LeakIX - Host 2.16.204.73

Host 2.16.204.73

Germany

MICROSOFT-CORP-MSN-AS-BLOCK

Ubuntu

Software information

AkamaiGHost

tcp/443 tcp/80

Apache Apache

tcp/443

Cloudinary

tcp/443 tcp/80

Kestrel Kestrel

tcp/443

Microsoft-IIS 10.0

tcp/443

Tableau

tcp/443

nginx nginx

tcp/443

nginx nginx 1.27.4

tcp/443

nginx nginx 1.24.0

tcp/443

nginx nginx 1.18.0

tcp/443 tcp/80

uvicorn

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: api.prod.myseatapp.seat.cloud.vwgroup.com
Port: 443
URL: https://api.prod.myseatapp.seat.cloud.vwgroup.com

First seen 2025-10-15 12:32
Last seen 2026-01-10 02:25
Open for 86 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5899215e8462c69f878954467ee6b9a4e20a6306c

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /api/v1/audits/external
DELETE /api/v1/contents/contents
DELETE /api/v1/customer/devices/{deviceId}
DELETE /api/v1/customer/pois/{poiId}
DELETE /api/v1/my-car/expenses/{expenseId}/complete/{completeValue}
DELETE /api/v1/vehicleManuals
DELETE /api/v1/vehicles/interactive-manual
DELETE /api/v1/vehicles/render
DELETE /api/v2/connected-car/trips/{id}
GET /api/private/staging/news/country/{countryCode}/language/{language}
GET /api/private/staging/offers/country/{countryCode}/language/{language}
GET /api/private/staging/strings/country/{countryCode}/language/{language}
GET /api/private/staging/tips/country/{countryCode}/language/{language}
GET /api/v1/applications/{platform}
GET /api/v1/audits/timestamp
GET /api/v1/audits/timestamp/{countryCode}/{language}
GET /api/v1/avatar
GET /api/v1/configurations/countries
GET /api/v1/configurations/countries/{countryCode}
GET /api/v1/configurations/countries/{countryCode}/treatments
GET /api/v1/configurations/features/{countryCode}
GET /api/v1/configurations/features/{countryCode}/{featureCode}
GET /api/v1/configurations/force-maintenance
GET /api/v1/configurations/force-update/{platform}/{version}
GET /api/v1/configurations/languages
GET /api/v1/connected-car/home-data/{vin}
GET /api/v1/contents/news/country/{countryCode}/language/{language}
GET /api/v1/contents/offers/country/{countryCode}/language/{language}
GET /api/v1/contents/strings/country/{countryCode}/language/{language}
GET /api/v1/contents/tips/country/{countryCode}/language/{language}
GET /api/v1/customer
GET /api/v1/customer/devices
GET /api/v1/customer/permissions/{countryCode}/{language}
GET /api/v1/customer/pois
GET /api/v1/customer/settings
GET /api/v1/dealers/country/{countryCode}
GET /api/v1/dealers/country/{countryCode}/{city}
GET /api/v1/dealers/{latitude}/{longitude}
GET /api/v1/dealers/{latitude}/{longitude}/{radius}
GET /api/v1/legal-documents/privacy-policy/1/{country}/{language}
GET /api/v1/my-car/expenses/reminders
GET /api/v1/my-car/trips/latest-fuel-price
GET /api/v1/my-car/{vin}/alerts
GET /api/v1/my-car/{vin}/expenses
GET /api/v1/my-car/{vin}/expenses/first
GET /api/v1/my-car/{vin}/expenses/year/{year}
GET /api/v1/my-car/{vin}/expenses/year/{year}/month/{month}
GET /api/v1/my-car/{vin}/metrics
GET /api/v1/my-car/{vin}/metrics/year/{year}
GET /api/v1/my-car/{vin}/metrics/year/{year}/month/{month}
GET /api/v1/my-car/{vin}/metrics/{metricName}/year/{year}
GET /api/v1/my-car/{vin}/metrics/{metricName}/year/{year}/month/{month}
GET /api/v1/my-car/{vin}/offers/{countryCode}/{language}
GET /api/v1/my-car/{vin}/trips
GET /api/v1/my-car/{vin}/trips/{tripId}
GET /api/v1/socials/facebook/{countryCode}
GET /api/v1/socials/facebook/{countryCode}/{nextTokenPage}
GET /api/v1/socials/twitter/{countryCode}
GET /api/v1/socials/twitter/{countryCode}/{nextTokenPage}
GET /api/v1/socials/youtube/{countryCode}
GET /api/v1/socials/youtube/{countryCode}/{nextTokenPage}
GET /api/v1/status/deprecation/{countryCode}
GET /api/v1/tracking/info/{countryCode}/{countryLanguage}
GET /api/v1/vehicleManuals/information/{vin}
GET /api/v1/vehicleManuals/vin/{vin}/language/{language}
GET /api/v1/vehicles/mapping-table
GET /api/v1/vehicles/mapping-table/dashboard
GET /api/v1/vehicles/mapping-table/files
GET /api/v1/vehicles/{vin}/interactive-manual
GET /api/v1/vehicles/{vin}/interactive-manual/{countryCode}/{language}
GET /api/v1/vehicles/{vin}/maintenance-plans
GET /api/v1/vehicles/{vin}/render
GET /api/v1/vehicles/{vin}/symbols
GET /api/v1/vehicles/{vin}/urls
GET /api/v1/vehicles/{vin}/urls-new
GET /api/v1/vehicles/{vin}/urls/{countryCode}/{language}
GET /api/v1/weather/{latitude}/{longitude}
GET /api/v2/connected-car/trip-data-dashboard/{vin}/year/{year}/month/{month}
GET /api/v2/connected-car/trip-data-month/{vin}/year/{year}/month/{month}
GET /api/v2/connected-car/trips/average-speed/{vin}/year/{year}/month/{month}
GET /api/v2/connected-car/trips/{tripId}
GET /api/v2/connected-car/trips/{vin}/year/{year}/month/{month}/{limitTo}
GET /api/v2/my-car/{vin}/expenses/year/{year}
GET /api/v2/my-car/{vin}/expenses/year/{year}/month/{month}
GET /api/v3/connected-car/trips/{tripId}
POST /api/v1/account/profile
POST /api/v1/assistance
POST /api/v1/audits/error
POST /api/v1/connected-car/home-data
POST /api/v1/connected-car/ingestion-data
POST /api/v1/connected-car/trips
POST /api/v1/dealers/maintenance/alert
POST /api/v1/dealers/{partnerId}/book
POST /api/v1/my-car/{vin}/fuel-prices
POST /api/v1/my-car/{vin}/gas-prices
POST /api/v1/vehicles/accident-report
POST /api/v1/vehicles/create
POST /api/v2/connected-car/trips
POST /api/v2/connected-car/trips/report
POST /api/v3/connected-car/trips
POST /identity/freshTokens
POST /identity/oidc/v1/token
POST /identity/refreshToken
PUT /api/v1/customer/updateTerms
PUT /api/v1/my-car/expenses/{expenseId}
PUT /api/v1/vehicles/disable/vin/{vin}
PUT /api/v1/vehicles/vin/{vin}

Found on 2026-01-10 02:25

Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
Found on 2026-01-08 11:32

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: search-ext.abb.com
Port: 443
URL: https://search-ext.abb.com

First seen 2025-10-16 14:30
Last seen 2026-01-10 00:31
Open for 85 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60e37c5c0a41c2771c36421f0e98c17a2698c17a26
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /library/{url}
GET /location
GET /login
GET /loginAad
```
  Found on 2026-01-10 00:31
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: myseatapp-api.prod.code.seat.cloud.vwgroup.com
Port: 443
URL: https://myseatapp-api.prod.code.seat.cloud.vwgroup.com

First seen 2025-10-15 12:32
Last seen 2026-01-09 23:53
Open for 86 days

Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
Found on 2026-01-09 23:53

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5899215e8462c69f878954467ee6b9a4e20a6306c

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /api/v1/audits/external
DELETE /api/v1/contents/contents
DELETE /api/v1/customer/devices/{deviceId}
DELETE /api/v1/customer/pois/{poiId}
DELETE /api/v1/my-car/expenses/{expenseId}/complete/{completeValue}
DELETE /api/v1/vehicleManuals
DELETE /api/v1/vehicles/interactive-manual
DELETE /api/v1/vehicles/render
DELETE /api/v2/connected-car/trips/{id}
GET /api/private/staging/news/country/{countryCode}/language/{language}
GET /api/private/staging/offers/country/{countryCode}/language/{language}
GET /api/private/staging/strings/country/{countryCode}/language/{language}
GET /api/private/staging/tips/country/{countryCode}/language/{language}
GET /api/v1/applications/{platform}
GET /api/v1/audits/timestamp
GET /api/v1/audits/timestamp/{countryCode}/{language}
GET /api/v1/avatar
GET /api/v1/configurations/countries
GET /api/v1/configurations/countries/{countryCode}
GET /api/v1/configurations/countries/{countryCode}/treatments
GET /api/v1/configurations/features/{countryCode}
GET /api/v1/configurations/features/{countryCode}/{featureCode}
GET /api/v1/configurations/force-maintenance
GET /api/v1/configurations/force-update/{platform}/{version}
GET /api/v1/configurations/languages
GET /api/v1/connected-car/home-data/{vin}
GET /api/v1/contents/news/country/{countryCode}/language/{language}
GET /api/v1/contents/offers/country/{countryCode}/language/{language}
GET /api/v1/contents/strings/country/{countryCode}/language/{language}
GET /api/v1/contents/tips/country/{countryCode}/language/{language}
GET /api/v1/customer
GET /api/v1/customer/devices
GET /api/v1/customer/permissions/{countryCode}/{language}
GET /api/v1/customer/pois
GET /api/v1/customer/settings
GET /api/v1/dealers/country/{countryCode}
GET /api/v1/dealers/country/{countryCode}/{city}
GET /api/v1/dealers/{latitude}/{longitude}
GET /api/v1/dealers/{latitude}/{longitude}/{radius}
GET /api/v1/legal-documents/privacy-policy/1/{country}/{language}
GET /api/v1/my-car/expenses/reminders
GET /api/v1/my-car/trips/latest-fuel-price
GET /api/v1/my-car/{vin}/alerts
GET /api/v1/my-car/{vin}/expenses
GET /api/v1/my-car/{vin}/expenses/first
GET /api/v1/my-car/{vin}/expenses/year/{year}
GET /api/v1/my-car/{vin}/expenses/year/{year}/month/{month}
GET /api/v1/my-car/{vin}/metrics
GET /api/v1/my-car/{vin}/metrics/year/{year}
GET /api/v1/my-car/{vin}/metrics/year/{year}/month/{month}
GET /api/v1/my-car/{vin}/metrics/{metricName}/year/{year}
GET /api/v1/my-car/{vin}/metrics/{metricName}/year/{year}/month/{month}
GET /api/v1/my-car/{vin}/offers/{countryCode}/{language}
GET /api/v1/my-car/{vin}/trips
GET /api/v1/my-car/{vin}/trips/{tripId}
GET /api/v1/socials/facebook/{countryCode}
GET /api/v1/socials/facebook/{countryCode}/{nextTokenPage}
GET /api/v1/socials/twitter/{countryCode}
GET /api/v1/socials/twitter/{countryCode}/{nextTokenPage}
GET /api/v1/socials/youtube/{countryCode}
GET /api/v1/socials/youtube/{countryCode}/{nextTokenPage}
GET /api/v1/status/deprecation/{countryCode}
GET /api/v1/tracking/info/{countryCode}/{countryLanguage}
GET /api/v1/vehicleManuals/information/{vin}
GET /api/v1/vehicleManuals/vin/{vin}/language/{language}
GET /api/v1/vehicles/mapping-table
GET /api/v1/vehicles/mapping-table/dashboard
GET /api/v1/vehicles/mapping-table/files
GET /api/v1/vehicles/{vin}/interactive-manual
GET /api/v1/vehicles/{vin}/interactive-manual/{countryCode}/{language}
GET /api/v1/vehicles/{vin}/maintenance-plans
GET /api/v1/vehicles/{vin}/render
GET /api/v1/vehicles/{vin}/symbols
GET /api/v1/vehicles/{vin}/urls
GET /api/v1/vehicles/{vin}/urls-new
GET /api/v1/vehicles/{vin}/urls/{countryCode}/{language}
GET /api/v1/weather/{latitude}/{longitude}
GET /api/v2/connected-car/trip-data-dashboard/{vin}/year/{year}/month/{month}
GET /api/v2/connected-car/trip-data-month/{vin}/year/{year}/month/{month}
GET /api/v2/connected-car/trips/average-speed/{vin}/year/{year}/month/{month}
GET /api/v2/connected-car/trips/{tripId}
GET /api/v2/connected-car/trips/{vin}/year/{year}/month/{month}/{limitTo}
GET /api/v2/my-car/{vin}/expenses/year/{year}
GET /api/v2/my-car/{vin}/expenses/year/{year}/month/{month}
GET /api/v3/connected-car/trips/{tripId}
POST /api/v1/account/profile
POST /api/v1/assistance
POST /api/v1/audits/error
POST /api/v1/connected-car/home-data
POST /api/v1/connected-car/ingestion-data
POST /api/v1/connected-car/trips
POST /api/v1/dealers/maintenance/alert
POST /api/v1/dealers/{partnerId}/book
POST /api/v1/my-car/{vin}/fuel-prices
POST /api/v1/my-car/{vin}/gas-prices
POST /api/v1/vehicles/accident-report
POST /api/v1/vehicles/create
POST /api/v2/connected-car/trips
POST /api/v2/connected-car/trips/report
POST /api/v3/connected-car/trips
POST /identity/freshTokens
POST /identity/oidc/v1/token
POST /identity/refreshToken
PUT /api/v1/customer/updateTerms
PUT /api/v1/my-car/expenses/{expenseId}
PUT /api/v1/vehicles/disable/vin/{vin}
PUT /api/v1/vehicles/vin/{vin}

Found on 2025-12-26 20:43

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: clients.postnl.post
Port: 443
URL: https://clients.postnl.post

First seen 2025-10-16 01:38
Last seen 2026-01-09 23:35
Open for 85 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 23:35
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: partners.postnl.post
Port: 443
URL: https://partners.postnl.post

First seen 2025-10-16 01:38
Last seen 2026-01-09 20:23
Open for 85 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549cdc77d7a331c58654fe3f4592b51ddf4f2e0d3f2

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/tiama/profiles
GET /api/v1/tiama/users
POST /api/v1/airwaybill-update
POST /api/v1/carrier/dragonfly/events
POST /api/v1/carrier/dragonflyau/events
POST /api/v1/carrier/globeship/events
POST /api/v1/carrier/uniuni/events
POST /api/v1/carrier/uniuniusa/events
POST /api/v1/event/AddCarrierEvent
POST /api/v1/event/AddMawbEvent
POST /api/v1/events/Add
POST /api/v1/secondarycontainer/add
POST /api/v1/tracking/update

Found on 2026-01-09 20:23

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549cdc77d7a331c58654fe3f4592b51ddf4a39d8413

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/tiama/profiles
GET /api/v1/tiama/users
POST /api/v1/airwaybill-update
POST /api/v1/carrier/dragonfly/events
POST /api/v1/carrier/dragonflyau/events
POST /api/v1/carrier/globeship/events
POST /api/v1/carrier/uniuni/events
POST /api/v1/carrier/uniuniusa/events
POST /api/v1/event/AddCarrierEvent
POST /api/v1/event/AddMawbEvent
POST /api/v1/events/Add
POST /api/v1/secondarycontainer/add

Found on 2025-11-23 02:25

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549cdc77d7a331c58654fe3f4592b51ddf43c93372c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/tiama/profiles
GET /api/v1/tiama/users
POST /api/v1/airwaybill-update
POST /api/v1/carrier/dragonfly/events
POST /api/v1/carrier/dragonflyau/events
POST /api/v1/carrier/globeship/events
POST /api/v1/carrier/uniuni/events
POST /api/v1/carrier/uniuniusa/events
POST /api/v1/event/AddCarrierEvent
POST /api/v1/event/AddMawbEvent
POST /api/v1/events/Add
POST /api/v1/secondarycontainer/add
PUT /api/v1/shipment-update

Found on 2025-10-29 08:29

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6002620d0f9b6ad0aa51802daeed0debd90f26e1b3

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/tiama/profiles
GET /api/v1/tiama/users
POST /api/v1/airwaybill-update
POST /api/v1/carrier/dragonfly/events
POST /api/v1/carrier/dragonflyau/events
POST /api/v1/carrier/globeship/events
POST /api/v1/carrier/uniuni/events
POST /api/v1/carrier/uniuniusa/events
POST /api/v1/event/AddCarrierEvent
POST /api/v1/event/AddMawbEvent
POST /api/v1/events/Add
POST /api/v1/secondarycontainer/add
PUT /api/v1/shipment-update

Found on 2025-10-22 17:31

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: information.maybank2u.com
Port: 443
URL: https://information.maybank2u.com

First seen 2025-10-15 15:26
Last seen 2026-01-09 20:13
Open for 86 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-09 20:13
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: info.maybank2u.com
Port: 443
URL: https://info.maybank2u.com

First seen 2025-10-15 15:26
Last seen 2026-01-09 19:59
Open for 86 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-09 19:59
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: webapi-restau-int.burgerking.fr
Port: 443
URL: https://webapi-restau-int.burgerking.fr

First seen 2025-10-17 16:20
Last seen 2026-01-09 13:41
Open for 83 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bd41c729ca1ec344ea863295d5167976c249e2e95

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /api/customers
GET /api/excluded-entity
GET /api/operation/whopper_scratcher/code
GET /api/orders/last-order
GET /api/restaurant/click-and-collect/status
GET /api/restaurant/service/status
GET /api/restaurant/table-service-indoor/status
GET /api/restaurant/table-service-outdoor/status
GET /api/restaurant/table-service/status
GET /api/restaurant/{fr_number}/coupon
GET /api/restaurant/{fr_number}/customer
GET /api/restaurant/{fr_number}/levels
GET /api/restaurant/{fr_number}/pos-promotions
GET /api/restaurant/{fr_number}/scan
GET /public/api/health-check
POST /api/cancel-order
POST /api/hooks/acrelec/catalog
POST /api/hooks/acrelec/status
POST /api/orders
POST /api/orders/burn-coupons
POST /api/orders/operation-repeat
POST /api/orders/orb-notify
POST /api/restaurant/click-and-collect/disable
POST /api/restaurant/click-and-collect/disable_
POST /api/restaurant/click-and-collect/enable
POST /api/restaurant/click-and-collect/enable_
POST /api/restaurant/service/disable
POST /api/restaurant/service/enable
POST /api/restaurant/table-service-indoor/disable
POST /api/restaurant/table-service-indoor/disable_
POST /api/restaurant/table-service-indoor/enable
POST /api/restaurant/table-service-indoor/enable_
POST /api/restaurant/table-service-outdoor/disable
POST /api/restaurant/table-service-outdoor/disable_
POST /api/restaurant/table-service-outdoor/enable
POST /api/restaurant/table-service-outdoor/enable_
POST /api/restaurant/table-service/disable
POST /api/restaurant/table-service/disable_
POST /api/restaurant/table-service/enable
POST /api/restaurant/table-service/enable_
POST /api/restaurant/{fr_number}/buy-coupon
POST /api/restaurant/{fr_number}/order
POST /api/restaurant/{fr_number}/remove-coupons
POST /api/restaurant/{fr_number}/service
POST /api/restaurant/{fr_number}/use-coupon
POST /api/restaurant/{fr_number}/validate-cart

Found on 2026-01-09 13:41

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: gapi.admin.gptest.gopublic.dk
Port: 443
URL: https://gapi.admin.gptest.gopublic.dk

First seen 2025-10-17 09:22
Last seen 2026-01-09 11:43
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 11:43
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: search.test.abb.com
Port: 443
URL: https://search.test.abb.com

First seen 2025-10-16 14:30
Last seen 2026-01-09 08:48
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60e37c5c0a41c2771c36421f0e98c17a2698c17a26
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /library/{url}
GET /location
GET /login
GET /loginAad
```
  Found on 2026-01-09 08:48
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: gapi.gptest.gopublic.dk
Port: 443
URL: https://gapi.gptest.gopublic.dk

First seen 2025-10-17 09:22
Last seen 2026-01-09 08:06
Open for 83 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 08:06
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: clubcoderearg-staging.codere.com
Port: 443
URL: https://clubcoderearg-staging.codere.com

First seen 2025-11-14 09:08
Last seen 2026-01-09 06:28
Open for 55 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6066544927c0b443d1b4f23e0b0d8d2169cd939528

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/players/GetVerificado
GET /api/players/authenticated
GET /api/players/authenticated/getVoucher/{userIdentifier}
GET /api/players/authenticated/redeemedPointsTransactions
GET /api/players/sorteos/carteleria/{IdSala}/{Dias}
GET /api/players/sorteos/rewards/{CodSala}
GET /api/players/sorteos/vouchers
GET /api/players/{userIdentifier}/pinRequest
GET /api/prizes
GET /api/prizes/{prizeId}/claim/{shopId}
GET /api/promotions
GET /api/promotions/{promotionId}/join
GET /api/shops
GET /api/shops/{shopId}/events
POST /api/authentication/deviceregister
POST /api/authentication/token
POST /api/players/PreRegistro
POST /api/players/SetDatos
POST /api/players/SetVerificacion
POST /api/players/authenticated/pinChange
POST /api/players/authenticated/processVoucher
POST /api/players/authenticated/roulette/game
POST /api/players/sorteos/canjear

Found on 2026-01-09 06:28

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549af522ba6d7e7650cb4c6531e26b8d89a2e8a0b9f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/players/GetVerificado
GET /api/players/authenticated
GET /api/players/authenticated/getVoucher/{userIdentifier}
GET /api/players/authenticated/redeemedPointsTransactions
GET /api/players/sorteos/carteleria/{IdSala}/{Dias}
GET /api/players/sorteos/rewards/{CodSala}
GET /api/players/sorteos/vouchers
GET /api/players/{userIdentifier}/pinRequest
GET /api/prizes
GET /api/prizes/{prizeId}/claim/{shopId}
GET /api/promotions
GET /api/promotions/{promotionId}/join
GET /api/shops
GET /api/shops/{shopId}/events
POST /api/authentication/deviceregister
POST /api/authentication/token
POST /api/players/PreRegistro
POST /api/players/SetDatos
POST /api/players/SetVerificacion
POST /api/players/authenticated/pinChange
POST /api/players/authenticated/processVoucher
POST /api/players/authenticated/roulette/game
POST /api/players/sorteos/canjear

Found on 2025-11-14 09:08

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.73
Domain: tst.api.fris.linde.com
Port: 443
URL: https://tst.api.fris.linde.com

First seen 2025-10-21 10:11
Last seen 2026-01-09 01:55
Open for 79 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035495c6eea06deb664e4c465cf38439521098619ec80

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /Analysis/All
GET /Analysis/{itemId}
GET /Analysis/{itemId}/GetForEdit
GET /AnalysisArticle/All
GET /AnalysisArticle/{itemId}
GET /AnalysisArticle/{itemId}/GetForEdit
GET /AnalysisCylinder/All
GET /AnalysisCylinder/{itemId}
GET /AnalysisCylinder/{itemId}/GetForEdit
GET /Article/All
GET /Article/{itemId}
GET /Article/{itemId}/GetForEdit
GET /Collect/All
GET /Collect/{itemId}
GET /Collect/{itemId}/GetForEdit
GET /CollectCylinder/All
GET /CollectCylinder/{itemId}
GET /CollectCylinder/{itemId}/GetForEdit
GET /Customer/All
GET /Customer/{itemId}
GET /Customer/{itemId}/GetForEdit
GET /CustomerAddress/All
GET /CustomerAddress/{itemId}
GET /CustomerAddress/{itemId}/GetForEdit
GET /Cylinder/All
GET /Cylinder/CylinderByCode
GET /Cylinder/CylinderMaxCycle
GET /Cylinder/{itemId}
GET /Cylinder/{itemId}/GetForEdit
GET /Delivery/All
GET /Delivery/{itemId}
GET /Delivery/{itemId}/GetForEdit
GET /DeliveryCylinder/All
GET /DeliveryCylinder/{itemId}
GET /DeliveryCylinder/{itemId}/GetForEdit
GET /Department/All
GET /Department/{itemId}
GET /Department/{itemId}/GetForEdit
GET /Init/All
GET /Init/{itemId}
GET /Init/{itemId}/GetForEdit
GET /InitTon/All
GET /InitTon/{itemId}
GET /InitTon/{itemId}/GetForEdit
GET /Login
GET /ProcessingCode/All
GET /ProcessingCode/{itemId}
GET /ProcessingCode/{itemId}/GetForEdit
GET /Producer/All
GET /Producer/{itemId}
GET /Producer/{itemId}/GetForEdit
GET /Profile/All
GET /Profile/{itemId}
GET /Profile/{itemId}/GetForEdit
GET /Refurbishment/All
GET /Refurbishment/{itemId}
GET /Refurbishment/{itemId}/GetForEdit
GET /RefurbishmentCylinder/All
GET /RefurbishmentCylinder/{itemId}
GET /RefurbishmentCylinder/{itemId}/GetForEdit
GET /Reuse/All
GET /Reuse/{itemId}
GET /Reuse/{itemId}/GetForEdit
GET /ReuseTon/All
GET /ReuseTon/{itemId}
GET /ReuseTon/{itemId}/GetForEdit
GET /Sending/All
GET /Sending/{itemId}
GET /Sending/{itemId}/GetForEdit
GET /SendingTon/All
GET /SendingTon/{itemId}
GET /SendingTon/{itemId}/GetForEdit
GET /Shutdown/All
GET /Shutdown/{itemId}
GET /Shutdown/{itemId}/GetForEdit
GET /ShutdownTon/All
GET /ShutdownTon/{itemId}
GET /ShutdownTon/{itemId}/GetForEdit
GET /Ton/All
GET /Ton/TonByCode
GET /Ton/{itemId}
GET /Ton/{itemId}/GetForEdit
GET /User/All
GET /User/{itemId}
GET /User/{itemId}/GetForEdit
GET /UserProfile/All
GET /UserProfile/{itemId}
GET /UserProfile/{itemId}/GetForEdit
GET /WasteStream/All
GET /WasteStream/{itemId}
GET /WasteStream/{itemId}/GetForEdit
POST /Analysis
POST /Analysis/GetByQuerySpecification
POST /Analysis/Validate
POST /AnalysisArticle
POST /AnalysisArticle/GetByQuerySpecification
POST /AnalysisArticle/Validate
POST /AnalysisCylinder
POST /AnalysisCylinder/GetByQuerySpecification
POST /AnalysisCylinder/Validate
POST /Article
POST /Article/GetByQuerySpecification
POST /Article/Validate
POST /Collect
POST /Collect/GetByQuerySpecification
POST /Collect/Validate
POST /CollectCylinder
POST /CollectCylinder/GetByQuerySpecification
POST /CollectCylinder/Validate
POST /Customer
POST /Customer/GetByQuerySpecification
POST /Customer/Validate
POST /CustomerAddress
POST /CustomerAddress/GetByQuerySpecification
POST /CustomerAddress/Validate
POST /Cylinder
POST /Cylinder/GetByQuerySpecification
POST /Cylinder/Validate
POST /Delivery
POST /Delivery/GetByQuerySpecification
POST /Delivery/Validate
POST /DeliveryCylinder
POST /DeliveryCylinder/GetByQuerySpecification
POST /DeliveryCylinder/Validate
POST /Department
POST /Department/GetByQuerySpecification
POST /Department/Validate
POST /Init
POST /Init/GetByQuerySpecification
POST /Init/Validate
POST /InitTon
POST /InitTon/GetByQuerySpecification
POST /InitTon/Validate
POST /ProcessingCode
POST /ProcessingCode/GetByQuerySpecification
POST /ProcessingCode/Validate
POST /Producer
POST /Producer/GetByQuerySpecification
POST /Producer/Validate
POST /Profile
POST /Profile/GetByQuerySpecification
POST /Profile/Validate
POST /Refurbishment
POST /Refurbishment/GetByQuerySpecification
POST /Refurbishment/Validate
POST /RefurbishmentCylinder
POST /RefurbishmentCylinder/GetByQuerySpecification
POST /RefurbishmentCylinder/Validate
POST /Reuse
POST /Reuse/GetByQuerySpecification
POST /Reuse/Validate
POST /ReuseTon
POST /ReuseTon/GetByQuerySpecification
POST /ReuseTon/Validate
POST /Sending
POST /Sending/GetByQuerySpecification
POST /Sending/Validate
POST /SendingTon
POST /SendingTon/GetByQuerySpecification
POST /SendingTon/Validate
POST /Shutdown
POST /Shutdown/GetByQuerySpecification
POST /Shutdown/Validate
POST /ShutdownTon
POST /ShutdownTon/GetByQuerySpecification
POST /ShutdownTon/Validate
POST /Ton
POST /Ton/GetByQuerySpecification
POST /Ton/Validate
POST /User
POST /User/GetByQuerySpecification
POST /User/Validate
POST /UserProfile
POST /UserProfile/GetByQuerySpecification
POST /UserProfile/Validate
POST /WasteStream
POST /WasteStream/GetByQuerySpecification
POST /WasteStream/Validate
PUT /Analysis/Update
PUT /AnalysisArticle/Update
PUT /AnalysisCylinder/Update
PUT /Article/Update
PUT /Collect/Update
PUT /CollectCylinder/Update
PUT /Customer/Update
PUT /CustomerAddress/Update
PUT /Cylinder/Update
PUT /Delivery/Update
PUT /DeliveryCylinder/Update
PUT /Department/Update
PUT /Init/Update
PUT /InitTon/Update
PUT /ProcessingCode/Update
PUT /Producer/Update
PUT /Profile/Update
PUT /Refurbishment/Update
PUT /RefurbishmentCylinder/Update
PUT /Reuse/Update
PUT /ReuseTon/Update
PUT /Sending/Update
PUT /SendingTon/Update
PUT /Shutdown/Update
PUT /ShutdownTon/Update
PUT /Ton/Update
PUT /User/Update
PUT /UserProfile/Update
PUT /WasteStream/Update

Found on 2026-01-09 01:55

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-21 22:54

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b3735f41c7eb18d39178f98922c9a8fcebbbf37d

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /Analysis/All
GET /Analysis/{itemId}
GET /Analysis/{itemId}/GetForEdit
GET /AnalysisArticle/All
GET /AnalysisArticle/{itemId}
GET /AnalysisArticle/{itemId}/GetForEdit
GET /AnalysisCylinder/All
GET /AnalysisCylinder/{itemId}
GET /AnalysisCylinder/{itemId}/GetForEdit
GET /Article/All
GET /Article/{itemId}
GET /Article/{itemId}/GetForEdit
GET /Collect/All
GET /Collect/{itemId}
GET /Collect/{itemId}/GetForEdit
GET /CollectCylinder/All
GET /CollectCylinder/{itemId}
GET /CollectCylinder/{itemId}/GetForEdit
GET /Customer/All
GET /Customer/{itemId}
GET /Customer/{itemId}/GetForEdit
GET /CustomerAddress/All
GET /CustomerAddress/{itemId}
GET /CustomerAddress/{itemId}/GetForEdit
GET /Cylinder/All
GET /Cylinder/CylinderByCode
GET /Cylinder/CylinderMaxCycle
GET /Cylinder/{itemId}
GET /Cylinder/{itemId}/GetForEdit
GET /Delivery/All
GET /Delivery/{itemId}
GET /Delivery/{itemId}/GetForEdit
GET /DeliveryCylinder/All
GET /DeliveryCylinder/{itemId}
GET /DeliveryCylinder/{itemId}/GetForEdit
GET /Department/All
GET /Department/{itemId}
GET /Department/{itemId}/GetForEdit
GET /Init/All
GET /Init/{itemId}
GET /Init/{itemId}/GetForEdit
GET /InitTon/All
GET /InitTon/{itemId}
GET /InitTon/{itemId}/GetForEdit
GET /Login
GET /ProcessingCode/All
GET /ProcessingCode/{itemId}
GET /ProcessingCode/{itemId}/GetForEdit
GET /Producer/All
GET /Producer/{itemId}
GET /Producer/{itemId}/GetForEdit
GET /Profile/All
GET /Profile/{itemId}
GET /Profile/{itemId}/GetForEdit
GET /Refurbishment/All
GET /Refurbishment/{itemId}
GET /Refurbishment/{itemId}/GetForEdit
GET /RefurbishmentCylinder/All
GET /RefurbishmentCylinder/{itemId}
GET /RefurbishmentCylinder/{itemId}/GetForEdit
GET /Reuse/All
GET /Reuse/{itemId}
GET /Reuse/{itemId}/GetForEdit
GET /ReuseTon/All
GET /ReuseTon/{itemId}
GET /ReuseTon/{itemId}/GetForEdit
GET /Sending/All
GET /Sending/{itemId}
GET /Sending/{itemId}/GetForEdit
GET /SendingTon/All
GET /SendingTon/{itemId}
GET /SendingTon/{itemId}/GetForEdit
GET /Shutdown/All
GET /Shutdown/{itemId}
GET /Shutdown/{itemId}/GetForEdit
GET /ShutdownTon/All
GET /ShutdownTon/{itemId}
GET /ShutdownTon/{itemId}/GetForEdit
GET /Ton/All
GET /Ton/TonByCode
GET /Ton/{itemId}
GET /Ton/{itemId}/GetForEdit
GET /User/All
GET /User/{itemId}
GET /User/{itemId}/GetForEdit
GET /UserProfile/All
GET /UserProfile/{itemId}
GET /UserProfile/{itemId}/GetForEdit
GET /WasteStream/All
GET /WasteStream/{itemId}
GET /WasteStream/{itemId}/GetForEdit
POST /Analysis
POST /Analysis/GetByQuerySpecification
POST /Analysis/Validate
POST /AnalysisArticle
POST /AnalysisArticle/GetByQuerySpecification
POST /AnalysisArticle/Validate
POST /AnalysisCylinder
POST /AnalysisCylinder/GetByQuerySpecification
POST /AnalysisCylinder/Validate
POST /Article
POST /Article/GetByQuerySpecification
POST /Article/Validate
POST /Collect
POST /Collect/GetByQuerySpecification
POST /Collect/Validate
POST /CollectCylinder
POST /CollectCylinder/GetByQuerySpecification
POST /CollectCylinder/Validate
POST /Customer
POST /Customer/GetByQuerySpecification
POST /Customer/Validate
POST /CustomerAddress
POST /CustomerAddress/GetByQuerySpecification
POST /CustomerAddress/Validate
POST /Cylinder
POST /Cylinder/GetByQuerySpecification
POST /Cylinder/Validate
POST /Delivery
POST /Delivery/GetByQuerySpecification
POST /Delivery/Validate
POST /DeliveryCylinder
POST /DeliveryCylinder/GetByQuerySpecification
POST /DeliveryCylinder/Validate
POST /Department
POST /Department/GetByQuerySpecification
POST /Department/Validate
POST /Init
POST /Init/GetByQuerySpecification
POST /Init/Validate
POST /InitTon
POST /InitTon/GetByQuerySpecification
POST /InitTon/Validate
POST /ProcessingCode
POST /ProcessingCode/GetByQuerySpecification
POST /ProcessingCode/Validate
POST /Producer
POST /Producer/GetByQuerySpecification
POST /Producer/Validate
POST /Profile
POST /Profile/GetByQuerySpecification
POST /Profile/Validate
POST /Refurbishment
POST /Refurbishment/GetByQuerySpecification
POST /Refurbishment/Validate
POST /RefurbishmentCylinder
POST /RefurbishmentCylinder/GetByQuerySpecification
POST /RefurbishmentCylinder/Validate
POST /Reuse
POST /Reuse/GetByQuerySpecification
POST /Reuse/Validate
POST /ReuseTon
POST /ReuseTon/GetByQuerySpecification
POST /ReuseTon/Validate
POST /Sending
POST /Sending/GetByQuerySpecification
POST /Sending/Validate
POST /SendingTon
POST /SendingTon/GetByQuerySpecification
POST /SendingTon/Validate
POST /Shutdown
POST /Shutdown/GetByQuerySpecification
POST /Shutdown/Validate
POST /ShutdownTon
POST /ShutdownTon/GetByQuerySpecification
POST /ShutdownTon/Validate
POST /Ton
POST /Ton/GetByQuerySpecification
POST /Ton/Validate
POST /User
POST /User/GetByQuerySpecification
POST /User/Validate
POST /UserProfile
POST /UserProfile/GetByQuerySpecification
POST /UserProfile/Validate
POST /WasteStream
POST /WasteStream/GetByQuerySpecification
POST /WasteStream/Validate
PUT /Analysis/Update
PUT /AnalysisArticle/Update
PUT /AnalysisCylinder/Update
PUT /Article/Update
PUT /Collect/Update
PUT /CollectCylinder/Update
PUT /Customer/Update
PUT /CustomerAddress/Update
PUT /Cylinder/Update
PUT /Delivery/Update
PUT /DeliveryCylinder/Update
PUT /Department/Update
PUT /Init/Update
PUT /InitTon/Update
PUT /ProcessingCode/Update
PUT /Producer/Update
PUT /Profile/Update
PUT /Refurbishment/Update
PUT /RefurbishmentCylinder/Update
PUT /Reuse/Update
PUT /ReuseTon/Update
PUT /Sending/Update
PUT /SendingTon/Update
PUT /Shutdown/Update
PUT /ShutdownTon/Update
PUT /Ton/Update
PUT /User/Update
PUT /UserProfile/Update
PUT /WasteStream/Update

Found on 2025-12-21 22:54

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.73
Domain: www.mackshop.com
Port: 443
URL: https://www.mackshop.com

First seen 2025-11-01 07:09
Last seen 2026-01-02 19:39
Open for 62 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d3ed5ff2035ca102c06f385d940a138d3ada1518

GraphQL introspection enabled at /graphql
Types: 394 (by kind: ENUM: 28, INPUT_OBJECT: 92, INTERFACE: 20, OBJECT: 249, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Detected: Magento

Found on 2026-01-02 19:39

695.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d3ed5ff2035ca102c06f385d940a138d38a1be25

GraphQL introspection enabled at /graphql
Types: 394 (by kind: ENUM: 28, INPUT_OBJECT: 92, INTERFACE: 20, OBJECT: 249, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-12-01 04:09

695.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e26f3ea57949f7761bda1dac443d75028a95ab2214

GraphQL introspection enabled at /graphql/api
Types: 394 (by kind: ENUM: 28, INPUT_OBJECT: 92, INTERFACE: 20, OBJECT: 249, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-11-29 05:40

695.8 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.73
Domain: robertsonfulfillment.com
Port: 80
URL: http://robertsonfulfillment.com

First seen 2025-10-31 14:28
Last seen 2026-01-02 12:11
Open for 62 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37d96f14f55243bdde5a2735607dbce6435700323

GraphQL introspection enabled at /graphql
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2026-01-02 12:11

652.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37d96f14f55243bdde5a2735607dbce647852371c

GraphQL introspection enabled at /graphql
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Found on 2025-11-22 18:48

652.3 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.73
Domain: robertsonfulfillment.com
Port: 443
URL: https://robertsonfulfillment.com

First seen 2025-10-31 14:28
Last seen 2026-01-02 07:17
Open for 62 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37d96f14f55243bdde5a2735607dbce6435700323

GraphQL introspection enabled at /graphql
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2026-01-02 07:17

652.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2d562a70c2fd428505555046b706aa7db7c0f45d6

GraphQL introspection enabled at /graphql/api
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2025-12-20 10:51

652.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37d96f14f55243bdde5a2735607dbce647852371c

GraphQL introspection enabled at /graphql
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-11 13:51

652.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2d562a70c2fd428505555046b706aa7db6b90fc7b

GraphQL introspection enabled at /graphql/api
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-01 03:10

652.3 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.73
Domain: www.mackshop.com
Port: 80
URL: http://www.mackshop.com

First seen 2025-11-01 07:09

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d3ed5ff2035ca102c06f385d940a138d38a1be25

GraphQL introspection enabled at /graphql
Types: 394 (by kind: ENUM: 28, INPUT_OBJECT: 92, INTERFACE: 20, OBJECT: 249, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-11-01 07:09

695.8 kBytes

Create report

Open service 2.16.204.73:443 · iris.lasvegas.com

2026-01-13 00:00

HTTP/1.1 404 Not Found
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
Cache-Control: max-age=0
Expires: Tue, 13 Jan 2026 00:00:53 GMT
Date: Tue, 13 Jan 2026 00:00:53 GMT
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found one day ago by HttpPlugin