LeakIX - Host sgd003.backend.webapi.mc.dev-soredigames.net

Domain sgd003.backend.webapi.mc.dev-soredigames.net

Mexico

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 158.23.105.3
Domain: sgd003.backend.webapi.mc.dev-soredigames.net
Port: 443
URL: https://sgd003.backend.webapi.mc.dev-soredigames.net

First seen 2025-12-06 18:56
Last seen 2026-02-09 17:13
Open for 64 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 17:13

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549cece03e90a6c8937962dfd4ebe8a515e64bbb40d

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/challenge/challengeLapRecording/delete
DELETE /api/challenge/management/delete
DELETE /api/configurationFile/management/delete
DELETE /api/currency/management/delete
DELETE /api/inventory/delete
DELETE /api/laprecording/delete
DELETE /api/ship/deleteAllUserShips
DELETE /api/ship/deleteShipByName
DELETE /api/ship/deleteShipBySlot
DELETE /api/wallet/delete
GET /api/challenge/challengeLapRecording/get/{challenge}
GET /api/challenge/get/{challengeName}
GET /api/challenge/getActiveChallengeList
GET /api/challenge/leaderboards/get
GET /api/challenge/management/get/{challengeName}
GET /api/challenge/management/getListPaginated
GET /api/challenge/management/getUserInfo
GET /api/challenge/management/userLapRecording/get
GET /api/challenge/similarLapTimes/get
GET /api/configurationFile/get
GET /api/configurationFile/management/get
GET /api/configurationFile/management/getList
GET /api/currency/checkCurrencyAmount
GET /api/currency/checkPurchase
GET /api/currency/get/{currencyName}
GET /api/currency/getList
GET /api/currency/management/get/{currencyName}
GET /api/currency/management/getList
GET /api/feedback/management/getFeedback
GET /api/inventory/get
GET /api/inventory/management/get
GET /api/laprecording/get
GET /api/laprecording/getLeaderBoards
GET /api/laprecording/getSimilarLapTimes
GET /api/laprecording/getUserLapRecording
GET /api/offer/get/{category}
GET /api/offer/getDailyOffers
GET /api/offer/management/get/{category}
GET /api/product/getPending
GET /api/ship/getAvailableGasSlots
GET /api/ship/getHangarSlotShip
GET /api/ship/getShipByName
GET /api/ship/getUserShips
GET /api/terms
GET /api/transaction/management/get/{transactionId}
GET /api/transaction/management/getTransactions
GET /api/user/gq
GET /api/user/management/gq/{userId}
GET /api/user/management/list
GET /api/user/management/{userId}
GET /api/utils/getServerDateTime
GET /api/wallet/get
GET /api/wallet/management/getList
GET /api/wallet/management/get{userId}
GET /api/welcomeMessage
POST /api/challenge/asignReward
POST /api/challenge/begin
POST /api/challenge/claimReward
POST /api/challenge/end
POST /api/challenge/management/create
POST /api/challenge/management/createFromFile
POST /api/configurationFile/management/create
POST /api/currency/management/create
POST /api/feedback/feedback
POST /api/inventory/create
POST /api/laprecording/create
POST /api/offer/createOffers
POST /api/postlogin/post-login
POST /api/product/consume
POST /api/product/createProducts
POST /api/product/redeem
POST /api/ship/create
POST /api/shop/epic_purchase
POST /api/shop/offer_purchase
POST /api/shop/ship_offer_purchase
POST /api/terms/management/update
POST /api/wallet/create
POST /api/welcomeMessage/management/update
PUT /api/challenge/management/enable
PUT /api/challenge/management/update
PUT /api/configurationFile/management/update
PUT /api/currency/management/update
PUT /api/inventory/update
PUT /api/laprecording/update
PUT /api/ship/addGasSlot
PUT /api/ship/refillAllGasSlots
PUT /api/ship/updateByHangarSlot
PUT /api/ship/updateByName
PUT /api/ship/useGasSlot
PUT /api/user/scrap
PUT /api/user/updateData
PUT /api/wallet/management/update
PUT /api/wallet/update

Found on 2026-01-23 11:36

Create report

Open service 158.23.105.3:443 · sgd003.backend.webapi.mc.dev-soredigames.net

2026-01-23 11:36
```
HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Fri, 23 Jan 2026 11:36:59 GMT
Server: Kestrel
```
Found 2026-01-23 by HttpPlugin
Create report

sgd003.backend.webapi.mc.dev-soredigames.net

Fingerprint:

89aa5b40a11fa8e7e2f560b1ee3838f5cf8d02d866f0f092d23ece5f364d7f50

CN:

sgd003.backend.webapi.mc.dev-soredigames.net

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2025-11-19 00:00

Not after:

2026-04-14 23:59

Domain summary

sgd003.backend.webapi.mc.dev-soredigames.net 2

1 recorded

IP summary

158.23.105.3 2

1 recorded