LeakIX - Host 2.16.204.71

Host 2.16.204.71

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/443 tcp/80

AkamaiNetStorage

tcp/443

AmazonS3

tcp/443

Apache Apache

tcp/80

BlumWeb1.0

tcp/443

Microsoft-Azure-Application-Gateway v2

tcp/80

Microsoft-IIS 10.0

tcp/443

UploadServer

tcp/443

Vercel

tcp/443

nginx nginx

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.71
Domain: contentapi.pat.postnl.nl
Port: 443
URL: https://contentapi.pat.postnl.nl

First seen 2025-10-15 00:39
Last seen 2026-01-12 14:48
Open for 89 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a2f6999f127e53ffce1cdb8982d4754001316e0e
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /content-widget/api/v2/content/health
GET /content-widget/api/v2/content/introspection/gettype/{item}
GET /content-widget/api/v2/content/introspection/query
GET /content-widget/api/v2/content/introspection/schema
PATCH /content-widget/api/v2/crawler/reindex
POST /content-widget/api/v2/content
POST /content-widget/api/v2/content/feedback
POST /content-widget/api/v2/crawler/crawl
POST /content-widget/api/v2/crawler/crawl-vacancy
POST /content-widget/api/v2/translate
```
  Found on 2026-01-12 14:48
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.71
Domain: partners-test.postnl.a02.cldsvc.net
Port: 443
URL: https://partners-test.postnl.a02.cldsvc.net

First seen 2025-10-15 00:39
Last seen 2026-01-12 14:48
Open for 89 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549cdc77d7a331c58654fe3f4592b51ddf4f2e0d3f2

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/tiama/profiles
GET /api/v1/tiama/users
POST /api/v1/airwaybill-update
POST /api/v1/carrier/dragonfly/events
POST /api/v1/carrier/dragonflyau/events
POST /api/v1/carrier/globeship/events
POST /api/v1/carrier/uniuni/events
POST /api/v1/carrier/uniuniusa/events
POST /api/v1/event/AddCarrierEvent
POST /api/v1/event/AddMawbEvent
POST /api/v1/events/Add
POST /api/v1/secondarycontainer/add
POST /api/v1/tracking/update

Found on 2026-01-12 14:48

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549cdc77d7a331c58654fe3f4592b51ddf4a39d8413

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/tiama/profiles
GET /api/v1/tiama/users
POST /api/v1/airwaybill-update
POST /api/v1/carrier/dragonfly/events
POST /api/v1/carrier/dragonflyau/events
POST /api/v1/carrier/globeship/events
POST /api/v1/carrier/uniuni/events
POST /api/v1/carrier/uniuniusa/events
POST /api/v1/event/AddCarrierEvent
POST /api/v1/event/AddMawbEvent
POST /api/v1/events/Add
POST /api/v1/secondarycontainer/add

Found on 2025-11-08 18:40

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.71
Domain: clients.postnl.a02.cldsvc.net
Port: 443
URL: https://clients.postnl.a02.cldsvc.net

First seen 2025-10-15 00:39
Last seen 2026-01-12 14:48
Open for 89 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-12 14:48
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.71
Domain: vie-dev.groupm.tech
Port: 80
URL: http://vie-dev.groupm.tech

First seen 2025-10-16 11:37
Last seen 2026-01-10 03:40
Open for 85 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-10 03:40
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.71
Domain: pre-recom.audi.com
Port: 443
URL: https://pre-recom.audi.com

First seen 2025-10-20 15:23
Last seen 2026-01-10 00:47
Open for 81 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1a8bcc6e54ebc5472ac4ec4eed674184352daa0414b35cd0c
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/mwa/{carline}/{from}
GET /api/mwa/{carline}/{from}/
GET /api/v2/mwa/carline/{carline}/{from}
GET /api/v2/mwa/carline/{carline}/{from}/
GET /api/v2/mwa/model/{model}/{from}
GET /api/v2/mwa/model/{model}/{from}/
GET /dpu
GET /error
GET /maintenance
GET /v2/mwa/carline/{carline}
GET /v2/mwa/carline/{carline}/
GET /v2/mwa/carline/{carline}/{market}
GET /v2/mwa/topextras/{model}
GET /v2/mwa/topextras/{model}/
GET /v2/mwa/topextras/{model}/{market}
```
  Found on 2026-01-10 00:47
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2025-12-19 09:17
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.71
Domain: pre-mwa.audi.com
Port: 443
URL: https://pre-mwa.audi.com

First seen 2025-10-20 15:23
Last seen 2026-01-09 14:50
Open for 80 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1a8bcc6e54ebc5472ac4ec4eed674184352daa0414b35cd0c
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/mwa/{carline}/{from}
GET /api/mwa/{carline}/{from}/
GET /api/v2/mwa/carline/{carline}/{from}
GET /api/v2/mwa/carline/{carline}/{from}/
GET /api/v2/mwa/model/{model}/{from}
GET /api/v2/mwa/model/{model}/{from}/
GET /dpu
GET /error
GET /maintenance
GET /v2/mwa/carline/{carline}
GET /v2/mwa/carline/{carline}/
GET /v2/mwa/carline/{carline}/{market}
GET /v2/mwa/topextras/{model}
GET /v2/mwa/topextras/{model}/
GET /v2/mwa/topextras/{model}/{market}
```
  Found on 2026-01-09 14:50
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2025-11-01 12:12
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.71
Domain: getapproval-api.scotiaautohub.com
Port: 443
URL: https://getapproval-api.scotiaautohub.com

First seen 2025-11-04 14:48
Last seen 2026-01-09 09:00
Open for 65 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff4309f663d080d5800fbaa6e4a27dc0dafb663acf94
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /api/application/adjudicate
GET /api/application/coapplication/landing/{id}
GET /api/application/coapplication/{id}
GET /api/application/customer
GET /api/application/customer/getProfileFromMarvel
GET /api/application/submit
POST /api/application/coapplication/
POST /api/application/customer/duplicate
POST /api/application/email
POST /api/application/encrypt
POST /api/application/mazdapayload
```
  Found on 2026-01-09 09:00
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.71
Domain: mortgage-uat.wellsfargo.com
Port: 443
URL: https://mortgage-uat.wellsfargo.com

First seen 2025-11-13 06:02
Last seen 2026-01-08 23:31
Open for 56 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-08 23:31
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.71
Domain: pre-recom.audi.com
Port: 443
URL: https://pre-recom.audi.com

First seen 2025-10-20 15:23
Last seen 2026-01-02 19:45
Open for 74 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa308fe5fb370c690b1be2fb6b258f0688f58f0688f

GraphQL introspection enabled at /graphql
Types: 25 (by kind: ENUM: 2, INPUT_OBJECT: 4, OBJECT: 14, SCALAR: 5)
Operations:
- Query: Query | fields: configurationRecommendations, mostWantedAudiCarline, mostWantedAudiModel, topExtras
Directives: composeDirective, defer, deprecated, inaccessible, include, key, oneOf, shareable, skip, specifiedBy (total: 11)

Found on 2026-01-02 19:45

41.0 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa36dbbfbdf8a427bed8ceea4e4c6fd7d61c6fd7d61

GraphQL introspection enabled at /graphql
Types: 17 (by kind: ENUM: 2, INPUT_OBJECT: 2, OBJECT: 9, SCALAR: 4)
Operations:
- Query: Query | fields: mostWantedAudiCarline, mostWantedAudiModel
Directives: composeDirective, defer, deprecated, inaccessible, include, key, oneOf, shareable, skip, specifiedBy (total: 11)

Found on 2025-10-29 05:36

29.1 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.71
Domain: pre-mwa.audi.com
Port: 443
URL: https://pre-mwa.audi.com

First seen 2025-10-20 15:23
Last seen 2026-01-02 18:03
Open for 74 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa308fe5fb370c690b1be2fb6b258f0688f58f0688f

GraphQL introspection enabled at /graphql
Types: 25 (by kind: ENUM: 2, INPUT_OBJECT: 4, OBJECT: 14, SCALAR: 5)
Operations:
- Query: Query | fields: configurationRecommendations, mostWantedAudiCarline, mostWantedAudiModel, topExtras
Directives: composeDirective, defer, deprecated, inaccessible, include, key, oneOf, shareable, skip, specifiedBy (total: 11)

Found on 2026-01-02 18:03

41.0 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa36dbbfbdf8a427bed8ceea4e4c6fd7d61c6fd7d61

GraphQL introspection enabled at /graphql
Types: 17 (by kind: ENUM: 2, INPUT_OBJECT: 2, OBJECT: 9, SCALAR: 4)
Operations:
- Query: Query | fields: mostWantedAudiCarline, mostWantedAudiModel
Directives: composeDirective, defer, deprecated, inaccessible, include, key, oneOf, shareable, skip, specifiedBy (total: 11)

Found on 2025-10-28 12:16

29.1 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.71
Domain: redsport.spott2.sportradar.com
Port: 443
URL: https://redsport.spott2.sportradar.com

First seen 2025-10-19 20:42
Last seen 2026-01-02 16:40
Open for 74 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d6a8cd7f2f7957a07d09f81bd06d693f426d693f42
```
GraphQL introspection enabled at /api/graphql
Types: 103 (by kind: ENUM: 9, INPUT_OBJECT: 4, OBJECT: 81, SCALAR: 8, UNION: 1)
Operations:
- Query: Query | fields: comparison, metadataClientField, rankings, sportMatch, tournaments
Directives: deprecated, include, oneOf, skip (total: 4)
```
  Found on 2026-01-02 16:40
  
  105.7 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.71
Domain: tchus.spott2.sportradar.com
Port: 443
URL: https://tchus.spott2.sportradar.com

First seen 2025-10-19 20:42
Last seen 2026-01-02 08:44
Open for 74 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d6a8cd7f2f7957a07d09f81bd06d693f426d693f42
```
GraphQL introspection enabled at /api/graphql
Types: 103 (by kind: ENUM: 9, INPUT_OBJECT: 4, OBJECT: 81, SCALAR: 8, UNION: 1)
Operations:
- Query: Query | fields: comparison, metadataClientField, rankings, sportMatch, tournaments
Directives: deprecated, include, oneOf, skip (total: 4)
```
  Found on 2026-01-02 08:44
  
  105.7 kBytes
Create report

Open service 2.16.204.71:443 · www.afamilyofsupport.ca

2026-01-13 00:57

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://www.familyofsupport.com/
Expires: Tue, 13 Jan 2026 00:57:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 13 Jan 2026 00:57:51 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Alt-Svc: h3=":443"; ma=93600
Server-Timing: ak_p; desc="1768265871125_34610503_99323872_10_6510_84_86_-";dur=1

Found one day ago by HttpPlugin