LeakIX - Host 104.18.38.252

Host 104.18.38.252

CLOUDFLARENET

Software information

cloudflare

tcp/443 tcp/80 tcp/8443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.38.252
Domain: www.kirunaairport.com
Port: 443
URL: https://www.kirunaairport.com

First seen 2025-11-25 09:29
Last seen 2026-01-23 12:14
Open for 59 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496ba5c7dbee9634fcb95e5ecffa677ba7f482f8ff

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /.well-known/apple-developer-merchantid-domain-association.txt
GET /Error
GET /api/ApplePay/testCert
GET /mvccontrollers/ParkingCardTemplate/parkingcard
GET /services/admin/getAccessLevel
GET /services/admin/getCrisisSettings
GET /services/admin/getOverflowOptions
GET /services/admin/getQueueTimesKillSwitch
GET /services/admin/getQueueTimesStations
GET /services/admin/getSwedaviaAirports
GET /services/admin/isparkingbookingdisabled
GET /services/admin/v2/getAccessLevel
GET /services/admin/v2/getCrisisSettings
GET /services/admin/v2/getOverflowOptions
GET /services/admin/v2/getQueueTimesKillSwitch
GET /services/admin/v2/getQueueTimesStations
GET /services/admin/v2/getSwedaviaAirports
GET /services/admin/v2/isparkingbookingdisabled
GET /services/airlineinformation/v1/airport/{iata}/{language}
GET /services/airlineinformation/v2/airport/{iata}/{language}
GET /services/bookparking/GetAirportSpecificOrder
GET /services/businfo/arrivals-and-departures
GET /services/businfo/query
GET /services/crowdlevels/get/{iata}/{dateTime}
GET /services/destinations/alldestinations/{airportCode}/{language}
GET /services/destinations/highlightblocks/{airportCode}/{language}
GET /services/destinations/list/{airportCode}/{language}
GET /services/destinations/listgroupedbyletter/{airportCode}/{language}
GET /services/destinations/listgroupedbytype/{airportCode}/{language}
GET /services/find/performsearch/{rootPageContentId}/{query}/{language}
GET /services/imagevault/GetByReferenceId/{id}/{settingsId}/{language}/{cropX}/{cropY}/{resizeHeight}/{resizeWidth}
GET /services/importantannouncements/all
GET /services/importantannouncements/auditlogs/{id}
GET /services/importantannouncements/channels
GET /services/importantannouncements/getbyid/{id}
GET /services/importantannouncements/isparkingbookingdisabled
GET /services/logerror
GET /services/managebooking/EmailReminder
GET /services/managebooking/GetBooking
GET /services/managebooking/GetBookingByReferenceAndEmail
GET /services/media/{blockId}/{language}
GET /services/mobile/airport/gettransportation/{language}/{transporterId}/{airportIata}/{atAirport}/{fromStationId}/{toStationId}
GET /services/mobile/airport/gettransportation/{language}/{transporterId}/{airportIata}/{atAirport}/{fromStationId}/{toStationId}/{longitude}/{latitude}
GET /services/mobile/airport/pointofinterests/{language}/{type}/{icao}
GET /services/mobile/airport/v2/gettransportation/{language}/{transporterId}/{airportIata}/{atAirport}/{fromStationId}/{toStationId}
GET /services/mobile/airport/v2/gettransportation/{language}/{transporterId}/{airportIata}/{atAirport}/{fromStationId}/{toStationId}/{longitude}/{latitude}
GET /services/mobile/airport/v2/maps/{language}/{icao}/{lastUpdated}
GET /services/mobile/airport/v2/pointofinterests/{language}/{type}/{icao}
GET /services/mobile/configuration/settings/{language}/{timestamp}
GET /services/mobile/configuration/startupconfiguration/{language}/{datetime}/{os}/{osversion}/{appversion}
GET /services/mobile/configuration/startupconfigurationreadable/{language}/{datetime}/{os}/{osversion}/{appversion}
GET /services/mobile/configuration/v2/settings/{language}/{timestamp}
GET /services/mobile/configuration/v2/startupconfiguration/{language}/{datetime}/{os}/{osversion}/{appversion}
GET /services/mobile/configuration/v2/startupconfigurationreadable/{language}/{datetime}/{os}/{osversion}/{appversion}
GET /services/mobile/content/admin/startscreen/{airportIata}/{language}
GET /services/mobile/content/flightoffers/arrivals/{language}/{iata}/{date}/{flightId}
GET /services/mobile/content/flightoffers/departures/{language}/{iata}/{date}/{flightId}
GET /services/mobile/content/infoscreen/{airportIata}/{pageId}/{language}
GET /services/mobile/content/startscreen/{airportIata}/{language}
GET /services/mobile/content/v2/admin/startscreen/{airportIata}/{language}
GET /services/mobile/content/v2/flightoffers/arrivals/{language}/{iata}/{date}/{flightId}
GET /services/mobile/content/v2/flightoffers/departures/{language}/{iata}/{date}/{flightId}
GET /services/mobile/content/v2/infoscreen/{airportIata}/{pageId}/{language}
GET /services/mobile/content/v2/startscreen/{airportIata}/{language}
GET /services/mobile/destination/getdestinationinfo/{language}/{airportIata}/{destinationIata}
GET /services/mobile/destination/v2/getdestinationinfo/{language}/{airportIata}/{destinationIata}
GET /services/mypages/loggedout
GET /services/mypages/logout
GET /services/mypages/user
GET /services/parkingmypages/getbookings
GET /services/ping
GET /services/press/{blockId}/{language}
GET /services/publicflightsboard/v2/arrival/{language}/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v2/arrivals/{language}/{iata}/{date}/{batchsize}/{batchpage}
GET /services/publicflightsboard/v2/arrivals/{language}/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v2/arrivalstatus/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v2/departure/{language}/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v2/departures/{language}/{iata}/{date}/{batchsize}/{batchpage}
GET /services/publicflightsboard/v2/departures/{language}/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v2/departurestatus/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v2/getflightsfindresults/{iata}/{query}/{language}
GET /services/publicflightsboard/v2/islatest/arrivals/{iata}/{date}/{timeTicks}
GET /services/publicflightsboard/v2/islatest/departures/{iata}/{date}/{timeTicks}
GET /services/publicflightsboard/v2/searchflyto/{query}/{date}/{language}/{iata}/{arrival}
GET /services/publicflightsboard/v3/arrival/{language}/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v3/arrivals/{language}/{iata}/{date}/{batchsize}/{batchpage}
GET /services/publicflightsboard/v3/arrivals/{language}/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v3/arrivalstatus/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v3/departure/{language}/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v3/departures/{language}/{iata}/{date}/{batchsize}/{batchpage}
GET /services/publicflightsboard/v3/departures/{language}/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v3/departurestatus/{iata}/{date}/{flightid}
GET /services/publicflightsboard/v3/getflightsfindresults/{iata}/{query}/{language}
GET /services/publicflightsboard/v3/islatest/arrivals/{iata}/{date}/{timeTicks}
GET /services/publicflightsboard/v3/islatest/departures/{iata}/{date}/{timeTicks}
GET /services/publicflightsboard/v3/searchflyto/{query}/{date}/{language}/{iata}/{arrival}
GET /services/publicimportantannouncements/getimportantannouncements/channels
GET /services/publicimportantannouncements/getimportantannouncements/{announcementChannel}/{importantAnnouncementsSiteId}/{language}
GET /services/publicimportantannouncements/getimportantannouncements/{importantAnnouncementsSiteId}/{language}
GET /services/publicimportantannouncements/getnotifications/{channels}/{sites}/{language}
GET /services/publicimportantannouncements/getparkingimportantannouncements/{importantAnnouncementsSiteId}/{language}
GET /services/publicimportantannouncements/v2/getimportantannouncements/channels
GET /services/publicimportantannouncements/v2/getimportantannouncements/{announcementChannel}/{importantAnnouncementsSiteId}/{language}
GET /services/publicimportantannouncements/v2/getimportantannouncements/{importantAnnouncementsSiteId}/{language}
GET /services/publicimportantannouncements/v2/getnotifications/{channels}/{sites}/{language}
GET /services/publicimportantannouncements/v2/getparkingimportantannouncements/{importantAnnouncementsSiteId}/{language}
GET /services/publictimetableboard/GetTimeTableDirectDepartureFlights/{language}/{departureIata}/{departureDateTime}/{departureTimeWindowMinutes}
GET /services/publictimetableboard/getallairports/{language}
GET /services/publictimetableboard/gettimetableallflights/{departureIata}/{arrivalIata}/{departureDate}/{referrer}
GET /services/publictimetableboard/gettimetableallflightsbydeparturecity/{arrivalIata}/{cityIata}/{departureDate}/{referrer}
GET /services/publictimetableboard/gettimetableallflightsbydestinationcity/{departureIata}/{cityIata}/{departureDate}/{referrer}
GET /services/queuetimes/airport/{lang}/{iata}/{onlyWebQueues}/{includeOverflow}
GET /services/queuetimes/flightnumber/{lang}/{iata}/{flightNumber}/{dateTimeString}/{onlyWebQueues}/{filterByTime}
GET /services/queuetimes/v2/airport/{lang}/{iata}/{onlyWebQueues}/{includeOverflow}
GET /services/queuetimes/v2/flightnumber/{lang}/{iata}/{flightNumber}/{dateTimeString}/{onlyWebQueues}/{filterByTime}
GET /services/quiz/{quizId}
GET /services/recursivetest/{pageId}
GET /services/rfb/{blockId}/{language}
GET /services/slotadvice/{iata}/{language}/{date}/{flightId}
GET /services/tag/{contentTagId}/{includeAllDescendants}/{language}
GET /services/throwerror
GET /services/trafficfeecalculator/calculatefee/{icao}/{engine}/{weightAsString}/{takeoffAsString}/{sidelineAsString}/{approachAsString}/{numberOfEnginesAsString}/{domesticAsString}/{safPercentageAsString}/{numberOfSeatsAsString}/{totalPassengersAsString}/{transferPassengersAsString}/{baggagecountAsString}/{language}
GET /services/trafficfeecalculator/getaircraftengines/{aircraft}
GET /services/trafficfeecalculator/getaircrafts
GET /services/trafficfeecalculator/getinitialvalues/{aircraft}/{engine}
POST /api/ApplePay/createSession
POST /mypageslogin/login
POST /mypageslogin/signup
POST /services/admin/setQueueTimesKillSwitch
POST /services/admin/setparkingbookingstate
POST /services/admin/v2/setQueueTimesKillSwitch
POST /services/admin/v2/setparkingbookingstate
POST /services/bookparking/BookParking
POST /services/bookparking/CancelSession
POST /services/bookparking/CheckForUpgrade
POST /services/bookparking/CheckPaymentStatus
POST /services/bookparking/FindParking
POST /services/bookparking/GetEmailUpgrade
POST /services/bookparking/ReinitPaymentSession
POST /services/bookparking/ReserveParking
POST /services/bookparking/UpgradeParking
POST /services/epicampaign/newsletter/subscribe
POST /services/find/quicksearch
POST /services/find/searchpagesearch
POST /services/find/track
POST /services/importantannouncements/add
POST /services/importantannouncements/setparkingbookingstate
POST /services/managebooking/CancelBooking
POST /services/managebooking/ForgotReference
POST /services/managebooking/ModifyBooking
POST /services/managebooking/ParkingBookingAmend/{iata}
POST /services/managebooking/ResendBookingConfirmation/{iata}
POST /services/managebooking/UpdateBookingDetails
POST /services/managebooking/accessbooking
POST /services/managebooking/getbooking
POST /services/managebooking/parkingbookingcancel/{iata}
POST /services/parkingprebooking/ListTerminals/{iata}
POST /services/parkingprebooking/ParkingAvailability/{iata}
POST /services/parkingprebooking/ParkingAvailabilityUpdate/{iata}
POST /services/parkingprebooking/ParkingBookingNew/{iata}
POST /services/parkingprebooking/ParkingUpgradeAvailability/{iata}
POST /services/parkingprebooking/getorderconfirmation
POST /services/quiz/CheckQuiz
POST /services/setivkillswitchstatus
POST /services/trafficfeecalculator/calculatefee/{language}
PUT /services/admin/setCrisisSettings
PUT /services/admin/updateQueueTimeSettings
PUT /services/admin/v2/setCrisisSettings
PUT /services/admin/v2/updateQueueTimeSettings
PUT /services/importantannouncements/edit

Found on 2026-01-23 12:14

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-16 03:23

Create report

Open service 104.18.38.252:443 · baratos-voos.com

2026-01-26 09:39

HTTP/1.1 403 Forbidden
Date: Mon, 26 Jan 2026 09:39:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8623
Connection: close
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cf-mitigated: challenge
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server-timing: chlray;desc="9c3f0accde6dd56f"
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Set-Cookie: __cf_bm=pDCAlv_ALBY9w4Tam3ML0CsQFVBQtiAlfetR.HGOahs-1769420356-1.0.1.1-_XEnG13C_8rqeaN9EubSTaH89pRBjhwf1esHtTFFq2aMp4q0TQbrEUvecbD22nVT.rvUzN2QPgZYgHtmdqDwT5Jmp91f18ZwgTOUb5eu6v0; path=/; expires=Mon, 26-Jan-26 10:09:16 GMT; domain=.baratos-voos.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 9c3f0accde6dd56f-LHR

Page title: Just a moment...

<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family:system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}body{display:flex;flex-direction:column;height:100vh;min-height:100vh}.main-content{margin:8rem auto;padding-left:1.5rem;max-width:60rem}@media (width <= 720px){.main-content{margin-top:4rem}}.h2{line-height:2.25rem;font-size:1.5rem;font-weight:500}@media (width <= 720px){.h2{line-height:1.5rem;font-size:1.25rem}}#challenge-error-text{background-image:url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgMTMgMTNBMTMuMDE1IDEzLjAxNSAwIDAgMCAxNiAzbTAgMjRhMTEgMTEgMCAxIDEgMTEtMTEgMTEuMDEgMTEuMDEgMCAwIDEtMTEgMTEiLz48cGF0aCBmaWxsPSIjQjIwRjAzIiBkPSJNMTcuMDM4IDE4LjYxNUgxNC44N0wxNC41NjMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+");background-repeat:no-repeat;background-size:contain;padding-left:34px}@media (prefers-color-scheme: dark){body{background-color:#222;color:#d9d9d9}}</style><meta http-equiv="refresh" content="360"></head><body><div class="main-wrapper" role="main"><div class="main-content"><noscript><div class="h2"><span id="challenge-error-text">Enable JavaScript and cookies to continue</span></div></noscript></div></div><script>(function(){window._cf_chl_opt = {cvId: '3',cZone: 'baratos-voos.com',cType: 'managed',cRay: '9c3f0accde6dd56f',cH: 'TlGwFk99K9MzaSzwbkY1wR376v4d_T7leW89plx0qPA-1769420356-1.2.1.1-z2tx3tSdTK8ZE.vVRbK6vgTyXjVWN8x8fWvokclj36VHZHIOsqp6yAxIQNCwSY.T',cUPMDTk:"\/?__cf_chl_tk=mBCh4z00NzqKg6A9MrVRVBjeeKOOIaXVBKUNUFrdl9I-1769420356-1.0.1.1-Y1HQcVw7mQmSONx7CK.fQc00OFWdIEPpWeKDOjEWTAc",cFPWv: 'b',cITimeS: '1769420356',cTplC:0,cTplV:5,cTplB: '0',fa:"\/?__cf_chl_f_tk=mBCh4z00NzqKg6A9MrVRVBjeeKOOIaXVBKUNUFrdl9I-1769420356-1.0.1.1-Y1HQcVw7mQmSONx7CK.fQc00OFWdIEPpWeKDOjEWTAc",md: 'OCKw6vCod_PxyjLUVmvfwNh2sBoTHoaHgmvp5Il4Dlg-1769420356-1.2.1.1-vBzDdQ4dpbDThYz.nxRTlJwy8IW3q1b98ku.4bEdSytQNFy6_bxSznyF.wSr61.qvAVYUAXIo0SVXQWd29lK.413gWj.txGoXWe3kfjFhYuztuzirWKOq2Hj8gC3RNIS_8iNIfrE4QsA7FKq5xqf5dlOix4hAIyptopRBcRJ7EFs1a1CO0Rr7kB175gGIpUpZ35uCGkqiMgqSP8KKRWsLk5TGL.9w15RRQxXl1QjLk5BRc9vvviyW_5UoowdOuHjfj7xHL2j0jUuXNfmS6KR30lSqhw70aFJOODSoDSGAixPeH1el.nC4HUEFZAOL1UMqPcxD48U2chrnq7trU0w.AgpepuxR75X86DfOgNeZZDYlQmQWSxwo0SG_FuW9vIjcnBK3GH8WMfNMoRRvxM5GXdjB0JirKmYGI2CcX6hW4gEoz1oeO0OyLByz3xY7c17zNShvdbcdftKZ4VS2dAvfVFcs2GiOux12hzKv6GU_tqtPejHRLCq.dRtZ3Mk4fej6PxInLyXF3qjJyq0Z0MQ4KxRWzfQJ6Or8oWy_uVj8Xmwuhy9wviNPL1PpNjSPuCvKqgp4jxmaPnHu1qYY8ETUiRMYpL2ILT0Sju.N6vCnwzaybkYqATshguA9b22pxHQhPeuiexqXSrDWevPEY.4xjs3H9v2v3WGxlYT4oi.Bvk8Ef3J0SAUzc7BQ_ROTEgb78RPceCBBlHN2Z7YrQRqOkXTDCCyIr2c1Cjo6trmc6fGtbFSnxOQFy.OkGZDcIN5oUDoZ_i1C_GYLNRjPfN.NaVwQB7Xkd.UYwjk1qcfRxUkbWNhTCtevs2fkZgNMYmIyTQwfr_1EAxFKLSjG934nPYw8Ccwb.8DxRtxv_d44nURKDfNuYVn.tTLJdGdZfUVfMj8u3hyQwn1zlD_aZMg6daBgXmOKkL.vqIAo_OPyk7jVGX0l4j3hgrF92gonvatz9FInrT9E_ioj3QveT5o8x48gZmRe8KzkGEh3JG55EpO3IgYIwBHDkwySf42Zwcb',mdrd: 'GAWQBguSmBw28xl6Et.aogo9hsOAHOzatFxBv3It1cU-1769420356-1.2.1.1-L5AF.AxDdMgZb6uihAmRqPG6q8AmC7k931.dLNa9MG3P.Cg.nno4heDF.Y7J6NGMKXnwZR8MiDcOQwsdjRN1ndb2HUcfEeiurOQb2alIK85A4rRbiGUU2vLW10.9ctWbGkjqoN5l1Cb4OwDXJicnhrt7GLOSE0f22.KmgK.xq1Kyn.U8oBlwpCyge5dUV6Cl5YvjqKf2HnsgnPrZShEvHQZNktbHgY3Jegg01LiobiUewALC1q13l7Ylkuk9tDB8j6BhTC4.q8XavDtaoA75S_gT.zAB0IMbgxa4z0p7cfeDiOWLvWsDxTC9rwXi8n1HwJ.KtJM99dDc_6eKkpGkrvcH0DX.f.QUxLsiHbf6pk7aj1FcGq.u2rV64bl91S.MN2

Found 2026-01-26 by HttpPlugin