-Id: 5qKoeGxNx4nmJbSRAvw98HzAzjiHDIThESW_Te_Y6FuSLV24mBgQ5w== Vary: Origin Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>CloudFront</center> </body> </html>
Found 2026-01-04 by HttpPluginCreate report
-
Open service 54.230.228.52:443 · menu-assets.s.plurall.net
2026-01-04 03:13
HTTP/1.1 200 OK Content-Type: application/x-directory; charset=UTF-8 Content-Length: 0 Connection: close Date: Sat, 03 Jan 2026 15:23:19 GMT Last-Modified: Mon, 03 Feb 2025 14:29:54 GMT ETag: "224d5f103eea2be85b8f22baef1ea6dc" x-amz-server-side-encryption: aws:kms x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:875815471114:key/mrk-b88aed522d4c4509a5a372623105e753 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 a2eaac3682e999c3b0a69ad54d815412.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P5 X-Amz-Cf-Id: uXFuKuvufXcaGgg7wD-jCySyovGt38Nxg7tndWmFV2djvE55QWyjpw== Age: 42607 Vary: Origin
Found 2026-01-04 by HttpPluginCreate report
-
Open service 54.230.228.84:80 · menu-assets.s.plurall.net
2026-01-04 03:13
HTTP/1.1 301 Moved Permanently Server: CloudFront Date: Sun, 04 Jan 2026 03:13:25 GMT Content-Type: text/html Content-Length: 167 Connection: close Location: https://menu-assets.s.plurall.net/ X-Cache: Redirect from cloudfront Via: 1.1 00fe48bc72383ac135425bf0b3409486.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P5 X-Amz-Cf-Id: yEy7atk7It_lCHmjbzBCPNDGVdX_PZ5Bhv4lNkD6PV86VFz8LGx1OA== Vary: Origin Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>CloudFront</center> </body> </html>
Found 2026-01-04 by HttpPluginCreate report