Domain www.setrazemin.com
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-25 18:25
Last seen 2026-02-02 00:19
Open for 38 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354921429b0c7ead8e688f0f676dd75162abcd36635bPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/comments/{id} DELETE /api/localization/{id} DELETE /api/menus/delete-item/{id} DELETE /api/products/delete-variant-images/{image} DELETE /api/review-replies/{id} DELETE /api/reviews/{id} DELETE /api/stocks/{id} DELETE /api/themes/{themeName} DELETE /api/widget-instances/{id} GET /api/Html-translations/{id} GET /api/activitylog/most-viewed-entities/{entityTypeId} GET /api/appsettings GET /api/appsettings/getsetingse GET /api/brands GET /api/brands/{id} GET /api/carousel-widgets/{id} GET /api/cart-rules/{id} GET /api/cashfree/config GET /api/categories GET /api/categories/{id} GET /api/category-translations/{id} GET /api/category-widgets/{id} GET /api/cod/config GET /api/comments GET /api/contact-area GET /api/contact-area-translations/{id} GET /api/contact-area/{id} GET /api/contacts/newContact GET /api/contacts/{id} GET /api/countries GET /api/countries/{countryId}/states-provinces GET /api/countries/{id} GET /api/customergroups GET /api/customergroups/{id} GET /api/customers/{customerId}/cart GET /api/entities GET /api/entity-types/menuable GET /api/html-widgets/{id} GET /api/invoices/print/{id} GET /api/localization/get-cultures GET /api/localization/get-resources GET /api/localization/get-translation GET /api/menus GET /api/menus/{id} GET /api/momo/config GET /api/news-categories GET /api/news-categories-translations/{id} GET /api/news-categories/{id} GET /api/news-items-translations/{id} GET /api/news-items/{id} GET /api/news-widgets/available-orderby GET /api/news-widgets/{id} GET /api/ngan-luong/config GET /api/online-themes GET /api/online-themes/{name} GET /api/orders GET /api/orders/order-status GET /api/orders/{id} GET /api/orders/{orderId}/history GET /api/orders/{orderId}/items-to-ship GET /api/orders/{orderId}/payments GET /api/orders/{orderId}/shipments GET /api/page-translations/{id} GET /api/pages GET /api/pages/{id} GET /api/payments-providers GET /api/paypal-express/config GET /api/product-attribute-groups GET /api/product-attribute-groups/{id} GET /api/product-attributes GET /api/product-attributes/{id} GET /api/product-clone/{id} GET /api/product-options GET /api/product-options-translations/{id} GET /api/product-options/{id} GET /api/product-templates GET /api/product-templates/{id} GET /api/product-translations/{id} GET /api/product-widgets/available-orderby GET /api/product-widgets/{id} GET /api/products/quick-search GET /api/products/{id} GET /api/recently-viewed-widgets/{id} GET /api/review-replies GET /api/reviews GET /api/roles GET /api/search/most-search-keywords GET /api/shipments/{id} GET /api/shipping-providers GET /api/shippings/table-rate/price-destinations GET /api/shippings/table-rate/price-destinations/{id} GET /api/simple-product-widgets/{id} GET /api/spacebar-widgets/{id} GET /api/states-provinces GET /api/states-provinces/{id} GET /api/states-provinces/{stateOrProvinceId}/districts GET /api/stocks/history GET /api/stripe/config GET /api/subscribers/{id} GET /api/tax-classes GET /api/tax-classes/default GET /api/tax-classes/{id} GET /api/tax-rates GET /api/tax-rates/export GET /api/tax-rates/{id} GET /api/themes GET /api/themes/{themeName}/download GET /api/users/quick-search GET /api/users/{id} GET /api/users/{userId}/addresses GET /api/vendors GET /api/vendors/{id} GET /api/warehouses GET /api/warehouses/{id} GET /api/widget-instances GET /api/widget-instances/number-of-widgets GET /api/widget-translations/{id} GET /api/widget-zones GET /api/widgets GET /user/orders GET /user/orders/{orderId} POST /api/care/grid POST /api/care/guest POST /api/carousel-widgets POST /api/cart-rule-usages/grid POST /api/cart-rules POST /api/cart-rules/grid POST /api/cart/{cartId}/order POST /api/cart/{cartId}/update-tax-and-shipping-prices POST /api/carts/{cartId}/apply-coupon POST /api/carts/{cartId}/save-ordernote POST /api/categories/{id}/products POST /api/category-widgets POST /api/comments/change-status/{id} POST /api/comments/grid POST /api/common/upload POST /api/contacts/grid POST /api/countries/grid POST /api/customergroups/grid POST /api/customers/{customerId}/add-cart-item POST /api/html-widgets POST /api/localization/create-resources POST /api/localization/grid POST /api/localization/update-resources POST /api/menus/{id}/add-items POST /api/news-items POST /api/news-items/grid POST /api/news-widgets POST /api/orders/change-order-status/{id} POST /api/orders/export POST /api/orders/grid POST /api/orders/lines-export POST /api/orders/ordertotal POST /api/orders/totalorder POST /api/payments-providers/{id}/disable POST /api/payments-providers/{id}/enable POST /api/product-clone POST /api/product-prices/grid POST /api/product-widgets POST /api/products POST /api/products/ApiPost POST /api/products/change-status/{id} POST /api/products/export POST /api/products/exportids POST /api/products/exportixml POST /api/products/grid POST /api/products/prodelete POST /api/recently-viewed-widgets POST /api/review-replies/change-status/{id} POST /api/review-replies/grid POST /api/reviews/change-status/{id} POST /api/reviews/grid POST /api/shipments POST /api/shipments/grid POST /api/shipping-providers/{id}/disable POST /api/shipping-providers/{id}/enable POST /api/simple-product-widgets POST /api/spacebar-widgets POST /api/states-provinces/grid POST /api/stocks/grid POST /api/subscribers/export POST /api/subscribers/grid POST /api/tax-rates/import POST /api/themes/use-theme POST /api/users POST /api/users/grid POST /api/users/totaluser POST /api/vendors/grid POST /api/warehouses/grid POST /api/warehouses/{warehouseId}/add-all-products POST /api/warehouses/{warehouseId}/add-products POST /api/warehouses/{warehouseId}/products PUT /api/appsettings/savesetingse PUT /api/carts/items/{itemId} PUT /api/categories/update-product/{id} PUT /api/online-themes/{name}/install PUT /api/product-prices PUT /api/products/Updateproducts/{id} PUT /api/stocksFound on 2026-02-02 00:19
-
-
Open service 172.67.206.8:443 · www.setrazemin.com
2026-01-22 22:28
HTTP/1.1 200 OK Date: Thu, 22 Jan 2026 22:28:54 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, no-store pragma: no-cache Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=5OIgcy1JHg7Au8OdqYauvfPYBebKscUKQvwZzwbc2LQWaabpE2XtLShfEPbC5%2BjJtguFFYkjO4xP8lrgTeaR9%2FFpWan6ke6xjCAZTdNx6zCSGg%3D%3D"}]} vary: Accept-Encoding Server: cloudflare strict-transport-security: max-age=2592000 Set-Cookie: SimplUserGuid=8f270f9f-b31d-474e-aac8-8fa36decee8b; expires=Wed, 22 Jan 2031 22:28:54 GMT; path=/; samesite=lax; httponly Set-Cookie: .AspNetCore.Antiforgery.NG7Bw36KDSs=CfDJ8HWmYIQB-EZMmKuBtjpxR8s89CJHeODEt4-U6kOPiZLHpelKYHBYkJFlM6m_qciO2VXu5kyAKxMvzrsGyH-oOCIYm2Ob3tzdVf2CJs_qk8fjzxmYGgZcN0xbl1f3pU8OrU8_-Ynj_xY9oX0VITxXJxY; path=/; samesite=strict; httponly x-frame-options: SAMEORIGIN x-powered-by: ASP.NET x-powered-by-plesk: PleskWin cf-cache-status: DYNAMIC Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} CF-RAY: 9c227cb09ae6d3b0-FRA alt-svc: h3=":443"; ma=86400Found 2026-01-22 by HttpPluginCreate report
-
Open service 172.67.206.8:443 · www.setrazemin.com
2026-01-10 02:26
HTTP/1.1 200 OK Date: Sat, 10 Jan 2026 02:26:25 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, no-store pragma: no-cache Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2Flk5TKKhjKa0B%2FsRoJIVyGMSwgcsN0D9O5QXiYu%2FbOx7It4F1vVapVQy4celO1fSv5dE8TZmmc06%2BaPcnY%2Fzq%2B9Hp8pKufUhoVspxJXrl1T85A%3D%3D"}]} vary: Accept-Encoding Server: cloudflare strict-transport-security: max-age=2592000 Set-Cookie: SimplUserGuid=8c27e309-ce69-46d3-874c-360c36d7063f; expires=Fri, 10 Jan 2031 02:26:24 GMT; path=/; samesite=lax; httponly Set-Cookie: .AspNetCore.Antiforgery.NG7Bw36KDSs=CfDJ8P4xXtoWBnpGn5OhrsH5Ak1CNtSbgsHcUlvWlUopo2PKC896ZY5WtjuRfQ7Z21JXB259syw2jHk-bmhrnV59WfnBR0oCRG9cuGopx-mdsS5-ZwIzxq_pppp6Lc5WmSwr3xX0SssGWvgejeQyytOT2Ds; path=/; samesite=strict; httponly x-frame-options: SAMEORIGIN x-powered-by: ASP.NET x-powered-by-plesk: PleskWin cf-cache-status: DYNAMIC Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} CF-RAY: 9bb8baa55f930876-LHR alt-svc: h3=":443"; ma=86400Found 2026-01-10 by HttpPluginCreate report