Domain tehtava.api-test.yle.fi
United States
Software information
Jetty(11.0.18)
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-14 20:15
Last seen 2026-01-16 20:23
Open for 94 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4315e3782a2456098c3b4ae8113482557a516366bfPublic Swagger UI/API detected at path: /swagger.json - sample paths: DELETE /v1/answers/question/{question-uuid}.json GET /v1/answers/exam/{exam-id}.json GET /v1/answers/exam/{exam-id}/hengaillaan GET /v1/answers/participate GET /v1/answers/plastics/user.json GET /v1/answers/questions GET /v1/answers/series GET /v1/exams GET /v1/exams/answers/{uuid}.json GET /v1/exams/author/{author-id}.json GET /v1/exams/logs/{uuid}.json GET /v1/exams/stats.json GET /v1/exams/statsums.json GET /v1/exams/tags/{tags} GET /v1/exams/uuid/{uuid}.json GET /v1/exams/{id}.json GET /v1/ping GET /v1/public/averagescores.json GET /v1/public/exams GET /v1/public/exams.json GET /v1/public/leaderboard-hengaillaan/{uuid}.json GET /v1/public/leaderboard/{uuid}.json GET /v1/public/plastics/stats.json GET /v1/public/polls GET /v1/public/questions/carousel.json GET /v1/public/questions/search.json GET /v1/public/scores.json GET /v1/public/series GET /v1/public/stats.json GET /v1/public/statsums.json GET /v1/public/subjects.json GET /v1/public/tags.json GET /v1/public/tvstats.json GET /v1/questions/search.json GET /v1/questions/{quuid}/options/{oid}/answers.json GET /v1/questions/{quuid}/options/{oid}/stats.json GET /v1/series GET /v1/series/{uuid}.json GET /v1/tags/update POST /v1/answers/hengaillaan POST /v1/answers/plastics POST /v1/answers/question POST /v1/answers/umk POST /v1/ingest/answersFound on 2026-01-16 20:23
-
-
Open service 65.9.95.105:443 · tehtava.api-test.yle.fi
2026-01-10 00:36
HTTP/1.1 302 Moved Temporarily Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: close Date: Sat, 10 Jan 2026 00:36:24 GMT Location: /index.html Server: Jetty(11.0.18) X-Cache: Hit from cloudfront Via: 1.1 d19bc25644fc0cb24d9e1c2cb87755ca.cloudfront.net (CloudFront) X-Amz-Cf-Pop: PRG50-C1 X-Amz-Cf-Id: 280pogqJT5vJt8s9lS_Hq-5NExhLrpvAc8Y5kouc90NjCA_aQLQdhA== Age: 2
Found 2026-01-10 by HttpPluginCreate report
-
Open service 65.9.95.105:443 · tehtava.api-test.yle.fi
2026-01-10 00:36
HTTP/1.1 302 Moved Temporarily Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: close Date: Sat, 10 Jan 2026 00:36:24 GMT Location: /index.html Server: Jetty(11.0.18) X-Cache: Hit from cloudfront Via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: PRG50-C1 X-Amz-Cf-Id: HllB25_dIExDd_mzzNOAe7lvzpjdCMRxmFHReq2cOFOSPOPB7waKoA== Age: 2
Found 2026-01-10 by HttpPluginCreate report
-
Open service 65.9.95.105:443 · tehtava.api-test.yle.fi
2026-01-02 19:32
HTTP/1.1 302 Moved Temporarily Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: close Date: Fri, 02 Jan 2026 19:32:53 GMT Location: /index.html Server: Jetty(11.0.18) X-Cache: Hit from cloudfront Via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: PRG50-C1 X-Amz-Cf-Id: yZmtMgXhJYIQdpuPxAv_SzSZEYDRDsbEgFTcDFmS9QtSi06xp-WI1A==
Found 2026-01-02 by HttpPluginCreate report
-
Open service 65.9.95.105:443 · tehtava.api-test.yle.fi
2026-01-02 19:32
HTTP/1.1 302 Moved Temporarily Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: close Date: Fri, 02 Jan 2026 19:32:53 GMT Location: /index.html Server: Jetty(11.0.18) X-Cache: Hit from cloudfront Via: 1.1 1d04caaed0a43993076e404ebf3738da.cloudfront.net (CloudFront) X-Amz-Cf-Pop: PRG50-C1 X-Amz-Cf-Id: uFT2bHfht0frVDHgL-pys_Pv3coIxV5bfv9PKcYP-fVjPgP5OotpaA==
Found 2026-01-02 by HttpPluginCreate report
-
Open service 65.9.95.105:443 · tehtava.api-test.yle.fi
2025-12-23 09:18
HTTP/1.1 302 Moved Temporarily Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: close Date: Tue, 23 Dec 2025 09:18:00 GMT Location: /index.html Server: Jetty(11.0.18) X-Cache: Hit from cloudfront Via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront) X-Amz-Cf-Pop: PRG50-C1 X-Amz-Cf-Id: 5uFHAIztVOYIYHPfUMamHxd0mq90aNIfCAuNTPHq7WJQht1m4SJb_A== Age: 1
Found 2025-12-23 by HttpPluginCreate report