LeakIX - Host 2.16.183.97

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.36.162.210
Domain: py-yellowstone-console.colasiss.com
Port: 443
URL: https://py-yellowstone-console.colasiss.com

First seen 2025-11-05 10:05
Last seen 2026-02-09 00:07
Open for 95 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 00:07

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e6ff1fc02cf7671fd5a8c748d1b7af6e08910bb7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Activities
GET /api/Customers
GET /api/MasterDatas/Roles
GET /api/MasterDatas/Sjs
GET /api/MasterDatas/Ues
GET /api/Referents
GET /api/Roles
GET /api/Sites
GET /api/Sites/Export
GET /api/Users
GET /api/Users/Export
GET /api/Users/Roles
GET /api/Users/{metadataId}/UserMetaDatas
POST /api/Sites/Upload
POST /api/Users/Upload

Found on 2026-01-30 18:07

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 95.100.104.8
Domain: admin-shop.thebump.com
Port: 443
URL: https://admin-shop.thebump.com

First seen 2025-10-21 19:57
Last seen 2026-02-07 21:20
Open for 109 days

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d62337d3d62337d3d62337d3d62337d3d62337d3d6
```
GraphQL introspection enabled at /api/graphql
```
Found on 2026-02-07 21:20

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6c3e711b4f542be38a6bba0dd167ba1c0cf5566b0

GraphQL introspection enabled at /api/graphql
Types: 4345 (by kind: ENUM: 33, INPUT_OBJECT: 477, OBJECT: 3824, SCALAR: 8, UNION: 3)
Operations:
- Query: Query | fields: Brand, Brands, Category, countBrands, docAccessBrand
- Mutation: Mutation | fields: createBrand, createCategory, deleteBrand, duplicateBrand, updateBrand
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-23 21:35

2.8 MBytes

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6a385fb5158d0bb9342a4e39cd88ce41dfc7d5939

GraphQL introspection enabled at /api/graphql
Types: 3902 (by kind: ENUM: 33, INPUT_OBJECT: 431, OBJECT: 3427, SCALAR: 8, UNION: 3)
Operations:
- Query: Query | fields: Brand, Brands, Category, countBrands, docAccessBrand
- Mutation: Mutation | fields: createBrand, createCategory, deleteBrand, duplicateBrand, updateBrand
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-10-21 19:57

2.5 MBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.97
Domain: avatars.thebump.com
Port: 443
URL: https://avatars.thebump.com

First seen 2025-11-07 12:42
Last seen 2026-02-07 16:41
Open for 92 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff437a159df728975afddc71c706cfaeceebcfaeceeb

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /avatars/info
GET /avatars/{member_id}
GET /health
POST /avatars

Found on 2026-02-07 16:41

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.97
Domain: k8s-registry-api.thebump.com
Port: 443
URL: https://k8s-registry-api.thebump.com

First seen 2025-11-07 12:42
Last seen 2026-02-04 14:50
Open for 89 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff43bfddc58026b92230cef68d321e75a49c6c601f0e

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /health
GET /sitemap_index.xml
GET /v1/couple/{coupleId}/summary
GET /v1/couples
GET /v1/manage/registry-items
GET /v1/manage/summary
GET /v1/retailers
GET /v1/singlelists
GET /v2/checklist
GET /v2/checklist/{uuid}/pdf
GET /v2/couple/{coupleId}/summary
GET /v2/couples
GET /v2/manage/registry-items
GET /v2/member/summary
GET /v2/members/attributes
GET /v2/retailers
GET /v2/singlelists
GET /v2/themes
GET /{year}/{ugvrSitemap}
POST /v1/manage/registries
POST /v2/checklist/custom-categories
POST /v2/checklist/custom-items
POST /v2/members/{uuid}/avatars
POST /v2/registries
POST /v2/validate_share_password
PUT /v1/manage/members/{memberId}
PUT /v1/manage/registries/{registryId}
PUT /v2/checklist/categories/{id}
PUT /v2/checklist/custom-categories/{id}
PUT /v2/checklist/custom-items/{id}
PUT /v2/checklist/items/sync-all-in-batch
PUT /v2/checklist/items/sync-article/{id}
PUT /v2/checklist/items/{id}
PUT /v2/members/{uuid}
PUT /v2/members/{uuid}/settings
PUT /v2/registries/{registryId}

Found on 2026-02-04 14:50

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.136
Domain: inbound-service-preprod.mafrservicesstg.com
Port: 443
URL: https://inbound-service-preprod.mafrservicesstg.com

First seen 2025-11-11 08:46
Last seen 2026-02-02 08:50
Open for 83 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e56fccae41008f24c71762f4d917e08c268c589e31

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/v1/asns/{asnId}/download
GET /asn/qc/failure-reason
GET /asn/status
GET /asn/{asnId}
GET /asn/{asnId}/detail
GET /dashboard/filters
GET /health
POST /asn
POST /dashboard/listing
PUT /asn/{asnId}/cancel
PUT /asn/{asnId}/status
PUT /asn/{asnId}/validate/{lookupId}

Found on 2026-02-02 08:50

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e56fccae41008f24c71762f4d917e08c2685286720

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/v1/asns/{asnId}/download
GET /asn/qc/failure-reason
GET /asn/status
GET /asn/{asnId}
GET /asn/{asnId}/detail
GET /dashboard/filters
GET /health
POST /asn
POST /dashboard/listing
PUT /asn/{asnId}/cancel
PUT /asn/{asnId}/status

Found on 2025-11-24 07:03

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.97
Domain: paymentwallets-prod.mafrservices.com
Port: 443
URL: https://paymentwallets-prod.mafrservices.com

First seen 2025-10-16 11:35
Last seen 2026-02-02 06:32
Open for 108 days

Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec8419566e6934d861c42d9ff266abb1ef3fa1732c

Public Swagger UI/API detected at path: /v2/api-docs - sample paths:
GET /api/ipay/validate
GET /api/ipay/verify
GET /epaisa/validate
GET /health
GET /mpesa/callback
GET /payment-wallet/v1/mafpay/balance
GET /payment-wallet/v1/mafpay/txn/details
GET /payment-wallet/v1/mafpay/txn/history
GET /payment-wallet/v2/mafpay/txnhistory
GET /wallet-dashboard/v3/{wallet}
GET /wallet-dashboard/v3/{wallet}/history
GET /wallet/v1/{paymentOption}
POST /api/ipay/fullrefund
POST /api/ipay/initiator
POST /api/ipay/initpush
POST /api/ipay/partialrefund
POST /api/ipay/refund
POST /api/ipay/search
POST /api/ipay/stkpush
POST /api/ipay/transact
POST /epaisa/inquiry
POST /epaisa/payment
POST /epaisa/reversal
POST /payment-wallet/v1/mafpay/adjust-credit-debit
POST /payment-wallet/v1/mafpay/create/wallet
POST /wallet/v1/transaction

Found on 2026-02-02 06:32

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.97
Domain: tb-member-api.thebump.com
Port: 443
URL: https://tb-member-api.thebump.com

First seen 2025-11-07 12:42
Last seen 2026-01-26 10:03
Open for 79 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff430a56e520e8b3275a22eff038fd7fb40bff3be633

Public Swagger UI/API detected at path: /swagger.json - sample paths:
DELETE /v1/community_favorites/{id}
DELETE /v1/members/{memberId}/pregnancies/{pregnancyId}
GET /external/v1/members
GET /v1/albums
GET /v1/community_favorites
GET /v1/community_forums
GET /v1/community_forums/birth_clubs
GET /v1/community_forums/recent
GET /v1/community_forums/{id}
GET /v1/health
GET /v1/member_photos
GET /v1/members/attributes
GET /v1/members/forgot_password/{token}
GET /v1/members/miscarriages
GET /v1/members/registrants
GET /v1/members/{id}/miscarriages
GET /v1/members/{id}/registrants
GET /v1/pcm/calendar
GET /v1/pcm/default_events
GET /v1/pcm/default_events/{slug}
GET /v1/todos
PATCH /v1/members/{uuid}/email
PATCH /v1/todos/{id}/toggle
POST /v1/member_sessions
POST /v1/member_sessions/email
POST /v1/members
POST /v1/members/feedbacks
POST /v1/members/forgot_password
POST /v1/members/{id}
POST /v1/members/{id}/optin
POST /v1/members/{id}/pregnancies
POST /v1/members/{memberId}/pregnancies/{pregnancyId}/miscarriage
POST /v1/members/{member_id}/children
POST /v1/members/{username}/avatars
POST /v1/password_resets
POST /v1/pcm/scheduled_events
PUT /v1/albums/{album_id}/photos
PUT /v1/member_photos/{id}
PUT /v1/members/{id}/pregnancies/{pregnancyId}
PUT /v1/members/{member_id}/children/{id}
PUT /v1/pcm/scheduled_events/{id}
PUT /v1/todos/{id}

Found on 2026-01-26 10:03

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.145
Domain: stg-pulsenet-api-usa.cdc.gov
Port: 443
URL: https://stg-pulsenet-api-usa.cdc.gov

First seen 2025-11-12 13:34
Last seen 2026-01-23 13:31
Open for 71 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a6e954f8ba07c0133bda15a95c74aa80949e7048

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/outbreaks/UnpublishOutbreakFromNdb/{id}
DELETE /api/samples/UnpublishFromNdb/{id}
DELETE /api/samples/{identifier}/filelinks
GET /api/ADX_DRS
GET /api/adx/drs/samples/_findByIdentifier
GET /api/adx/drs/samples/today
GET /api/adx/drs/samples/{sampleId}
GET /api/adx/drs/samples/{sample}/analyses/{processType}
GET /api/comparisons
GET /api/comparisons/{id}
GET /api/comparisons/{id}/analyses
GET /api/comparisons/{id}/analyses/{analysisName}
GET /api/comparisons/{id}/distance_matrix_blob
GET /api/comparisons/{id}/upgma_tree
GET /api/events
GET /api/events/unpublishrequests
GET /api/events/{id}
GET /api/labs
GET /api/labs/{id}
GET /api/organisms
GET /api/organisms/{id}
GET /api/organisms/{organizationName}/{organismName}
GET /api/organizations
GET /api/organizations/organizationName/{organizationName}
GET /api/organizations/{id}
GET /api/outbreaks
GET /api/outbreaks/getbyidentifier/{identifier}
GET /api/outbreaks/ndb/identifier/{identifier}
GET /api/outbreaks/ndb/{id}
GET /api/outbreaks/{id}
GET /api/pipelineruns
GET /api/pipelineruns/{id}
GET /api/pipelineruns/{id}/output-file
GET /api/pipelineruns/{id}/weblog
GET /api/pipelines
GET /api/pipelines/{id}
GET /api/reanalysissamples/processReanalysis
GET /api/samples
GET /api/samples/getbyidentifier/{identifier}
GET /api/samples/getbylabaccessionnumber/{labAccessionNumber}
GET /api/samples/ndb/findclusters
GET /api/samples/ndb/identifier/{identifier}
GET /api/samples/ndb/{id}
GET /api/samples/ndb/{id}/analyses
GET /api/samples/outbreak/{outbreakId}/specimenkeys
GET /api/samples/samples/{id}/fileref/{name}
GET /api/samples/{id}
GET /api/samples/{id}/analyses2
GET /api/samples/{id}/analyses2/{processName}
GET /api/samples/{id}/match_profile
GET /api/samples/{id}/ncbi_processes
GET /api/samples/{id}/pipelinerun
GET /api/samples/{id}/processes
GET /api/samples/{sampleId}/analysesBy/{processName}
GET /api/users
GET /api/users/ProfileMatchingFilters
GET /api/users/getcurrentuser
GET /api/users/{id}
GET /api/views
GET /api/views/getshared
GET /api/views/{id}
POST /api/adx/drs/samples
POST /api/adx/drs/samples/_search
POST /api/adx/drs/samples/analyses/_bulk
POST /api/auth/amd_token
POST /api/auth/basespace_token
POST /api/auth/token
POST /api/comparisons/getcomparisonlist
POST /api/labs/{labId}/DendrogramExportTemplates
POST /api/labs/{labId}/MetadataImportTemplates
POST /api/labs/{labId}/PipelineTemplates
POST /api/outbreaks/bulkdelete
POST /api/outbreaks/bulkinsert
POST /api/outbreaks/publish_multipleoutbreaks_ndb
POST /api/outbreaks/search
POST /api/outbreaks/{id}/publish_ndb
POST /api/pipelineruns/{id}/cancel
POST /api/pipelineruns/{id}/restart
POST /api/pipelines/{pipelineId}/ExecutePipeline
POST /api/samples/api/sample/validate
POST /api/samples/bulkdelete
POST /api/samples/bulkinsert
POST /api/samples/confirm_multiplesamples_ndb
POST /api/samples/filelink/bulklinkfiles
POST /api/samples/getcompared
POST /api/samples/getsamplelist
POST /api/samples/match_profiles
POST /api/samples/publish_multiplesamples_ndb
POST /api/samples/query
POST /api/samples/query_ndb
POST /api/samples/querybyid
POST /api/samples/querybyid/analyses
POST /api/samples/querybyid/analyses/alignment
POST /api/samples/querybyid/analyses/allele_code_tree
POST /api/samples/querybyid/analyses/upgma_tree
POST /api/samples/querybyid/analyses/{analysisName}
POST /api/samples/querybyid_ndb
POST /api/samples/search
POST /api/samples/unconfirm_multiplesamples_ndb
POST /api/samples/{id}/publish_ndb
POST /api/users/{id}/FavoriteComparisons
POST /api/users/{id}/FavoriteViews
POST /api/views/getviewlist
PUT /api/comparisons/{id}/ml_tree
PUT /api/events/unpublishEvents
PUT /api/events/{id}/updateEvent
PUT /api/labs/{labId}/DendrogramExportTemplates/{name}
PUT /api/labs/{labId}/MetadataImportTemplates/{name}
PUT /api/labs/{labId}/PipelineTemplates/{name}
PUT /api/outbreaks/ndb/{id}/metadata
PUT /api/samples/ndb/{id}/metadata
PUT /api/samples/{id}/metadata
PUT /api/samples/{id}/traces
PUT /api/samples/{id}/updateIdentifier
PUT /api/users/ProfileMatchingFilters/{name}
PUT /api/users/{id}/FavoriteComparisons/{comparisonID}
PUT /api/users/{id}/FavoriteViews/{viewID}

Found on 2026-01-23 13:31

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a6e954f8ba07c0133bda15a95c74aa80d046a0fe

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/outbreaks/UnpublishOutbreakFromNdb/{id}
DELETE /api/samples/UnpublishFromNdb/{id}
DELETE /api/samples/{identifier}/filelinks
GET /api/ADX_DRS
GET /api/adx/drs/samples/_findByIdentifier
GET /api/adx/drs/samples/today
GET /api/adx/drs/samples/{sampleId}
GET /api/adx/drs/samples/{sample}/analyses/{processType}
GET /api/comparisons
GET /api/comparisons/{id}
GET /api/comparisons/{id}/analyses
GET /api/comparisons/{id}/analyses/{analysisName}
GET /api/comparisons/{id}/distance_matrix_blob
GET /api/comparisons/{id}/upgma_tree
GET /api/events
GET /api/events/unpublishrequests
GET /api/events/{id}
GET /api/labs
GET /api/labs/{id}
GET /api/organisms
GET /api/organisms/{id}
GET /api/organisms/{organizationName}/{organismName}
GET /api/organizations
GET /api/organizations/organizationName/{organizationName}
GET /api/organizations/{id}
GET /api/outbreaks
GET /api/outbreaks/getbyidentifier/{identifier}
GET /api/outbreaks/ndb/identifier/{identifier}
GET /api/outbreaks/ndb/{id}
GET /api/outbreaks/{id}
GET /api/pipelineruns
GET /api/pipelineruns/{id}
GET /api/pipelineruns/{id}/output-file
GET /api/pipelineruns/{id}/weblog
GET /api/pipelines
GET /api/pipelines/{id}
GET /api/reanalysissamples/processReanalysis
GET /api/samples
GET /api/samples/getbyidentifier/{identifier}
GET /api/samples/getbylabaccessionnumber/{labAccessionNumber}
GET /api/samples/ndb/findclusters
GET /api/samples/ndb/identifier/{identifier}
GET /api/samples/ndb/{id}
GET /api/samples/ndb/{id}/analyses
GET /api/samples/outbreak/{outbreakId}/specimenkeys
GET /api/samples/samples/{id}/fileref/{name}
GET /api/samples/{id}
GET /api/samples/{id}/analyses2
GET /api/samples/{id}/analyses2/{processName}
GET /api/samples/{id}/match_profile
GET /api/samples/{id}/ncbi_processes
GET /api/samples/{id}/pipelinerun
GET /api/samples/{id}/processes
GET /api/samples/{sampleId}/analysesBy/{processName}
GET /api/users
GET /api/users/ProfileMatchingFilters
GET /api/users/getcurrentuser
GET /api/users/{id}
GET /api/views
GET /api/views/getshared
GET /api/views/{id}
POST /api/adx/drs/samples
POST /api/adx/drs/samples/_search
POST /api/adx/drs/samples/analyses/_bulk
POST /api/auth/amd_token
POST /api/auth/basespace_token
POST /api/auth/token
POST /api/comparisons/getcomparisonlist
POST /api/labs/{labId}/DendrogramExportTemplates
POST /api/labs/{labId}/MetadataImportTemplates
POST /api/labs/{labId}/PipelineTemplates
POST /api/outbreaks/bulkdelete
POST /api/outbreaks/bulkinsert
POST /api/outbreaks/publish_multipleoutbreaks_ndb
POST /api/outbreaks/search
POST /api/outbreaks/{id}/publish_ndb
POST /api/pipelineruns/{id}/cancel
POST /api/pipelineruns/{id}/restart
POST /api/pipelines/{pipelineId}/ExecutePipeline
POST /api/samples/api/sample/validate
POST /api/samples/bulkdelete
POST /api/samples/bulkinsert
POST /api/samples/confirm_multiplesamples_ndb
POST /api/samples/filelink/bulklinkfiles
POST /api/samples/getcompared
POST /api/samples/getsamplelist
POST /api/samples/match_profiles
POST /api/samples/publish_multiplesamples_ndb
POST /api/samples/query
POST /api/samples/query_ndb
POST /api/samples/querybyid
POST /api/samples/querybyid/analyses
POST /api/samples/querybyid/analyses/alignment
POST /api/samples/querybyid/analyses/upgma_tree
POST /api/samples/querybyid/analyses/{analysisName}
POST /api/samples/querybyid_ndb
POST /api/samples/search
POST /api/samples/unconfirm_multiplesamples_ndb
POST /api/samples/{id}/publish_ndb
POST /api/users/{id}/FavoriteComparisons
POST /api/users/{id}/FavoriteViews
POST /api/views/getviewlist
PUT /api/comparisons/{id}/ml_tree
PUT /api/events/unpublishEvents
PUT /api/events/{id}/updateEvent
PUT /api/labs/{labId}/DendrogramExportTemplates/{name}
PUT /api/labs/{labId}/MetadataImportTemplates/{name}
PUT /api/labs/{labId}/PipelineTemplates/{name}
PUT /api/outbreaks/ndb/{id}/metadata
PUT /api/samples/ndb/{id}/metadata
PUT /api/samples/{id}/metadata
PUT /api/samples/{id}/traces
PUT /api/samples/{id}/updateIdentifier
PUT /api/users/ProfileMatchingFilters/{name}
PUT /api/users/{id}/FavoriteComparisons/{comparisonID}
PUT /api/users/{id}/FavoriteViews/{viewID}

Found on 2025-12-06 21:10

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.97
Domain: training-am-racpad.rentacenter.com
Port: 443
URL: https://training-am-racpad.rentacenter.com

First seen 2025-10-21 11:07
Last seen 2026-01-14 08:28
Open for 84 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-14 08:28

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.3.88.217
Domain: ampdv.alloc.loblaw.ca
Port: 443
URL: https://ampdv.alloc.loblaw.ca

First seen 2025-10-14 14:27
Last seen 2025-12-26 16:27
Open for 73 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e589d0d645b9b70dea83af2a8fbf00bdaf53a0d6ee

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/allocation/hold/header
GET /v1/amp/allocation/mchRefs
POST /v1/amp/allocation/allocrecup
POST /v1/amp/allocation/allocsummary
POST /v1/amp/allocation/exceptions/clear
POST /v1/amp/allocation/exceptions/clearlcdc
POST /v1/amp/allocation/exceptions/excel
POST /v1/amp/allocation/exceptions/search
POST /v1/amp/allocation/hold/comments
POST /v1/amp/allocation/hold/insert
POST /v1/amp/allocation/hold/release
POST /v1/amp/allocation/hold/search
POST /v1/amp/allocation/maintenance
POST /v1/amp/allocation/search
POST /v1/amp/allocation/splitdetails
POST /v1/amp/allocation/splitexcel
POST /v1/amp/allocation/splitsearch
POST /v1/amp/allocation/store-delivery-sequence/search
POST /v1/amp/allocation/summarysearch
POST /v1/amp/allocation/update

Found on 2025-12-26 16:27

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e589d0d645b9b70dea83af2a8fbf00bdafc0c1eb5d

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/allocation/hold/header
GET /v1/amp/allocation/mchRefs
POST /v1/amp/allocation/allocrecup
POST /v1/amp/allocation/allocsummary
POST /v1/amp/allocation/exceptions/clear
POST /v1/amp/allocation/exceptions/excel
POST /v1/amp/allocation/exceptions/search
POST /v1/amp/allocation/hold/comments
POST /v1/amp/allocation/hold/insert
POST /v1/amp/allocation/hold/release
POST /v1/amp/allocation/hold/search
POST /v1/amp/allocation/maintenance
POST /v1/amp/allocation/search
POST /v1/amp/allocation/splitdetails
POST /v1/amp/allocation/splitexcel
POST /v1/amp/allocation/splitsearch
POST /v1/amp/allocation/store-delivery-sequence/search
POST /v1/amp/allocation/summarysearch
POST /v1/amp/allocation/update

Found on 2025-11-21 14:39

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e589d0d645b9b70dea83af2a8fbf00bdaf3bc4da4b

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/allocation/hold/header
GET /v1/amp/allocation/mchRefs
POST /v1/amp/allocation/allocrecup
POST /v1/amp/allocation/allocsummary
POST /v1/amp/allocation/exceptions/clear
POST /v1/amp/allocation/exceptions/excel
POST /v1/amp/allocation/exceptions/search
POST /v1/amp/allocation/hold/comments
POST /v1/amp/allocation/hold/insert
POST /v1/amp/allocation/hold/release
POST /v1/amp/allocation/hold/search
POST /v1/amp/allocation/search
POST /v1/amp/allocation/splitdetails
POST /v1/amp/allocation/splitexcel
POST /v1/amp/allocation/splitsearch
POST /v1/amp/allocation/store-delivery-sequence/search
POST /v1/amp/allocation/summarysearch

Found on 2025-11-12 20:13

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e589d0d645b9b70dea83af2a8fbf00bdaffb2157e1

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/allocation/hold/header
GET /v1/amp/allocation/mchRefs
POST /v1/amp/allocation/allocrecup
POST /v1/amp/allocation/allocsummary
POST /v1/amp/allocation/exceptions/excel
POST /v1/amp/allocation/exceptions/search
POST /v1/amp/allocation/exceptions/update
POST /v1/amp/allocation/hold/comments
POST /v1/amp/allocation/hold/insert
POST /v1/amp/allocation/hold/release
POST /v1/amp/allocation/hold/search
POST /v1/amp/allocation/search
POST /v1/amp/allocation/splitdetails
POST /v1/amp/allocation/splitexcel
POST /v1/amp/allocation/splitsearch
POST /v1/amp/allocation/store-delivery-sequence/search
POST /v1/amp/allocation/summarysearch

Found on 2025-11-10 11:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.97
Domain: ampdv.potracker.loblaw.ca
Port: 443
URL: https://ampdv.potracker.loblaw.ca

First seen 2025-10-14 14:27
Last seen 2025-12-09 14:27
Open for 55 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e50a5b1f0852a82cd47bbc39d6a3433b7060f0554c

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/logistics/header
GET /v1/amp/logistics/posearch/{poNumber}
POST /v1/amp/logistics/comments
POST /v1/amp/logistics/excel-detailed
POST /v1/amp/logistics/excel-summary
POST /v1/amp/logistics/exception/header
POST /v1/amp/logistics/exception/search
POST /v1/amp/logistics/exceptions/excel
POST /v1/amp/logistics/search
POST /v1/amp/logistics/search-summary

Found on 2025-12-09 14:27

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.97
Domain: amput.potracker.loblaw.ca
Port: 443
URL: https://amput.potracker.loblaw.ca

First seen 2025-10-14 14:27
Last seen 2025-12-09 14:27
Open for 55 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e50a5b1f0852a82cd47bbc39d6a3433b7060f0554c

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/logistics/header
GET /v1/amp/logistics/posearch/{poNumber}
POST /v1/amp/logistics/comments
POST /v1/amp/logistics/excel-detailed
POST /v1/amp/logistics/excel-summary
POST /v1/amp/logistics/exception/header
POST /v1/amp/logistics/exception/search
POST /v1/amp/logistics/exceptions/excel
POST /v1/amp/logistics/search
POST /v1/amp/logistics/search-summary

Found on 2025-12-09 14:27

Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
Found on 2025-11-12 07:30

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.97
Domain: ipt.potracker.loblaw.ca
Port: 443
URL: https://ipt.potracker.loblaw.ca

First seen 2025-10-14 14:27
Last seen 2025-12-09 14:27
Open for 55 days

Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
Found on 2025-12-09 14:27

Create report

Host 2.16.183.97

Germany

Swagger API description is publicly available

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Domain summary