LeakIX - Host 13.67.63.90

Host 13.67.63.90

Singapore

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443 tcp/80

Microsoft-IIS 10.0

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 103.108.131.19
Domain: kidecowms-demo-api.traxia.me
Port: 443
URL: https://kidecowms-demo-api.traxia.me

First seen 2025-12-29 05:35
Last seen 2026-02-09 23:18
Open for 42 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493887a4219c9bf2d10d95f059acbc4f33516bb220

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/materialReceiving/create
GET /api/materialReceiving/list
GET /api/materialReceiving/retrieve
GET /api/pickingList/list
GET /api/putaway/list
GET /api/qualityInspection/list
GET /api/qualityInspection/retrieve
POST /api/authentication/otpChallenge
POST /api/authentication/phoneNumberChallenge
POST /api/materialReceiving/receive
POST /api/materialReceiving/start
POST /api/materialReceiving/update
POST /api/pickingList/finish
POST /api/putaway/finish
POST /api/putaway/start
POST /api/qualityInspection/inspect
POST /api/qualityInspection/uploadMedia

Found on 2026-02-09 23:18

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499be33f89ac0e03d47e7e2f6b7e7e2f6b7e7e2f6b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/materialReceiving/list
POST /api/authentication/otpChallenge
POST /api/authentication/phoneNumberChallenge

Found on 2026-02-02 11:53

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e13f9ff2145547a6ae32894f0362268313f5f2e5

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/rack/update
POST /api/sap/sync
POST /api/transferRequest/create
POST /api/transferRequest/delete/{guid}
POST /api/transferRequest/list
POST /api/transferRequest/retrieve/{guid}
POST /api/transferRequest/update

Found on 2025-12-29 05:35

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: horoscope-api-dev.aduang.co
Port: 80
URL: http://horoscope-api-dev.aduang.co

First seen 2025-12-22 06:21
Last seen 2026-02-09 23:16
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60669808a19fe846e34bf916764bf916764bf91676
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /health
GET /horoscopes/daily/today/day/{day}
GET /horoscopes/daily/today/day/{day}/contents
```
  Found on 2026-02-09 23:16
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: credentials-staging.traxia.cloud
Port: 443
URL: https://credentials-staging.traxia.cloud

First seen 2025-12-24 04:20
Last seen 2026-02-09 21:39
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549671c816d3efd44918f726939dd94571391021bf1

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/asset/health-status
GET /api/asset/share
GET /api/authentication/authenticate-api-access
GET /api/authentication/authenticate-application-access
GET /api/authentication/authenticate-user-access
GET /api/authentication/authenticate-user-with-google
GET /api/authentication/return-token-status
GET /api/authentication/{scheme}
GET /api/user/change-password
GET /api/user/reset-password
POST /api/asset/assign-operator
POST /api/asset/delete
POST /api/asset/info
POST /api/asset/list
POST /api/asset/register
POST /api/asset/update
POST /api/asset/update-extra
POST /api/asset/update-gps
POST /api/authentication/logout
POST /api/device/disable
POST /api/device/enable
POST /api/device/info
POST /api/device/list
POST /api/device/register
POST /api/device/update
POST /api/simcard/disable
POST /api/simcard/enable
POST /api/simcard/info
POST /api/simcard/list
POST /api/simcard/register
POST /api/simcard/update
POST /api/subscriber/disable
POST /api/subscriber/enable
POST /api/subscriber/info
POST /api/subscriber/register
POST /api/subscriber/signup
POST /api/subscriber/update
POST /api/user/authenticate
POST /api/user/authenticate-otp
POST /api/user/challenge-otp
POST /api/user/disable
POST /api/user/enable
POST /api/user/info
POST /api/user/list
POST /api/user/register
POST /api/user/update

Found on 2026-02-09 21:39

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: horoscope-api-staging.aduang.co
Port: 443
URL: https://horoscope-api-staging.aduang.co

First seen 2025-12-22 06:25
Last seen 2026-02-09 20:37
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035493b0fe0dbbed734cebed734cebed734cebed734ce
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /horoscopes/daily/today/day/{day}
GET /horoscopes/daily/today/day/{day}/contents
```
  Found on 2026-02-09 20:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: media-sandbox.traxia.cloud
Port: 443
URL: https://media-sandbox.traxia.cloud

First seen 2025-12-25 07:43
Last seen 2026-02-09 20:12
Open for 46 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549bdd667dc79c48315f735f3f99255f78543b1ea2d
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/media/download
GET /api/video/progress
POST /api/image/resize
POST /api/image/watermark
POST /api/media/delete
POST /api/media/info
POST /api/media/upload
POST /api/video/compress
POST /api/video/convert
POST /api/video/progress-complete
POST /api/video/progress-update
POST /api/video/trim
```
  Found on 2026-02-09 20:12
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: payment-staging.traxia.cloud
Port: 443
URL: https://payment-staging.traxia.cloud

First seen 2025-12-25 07:32
Last seen 2026-02-09 20:12
Open for 46 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549f50414b9cb49e662405479cab2e4af858bb3a7da
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/order/authorize
GET /api/order/lookup
GET /api/order/product
GET /api/order/retrieve
GET /api/order/status
POST /api/order/create
POST /api/settlement/settle
```
  Found on 2026-02-09 20:12
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: ndwc-dev.pranworks.com
Port: 443
URL: https://ndwc-dev.pranworks.com

First seen 2025-12-22 18:39
Last seen 2026-02-09 19:50
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 19:50
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: api.aduang.co
Port: 443
URL: https://api.aduang.co

First seen 2025-12-10 01:42
Last seen 2026-02-09 19:16
Open for 61 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 19:16
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: mongorest.aduang.co
Port: 80
URL: http://mongorest.aduang.co

First seen 2025-12-10 01:41
Last seen 2026-02-09 18:55
Open for 61 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549379c4ac493b06a1901797d481b9bd67d8f545580

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/cards
GET /api/cards/{id}
GET /api/cards_android
GET /api/cards_android/{id}
GET /api/cards_ios
GET /api/cards_ios/{id}
GET /api/cards_web
GET /api/cards_web/{id}
GET /api/categories
GET /api/categories/{category_id}/readings
GET /api/categories/{id}
GET /api/courts
GET /api/courts/{id}
GET /api/digit_numbers
GET /api/digit_numbers/{id}
GET /api/fortune_sticks
GET /api/fortune_sticks/{id}
GET /api/occasion
GET /api/occasion/{category}/{year}/{month}
GET /api/occasion/{id}
GET /api/occasion/{year}/{month}
GET /api/reading
GET /api/reading/{id}
GET /api/suits/{id}
GET /api/tools
GET /data/{database}/{view}
GET /data/{database}/{view}/{id}
GET /data/{database}/{view}/{id}/{arrayFieldName}
GET /exception/binding
GET /linebot/cards
GET /linebot/cards/{id}
GET /p/json
GET /p/{id}
GET /sys/stats
POST /p
POST /restart

Found on 2026-02-09 18:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: horoscope-api-dev.aduang.co
Port: 443
URL: https://horoscope-api-dev.aduang.co

First seen 2025-12-22 06:21
Last seen 2026-02-09 15:45
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354965c8e012cd97cddac91782afc91782afc91782af
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /health
GET /horoscopes/daily/today/day/{day}
GET /horoscopes/daily/today/day/{day}/contents
```
  Found on 2026-02-09 15:45
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: demo-admin.iontone.com
Port: 443
URL: https://demo-admin.iontone.com

First seen 2025-12-30 06:28
Last seen 2026-02-09 15:33
Open for 41 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 15:33
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: media-staging.traxia.cloud
Port: 443
URL: https://media-staging.traxia.cloud

First seen 2025-12-25 07:36
Last seen 2026-02-09 15:02
Open for 46 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549bdd667dc79c48315f735f3f99255f78543b1ea2d
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/media/download
GET /api/video/progress
POST /api/image/resize
POST /api/image/watermark
POST /api/media/delete
POST /api/media/info
POST /api/media/upload
POST /api/video/compress
POST /api/video/convert
POST /api/video/progress-complete
POST /api/video/progress-update
POST /api/video/trim
```
  Found on 2026-02-09 15:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: horoscope-api.aduang.co
Port: 80
URL: http://horoscope-api.aduang.co

First seen 2025-12-10 01:43
Last seen 2026-02-09 12:44
Open for 61 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60669808a19fe846e34bf916764bf916764bf91676
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /health
GET /horoscopes/daily/today/day/{day}
GET /horoscopes/daily/today/day/{day}/contents
```
  Found on 2026-02-09 12:44
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: credentials-staging.traxia.cloud
Port: 80
URL: http://credentials-staging.traxia.cloud

First seen 2025-12-24 04:20
Last seen 2026-02-09 12:15
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549671c816d3efd44918f726939dd94571391021bf1

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/asset/health-status
GET /api/asset/share
GET /api/authentication/authenticate-api-access
GET /api/authentication/authenticate-application-access
GET /api/authentication/authenticate-user-access
GET /api/authentication/authenticate-user-with-google
GET /api/authentication/return-token-status
GET /api/authentication/{scheme}
GET /api/user/change-password
GET /api/user/reset-password
POST /api/asset/assign-operator
POST /api/asset/delete
POST /api/asset/info
POST /api/asset/list
POST /api/asset/register
POST /api/asset/update
POST /api/asset/update-extra
POST /api/asset/update-gps
POST /api/authentication/logout
POST /api/device/disable
POST /api/device/enable
POST /api/device/info
POST /api/device/list
POST /api/device/register
POST /api/device/update
POST /api/simcard/disable
POST /api/simcard/enable
POST /api/simcard/info
POST /api/simcard/list
POST /api/simcard/register
POST /api/simcard/update
POST /api/subscriber/disable
POST /api/subscriber/enable
POST /api/subscriber/info
POST /api/subscriber/register
POST /api/subscriber/signup
POST /api/subscriber/update
POST /api/user/authenticate
POST /api/user/authenticate-otp
POST /api/user/challenge-otp
POST /api/user/disable
POST /api/user/enable
POST /api/user/info
POST /api/user/list
POST /api/user/register
POST /api/user/update

Found on 2026-02-09 12:15

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: feed.aduang.co
Port: 80
URL: http://feed.aduang.co

First seen 2025-12-10 02:40
Last seen 2026-02-09 10:51
Open for 61 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549597326dcada21bd276376359ae154339b9ba666f
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /vendors/{vid}
DELETE /vendors/{vid}/articles/{vaid}
DELETE /vendors/{vid}/keys/{keyid}
GET /articles
GET /backoffice
GET /backoffice/count
GET /vendors
GET /vendors/count
GET /vendors/keys
GET /vendors/{vid}/articles
GET /vendors/{vid}/articles/count
GET /vendors/{vid}/keys
POST /backoffice/{vid}/linetoday
```
  Found on 2026-02-09 10:51
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: credentials-sandbox.traxia.cloud
Port: 80
URL: http://credentials-sandbox.traxia.cloud

First seen 2025-12-25 07:30
Last seen 2026-02-09 06:25
Open for 45 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549671c816d3efd44918f726939dd94571391021bf1

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/asset/health-status
GET /api/asset/share
GET /api/authentication/authenticate-api-access
GET /api/authentication/authenticate-application-access
GET /api/authentication/authenticate-user-access
GET /api/authentication/authenticate-user-with-google
GET /api/authentication/return-token-status
GET /api/authentication/{scheme}
GET /api/user/change-password
GET /api/user/reset-password
POST /api/asset/assign-operator
POST /api/asset/delete
POST /api/asset/info
POST /api/asset/list
POST /api/asset/register
POST /api/asset/update
POST /api/asset/update-extra
POST /api/asset/update-gps
POST /api/authentication/logout
POST /api/device/disable
POST /api/device/enable
POST /api/device/info
POST /api/device/list
POST /api/device/register
POST /api/device/update
POST /api/simcard/disable
POST /api/simcard/enable
POST /api/simcard/info
POST /api/simcard/list
POST /api/simcard/register
POST /api/simcard/update
POST /api/subscriber/disable
POST /api/subscriber/enable
POST /api/subscriber/info
POST /api/subscriber/register
POST /api/subscriber/signup
POST /api/subscriber/update
POST /api/user/authenticate
POST /api/user/authenticate-otp
POST /api/user/challenge-otp
POST /api/user/disable
POST /api/user/enable
POST /api/user/info
POST /api/user/list
POST /api/user/register
POST /api/user/update

Found on 2026-02-09 06:25

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: api.aduang.co
Port: 80
URL: http://api.aduang.co

First seen 2025-12-10 01:42
Last seen 2026-02-09 04:33
Open for 61 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 04:33
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: horoscope-api-staging.aduang.co
Port: 80
URL: http://horoscope-api-staging.aduang.co

First seen 2025-12-22 06:25
Last seen 2026-02-08 20:37
Open for 48 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035493b0fe0dbbed734cebed734cebed734cebed734ce
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /horoscopes/daily/today/day/{day}
GET /horoscopes/daily/today/day/{day}/contents
```
  Found on 2026-02-08 20:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: message-staging.traxia.cloud
Port: 443
URL: https://message-staging.traxia.cloud

First seen 2025-12-25 07:34
Last seen 2026-02-02 09:51
Open for 39 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035498a8da585953fdfe27e3fd7ad51e1dc78e24c7e35
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/firebase/subscribe
GET /api/firebase/unsubscribe
GET /api/push-command/retrieve
GET /api/telegram/stream/{messageGuid}
GET /api/whatsapp/receive
POST /api/email/send
POST /api/firebase/send
POST /api/line/receive
POST /api/line/reply
POST /api/line/send
POST /api/push-command/create
POST /api/push-command/list
POST /api/push-command/update
POST /api/sms/send
POST /api/telegram/receive
POST /api/telegram/send
POST /api/telegram/validate
POST /api/whatsapp/send
```
  Found on 2026-02-02 09:51
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: mongorest.aduang.co
Port: 443
URL: https://mongorest.aduang.co

First seen 2025-12-10 01:41
Last seen 2026-02-02 06:55
Open for 54 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549379c4ac493b06a1901797d481b9bd67d8f545580

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/cards
GET /api/cards/{id}
GET /api/cards_android
GET /api/cards_android/{id}
GET /api/cards_ios
GET /api/cards_ios/{id}
GET /api/cards_web
GET /api/cards_web/{id}
GET /api/categories
GET /api/categories/{category_id}/readings
GET /api/categories/{id}
GET /api/courts
GET /api/courts/{id}
GET /api/digit_numbers
GET /api/digit_numbers/{id}
GET /api/fortune_sticks
GET /api/fortune_sticks/{id}
GET /api/occasion
GET /api/occasion/{category}/{year}/{month}
GET /api/occasion/{id}
GET /api/occasion/{year}/{month}
GET /api/reading
GET /api/reading/{id}
GET /api/suits/{id}
GET /api/tools
GET /data/{database}/{view}
GET /data/{database}/{view}/{id}
GET /data/{database}/{view}/{id}/{arrayFieldName}
GET /exception/binding
GET /linebot/cards
GET /linebot/cards/{id}
GET /p/json
GET /p/{id}
GET /sys/stats
POST /p
POST /restart

Found on 2026-02-02 06:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: event-sandbox.traxia.cloud
Port: 443
URL: https://event-sandbox.traxia.cloud

First seen 2025-12-25 07:31
Last seen 2026-02-02 03:38
Open for 38 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354948c97064f2cc8985da9ee53fda9ee53fda9ee53f
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/event/info
POST /api/event/list
POST /api/event/register
```
  Found on 2026-02-02 03:38
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: feed.aduang.co
Port: 443
URL: https://feed.aduang.co

First seen 2025-12-10 02:40
Last seen 2026-02-02 00:36
Open for 53 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549597326dcada21bd276376359ae154339b9ba666f
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /vendors/{vid}
DELETE /vendors/{vid}/articles/{vaid}
DELETE /vendors/{vid}/keys/{keyid}
GET /articles
GET /backoffice
GET /backoffice/count
GET /vendors
GET /vendors/count
GET /vendors/keys
GET /vendors/{vid}/articles
GET /vendors/{vid}/articles/count
GET /vendors/{vid}/keys
POST /backoffice/{vid}/linetoday
```
  Found on 2026-02-02 00:36
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: masterdata-staging.traxia.cloud
Port: 443
URL: https://masterdata-staging.traxia.cloud

First seen 2025-12-25 07:31
Last seen 2026-02-01 23:42
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491d0ca72f3f2830187d4a1f85211c00bd89c2410a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/customer/delete
POST /api/customer/info
POST /api/customer/list
POST /api/customer/register
POST /api/customer/update
POST /api/document-type/delete
POST /api/document-type/info
POST /api/document-type/list
POST /api/document-type/register
POST /api/document-type/update
POST /api/document/delete
POST /api/document/info
POST /api/document/list
POST /api/document/register
POST /api/document/update
POST /api/location-type/delete
POST /api/location-type/info
POST /api/location-type/list
POST /api/location-type/register
POST /api/location-type/update
POST /api/location/delete
POST /api/location/info
POST /api/location/list
POST /api/location/register
POST /api/location/update
POST /api/project/delete
POST /api/project/info
POST /api/project/list
POST /api/project/register
POST /api/project/update
POST /api/route/delete
POST /api/route/info
POST /api/route/list
POST /api/route/register
POST /api/route/update
POST /api/user-group/delete
POST /api/user-group/info
POST /api/user-group/list
POST /api/user-group/register
POST /api/user-group/update
POST /api/vendor/delete
POST /api/vendor/info
POST /api/vendor/list
POST /api/vendor/register
POST /api/vendor/update

Found on 2026-02-01 23:42

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: event-staging.traxia.cloud
Port: 443
URL: https://event-staging.traxia.cloud

First seen 2025-12-25 07:31
Last seen 2026-02-01 22:20
Open for 38 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354948c97064f2cc8985da9ee53fda9ee53fda9ee53f
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/event/info
POST /api/event/list
POST /api/event/register
```
  Found on 2026-02-01 22:20
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: payment-sandbox.traxia.cloud
Port: 443
URL: https://payment-sandbox.traxia.cloud

First seen 2025-12-25 07:30
Last seen 2026-02-01 22:20
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913846f0e67b5a2613bc7cc4ea881296a4abae066

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/credit-card/cancel/{id}
GET /api/credit-card/check/{id}
GET /api/credit-card/refund/{id}
GET /api/order/authorize
GET /api/order/lookup
GET /api/order/product
GET /api/order/retrieve
GET /api/order/status
GET /api/settlement/check-transaction/{id}
POST /api/credit-card/charge
POST /api/credit-card/snap
POST /api/disburse/bank
POST /api/disburse/ewallet
POST /api/ewallet/dana
POST /api/ewallet/gopay
POST /api/ewallet/ovo
POST /api/ewallet/shopeepay
POST /api/order/create
POST /api/qris/charge
POST /api/retail/charge
POST /api/settlement/settle
POST /api/virtual-account/bca
POST /api/virtual-account/bni
POST /api/virtual-account/bri
POST /api/virtual-account/danamon
POST /api/virtual-account/mandiri
POST /api/virtual-account/permata

Found on 2026-02-01 22:20

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: masterdata-sandbox.traxia.cloud
Port: 443
URL: https://masterdata-sandbox.traxia.cloud

First seen 2025-12-25 07:31
Last seen 2026-01-23 02:29
Open for 28 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491d0ca72f3f2830187d4a1f85211c00bd89c2410a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/customer/delete
POST /api/customer/info
POST /api/customer/list
POST /api/customer/register
POST /api/customer/update
POST /api/document-type/delete
POST /api/document-type/info
POST /api/document-type/list
POST /api/document-type/register
POST /api/document-type/update
POST /api/document/delete
POST /api/document/info
POST /api/document/list
POST /api/document/register
POST /api/document/update
POST /api/location-type/delete
POST /api/location-type/info
POST /api/location-type/list
POST /api/location-type/register
POST /api/location-type/update
POST /api/location/delete
POST /api/location/info
POST /api/location/list
POST /api/location/register
POST /api/location/update
POST /api/project/delete
POST /api/project/info
POST /api/project/list
POST /api/project/register
POST /api/project/update
POST /api/route/delete
POST /api/route/info
POST /api/route/list
POST /api/route/register
POST /api/route/update
POST /api/user-group/delete
POST /api/user-group/info
POST /api/user-group/list
POST /api/user-group/register
POST /api/user-group/update
POST /api/vendor/delete
POST /api/vendor/info
POST /api/vendor/list
POST /api/vendor/register
POST /api/vendor/update

Found on 2026-01-23 02:29

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: payment.traxia.cloud
Port: 443
URL: https://payment.traxia.cloud

First seen 2025-12-25 07:29
Last seen 2026-01-23 02:29
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549f50414b9cb49e662405479cab2e4af858bb3a7da
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/order/authorize
GET /api/order/lookup
GET /api/order/product
GET /api/order/retrieve
GET /api/order/status
POST /api/order/create
POST /api/settlement/settle
```
  Found on 2026-01-23 02:29
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: credentials-sandbox.traxia.cloud
Port: 443
URL: https://credentials-sandbox.traxia.cloud

First seen 2025-12-25 07:30
Last seen 2026-01-23 02:29
Open for 28 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549671c816d3efd44918f726939dd94571391021bf1

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/asset/health-status
GET /api/asset/share
GET /api/authentication/authenticate-api-access
GET /api/authentication/authenticate-application-access
GET /api/authentication/authenticate-user-access
GET /api/authentication/authenticate-user-with-google
GET /api/authentication/return-token-status
GET /api/authentication/{scheme}
GET /api/user/change-password
GET /api/user/reset-password
POST /api/asset/assign-operator
POST /api/asset/delete
POST /api/asset/info
POST /api/asset/list
POST /api/asset/register
POST /api/asset/update
POST /api/asset/update-extra
POST /api/asset/update-gps
POST /api/authentication/logout
POST /api/device/disable
POST /api/device/enable
POST /api/device/info
POST /api/device/list
POST /api/device/register
POST /api/device/update
POST /api/simcard/disable
POST /api/simcard/enable
POST /api/simcard/info
POST /api/simcard/list
POST /api/simcard/register
POST /api/simcard/update
POST /api/subscriber/disable
POST /api/subscriber/enable
POST /api/subscriber/info
POST /api/subscriber/register
POST /api/subscriber/signup
POST /api/subscriber/update
POST /api/user/authenticate
POST /api/user/authenticate-otp
POST /api/user/challenge-otp
POST /api/user/disable
POST /api/user/enable
POST /api/user/info
POST /api/user/list
POST /api/user/register
POST /api/user/update

Found on 2026-01-23 02:29

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: horoscope-api.aduang.co
Port: 443
URL: https://horoscope-api.aduang.co

First seen 2025-12-10 01:43
Last seen 2026-01-16 05:58
Open for 37 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354965c8e012cd97cddac91782afc91782afc91782af
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /health
GET /horoscopes/daily/today/day/{day}
GET /horoscopes/daily/today/day/{day}/contents
```
  Found on 2026-01-16 05:58
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.67.63.90
Domain: www.campusai.my
Port: 443
URL: https://www.campusai.my

First seen 2026-01-09 07:18

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60782871457d61cdd790cbf262634a1f12e815f88c

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Student/photos/{imageId}
GET /WeatherForecast
GET /api/Academic/enrollment-preview/{newAcademicYearId}
GET /api/Academic/progression/{studentId}
GET /api/ActivityEvent
GET /api/ActivityEvent/student/{studentId}/history
GET /api/ActivityEvent/{id}
GET /api/Attendance/absent-today
GET /api/Attendance/class-report/{classId}
GET /api/Attendance/date/{date}
GET /api/Attendance/historical/{studentId}
GET /api/Attendance/progression/{studentId}
GET /api/Attendance/recent-detections
GET /api/Attendance/student/{studentCode}
GET /api/Attendance/summary
GET /api/Attendance/today
GET /api/Attendance/unknown-faces
GET /api/Auth/check-permission/{permissionType}/{action}
GET /api/Auth/me
GET /api/Camera
GET /api/Camera/statuses
GET /api/Camera/{id}
GET /api/Camera/{id}/status
GET /api/Example/current-language
GET /api/Example/greeting/{name}
GET /api/Example/welcome
GET /api/LateRecognition/report
GET /api/LateRecognition/summary
GET /api/School
GET /api/School/{id}
GET /api/School/{id}/statistics
GET /api/Settings/school/{schoolId}
GET /api/Settings/school/{schoolId}/{settingKey}
GET /api/Student
GET /api/Student/code/{studentCode}
GET /api/Student/import/template
GET /api/Student/import/validation-data
GET /api/Student/photos/{imageId}/download
GET /api/Student/school/{schoolId}
GET /api/Student/with-academic-info
GET /api/Student/{id}
GET /api/Student/{id}/statistics
GET /api/Student/{studentCode}/face-images
GET /api/Student/{studentCode}/photos
GET /api/Teacher
GET /api/Teacher/{id}
GET /api/Team
GET /api/Team/{id}
GET /api/Training/status
GET /api/Training/test-recognition-service
GET /api/Training/test-training-image
GET /api/Training/training-data
GET /api/User
GET /api/User/permissions/available
GET /api/User/permissions/by-category
GET /api/User/school-admins
GET /api/User/{id}
GET /api/User/{userId}/permissions
GET /api/academic-year
GET /api/academic-year/school/{schoolId}
GET /api/academic-year/school/{schoolId}/active
GET /api/academic-year/{id}
GET /api/academic-year/{id}/statistics
GET /api/class
GET /api/class/my-classes
GET /api/class/school/{schoolId}
GET /api/class/school/{schoolId}/teachers
GET /api/class/{id}
GET /api/grade
GET /api/grade/school/{schoolId}
GET /api/grade/{id}
GET /api/p6sai/test
PATCH /api/Student/photos/{imageId}/activate
PATCH /api/Student/photos/{imageId}/deactivate
POST /api/Academic/enroll
POST /api/Academic/enroll-students/{newAcademicYearId}
POST /api/Academic/promote
POST /api/ActivityEvent/{id}/participants
POST /api/ActivityEvent/{id}/restore
POST /api/Attendance/manual-checkout
POST /api/Attendance/notify-parents
POST /api/Attendance/record-absence
POST /api/Auth/change-password
POST /api/Auth/create-school-admin
POST /api/Auth/login
POST /api/Auth/logout
POST /api/Auth/register
POST /api/Camera/start-all
POST /api/Camera/stop-all
POST /api/Camera/{id}/start
POST /api/Camera/{id}/stop
POST /api/Example/create-student
POST /api/Example/login
POST /api/LateRecognition/check-in-late
POST /api/Student/import
POST /api/Student/photos/bulk-deactivate
POST /api/Student/{id}/deactivate
POST /api/Student/{studentCode}/upload-images
POST /api/Student/{studentId}/enroll
POST /api/Teacher/{id}/create-user
POST /api/Teacher/{id}/link-user
POST /api/Team/{id}/members
POST /api/Training/test
POST /api/Training/train
POST /api/p6sai/auth
POST /api/p6sai/events
PUT /api/ActivityEvent/participants/{participantId}
PUT /api/Attendance/{attendanceId}/status
PUT /api/Team/members/{memberId}
PUT /api/academic-year/{id}/activate

Found on 2026-01-09 07:18

Create report

Open service 13.67.63.90:80 · sinhaputhra.net

2026-01-31 03:58

HTTP/1.1 403 Ip Forbidden
Content-Length: 1892
Connection: close
Content-Type: text/html
Date: Sat, 31 Jan 2026 03:59:04 GMT
x-ms-forbidden-ip: 139.59.136.184

Page title: Web App - Unavailable

<!DOCTYPE html>
<html>
<head>
    <title>Web App - Unavailable</title>
    <style type="text/css">
        html {
            height: 100%;
            width: 100%;
        }

        #feature {
            width: 960px;
            margin: 95px auto 0 auto;
            overflow: auto;
        }

        #content {
            font-family: "Segoe UI";
            font-weight: normal;
            font-size: 22px;
            color: #ffffff;
            float: left;
            width: 460px;
            margin-top: 68px;
            margin-left: 0px;
            vertical-align: middle;
        }

            #content h1 {
                font-family: "Segoe UI Light";
                color: #ffffff;
                font-weight: normal;
                font-size: 60px;
                line-height: 48pt;
                width: 800px;
            }

        p a, p a:visited, p a:active, p a:hover {
            color: #ffffff;
        }

        #content a.button {
            background: #0DBCF2;
            border: 1px solid #FFFFFF;
            color: #FFFFFF;
            display: inline-block;
            font-family: Segoe UI;
            font-size: 24px;
            line-height: 46px;
            margin-top: 10px;
            padding: 0 15px 3px;
            text-decoration: none;
        }

            #content a.button img {
                float: right;
                padding: 10px 0 0 15px;
            }

            #content a.button:hover {
                background: #1C75BC;
            }
    </style>
</head>
<body bgcolor="#00abec">
    <div id="feature">
        <div id="content">
            <h1 id="unavailable">Error 403 - Forbidden</h1>
            <p id="tryAgain">The web app you have attempted to reach has blocked your access.</p>
        </div>
    </div>
</body>
</html>

Found 2026-01-31 by HttpPlugin