LeakIX - Host 2.16.204.72

Host 2.16.204.72

Germany

Akamai International B.V.

Win64

Software information

AkamaiGHost

tcp/443 tcp/80

Apache Apache

tcp/443 tcp/80

Apache Apache 2.4.63

tcp/443

Kestrel Kestrel

tcp/443

Microsoft-IIS 10.0

tcp/443

OpenSSL OpenSSL 3.3.2

tcp/443

awselb awselb 2.0

tcp/80

istio-envoy

tcp/443 tcp/80

nginx nginx 1.28.0

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: axiomforecasting-api-uat.icelanddev.net
Port: 443
URL: https://axiomforecasting-api-uat.icelanddev.net

First seen 2025-10-18 00:10
Last seen 2026-01-10 01:13
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d6019d33033339d9322a4be17d5cb9d359b02d22306
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/forecast/isProductForecastedCheck/plu/{plu}/fromDate/{fromDate}
POST /jobs/alertemails
POST /jobs/autoApplyChannelSplits
POST /jobs/checkForHangfireFailures
POST /jobs/deleteHistoricalDraftForecastUpdate
POST /jobs/lockCycles
POST /jobs/makeHistoric
POST /jobs/seedforecasts
POST /jobs/seedproductgroupcycles
POST /support/orchestrateOffInvoicePromotionalCostPrices
POST /support/recalculateForecastsForProduct
POST /support/refreshEarliestEffectiveDatesForForecastUpdates
```
  Found on 2026-01-10 01:13
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: axiombatcalendar.icelanddev.net
Port: 443
URL: https://axiombatcalendar.icelanddev.net

First seen 2025-11-06 00:08
Last seen 2026-01-10 00:17
Open for 65 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549293c5c5040a52e36fd856f3686df88b6e39bedc0

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /Auth/login
GET /Auth/logout
GET /api/Api/transactioncomplete/{success}
GET /api/ApplicationConfig
GET /api/Calendar/year/{calendarYear}
GET /api/PublishMarketingCalendar/getLiveCalendar/{retailYear}
GET /api/PublishMarketingCalendar/getProposedCalendar/{retailYear}
GET /api/SandboxCalendar/new_year
GET /api/SandboxCalendar/validate/{year}
GET /api/SandboxCalendar/year/{calendarYear}
GET /api/SandboxCalendar/years
GET /api/TaskAndNotification
GET /api/User
GET /api/calendar/calendardays
GET /api/calendar/getAllFuturePublishedCalendarPhases
GET /api/calendar/getcurrent
GET /api/calendar/retailweeks
GET /api/calendar/transactioncomplete/{success}
GET /api/jobs/transactioncomplete/{success}
GET /api/phaselookup/phases/future
GET /api/phaselookup/transactioncomplete/{success}
POST /api/Api
POST /api/PublishMarketingCalendar/publishCalendar
POST /api/SandboxCalendar/year
POST /api/calendar
POST /api/jobs
POST /api/jobs/calendar/bankholidays
POST /api/jobs/calendar/update
POST /api/jobs/general/applyretentionpolicy
POST /api/phaselookup
PUT /api/SandboxCalendar/cycle
PUT /api/SandboxCalendar/phase

Found on 2026-01-10 00:17

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6053eba26bd5d90b69a01c2df900d47ec599b27fcf

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /Auth/login
GET /Auth/logout
GET /api/Api/transactioncomplete/{success}
GET /api/ApplicationConfig
GET /api/Calendar/year/{calendarYear}
GET /api/PublishMarketingCalendar/getLiveCalendar/{retailYear}
GET /api/PublishMarketingCalendar/getProposedCalendar/{retailYear}
GET /api/SandboxCalendar/new_year
GET /api/SandboxCalendar/validate/{year}
GET /api/SandboxCalendar/year/{calendarYear}
GET /api/SandboxCalendar/years
GET /api/TaskAndNotification
GET /api/User
GET /api/calendar/calendardays
GET /api/calendar/getAllFuturePublishedCalendarPhases
GET /api/calendar/getcurrent
GET /api/calendar/retailweeks
GET /api/calendar/transactioncomplete/{success}
GET /api/jobs/transactioncomplete/{success}
GET /api/phaselookup/phases/future
GET /api/phaselookup/transactioncomplete/{success}
POST /api/Api
POST /api/PublishMarketingCalendar/publishCalendar
POST /api/SandboxCalendar/year
POST /api/calendar
POST /api/jobs
POST /api/jobs/calendar/bankholidays
POST /api/jobs/calendar/update
POST /api/jobs/general/applyretentionpolicy
POST /api/phaselookup
PUT /api/SandboxCalendar/cycle
PUT /api/SandboxCalendar/phase

Found on 2025-12-23 08:47

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: coderesbsco.codere.com
Port: 443
URL: https://coderesbsco.codere.com

First seen 2025-10-22 05:16
Last seen 2026-01-09 21:34
Open for 79 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60a5cce702138478a1cf846160c64f38d09151a102
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /events/{eventNodeId}
GET /events/{eventNodeId}/{gameType}
GET /eventslive/{eventNodeId}/{live}
GET /leagues/{leagueNodeId}/liveEvents
GET /leagues/{leagueNodeId}/nonLiveEvents
GET /leagues/{leagueNodeId}/{gameTypes}/GetEventsByLeagueAndMarketId
GET /markets/{marketNodeId}
GET /sports
GET /sports/by-sport-handle/{sportHandle}/leagues
GET /sports/{sportNodeId}/leagues
```
  Found on 2026-01-09 21:34
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: axiombatprice-api.icelanddev.net
Port: 443
URL: https://axiombatprice-api.icelanddev.net

First seen 2025-11-06 00:09
Last seen 2026-01-09 19:14
Open for 64 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d606455ef381ffd80bb8bde6d6798b8fe60638f1ad0

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Promotion/delete/{versionId}
GET /api/PriceCheck/plu/{plu}/store/{store}/current
GET /api/Promotion/plu/{plu}/ActiveInDays/{numberOfDays}
GET /api/Promotion/plu/{plu}/all
GET /api/Promotion/plu/{plu}/store/{storeNumber}/ActiveInDays/{numberOfDays}
GET /api/Promotion/promotionVersion/{promotionVersionId}
GET /api/Segmentation/currentFutureCompanyPrices
GET /api/Segmentation/currentFutureCompanyPrices/plu/{plu}
GET /api/Segmentation/hasCurrentDerangerPrice/plu/{plu}
GET /api/Segmentation/prices/plu/{plu}
GET /api/Store/{storeNumber}/segments
POST /api/Forecasting/validateChannelPriceChange
POST /api/PriceCheck/ByStoreDay
POST /api/Promotion/end/{versionId}
POST /api/Promotion/update
POST /api/Promotion/updateActive
POST /api/Promotion/updateEffectiveTo
POST /api/Promotion/updateTier1Status
POST /api/Promotion/updateTillDescription
POST /api/Utilities/SendPendingCompanyPrices
POST /api/Utilities/SendPendingSegmentPrices
POST /jobs/autoPopulateDerangerRuns
POST /jobs/clearNewLineExclusions
POST /jobs/createDerangerSegments
POST /jobs/dailyPromotionIntegration
POST /jobs/dailyderanger
POST /jobs/moveHistoricExtrapolatedPrices
POST /jobs/refreshProductWasPrices
POST /jobs/refreshSegmentedPricing
POST /jobs/refreshWasPrices
POST /jobs/refreshproductsfromsource
POST /jobs/refreshstoresfromsource
POST /jobs/removeDeletedDepartmentalPayments
POST /jobs/revertpricesforrerangedproducts
POST /jobs/revertpriceswithzerostock
POST /jobs/schedulederangertasks
POST /jobs/sendActivePriceMessages
POST /notification/derangerscreensopen
POST /notification/pendingderangeroverrideapproval
POST /removeexistingpricesfromruncandidates
PUT /api/Promotion/add
PUT /api/Promotion/forecasted
PUT /api/Promotion/validate/addversion
PUT /api/Promotion/validate/create
PUT /api/Promotion/validate/editversion
PUT /api/Promotion/validate/effectiveto
PUT /api/Promotion/validate/end

Found on 2026-01-09 19:14

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: axiomproduct-bat.icelanddev.net
Port: 443
URL: https://axiomproduct-bat.icelanddev.net

First seen 2025-10-21 00:07
Last seen 2026-01-09 18:29
Open for 80 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354959fb78fc4b7b8190ff9ce4f559583283275cea42

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/newline/delete/{pluToDelete}
GET /api/Api/transactioncomplete/{success}
GET /api/caseSizeVariants/transactioncomplete/{success}
GET /api/caseSizeVariants/{productId}
GET /api/currentPricing/supplierSplitsAndRSP/{plu}
GET /api/currentPricing/transactioncomplete/{success}
GET /api/jobs/transactioncomplete/{success}
GET /api/netcostprice/getActiveNetCostPrices
GET /api/netcostprice/transactioncomplete/{success}
GET /api/newline/reservations/{plu}
GET /api/newline/transactioncomplete/{success}
GET /api/products/getCoverageFile
GET /api/products/getDeltas
GET /api/products/transactioncomplete/{success}
GET /api/rolecheck/canremoverole/{roleId}/{userEmail}
GET /api/rolecheck/transactioncomplete/{success}
GET /api/suppliernotification/transactioncomplete/{success}
GET /api/weightsAndMeasures/product/{plu}
GET /api/weightsAndMeasures/product/{plu}/hasWeightChangeOn/{effectiveDate}
GET /api/weightsAndMeasures/transactioncomplete/{success}
GET /api/weightsAndMeasures/unitsOfMeasurement
GET /system/transactioncomplete/{success}
POST /api/Api
POST /api/caseSizeVariants
POST /api/currentPricing
POST /api/jobs
POST /api/jobs/general/applyretentionpolicy
POST /api/jobs/plureservations/expirepreviousdayplureservations
POST /api/jobs/product/applyWeightChanges
POST /api/jobs/product/dailyCostPriceUpdate
POST /api/jobs/product/notifyAutoDeletionPending
POST /api/jobs/product/processproductcasesizereplacement
POST /api/jobs/product/rundiscontinuedtodeleted
POST /api/jobs/product/weeklyactivationdigest
POST /api/netcostprice
POST /api/netcostprice/resendActiveFutureNetCostPriceMessages
POST /api/newline
POST /api/newline/create
POST /api/products
POST /api/rolecheck
POST /api/suppliernotification
POST /api/suppliernotification/notifysupplierupdate/{supplierId}
POST /api/weightsAndMeasures
POST /system
POST /system/recalculateLayeredCostPrices

Found on 2026-01-09 18:29

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: api.awin.com
Port: 80
URL: http://api.awin.com

First seen 2025-10-14 07:31
Last seen 2026-01-09 15:46
Open for 87 days

Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec8a8b7657c7207b55c54cd62a3933b1bc778c43c4

Public Swagger UI/API detected at path: /v2/api-docs - sample paths:
GET /accounts
GET /advertisers/{advertiserId}/publishers
GET /advertisers/{advertiserId}/reports/campaign
GET /advertisers/{advertiserId}/reports/creative
GET /advertisers/{advertiserId}/reports/publisher
GET /advertisers/{advertiserId}/transactions
GET /advertisers/{advertiserId}/transactions/
GET /advertisers/{advertiserId}/transactions/jobs
GET /advertisers/{advertiserId}/transactions/jobs/{jobId}
GET /publisher/{publisherId}/product/{canonicalProductId}
GET /publisher/{publisherId}/transactionqueries
GET /publishers/{publisherId}/awinfeeds/download/{advertiserId}-{vertical}-{locale}.jsonl
GET /publishers/{publisherId}/awinfeeds/feeds
GET /publishers/{publisherId}/commissiongroups
GET /publishers/{publisherId}/commissionsharingrules
GET /publishers/{publisherId}/linkbuilder/quota
GET /publishers/{publisherId}/programmedetails
GET /publishers/{publisherId}/programmes
GET /publishers/{publisherId}/reports/advertiser
GET /publishers/{publisherId}/reports/campaign
GET /publishers/{publisherId}/reports/creative
GET /publishers/{publisherId}/transactions
GET /publishers/{publisherId}/transactions/
GET /unique-product/{publisherId}/autocomplete
POST /advertisers/{advertiserId}/awinfeeds/{vertical}/{locale}/products
POST /advertisers/{advertiserId}/transactions/batch
POST /oauth2/token
POST /promotion/advertiser/{advertiserId}
POST /publisher/{publisherId}/productAvailability
POST /publisher/{publisherId}/promotions
POST /publishers/{publisherId}/linkbuilder/generate
POST /publishers/{publisherId}/linkbuilder/generate-batch
POST /unique-product/{publisherId}

Found on 2026-01-09 15:46

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: axiomproduct.iceland.co.uk
Port: 443
URL: https://axiomproduct.iceland.co.uk

First seen 2025-10-14 00:04
Last seen 2026-01-09 15:03
Open for 87 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354959fb78fc4b7b8190ff9ce4f559583283275cea42

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/newline/delete/{pluToDelete}
GET /api/Api/transactioncomplete/{success}
GET /api/caseSizeVariants/transactioncomplete/{success}
GET /api/caseSizeVariants/{productId}
GET /api/currentPricing/supplierSplitsAndRSP/{plu}
GET /api/currentPricing/transactioncomplete/{success}
GET /api/jobs/transactioncomplete/{success}
GET /api/netcostprice/getActiveNetCostPrices
GET /api/netcostprice/transactioncomplete/{success}
GET /api/newline/reservations/{plu}
GET /api/newline/transactioncomplete/{success}
GET /api/products/getCoverageFile
GET /api/products/getDeltas
GET /api/products/transactioncomplete/{success}
GET /api/rolecheck/canremoverole/{roleId}/{userEmail}
GET /api/rolecheck/transactioncomplete/{success}
GET /api/suppliernotification/transactioncomplete/{success}
GET /api/weightsAndMeasures/product/{plu}
GET /api/weightsAndMeasures/product/{plu}/hasWeightChangeOn/{effectiveDate}
GET /api/weightsAndMeasures/transactioncomplete/{success}
GET /api/weightsAndMeasures/unitsOfMeasurement
GET /system/transactioncomplete/{success}
POST /api/Api
POST /api/caseSizeVariants
POST /api/currentPricing
POST /api/jobs
POST /api/jobs/general/applyretentionpolicy
POST /api/jobs/plureservations/expirepreviousdayplureservations
POST /api/jobs/product/applyWeightChanges
POST /api/jobs/product/dailyCostPriceUpdate
POST /api/jobs/product/notifyAutoDeletionPending
POST /api/jobs/product/processproductcasesizereplacement
POST /api/jobs/product/rundiscontinuedtodeleted
POST /api/jobs/product/weeklyactivationdigest
POST /api/netcostprice
POST /api/netcostprice/resendActiveFutureNetCostPriceMessages
POST /api/newline
POST /api/newline/create
POST /api/products
POST /api/rolecheck
POST /api/suppliernotification
POST /api/suppliernotification/notifysupplierupdate/{supplierId}
POST /api/weightsAndMeasures
POST /system
POST /system/recalculateLayeredCostPrices

Found on 2026-01-09 15:03

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: axiombatprice.icelanddev.net
Port: 443
URL: https://axiombatprice.icelanddev.net

First seen 2025-11-07 00:04
Last seen 2026-01-09 10:51
Open for 63 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 10:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: axiomforecasting-bat.icelanddev.net
Port: 443
URL: https://axiomforecasting-bat.icelanddev.net

First seen 2025-11-07 00:05
Last seen 2026-01-09 10:50
Open for 63 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 10:50
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: developer.sec.wellsfargo.com
Port: 443
URL: https://developer.sec.wellsfargo.com

First seen 2025-11-13 06:26
Last seen 2026-01-09 06:10
Open for 56 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-09 06:10
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.72
Domain: swagondemand.com
Port: 443
URL: https://swagondemand.com

First seen 2025-10-22 20:14
Last seen 2026-01-03 01:11
Open for 72 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37d96f14f55243bdde5a2735607dbce6459d15ab5

GraphQL introspection enabled at /graphql
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Detected: Magento

Found on 2026-01-03 01:11

672.0 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa374c2942e74c2942e74c2942e74c2942e74c2942e
```
GraphQL introspection enabled at /graphql
Detected: Magento
```
Found on 2025-12-31 04:29

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2d562a70c2fd428505555046b706aa7db43f29cce

GraphQL introspection enabled at /graphql/api
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Detected: Magento

Found on 2025-12-23 07:37

672.0 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa30af01f80cf0bd144968a3457bc37f87fc008dbba

GraphQL introspection enabled at /graphql
Types: 380 (by kind: ENUM: 26, INPUT_OBJECT: 88, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2025-12-13 08:05

663.5 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa30af01f80cf0bd144968a3457bc37f87f052d02df

GraphQL introspection enabled at /graphql
Types: 380 (by kind: ENUM: 26, INPUT_OBJECT: 88, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-11 04:13

663.5 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2b07789c32e4b564191a10712224020682a298050

GraphQL introspection enabled at /graphql/api
Types: 380 (by kind: ENUM: 26, INPUT_OBJECT: 88, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Found on 2025-10-24 20:03

663.5 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.72
Domain: loja.descarpack.com.br
Port: 443
URL: https://loja.descarpack.com.br

First seen 2025-11-10 19:10
Last seen 2026-01-02 03:07
Open for 52 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa374c2942e74c2942e74c2942e74c2942e74c2942e
```
GraphQL introspection enabled at /graphql
Detected: Magento
```
Found on 2026-01-02 03:07
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
Found on 2025-12-06 16:13

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa32209fab3a87219b1272d4e0248fd0ac2e45298d2

GraphQL introspection enabled at /graphql
Types: 822 (by kind: ENUM: 44, INPUT_OBJECT: 203, INTERFACE: 30, OBJECT: 540, SCALAR: 5)
Operations:
- Query: Query | fields: Log, attributesMetadata, availableStores, bannerSliders, bannersByTag
- Mutation: Mutation | fields: acceptGifts, acceptPromo, addBundleProductsToCart, addClinicQuoteItems, addConfigurableProductsToCart
Directives: deprecated, include, skip (total: 3)

Found on 2025-11-30 17:20

1.3 MBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3dbddecc06401e304eb3cf20787a7a2fb6dd78bdb

GraphQL introspection enabled at /graphql
Types: 821 (by kind: ENUM: 44, INPUT_OBJECT: 203, INTERFACE: 30, OBJECT: 539, SCALAR: 5)
Operations:
- Query: Query | fields: Log, attributesMetadata, availableStores, bannerSliders, bannersByTag
- Mutation: Mutation | fields: acceptGifts, acceptPromo, addBundleProductsToCart, addClinicQuoteItems, addConfigurableProductsToCart
Directives: deprecated, include, skip (total: 3)

Found on 2025-11-10 19:10

1.3 MBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.72
Domain: clubcoderecol-staging.codere.com
Port: 443
URL: https://clubcoderecol-staging.codere.com

First seen 2025-10-17 11:09
Last seen 2025-11-07 09:22
Open for 20 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6066544927c0b443d1b4f23e0b0d8d2169d0bcde4b

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/players/GetVerificado
GET /api/players/authenticated
GET /api/players/authenticated/getVoucher/{userIdentifier}
GET /api/players/authenticated/redeemedPointsTransactions
GET /api/players/sorteos/carteleria/{IdSala}/{Dias}
GET /api/players/sorteos/rewards/{CodSala}
GET /api/players/sorteos/vouchers
GET /api/players/{userIdentifier}/pinRequest
GET /api/prizes
GET /api/prizes/claim/cars
GET /api/prizes/{prizeId}/claim/{shopId}
GET /api/promotions
GET /api/promotions/{promotionId}/join
GET /api/shops
GET /api/shops/{shopId}/events
POST /api/authentication/deviceregister
POST /api/authentication/token
POST /api/players/SetDatos
POST /api/players/SetVerificacion
POST /api/players/authenticated/pinChange
POST /api/players/authenticated/processVoucher
POST /api/players/authenticated/roulette/game
POST /api/players/sorteos/canjear

Found on 2025-11-07 09:22

Create report

Open service 2.16.204.72:80 · cdn.foreverliving.com

2026-01-13 01:05

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://cdn.foreverliving.com/
Expires: Tue, 13 Jan 2026 01:06:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 13 Jan 2026 01:06:33 GMT
Connection: close

Found 2 days ago by HttpPlugin