LeakIX - Host stg-ucp-be.clairiti.com

Domain stg-ucp-be.clairiti.com

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.0.39
Domain: stg-ucp-be.clairiti.com
Port: 443
URL: https://stg-ucp-be.clairiti.com

First seen 2025-12-27 08:56
Last seen 2026-02-16 03:06
Open for 50 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497f01cd57a7f19077992775fbd46add6d14f22f47

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/user-settings/{id}
GET /api/v1/clients
GET /api/v1/clients/{clientId}/configuration
GET /api/v1/clients/{clientId}/organizations
GET /api/v1/clients/{clientId}/packages
GET /api/v1/clients/{clientId}/users
GET /api/v1/communications/{id}
GET /api/v1/invoices
GET /api/v1/invoices/organizations
GET /api/v1/invoices/{invoiceId}
GET /api/v1/invoices/{invoiceId}/candidate-summary
GET /api/v1/invoices/{invoiceId}/documents/{documentId}
GET /api/v1/invoices/{invoiceId}/get-document
GET /api/v1/invoices/{invoiceId}/organization-reference-code-summary
GET /api/v1/invoices/{invoiceId}/organization-summary
GET /api/v1/invoices/{invoiceId}/organization-summary-details
GET /api/v1/invoices/{invoiceId}/organizations
GET /api/v1/invoices/{invoiceId}/reference-code-summary
GET /api/v1/notifications
GET /api/v1/order-statuses
GET /api/v1/orders
GET /api/v1/orders/{orderId}/actions
GET /api/v1/orders/{orderId}/activities
GET /api/v1/orders/{orderId}/candidate
GET /api/v1/orders/{orderId}/disputable-searches
GET /api/v1/orders/{orderId}/documents
GET /api/v1/orders/{orderId}/documents/{documentId}
GET /api/v1/orders/{orderId}/documents/{documentId}/content
GET /api/v1/orders/{orderId}/progress
GET /api/v1/product-relations
GET /api/v1/products
GET /api/v1/reports/all-orders/statistics
GET /api/v1/reports/all-orders/status-counts
GET /api/v1/reports/all-orders/table
GET /api/v1/search/omni
GET /api/v1/session
GET /api/v1/states
GET /api/v1/user-settings
GET /api/v1/widgets
GET /api/v1/widgets/1
GET /api/v1/widgets/10
GET /api/v1/widgets/11
GET /api/v1/widgets/2
GET /api/v1/widgets/3
GET /api/v1/widgets/4
GET /api/v1/widgets/5
GET /api/v1/widgets/6
GET /api/v1/widgets/7
GET /api/v1/widgets/8
GET /api/v1/widgets/9
POST /api/v1/communications/{id}/replies
POST /api/v1/notifications/{notificationId}/mark-as-read
POST /api/v1/order-archives
POST /api/v1/order-batch-downloads
POST /api/v1/orders/cancel
POST /api/v1/orders/{orderId}/disputes
POST /api/v1/reports/all-orders/table-exports

Found on 2026-02-16 03:06

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.0.39
Domain: stg-ucp-be.clairiti.com
Port: 80
URL: http://stg-ucp-be.clairiti.com

First seen 2025-12-27 08:56
Last seen 2026-02-16 14:05
Open for 51 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497f01cd57a7f19077992775fbd46add6d14f22f47

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/user-settings/{id}
GET /api/v1/clients
GET /api/v1/clients/{clientId}/configuration
GET /api/v1/clients/{clientId}/organizations
GET /api/v1/clients/{clientId}/packages
GET /api/v1/clients/{clientId}/users
GET /api/v1/communications/{id}
GET /api/v1/invoices
GET /api/v1/invoices/organizations
GET /api/v1/invoices/{invoiceId}
GET /api/v1/invoices/{invoiceId}/candidate-summary
GET /api/v1/invoices/{invoiceId}/documents/{documentId}
GET /api/v1/invoices/{invoiceId}/get-document
GET /api/v1/invoices/{invoiceId}/organization-reference-code-summary
GET /api/v1/invoices/{invoiceId}/organization-summary
GET /api/v1/invoices/{invoiceId}/organization-summary-details
GET /api/v1/invoices/{invoiceId}/organizations
GET /api/v1/invoices/{invoiceId}/reference-code-summary
GET /api/v1/notifications
GET /api/v1/order-statuses
GET /api/v1/orders
GET /api/v1/orders/{orderId}/actions
GET /api/v1/orders/{orderId}/activities
GET /api/v1/orders/{orderId}/candidate
GET /api/v1/orders/{orderId}/disputable-searches
GET /api/v1/orders/{orderId}/documents
GET /api/v1/orders/{orderId}/documents/{documentId}
GET /api/v1/orders/{orderId}/documents/{documentId}/content
GET /api/v1/orders/{orderId}/progress
GET /api/v1/product-relations
GET /api/v1/products
GET /api/v1/reports/all-orders/statistics
GET /api/v1/reports/all-orders/status-counts
GET /api/v1/reports/all-orders/table
GET /api/v1/search/omni
GET /api/v1/session
GET /api/v1/states
GET /api/v1/user-settings
GET /api/v1/widgets
GET /api/v1/widgets/1
GET /api/v1/widgets/10
GET /api/v1/widgets/11
GET /api/v1/widgets/2
GET /api/v1/widgets/3
GET /api/v1/widgets/4
GET /api/v1/widgets/5
GET /api/v1/widgets/6
GET /api/v1/widgets/7
GET /api/v1/widgets/8
GET /api/v1/widgets/9
POST /api/v1/communications/{id}/replies
POST /api/v1/notifications/{notificationId}/mark-as-read
POST /api/v1/order-archives
POST /api/v1/order-batch-downloads
POST /api/v1/orders/cancel
POST /api/v1/orders/{orderId}/disputes
POST /api/v1/reports/all-orders/table-exports

Found on 2026-02-16 14:05

Create report

Open service 20.119.0.39:443 · stg-ucp-be.clairiti.com

2026-01-22 22:29

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Thu, 22 Jan 2026 22:29:29 GMT
Server: Kestrel
Request-Context: appId=cid-v1:8efead58-34e7-4a4f-bea6-c2b64d418d7b

Found 2026-01-22 by HttpPlugin

Create report

Open service 20.119.0.39:443 · stg-ucp-be.clairiti.com

2026-01-10 02:26

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Sat, 10 Jan 2026 02:27:34 GMT
Server: Kestrel
Request-Context: appId=cid-v1:8efead58-34e7-4a4f-bea6-c2b64d418d7b

Found 2026-01-10 by HttpPlugin

Create report

stg-ucp-be.clairiti.com

Fingerprint:

1e196516d6492322102f3d6ee4b69b8c93e9a54a1415f46d884ff48cc0abe4ea

CN:

stg-ucp-be.clairiti.com

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2025-12-27 00:00

Not after:

2026-04-14 23:59

Domain summary

stg-ucp-be.clairiti.com 3

1 recorded

IP summary

20.119.0.39 2

1 recorded