Domain securescan-dev.fifa.org
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-26 19:39
Last seen 2025-11-01 19:40
Open for 6 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d4b5b8d6005ab9509bf83e2706a77c108af38e3aPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/Image GET /api/Image/images/{id} GET /api/User/{userEmail} GET /api/fifa-api/matches POST /api/Image/Analysis POST /api/Image/images/{id}/review POST /api/UserFound on 2025-11-01 19:40
-
-
Open service 2a02:26f0:2780:67::217:e397:80 · securescan-dev.fifa.org
2025-12-31 19:32
HTTP/1.1 403 Forbidden Mime-Version: 1.0 Content-Type: text/html Content-Length: 381 Expires: Wed, 31 Dec 2025 19:32:40 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 19:32:40 GMT Connection: close Akamai-GRN: 0.97c41402.1767209560.940d881c Page title: Access Denied <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://securescan-dev.fifa.org/" on this server.<P> Reference #18.97c41402.1767209560.940d881c <P>https://errors.edgesuite.net/18.97c41402.1767209560.940d881c</P> </BODY> </HTML>
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.16.204.20:443 · securescan-dev.fifa.org
2025-12-31 19:32
HTTP/1.1 403 Forbidden Mime-Version: 1.0 Content-Type: text/html Content-Length: 381 Expires: Wed, 31 Dec 2025 19:32:36 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 19:32:36 GMT Connection: close Akamai-GRN: 0.141d1002.1767209556.88e5260b Page title: Access Denied <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://securescan-dev.fifa.org/" on this server.<P> Reference #18.141d1002.1767209555.88e5260b <P>https://errors.edgesuite.net/18.141d1002.1767209555.88e5260b</P> </BODY> </HTML>
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2a02:26f0:2780:67::217:e397:443 · securescan-dev.fifa.org
2025-12-31 19:32
HTTP/1.1 308 Permanent Redirect Location: /image-revision x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Refresh: 0;url=/image-revision Expires: Wed, 31 Dec 2025 19:32:35 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 19:32:35 GMT Connection: close Set-Cookie: ARRAffinity=16f92531f9cba03a52b6f4145e0d0aa3bacdc8d6ee76784fa55c90738b245a78;Path=/;HttpOnly;Secure;Domain=scan-dev-gwc-aps-001-app.azurewebsites.net Set-Cookie: ARRAffinitySameSite=16f92531f9cba03a52b6f4145e0d0aa3bacdc8d6ee76784fa55c90738b245a78;Path=/;HttpOnly;SameSite=None;Secure;Domain=scan-dev-gwc-aps-001-app.azurewebsites.net Akamai-GRN: 0.97c41402.1767209555.940d5d0f /image-revision
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2a02:26f0:2780:67::217:e39d:443 · securescan-dev.fifa.org
2025-12-31 19:32
HTTP/1.1 308 Permanent Redirect Location: /image-revision x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Refresh: 0;url=/image-revision Expires: Wed, 31 Dec 2025 19:32:35 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 19:32:35 GMT Connection: close Set-Cookie: ARRAffinity=16f92531f9cba03a52b6f4145e0d0aa3bacdc8d6ee76784fa55c90738b245a78;Path=/;HttpOnly;Secure;Domain=scan-dev-gwc-aps-001-app.azurewebsites.net Set-Cookie: ARRAffinitySameSite=16f92531f9cba03a52b6f4145e0d0aa3bacdc8d6ee76784fa55c90738b245a78;Path=/;HttpOnly;SameSite=None;Secure;Domain=scan-dev-gwc-aps-001-app.azurewebsites.net Akamai-GRN: 0.9dc41402.1767209555.a6725df8 /image-revision
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2a02:26f0:2780:67::217:e39d:80 · securescan-dev.fifa.org
2025-12-31 19:32
HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://securescan-dev.fifa.org/ Expires: Wed, 31 Dec 2025 19:32:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 19:32:38 GMT Connection: close Akamai-GRN: 0.9dc41402.1767209558.a6727547
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.16.204.19:443 · securescan-dev.fifa.org
2025-12-31 19:32
HTTP/1.1 403 Forbidden Mime-Version: 1.0 Content-Type: text/html Content-Length: 381 Expires: Wed, 31 Dec 2025 19:32:35 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 19:32:35 GMT Connection: close Akamai-GRN: 0.141d1002.1767209555.88e519a1 Page title: Access Denied <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://securescan-dev.fifa.org/" on this server.<P> Reference #18.141d1002.1767209555.88e519a1 <P>https://errors.edgesuite.net/18.141d1002.1767209555.88e519a1</P> </BODY> </HTML>
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.16.204.19:80 · securescan-dev.fifa.org
2025-12-31 19:32
HTTP/1.1 403 Forbidden Mime-Version: 1.0 Content-Type: text/html Content-Length: 381 Expires: Wed, 31 Dec 2025 19:32:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 19:32:38 GMT Connection: close Akamai-GRN: 0.131d1002.1767209558.6a0596c8 Page title: Access Denied <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://securescan-dev.fifa.org/" on this server.<P> Reference #18.131d1002.1767209558.6a0596c8 <P>https://errors.edgesuite.net/18.131d1002.1767209558.6a0596c8</P> </BODY> </HTML>
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.16.204.20:80 · securescan-dev.fifa.org
2025-12-31 19:32
HTTP/1.1 403 Forbidden Mime-Version: 1.0 Content-Type: text/html Content-Length: 381 Expires: Wed, 31 Dec 2025 19:32:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 19:32:38 GMT Connection: close Akamai-GRN: 0.141d1002.1767209558.88e54eb8 Page title: Access Denied <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://securescan-dev.fifa.org/" on this server.<P> Reference #18.141d1002.1767209558.88e54eb8 <P>https://errors.edgesuite.net/18.141d1002.1767209558.88e54eb8</P> </BODY> </HTML>
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.17.100.185:443 · securescan-dev.fifa.org
2025-12-22 08:39
HTTP/1.1 403 Forbidden Mime-Version: 1.0 Content-Type: text/html Content-Length: 381 Expires: Mon, 22 Dec 2025 08:39:17 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Dec 2025 08:39:17 GMT Connection: close Akamai-GRN: 0.a7641102.1766392757.1b84eff8 Page title: Access Denied <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://securescan-dev.fifa.org/" on this server.<P> Reference #18.a7641102.1766392757.1b84eff8 <P>https://errors.edgesuite.net/18.a7641102.1766392757.1b84eff8</P> </BODY> </HTML>
Found 2025-12-22 by HttpPluginCreate report